BDI2DoS: An application using collaborating BDI agents to combat DDoS attacks
Introduction
Network resilience is the key to provide reliable, robust and efficient network operation. Resilience is the ability of the network to maintain an acceptable level of operation when confronted with challenges, e.g., equipment failures, device misconfiguration, or malicious attacks (Smith et al., 2011, Sterbenz et al., 2010, Najjar and Gaudiot, 1990). Ensuring network resilience has become critical nowadays given that many tasks in our daily lives rely on networked infrastructures.
Research on network resilience has combined contributions from different research areas, mainly machine learning (Nguyen and Armitage, 2008) and autonomic computing (Lupu et al., 2008, Tcholtchev et al., 2010). Some approaches provided agent-based solutions (Jiang and Jiang, 2005, Nguengang et al., 2006, Yang and Chang, 2011), in which agents collaborate in a sequential pre-defined way. An agent (Ferber, 1999, Wooldridge, 2009) is a software component with autonomous and proactive behaviour, situated in an environment and with social ability. However, these approaches fall short of emergent behaviour, which is a key property of multi-agent systems. Moreover, there are many unexploited domain-neutral agent-based approaches, which can arguably provide flexible solutions to handle situations unpredicted at design time (Jennings, 2001).
In this paper we exploit one particular agent-based approach to achieve network resilience: the belief-desire-intention (BDI) architecture (Rao and Georgeff, 1995), which separates the motivational state of a system from its deliberative state. Additionally, given that goals are explicitly represented, alternative ways of achieving them may be executed, when there is a failure in the execution. Using the BDI architecture, we developed BDI2DoS, an innovative application composed of a set of agents that combined form multi-agent collaborations comprising mechanisms capable of detecting and remediating Distributed Denial-of-Service (DDoS) attacks. In particular, we take an existing network resilience strategy based on event–condition–action (ECA) policies to combat DDoS attacks (Schaeffer-Filho et al., 2012), and use it as a basis to specify the behaviour that must emerge from the interaction among agents. Traditionally, ECA policies have been used in network management as a means of specifying system behaviour (Lupu et al., 2008, Charalambides et al., 2009, Damianou et al., 2001, Sloman and Lupu, 2002). The decision-making process is purely reactive, and policy actions are performed when specific events occur and if certain conditions are met. Differently from the pre-specified interactions defined by ECA policies, a key issue associated with the BDI2DoS design is how to identify the possible local interactions that must occur between agents in order to make the application detect and contain the attack.
Our design consists of a set of capabilities that can be added to agents. Each capability has a set of rules used as part of the agent reasoning process together with a set of plans to achieve goals. Although plans are simple, they effectively provide agent coordination, and it is the interplay among decoupled agent parts (rules and plans) that provides the emergent behaviour. Also, multiple plans can achieve the same goal by different means, challenging agents to select the best plan considering their current knowledge about themselves and their surroundings. The key advantages of BDI2DoS in comparison with the ECA-based resilience strategy are: (i) when an agent is unable to achieve a goal or fails while trying to achieve it, the agent may seamlessly request other agents to achieve this goal, providing robustness to deal with failures; (ii) if something is not done properly while combating an attack, e.g., a malicious flow is misclassified as benign, agents will keep combating the attack because new goals are generated due to the proactive agent nature; and (iii) new agents with specific capabilities can be added to the network (even at runtime) without requiring additional configuration. We not only designed BDI2DoS, but also implemented and evaluated it using a testbed integration between the BDI4JADE (Nunes et al., 2011) agent platform, and the PReSET (Schaeffer-Filho et al., 2013) resilience simulator. This allowed us to run realistic simulations with large-scale networks, which indicate the effectiveness of our approach. As a result of the work presented in this paper, we provide two main contributions: (i) a flexible agent-based solution to combat DDoS attacks and (ii) an experimental comparison of the effectiveness of the ECA and the BDI-based resilience strategies. To the best of our knowledge, this is the first time that ECA and BDI are compared in a simulation environment in order to assess their ability to successfully mitigate malicious network traffic.
The remainder of this paper is organised as follows. Section 2 describes the BDI architecture and the ECA-based resilience strategy to prevent DDoS attacks used as baseline. We then detail the design of BDI2DoS in Section 3, and its implementation and evaluation in Section 4. We discuss related work in Section 5, and finally conclude the paper in Section 6.
Section snippets
Background
Several models and techniques were proposed to help design and implement software agents. In this section, we introduce one of these techniques, namely the BDI architecture, which is adopted in this work. We also describe a typical ECA-based resilience strategy against DDoS attacks, which is used to inspire our approach.
BDI2DoS design
The DDoS resilience strategy presented in the previous section requires a pre-specified arrangement of components and the anticipation of their interactions via reactive ECA policies. In this section, we present a new design, in which devices that run resilience mechanisms are associated with agents that follow the BDI architecture. This design, implemented in the BDI2DoS application, not only allows dynamic instantiation of components without requiring human intervention, but also captures
Implementation and evaluation
BDI2DoS was implemented using the BDI4JADE platform, which was integrated with the PReSET resilience simulator to build an evaluation testbed. This integration as well as the experimental evaluation of BDI2DoS are presented next.
Related work
Many approaches use autonomous software components to ensure network resilience. However, these approaches, e.g., Nguengang et al., 2006, Yang and Chang, 2011, Preetha et al., 2014, often only decompose a proposed solution into software components, each with a specified responsibility, executed reactively like in object-oriented software, and typically do not employ any particular agent-based technique. Likewise, focusing on cloud computing, a software component referred to as security agent
Conclusion
In this paper, we presented BDI2DoS, a multi-agent application composed of BDI agents to combat DDoS attacks and ensure network resilience. The BDI2DoS design is based on capabilities that are building blocks to instantiate agents. Agents collaborate in our application by delegating goals to other agents, when an agent cannot itself achieve a goal. Differently from existing approaches, if problems occur during the execution of the anticipated behaviour, agent interactions lead to the prevention
Acknowledgements
This work receives financial support of CNPq, project ref. 442582/2014-5. Ingrid Nunes thanks for research grants CNPq ref. 303232/2015-3, CAPES ref. 7619-15-4, and Alexander von Humboldt, ref. BRA 1184533 HFSTCAPES-P. Alberto Schaeffer-Filho would like to thank CNPq for research grant ref. 311088/2015-5.
Ingrid Nunes is an Associate Professor at the Institute of Informatics, Universidade Federal do Rio Grande do Sul (UFRGS), Brazil, currently in a sabbatical year at TU Dortmund in Germany. She obtained her PhD in Informatics at the Pontifical Catholic University of Rio de Janeiro (PUC-Rio), Brazil. Her PhD was in cooperation with King's College London (UK) and University of Waterloo (Canada). She is the head of the Prosoft research group, and her main research areas are agent-oriented software
References (38)
- et al.
A multi-agent coordination model for the variation of underlying network topology
Expert Syst. Appl.
(2005) - et al.
A flexible framework for future internet design, assessment, and operation
Comput. Netw.
(2011) - et al.
Functional composition in future networks
Comput. Netw.
(2011) - et al.
Resilience and survivability in communication networksStrategies, principles, and survey of disciplines
Comput. Netw.: Spec. Issue Resilient Surviv. (COMNET)
(2010) - et al.
An active and intelligent network management system with ontology-based and multi-agent techniques
Expert Syst. Appl.
(2011) - Biegel, G., Cahill, V., 2004. A framework for developing mobile, context-aware applications. In: Pervasive Computing...
- et al.
Plans and resource-bounded practical reasoning
Comput. Intell.
(1988) - Busetta, P., Howden, N., Rönnquist, R., Hodgson, A., 2000. Structuring bdi agents in functional clusters. In:...
- et al.
Policy conflict analysis for diffserv quality of service management
IEEE Trans. Netw. Serv. Manag.
(2009) - Damianou, N., Dulay, N., Lupu, E., Sloman, M., 2001. The ponder policy specification language. In: Policies for...
An agent-based approach for building complex software systems
Commun. ACM
Decisions with multiple objectives: preferences and value trade-offs
Mobile-based dos attack security agent in sensor networking
Wirel. Pers. Commun.
Cited by (10)
Internet of things security: A multi-agent-based defense system design
2023, Computers and Electrical EngineeringResource-dependent contextual planning in AmI
2019, Procedia Computer ScienceAn ecosystem for anomaly detection and mitigation in software-defined networking
2018, Expert Systems with ApplicationsCitation Excerpt :Anomalies can harm network operation, so, countermeasures should be taken to nullify any event that may affect the quality of services provided to customers. The central points of a resiliency strategy are the management and the reconfiguration of detection and restoration mechanisms, which function as autonomous components in the network infrastructure (Nunes et al., 2017). While anomaly detection efforts such as monitoring and traffic classification provide the recognition and categorization of attacks, repair mechanisms can be used in the mitigation of these threats.
Research on the intent-driven network service resilience mechanism
2024, Xi'an Dianzi Keji Daxue Xuebao/Journal of Xidian UniversityResilience Network Controller Design for Multi-Domain SDN: A BDI-based Framework
2022, IEEE Vehicular Technology ConferenceDetection of DDOS Attack Using IDS Mechanism: A Review
2022, Proceedings of 2022 1st International Conference on Informatics, ICI 2022
Ingrid Nunes is an Associate Professor at the Institute of Informatics, Universidade Federal do Rio Grande do Sul (UFRGS), Brazil, currently in a sabbatical year at TU Dortmund in Germany. She obtained her PhD in Informatics at the Pontifical Catholic University of Rio de Janeiro (PUC-Rio), Brazil. Her PhD was in cooperation with King's College London (UK) and University of Waterloo (Canada). She is the head of the Prosoft research group, and her main research areas are agent-oriented software engineering and software maintenance and evolution.
Frederico Schardong is an M.Sc. student in computer science at the Federal University of Rio Grande do Sul (UFRGS), in Brazil. He achieved his Technologist Degree in Information Security in Universidade do Vale do Rio dos Sinos (UNISINOS), in 2015. His research interests include network security and resilience, Network Function Virtualization (NFV), machine learning and multi-agent systems. See http://www.inf.ufrgs.br/~fschardong for more information.
Alberto Schaeffer-Filho is an Associate Professor at the Institute of Informatics, Federal University of Rio Grande do Sul (UFRGS). He obtained his PhD in Computing from Imperial College London, UK, in 2009. Between 2009 and 2012, he worked as a Research Associate at the School of Computing and Communications (SCC), Lancaster University, UK. His research interests include network management, security and resilience, Network Functions Virtualization (NFV), Software-Defined Networking (SDN) and Policy-Based Network Management (PBNM). See http://www.inf.ufrgs.br/~alberto for selected papers.