Xu Chen,Wei Feng,Yantian Luo,Meng Shen,Ning Ge,Xianbin Wang

DOI: https://doi.org/10.1109/jiot.2021.3093538

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:The link flooding attack (LFA) has emerged as a new category of distributed denial of service (DDoS) attacks in recent years. Along with the massive deployment of low-cost insecure Internet-of-Things (IoT) devices, the fast proliferation of IoT botnets dramatically increases the risk of LFAs. However, how to efficiently defend against LFAs in IoT still remains as an open problem. To overcome this challenge, we model the interaction between an LFA attacker and the network manager as a two-person Bayesian game in this article to precisely characterize the behaviors of both sides. Then, the rational behaviors of the attacker and the optimal strategies of the defender are unveiled by deriving the Bayesian Nash equilibrium (BNE). Inspired by the obtained BNEs, a cost-effective decision framework is proposed for the defender to make defense decisions. Furthermore, we numerically analyze the effect of all the related factors and present feasible suggestions to deter attack motivations fundamentally. Experimental results demonstrate that the proposed method not only consistently outperforms baseline methods in terms of the defender's utilities under different attack intensities, but also is robust to the changes in important parameters, including the value of benign traffic and the latency of traffic scrubbing.

computer science, information systems,telecommunications,engineering, electrical & electronic

Junchi Xing,Jingling Cai,Boyang Zhou,Chunming Wu

DOI: https://doi.org/10.1109/iscc47284.2019.8969595

2019-01-01

Abstract:Recently, link flooding attacks (LFA) have been observed as a serious threat for cutting off the Internet connectivity through congesting critical links. A LFA typically utilizes legitimate and low-rate flows, which makes it extremely hard to be detected and, subsequently, to be mitigated. In this paper, we present LF-Shield, that is a deep convolutional neural network (ConvNet) based countermeasure to accurately detect and efficiently mitigate LFAs using software-defined network (SDN) paradigm. LF-Shield can identify malicious bots that launch LFA flows by extracting end-hosts' traffic features and afterwards, classifying the type of end-hosts based on deep ConvNet. Then, LF-Shield mitigates LFAs without affecting legitimate end-hosts through blocking the classified malicious bots and limiting the bandwidths of inactive or newly-accessed end-hosts. A LF-Shield prototype is implemented for evaluating its performance by several experiments. The experimental results demonstrate that LF-Shield can identify malicious bots with an accuracy of 96.4% and mitigate LFAs with the 93.1% reduction in link degradation ratio, with negligible impact on legitimate end-hosts.

Xin Wang,Xiaobo Ma,Jiahao Peng,Jianfeng Li,Lei Xue,Wenjun Hu,Li Feng

DOI: https://doi.org/10.1109/access.2021.3131503

IF: 3.9

2021-01-01

IEEE Access

Abstract:The emerging link flooding attacks (LFAs) are one type of attacks that attract significant attention in both academia and industry against the routing infrastructure. The attack traffic flows originating from bots (e.g., compromised IoT devices) are deliberately aggregated at upstream critical links and grow intensified, gradually making a network connected to the critical links disconnected. Although LFAs are far more sophisticated than traditional DDoS attacks, whether such sophistication comes without a downside has never been investigated. In this paper, by modeling link flooding attacks and defenses, we tackle a series of questions concerning the practical issues of LFAs. Specifically, from the perspective of attacks, we advance a novel notion of strike precision, and reveal that LFAs may exhibit attack interference (i.e., unexpectedly interfere the connectivity of innocent networks) which might undermine the stealthiness and persistence of LFAs. From the perspective of defenses, we make the first step to study attack intention, i.e., inversely inferring the target network to disconnect based on the identified links under attack. Furthermore, we consider a strong defender who employs traffic engineering to mitigate LFAs, and formulate the game-theoretic interactions between attackers and defenders. The experiment results show that attack interference is pervasive, and our proposed SPAH flooding strategy can substantially lower attack interference and increase strike precision. Moreover, we demonstrate that LFAs can be effectively mitigated based on traffic engineering from a game-theoretic perspective, wherein the defender can adopt non-cooperative measurement techniques to achieve light-weight and multi-protocol-based robust probe deployment.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiaobo Ma,Bo An,Mengchen Zhao,Xiapu Luo,Lei Xue,Zhenhua Li,Tony T. N. Miu,Xiaohong Guan

DOI: https://doi.org/10.1109/TDSC.2019.2892370

2020-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:With the advancement of large-scale coordinated attacks, the adversary is shifting away from traditional distributed denial of service (DDoS) attacks against servers to sophisticated DDoS attacks against Internet infrastructures. Link flooding attacks (LFAs) are such powerful attacks against Internet links. Employing network measurement techniques, the defender could detect the link under attack. However, given the large number of Internet links, the defender can only monitor a subset of the links simultaneously, whereas any link might be attacked. Therefore, it remains challenging to practically deploy detection methods. This paper addresses this challenge from a game-theoretic perspective, and proposes a randomized approach (like security patrolling) to optimize LFA detection strategies. Specifically, we formulate the LFA detection problem as a Stackelberg security game, and design randomized detection strategies in consideration of the adversary's behavior, where best and quantal response models are leveraged to characterize the adversary's behavior. We employ a series of techniques to solve the nonlinear and nonconvex NP-hard optimization problems for finding the equilibrium. The experimental results demonstrate the necessity of handling LFAs from a game-theoretic perspective and the effectiveness of our solutions. We believe our study is a significant step forward in formally understanding LFA detection strategies.

Wei Wei,Yabo Dong,Dongming Lu,Guang Jin

DOI: https://doi.org/10.1109/ICCIS.2008.4670732

2008-01-01

Abstract:Distributed defense of DDoS (Distributed Denial of Service) attack has been extensively researched in recent years and control-based defense is a hopeful way. However, existed methods only deal with bandwidth protection. The paper takes defense of DDoS flood as a kind of Processing and Bandwidth Resources allocation and solves it using control theory. Our defense mechanism FFDRF (Feedback Filtering with Dual-Resource Fairness) sets up filters in edge routers of AS and adjusts the filtering thresholds through feedback between these routers and the victim. The simulation results show that FFDRF can make the legitimate traffic keep high survival rate while is stable and converges quickly even in case of heterogeneous flow sources and link conditions. Compared with level-k max-min fairness defense, FFDRF is more effective against CPU-consuming flood. And an implementation of FFDRF in a linux router indicates that FFDRF is feasible in real-life routers. © 2008 IEEE.

Xiaobo Ma,Jianfeng Li,Yajuan Tang,Bo An,Xiaohong Guan

DOI: https://doi.org/10.1016/j.ins.2018.04.050

IF: 8.1

2019-01-01

Information Sciences

Abstract:As an emerging threat, link flooding attacks (LFAs) target and congest core links that constitute Internet routing infrastructure, hence posing a growing threat to networks worldwide. Mitigating and defeating LFAs is particularly challenging for two reasons. First, arising from the end-to-end communication from bots to public servers (e.g., Web servers), the attack traffic flows could be indistinguishable from legitimate ones, and even unobservable to the victim network surrounded by the target links. Therefore, typical flow-filtering countermeasures deployed at the network perimeter become invalid when handling LFAs. Second, the target link and the victim network belong to an autonomous system (AS) different from the source ASs where the attack traffic flows originate. These source ASs, however, have no idea the target link is under attack, whereas they are in charge of routing decisions and thus capable of mitigating LFAs by rerouting the attack traffic flows to bypass the target link. Therefore, inter-AS cooperation is indispensable to defeat LFAs. Unfortunately, the source ASs lack incentives to cooperate because the collateral damage of LFAs to them may be negligible, making it challenging to eradicate LFAs. In this paper, we make the first effort to cope with LFAs from a techno-economic perspective, for accelerating ISPs’ cooperation in defending against LFAs. We propose two novel mechanisms to mitigate LFAs by stimulating the inter-AS cooperation via incentive design and Nash bargaining. Experiments using Internet AS relationship data demonstrate the feasibility and effectiveness of our mechanisms.

Sun Hancun,Chen Xu,Luo Yantian,Ge Ning

DOI: https://doi.org/10.23919/jcc.fa.2024-0209.202411

2024-12-04

China Communications

Abstract:Link flooding attack (LFA) is a type of covert distributed denial of service (DDoS) attack. The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet. Recently, the proliferation of Internet of Things (IoT) has increased the quantity of vulnerable devices connected to the network and has intensified the threat of LFAs. In LFAs, attackers typically utilize low-speed flows that do not reach the victims, making the attack difficult to detect. Traditional LFA defense methods mainly reroute the attack traffic around the congested link, which encounters high complexity and high computational overhead due to the aggregation of massive attack traffic. To address these challenges, we present an LFA defense framework which can mitigate the attack flows at the border switches when they are small in scale. This framework is lightweight and can be deployed at border switches of the network in a distributed manner, which ensures the scalability of our defense system. The performance of our framework is assessed in an experimental environment. The simulation results indicate that our method is effective in detecting and mitigating LFAs with low time complexity.

telecommunications

Qian Wang,Feng Xiao,Man Zhou,Zhibo Wang,Hongyu Ding

2017-01-01

Abstract:Link-flooding attack (LFA) has emerged as a serious threat to Internet which cuts off connections between legitimate hosts and targeted servers by flooding only a few links (e.g., target links). Several mechanisms have been proposed to mitigate LFA, however, they can only mitigate LFA passively after target links have been compromised by adversaries. Based on the fact that adversaries rely on network linkmap to launch LFA, in this paper, we propose an active LFA mitigation mechanism, called Linkbait, that actively mitigates LFA by providing a fake linkmap to adversaries. Inspired by Moving Target Defense (MTD), we propose a link obfuscation algorithm in Linkbait that selectively reroutes detecting flows to hide target links from adversaries and mislead them to consider some bait links as target links. By providing the faked linkmap to adversaries, Linkbait can actively mitigate LFA even without identifying bots and does not affect flows from legitimate hosts. In order to further reduce the junk traffic generated by adversaries from entering the network, we propose a bot detection algorithm in Linkbait that extracts unique traffic patterns from LFA and leverages Support Vector Machine to accurately distinguish bots from legitimate hosts. Finally, we evaluate the feasibility of implementing Linkbait in real Internet, and evaluate its performance by using both a real-world testbed and large-scale simulations. The analyses and experiments results demonstrate the effectiveness of Linkbait.

Hancun Sun,Xu Chen,Yantian Luo,Wei Feng,Yunfei Chen,Ning Ge

DOI: https://doi.org/10.1109/icct59356.2023.10419782

2023-01-01

Abstract:Link flooding attack (LFA) is a kind of stealthy distributed denial of service (DDoS) attack that has been commonly exploited by attackers to disconnect victims from the Internet by congesting critical links on the paths. With the development of 5G, a massive number of insecure Internet of Things (IoT) devices have been connected to the network, which significantly increases the risk of LFA. Detecting and mitigating LFA is difficult since malicious traffic is of low speed and protocol confirming from legitimate traffic. Traditional LFA detection methods face the challenge of high complexity. Due to the numerous attack sources of LFA, the mainstream traffic engineering-based mitigation methods introduce high signaling communication costs. To over-come these challenges, we propose a novel LFA defense system in software defined networking (SDN) architecture that consists of a distributed relative entropy-based LFA detection method and an optimized rerouting method for LFA mitigation. This framework is lightweight to implement. It can not only reduce the communication overhead of signaling transmission in mitigation, but also avoid the cascading congestion of other links after rerouting. We verify our detection and mitigation method in an experimental testbed. Numerical results show that our method can detect and mitigate LFAs effectively with low cost.

Qian Wang,Feng Xiao,Man Zhou,Zhibo Wang,Qi Li,Zhetao Li

2017-01-01

Abstract:Link-flooding attack (LFA) has emerged as a serious threat to Internet which cuts off connections between legitimate hosts and targeted servers by flooding only a few links (e.g., target links). Several mechanisms have been proposed to mitigate LFA, however, they can only mitigate LFA after target links have been compromised by adversaries. Based on the fact that adversaries rely on network linkmap to discover weakness of the network, in this paper, we propose an active LFA mitigation mechanism, called Linkbait, that actively and preventively mitigates LFA by providing a fake linkmap to adversaries. Inspired by Moving Target Defense (MTD), we propose a link obfuscation algorithm in Linkbait that selectively reroutes probing flows to hide target links from adversaries and mislead them to consider some bait links as target links. By providing the faked linkmap to adversaries, Linkbait can actively mitigate LFA even without identifying bots and does not affect flows from legitimate hosts. In order to further reduce the junk traffic generated by adversaries from entering the network, we propose a bot detection algorithm in Linkbait that extracts unique traffic patterns from LFA and leverages Support Vector Machine to accurately distinguish bots from legitimate hosts. Finally, we evaluate the feasibility of implementing Linkbait in real Internet, and evaluate its performance by using both a real-world testbed and large-scale simulations. The analyses and experiments results demonstrate the effectiveness of Linkbait.

Yen-Hung Chen,Yuan-Cheng Lai,Pi-Tzong Jan,Ting-Yi Tsai

DOI: https://doi.org/10.3390/s21041027

2021-02-03

Abstract:(1) Background: Link flooding attacks (LFA) are a spatiotemporal attack pattern of distributed denial-of-service (DDoS) that arranges bots to send low-speed traffic to backbone links and paralyze servers in the target area. (2) Problem: The traditional methods to defend against LFA are heuristic and cannot reflect the changing characteristics of LFA over time; the AI-based methods only detect the presence of LFA without considering the spatiotemporal series attack pattern and defense suggestion. (3) Methods: This study designs a deep ensemble learning model (Stacking-based integrated Convolutional neural network-Long short term memory model, SCL) to defend against LFA: (a) combining continuous network status as an input to represent "continuous/combination attacking action" and to help CNN operation to extract features of spatiotemporal attack pattern; (b) applying LSTM to periodically review the current evolved LFA patterns and drop the obsolete ones to ensure decision accuracy and confidence; (c) stacking System Detector and LFA Mitigator module instead of only one module to couple with LFA detection and mediation at the same time. (4) Results: The simulation results show that the accuracy rate of SCL successfully blocking LFA is 92.95%, which is 60.81% higher than the traditional method. (5) Outcomes: This study demonstrates the potential and suggested development trait of deep ensemble learning on network security.

Yuling Liu,Dengguo Feng,Yifeng Lian,Kai Chen,Yingjun Zhang

DOI: https://doi.org/10.1007/978-3-642-38033-4_4

2013-01-01

Abstract:In a typical DDoS attack and defense scenario, both the attacker and the defender will take actions to maximize their utilities. However, each player does not know his opponent’s investment and cannot adopt the optimal strategies. We formalize a Bayesian game model to handle these uncertainties and specify two problems usually faced by the defender when choosing defense measures. A nonlinear programming method is proposed to handle policies’ permutation in order to maximize the defender’s utility. Followed the Nash equilibrium, security administrators can take optimal strategies. Finally, the practicality and effectiveness of the model and method are illustrated by an example.

Ziming Zhao,Zhuotao Liu,Huan Chen,Fan Zhang,Zhuoxue Song,Zhaoxuan Li

DOI: https://doi.org/10.1109/tdsc.2023.3349180

2024-01-01

Abstract:Defending against Distributed Denial of Service (DDoS) attacks is a fundamental problem in the Internet. Over the past few decades, the research and industry communities have proposed a variety of solutions, from adding incremental capabilities to the existing Internet routing stack, to clean-slate future Internet architectures, and to widely deployed commercial DDoS prevention services. Yet a recent interview with over 100 security practitioners in multiple sectors reveals that existing solutions are still insufficient against , due to either unenforceable protocol deployment or non-comprehensive traffic filters. This seemingly endless arms race with attackers probably means that we need a fundamental paradigm shift. In this paper, we propose a new DDoS prevention paradigm named preference-driven and in-network enforced traffic shaping , aiming to explore the novel DDoS prevention norms that focus on delivering victim-preferred traffic rather than consistently chasing after the DDoS attacks. Towards this end, we propose DFNet, a novel DDoS prevention system that provides reliable delivery of victim-preferred traffic without full knowledge of DDoS attacks. At a very high level, the core innovative design of DFNet embraces the advances in Machine Learning (ML) and new network dataplane primitives, by encoding the victim's traffic preference (in the form of complex ML models) into dataplane packet scheduling algorithms such that the victim-preferred traffic is forwarded with priority at line-speed, regardless of the attacker strategy. We implement a prototype of DFNet in 11,560 lines of code, and extensively evaluate it on our testbed. The results show that a single instance of DFNet can forward 99.93% of victim-desired traffic when facing previously unseen attacks, while imposing less than 0.1% forwarding overhead on a dataplane with 80 Gbps upstream links and a 40 Gbps bottleneck.

Lei Wang,Qing Li,Yong Jiang,Jianping Wu

DOI: https://doi.org/10.1109/iscc.2016.7543772

2016-01-01

Abstract:Link flooding attack (LFA), as a new type of DDoS attack, can degrade or even cut off network connectivity of a target area. This attack employs legitimate, low-density flows to flood a group of selected links. Therefore, these malicious flows can hardly be distinguished by traditional schemes. In this paper, we propose a scheme called Woodpecker, which makes the LFA more difficult to take effect. First, we select M routers and upgrade them into SDN switches that can maximize the network connectivity. Second, we propose a proactive probe approach to quickly locate the congested links and judge whether LFA occurs. Finally, Woodpecker employs centralized traffic engineering based on the upgraded nodes, which can make the traffic balanced enough to eliminate the routing bottlenecks likely to be utilized by the adversary. We evaluate our scheme by comprehensive experiments. The results show that: 1) the bandwidth utilization of LFA-attacked links can be reduced by around 50%; 2) the average packet loss rate and jitter can be effectively mitigated under LFA attacks.

Xuyang Ding,Feng Xiao,Man Zhou,Zhibo Wang

DOI: https://doi.org/10.1109/trustcom50675.2020.00040

2020-01-01

Abstract:The DDoS attack is a serious threat to Internet of Things (IoT).As a new class of DDoS attack, Link-flooding attack (LFA) disrupts connectivity between legitimate IoT devices and target servers by flooding only a small number of links.In this paper, we propose an active LFA mitigation mechanism, called Linkbait, that is a proactive and preventive defense to throttle LFA for IoT.We propose a link obfuscation algorithm in Linkbait that selectively reroutes probing flows to hide target links from adversaries and mislead them to identify bait links as target links.To block attack traffic and further reduce the impact in IoT, we propose a compromised IoT devices detection algorithm that extracts unique traffic patterns of LFA for IoT and leverages support vector machine (SVM) to identify attack traffic.We evaluate the performance of Linkbait by using both real-world experiments and large-scale simulations.The experimental results demonstrate the effectiveness of Linkbait.

Gaoxin Qi,Jichao Li,Chi Xu,Gang Chen,Kewei Yang

DOI: https://doi.org/10.3390/e25010057

IF: 2.738

2022-12-29

Entropy

Abstract:Today, people rely heavily on infrastructure networks. Attacks on infrastructure networks can lead to significant property damage and production stagnation. The game theory provides a suitable theoretical framework for solving the problem of infrastructure protection. Existing models consider only the beneficial effects that the defender obtains from information gaps. If the attacker's countermeasures are ignored, the defender will become passive. Herein, we consider that a proficient attacker with a probability in the game can fill information gaps in the network. First, we introduce the link-hiding rule and the information dilemma. Second, based on the Bayesian static game model, we establish an attack–defense game model with multiple types of attackers. In the game model, we consider resource-consistent and different types of distributions of the attacker. Then, we introduce the solution method of our model by combining the Harsanyi transformation and the bi-matrix game. Finally, we conduct experiments using a scale-free network. The result shows that the defender can be benefited by hiding some links when facing a normal attacker or by estimating the distribution of the attacker correctly. The defender will experience a loss if it ignores the proficient attacker or misestimates the distribution.

physics, multidisciplinary

Lei Wang,Qing Li,Yong Jiang,Xuya Jia,Jianping Wu

DOI: https://doi.org/10.1016/j.comnet.2018.09.021

IF: 5.493

2018-01-01

Computer Networks

Abstract:Link-flooding attack (LFA), as a new type of DDoS attack, can degrade or even cut off network connectivity of a target area. This attack employs legitimate, low-density flows to flood a group of selected links. Therefore, these malicious flows can hardly be distinguished by traditional defense technologies. In our scheme, we first select M routers and upgrade them into SDN switches to maximize the network connectivity. Then, we propose a proactive probe approach to rapidly locate the congested links. Next, our scheme employs a global judgment algorithm to determine whether the network is under LFA or not. Finally, Woodpecker employs the core defense measure that based on the centralized traffic engineering to make the traffic balanced and eliminate the routing bottlenecks that are likely to be utilized by the adversary. We evaluate our scheme through comprehensive experiments. The results show that the bandwidth utilization of LFA-attacked links can be reduced by around 50% and that the average packet loss rate and jitter can be effectively decreased under LFA attacks.

Yingfu Wu,Bingyi Kang,Hao Wu

DOI: https://doi.org/10.1016/j.engappai.2021.104238

IF: 8

2021-06-01

Engineering Applications of Artificial Intelligence

Abstract:<p>It is a common case that Wireless Sensor Networks are attacked by malware in the real world. According to the game theory, the action of attack–defense between Wireless Sensor Network(WSN) and malware can be regarded as a game. While substantial efforts have been made to address this issue, most of these efforts have predominantly focused on the analysis of attack–defense game in the known environment. Given that the process of gaming in real world often contains a lot of fuzzy information, we extend the focus in this line by considering the fuzzy exterior environment. Specifically, we assume the WSN attack–defense Stackelberg game is in the fuzzy environment by using fuzzy variable. Then Stackelberg game theory is utilized to calculate the equilibrium solutions of the introduced <span class="math"><math>maximax</math></span> chance-constrained model and <span class="math"><math>minimax</math></span> chance-constrained model. Based on the simulation data, this study demonstrates the confidence levels and decision perspectives affect the optimal strategy of WSN and the reliability of WSN. Finally, the novel analytical method is compared with the non-fuzzy WSN attack–defense game method. The analysis shows that the novel approach is optimal in terms of predicting the behavior of malware in resisting the attack of malware.</p>

automation & control systems,computer science, artificial intelligence,engineering, electrical & electronic, multidisciplinary

Rufan Bai,Haoxing Lin,Xinyu Yang,Xiaowei Wu,Minming Li,Weijia Jia

DOI: https://doi.org/10.48550/arXiv.2012.01036

2020-12-09

Abstract:In classic network security games, the defender distributes defending resources to the nodes of the network, and the attacker attacks a node, with the objective to maximize the damage caused. Existing models assume that the attack at node u causes damage only at u. However, in many real-world security scenarios, the attack at a node u spreads to the neighbors of u and can cause damage at multiple nodes, e.g., for the outbreak of a virus. In this paper, we consider the network defending problem against contagious attacks. Existing works that study shared resources assume that the resource allocated to a node can be shared or duplicated between neighboring nodes. However, in real world, sharing resource naturally leads to a decrease in defending power of the source node, especially when defending against contagious attacks. To this end, we study the model in which resources allocated to a node can only be transferred to its neighboring nodes, which we refer to as a reallocation process. We show that this more general model is difficult in two aspects: (1) even for a fixed allocation of resources, we show that computing the optimal reallocation is NP-hard; (2) for the case when reallocation is not allowed, we show that computing the optimal allocation (against contagious attack) is also NP-hard. For positive results, we give a mixed integer linear program formulation for the problem and a bi-criteria approximation algorithm. Our experimental results demonstrate that the allocation and reallocation strategies our algorithm computes perform well in terms of minimizing the damage due to contagious attacks.

Computer Science and Game Theory

Jianhua Liu,Xin Wang,Shigen Shen,Guangxue Yue,Shui Yu,Minglu Li

DOI: https://doi.org/10.1109/jiot.2020.3038554

IF: 10.6

2021-05-01

IEEE Internet of Things Journal

Abstract:To enhance dependable resource allocation against increasing distributed denial-of-service (DDoS) attacks, in this article, we investigate interactions between a sensor device–edgeVM pair and a DDoS attacker using a game-theoretic framework, under the constraints of the task time, resource budget, and incomplete knowledge of the processing time of machine learning tasks. In this game, the sensor device expects an edgeVM to cooperate and choose its resource allocation strategy with the objective of satisfying the minimum resource required of machine learning tasks at the corresponding sensor device. Similarly, the attacker's objective is to strategically allocate resources so that the resource constraint of the machine learning tasks is not satisfied. Owing to a lack of complete information of the processing time of the machine learning tasks, this strategic resource allocation problem between the two players is modeled as a Bayesian $Q$ -learning game, in which the optimal strategies of the sensor device–edgeVM pair and the attacker are analyzed. Furthermore, probability distributions are employed by the corresponding players to model the incomplete nature of the game and a greedy $Q$ -learning algorithm is proposed to dependable resource allocation against DDoS attacks. Numerical simulation results demonstrate that the proposed mechanism is superior to other dependable resource allocation mechanisms under incomplete information for DDoS attacks in the sensor edge cloud.

computer science, information systems,telecommunications,engineering, electrical & electronic