DDPG-SDPCR: A DDPG-based Software Defined Perimeter Components Redeployment

• Zheng Zhang,
• Quan Ren,
• Jie Lu,
• Yuxiang Hu,
• Hongchang Chen,

Vol. 18, No. 9, September 30, 2024
10.3837/tiis.2024.09.014, Download Paper (Free):

• SDP
• DDPG
• attack tolerance
• Endogenous security

Abstract

In wide area SDP networks, the failure of SDP components caused by malicious attacks will be accompanied by different deployment locations, profoundly affecting network service latency. However, traditional deployment methods based on prior knowledge are no longer applicable to dynamic SDP networks. This article proposes a dynamic and dimensionally variable deployment mechanism DDPG-SDPCR for SDP components based on DDPG, which enhances the network's endogenous security capability and improves attack tolerance. Based on this, we constructed corresponding mathematical models for latency, load balancing, and attack tolerance. The DDPG-SDPCR mechanism dynamically deploys new SDP nodes to replace faulty nodes based on the real-time status of the network, thereby achieving imperceptible attack tolerance for users. We have implemented a wide area SDP prototype with endogenous security capabilities and evaluated it under different network topologies, traffic sizes, and network attacks. The evaluation results indicate that under high traffic conditions, our proposed redeployment mechanism outperforms the baseline by 36.42% in latency, and only increases by 19.24% compared to the non attacked situation.

Statistics

Cite this article