Deep Reinforcement Learning Approaches for Scalable and QoS-Preserving DDoS Mitigation in Software-Defined Networks

Abstract

The rise of 5G-enabled IoT delivers unprecedented speed, bandwidth, and low latency, but also expands the surface exposed to exploitation, as numerous resource-constrained and weakly secured devices introduce new entry points for attackers, increasing the risk of DDoS attacks. Static, rule-based defenses falter in dynamic environments and add latency, which is incompatible with today’s networks. This thesis introduces an adaptive framework that combines SDN programmability with Deep Reinforcement Learning—specifically Double Deep Q-Networks (DDQN)—to provide an autonomous, QoS-aware mitigation framework for DDoS flooding attacks. Across three complementary approaches, we (i) formulate a remediation pipeline that learns to select countermeasures in response to varied environment’s situations while minimizing collateral impact, and (ii) introduce scalable modeling techniques, including group-based state projection to reduce dimensionality and modular neural architectures with permutation-invariant/equivariant functions, to generalize across network sizes and entry-point placements without retraining. We implement and evaluate the framework in emulated SDN testbeds across extended network topologies and varied operational conditions, exercising common network- and application-layer attacks. Results demonstrate effective mitigation of attacker traffic, improved throughput for benign users, with minimal added latency under load, alongside lower computational overhead and reduced manual intervention by automatically selecting and installing mitigation countermeasures.

Bio

Shurok Khozam is a final-year PhD candidate in Computer Science at Télécom SudParis, Institut Polytechnique de Paris, France. She is defending on 18 may 2026. Her research focuses on artificial intelligence-driven cybersecurity, with particular emphasis on deep reinforcement learning for DDoS attack mitigation in Software-Defined Networking environments. Her work addresses scalable and adaptive network defense mechanisms while preserving Quality of Service. She has authored several publications in international journals and conferences in the fields of cybersecurity, machine learning, and programmable networks. In addition to her research activities, she has teaching experience in computer programming and network security.