Shurok's Ph.D defense

· 2 min read

On May 18th at 10:30, Shurok will be defending her Ph.D thesis entitled AI-Based Attack Response and Programmability of Future Networks at IMT in Palaiseau, Amphi 7.

The thesis committee is composed of:

  • Samiha Ayed (Professor at IMT Atlantique, reviewer)
  • Leïla Merghem-Boulahia (Professor at Université de Technologie de Troyes, reviewer)
  • Francesco Bronzino (Assoc. Professor, HDR at ENS Lyon, examiner)
  • Pierre Parrend (Professor at EPITA, examiner)
  • Eric Totel (Professor at Télécom SudParis, advisor)
  • Gregory Blanc (Assoc. Professor at Télécom SudParis, co-advisor)
  • Sébastien Tixeuil (Professor at Sorbonne University, guest)

Joining the project in October 2022, Shurok has produced several articles on the topic of Deep Reinforcement Learning-based attack mitigation in SDN networks, including one journal article, 3 conference articles and one workshop paper.

Below is the abstract of Shurok’s Ph.D manuscript:

The rise of 5G-enabled IoT delivers unprecedented speed, bandwidth, and low latency—but also expands the surface exposed to exploitation, as numerous resource-constrained and weakly secured devices introduce new entry points for attackers, increasing the risk of DDoS attacks. Static, rule-based defenses falter in dynamic environments and add latency, which is incompatible with today’s networks. This thesis introduces an adaptive framework that combines SDN programmability with Deep Reinforcement Learning—specifically Double Deep Q-Networks (DDQN)—to provide autonomous, QoS-aware mitigation framework of DDoS flooding attacks. Across three complementary approaches, we (i) formulate a remediation pipeline that learns to select countermeasures in response to varied environment’s situations while minimizing collateral impact ; (ii) introduce scalable modeling techniques—including group-based state projection to reduce dimensionality and modular neural architectures with permutation-invariant/equivariant functions—to generalize across network sizes and entry-point placements without retraining. We implement and evaluate the framework in emulated SDN testbeds across extended network topologies and varied operational conditions, exercising common network- and application-layer attacks. Results demonstrate effective mitigation of attacker traffic, improved throughput for benign users, with minimal added latency under load, alongside lower computational overhead and reduced manual intervention by automatically selecting and installing mitigation countermeasures.