Federated Deep Reinforcement Learning for Traffic Monitoring in SDN-Based IoT Networks
This paper proposes a novel traffic monitoring framework, namely, DeepMonitor, for SDN-based IoT networks to provide fine-grained traffic analysis capability for different IoT traffic types at the network edges. Specifically, we first develop an intelligent flow rule match-field control system, called DeepMonitor agent, for SDN-based IoT edge nodes, taking different granularity-level requirements and their maximum flow-table capacity into consideration. We then formulate the control optimization problem for each edge node employing the Markov decision process (MDP). Next, we develop a double deep Q-network (DDQN) algorithm to quickly achieve the optimal flow rule match-field policy. Moreover, we propose a federated DDQN-based traffic monitoring mechanism to significantly improve the learning performance of the edge nodes. The results obtained through extensive emulations show that by applying the DeepMonitor, the flow-table overflow problem at the edge nodes can be completely bypassed. The average number of match-fields in a flow rule achieved by DeepMonitor is increased by approximately 37% (for medium and diverse granularity-level requirements) and 41.9% (for high granularity-level requirement) compared to that of an existing solution, i.e., FlowStat. Finally, by adopting DeepMonitor, the DDoS attack detection performance of an intrusion detection system can be enhanced by up to 22.83% compared with that of FlowStat.
IEEE Transactions on Cognitive Communications and Networking
Digital Object Identifier (DOI)