This work addresses the challenge of classifying sophisticated bot traffic under the constraints of deployment in programmable network hardware. A novel dataset is presented that captures the behavioral differences between human and bot sessions in the context of e-commerce scalping. This dataset is generated using real browserbased human experiments and diverse automated bot clients. From the generated traffic, packet and flow features are extracted to train decision tree and random forest classifiers capable of identifying both bot and human traffic with high precision. To showcase the potential of in-network deployment, these models are converted into match-action tables and evaluated under the constraints of typical programmable hardware (e.g TCAM-based switches). While the training and test sets are limited in volume, results demonstrate that the models retain up to 89% accuracy with low false positive rates, generalizing well to unseen bot strategies. These findings highlight the viability of deploying bot detection for scalping events at line-rate using P4-based machine learning pipelines, offering a proof-of-concept for real-time mitigation of malicious scalping traffic at the network edge. Hardware deployment and evaluation of such classification models in real high-traffic events remains as future work.

Adaptive bitrate (ABR) algorithms for video streaming aim to maximize user Quality of Experience (QoE) by adjusting video quality to network conditions. Pensieve is a pioneering ABR algorithm that uses deep reinforcement learning (RL) to outperform conventional approaches [1]. However, like other deep RL policies, Pensieve may be vulnerable to adversarial perturbations in its state observations. In this paper, we investigate the robustness of Pensieve under adversarial state perturbations and propose adversarial training to harden it. We consider an adversary that injects small bounded errors into Pensieve’s input state (e.g., throughput history, buffer level, etc.), with the goal of inducing rebuffering events playback stalls) that severely degrade QoE. We develop two attack methods: one based on Bayesian Optimization (BO) to find worst-case perturbations in a black-box manner, and another based on Projected Gradient Descent (PGD) as a white-box attack using Pensieve’s policy network gradients. We then adversarially train Pensieve against these attacks to produce robust models.

We present a comprehensive evaluation using the standard Pensieve simulation environment (with the Mahimahi network trace emulator [2]) to compare the BO and PGD adversaries and the resulting robust policies. Our results show that even small input perturbations (within a maximum norm of 5–10% of feature values) can greatly increase rebuffering time for the original Pensieve (by 5–10×). The BO-based adversary is highly effective, finding perturbations that increase rebuffering by up to 20% more than PGD-based attacks, albeit with more attack queries. Adversarial training with either attack significantly improves Pensieve’s robustness: after training, rebuffering induced by attacks drops by 60–70%. The BO-adversarially-trained model is the most robust, with only a minor QoE degrading scenarios. We discuss the efficiency trade-offs between BO and PGD (BO requires fewer iterations but more simulation time per attack, while PGD is faster per attack but somewhat less optimal), and show that adversarially trained Pensieve generalizes well to unforeseen perturbations. This work demonstrates that adversarial training can substantially bolster the reliability of RL-based streaming algorithms against both malicious attacks and noiselike disturbances, paving the way for safer deployment in real-world networks.