668 research outputs found
MERLINS – Moving Target Defense Enhanced with Deep-RL for NFV In-Depth Security
Moving to a multi-cloud environment and service-based architecture, 5G and future 6G networks require additional defensive mechanisms to protect virtualized network resources. This paper presents MERLINS, a novel architecture generating optimal Moving Target Defense (MTD) policies for proactive and reactive security of network slices. By formally modeling telecommunication networks compliant with Network Function Virtualization (NFV) into a multi-objective Markov Decision Process (MOMDP), MERLINS uses deep Reinforcement Learning (deep-RL) to optimize the MTD strategy that considers security, network performance, and service level requirements. Practical experiments on a 5G testbed showcase the feasibility as well as restrictions of MTD operations and the effectiveness in mitigating malware infections. It is observed that multi-objective RL (MORL) algorithms outperform state-of-the-art deep-RL algorithms that scalarize the reward vector of the MOMDP. This improvement by a factor of two leads to a better MTD policy than the baseline static counterpart used for the evaluation
Federated Reinforcement Learning for Private and Collaborative Selection of Moving Target Defense Mechanisms for IoT Device Security
The Internet of Things (IoT) has grown exponentially in recent years and it is predicted that the number of devices will double again to 30 billion by 2030 [24]. At the same time, the number of unpatched, vulnerable and infected devices connected to the Internet is increasing exponentially as well. Famous malware incidents from the past like Mirai have painfully illustrated how vulnerable IoT devices are on a broad scale. This work examines how Moving Target Defense (MTD) can be used in a collaborative framework for defense in depth and to thwart cyberattacks. For this purpose, a system prototype has
been implemented that is capable of autonomously learning to defend a set of IoT devices (more specifically Radio Frequency Spectrum Sensors belonging to ElectroSense) from a specific set of malware by selecting and deploying MTDs. In scientific literature, usually individual MTDs optimized against specific attacks are presented, but no collaborative framework that combines and orchestrates a set of MTDs. In the prototypical implementation, an individual local agent is deployed on a set of simulated devices, monitoring the behavior of its host, according to 100 system parameters. In case an attack is detected, the local agent is invoked in order to select from a set of MTDs to ward off the attack. If the post-MTD device behavior can be considered normal again, the local agent receives a reward, which is used to update the local policy. Thanks to the use of FL, all local agents contribute to learning one global defense policy together. The project shows that a good attack mitigation probability can be achieved in nonfederated as well as federated learning setting. Furthermore, the system also proves to be somewhat robust against locally and globally skewed sample distributions. Under certain assumptions it can also be assumed that collaborative learning of an MTD selection policy is faster and more robust than centralized learning. The findings on how FRL can be used in IT security to collaboratively learn an MTD selection policy contribute to the state of the art on MTD
Edge AI Empowered Physical Layer Security for 6G NTN: Potential Threats and Future Opportunities
Due to the enormous potential for economic profit offered by artificial
intelligence (AI) servers, the field of cybersecurity has the potential to
emerge as a prominent arena for competition among corporations and governments
on a global scale. One of the prospective applications that stands to gain from
the utilization of AI technology is the advancement in the field of
cybersecurity. To this end, this paper provides an overview of the possible
risks that the physical layer may encounter in the context of 6G
Non-Terrestrial Networks (NTN). With the objective of showcasing the
effectiveness of cutting-edge AI technologies in bolstering physical layer
security, this study reviews the most foreseeable design strategies associated
with the integration of edge AI in the realm of 6G NTN. The findings of this
paper provide some insights and serve as a foundation for future investigations
aimed at enhancing the physical layer security of edge servers/devices in the
next generation of trustworthy 6G telecommunication networks.Comment: 7 pages, 6 figures, magazin
Resource Allocation in Networking and Computing Systems: A Security and Dependability Perspective
In recent years, there has been a trend to integrate networking and computing systems, whose management is getting increasingly complex. Resource allocation is one of the crucial aspects of managing such systems and is affected by this increased complexity. Resource allocation strategies aim to effectively maximize performance, system utilization, and profit by considering virtualization technologies, heterogeneous resources, context awareness, and other features. In such complex scenario, security and dependability are vital concerns that need to be considered in future computing and networking systems in order to provide the future advanced services, such as mission-critical applications. This paper provides a comprehensive survey of existing literature that considers security and dependability for resource allocation in computing and networking systems. The current research works are categorized by considering the allocated type of resources for different technologies, scenarios, issues, attributes, and solutions. The paper presents the research works on resource allocation that includes security and dependability, both singularly and jointly. The future research directions on resource allocation are also discussed. The paper shows how there are only a few works that, even singularly, consider security and dependability in resource allocation in the future computing and networking systems and highlights the importance of jointly considering security and dependability and the need for intelligent, adaptive and robust solutions. This paper aims to help the researchers effectively consider security and dependability in future networking and computing systems.publishedVersio
Security and risk analysis in the cloud with software defined networking architecture
Cloud computing has emerged as the actual trend in business information technology service models, since it provides processing that is both cost-effective and scalable. Enterprise networks are adopting software-defined networking (SDN) for network management flexibility and lower operating costs. Information technology (IT) services for enterprises tend to use both technologies. Yet, the effects of cloud computing and software defined networking on business network security are unclear. This study addresses this crucial issue. In a business network that uses both technologies, we start by looking at security, namely distributed denial-of-service (DDoS) attack defensive methods. SDN technology may help organizations protect against DDoS assaults provided the defensive architecture is structured appropriately. To mitigate DDoS attacks, we offer a highly configurable network monitoring and flexible control framework. We present a dataset shift-resistant graphic model-based attack detection system for the new architecture. The simulation findings demonstrate that our architecture can efficiently meet the security concerns of the new network paradigm and that our attack detection system can report numerous threats using real-world network data
Adversarial Attacks and Defenses in 6G Network-Assisted IoT Systems
The Internet of Things (IoT) and massive IoT systems are key to
sixth-generation (6G) networks due to dense connectivity, ultra-reliability,
low latency, and high throughput. Artificial intelligence, including deep
learning and machine learning, offers solutions for optimizing and deploying
cutting-edge technologies for future radio communications. However, these
techniques are vulnerable to adversarial attacks, leading to degraded
performance and erroneous predictions, outcomes unacceptable for ubiquitous
networks. This survey extensively addresses adversarial attacks and defense
methods in 6G network-assisted IoT systems. The theoretical background and
up-to-date research on adversarial attacks and defenses are discussed.
Furthermore, we provide Monte Carlo simulations to validate the effectiveness
of adversarial attacks compared to jamming attacks. Additionally, we examine
the vulnerability of 6G IoT systems by demonstrating attack strategies
applicable to key technologies, including reconfigurable intelligent surfaces,
massive multiple-input multiple-output (MIMO)/cell-free massive MIMO,
satellites, the metaverse, and semantic communications. Finally, we outline the
challenges and future developments associated with adversarial attacks and
defenses in 6G IoT systems.Comment: 17 pages, 5 figures, and 4 tables. Submitted for publication
Failure Analysis in Next-Generation Critical Cellular Communication Infrastructures
The advent of communication technologies marks a transformative phase in
critical infrastructure construction, where the meticulous analysis of failures
becomes paramount in achieving the fundamental objectives of continuity,
security, and availability. This survey enriches the discourse on failures,
failure analysis, and countermeasures in the context of the next-generation
critical communication infrastructures. Through an exhaustive examination of
existing literature, we discern and categorize prominent research orientations
with focuses on, namely resource depletion, security vulnerabilities, and
system availability concerns. We also analyze constructive countermeasures
tailored to address identified failure scenarios and their prevention.
Furthermore, the survey emphasizes the imperative for standardization in
addressing failures related to Artificial Intelligence (AI) within the ambit of
the sixth-generation (6G) networks, accounting for the forward-looking
perspective for the envisioned intelligence of 6G network architecture. By
identifying new challenges and delineating future research directions, this
survey can help guide stakeholders toward unexplored territories, fostering
innovation and resilience in critical communication infrastructure development
and failure prevention
Unraveling Attacks in Machine Learning-based IoT Ecosystems: A Survey and the Open Libraries Behind Them
The advent of the Internet of Things (IoT) has brought forth an era of
unprecedented connectivity, with an estimated 80 billion smart devices expected
to be in operation by the end of 2025. These devices facilitate a multitude of
smart applications, enhancing the quality of life and efficiency across various
domains. Machine Learning (ML) serves as a crucial technology, not only for
analyzing IoT-generated data but also for diverse applications within the IoT
ecosystem. For instance, ML finds utility in IoT device recognition, anomaly
detection, and even in uncovering malicious activities. This paper embarks on a
comprehensive exploration of the security threats arising from ML's integration
into various facets of IoT, spanning various attack types including membership
inference, adversarial evasion, reconstruction, property inference, model
extraction, and poisoning attacks. Unlike previous studies, our work offers a
holistic perspective, categorizing threats based on criteria such as adversary
models, attack targets, and key security attributes (confidentiality,
availability, and integrity). We delve into the underlying techniques of ML
attacks in IoT environment, providing a critical evaluation of their mechanisms
and impacts. Furthermore, our research thoroughly assesses 65 libraries, both
author-contributed and third-party, evaluating their role in safeguarding model
and data privacy. We emphasize the availability and usability of these
libraries, aiming to arm the community with the necessary tools to bolster
their defenses against the evolving threat landscape. Through our comprehensive
review and analysis, this paper seeks to contribute to the ongoing discourse on
ML-based IoT security, offering valuable insights and practical solutions to
secure ML models and data in the rapidly expanding field of artificial
intelligence in IoT
- …