Attack monitoring and localization in all-optical networks

The effects of an attack connection can propagate quickly to different parts of a transparent All-Optical Network. Such attacks affect the normal traffic and can either cause service degradation or outright service denial. Quick detection and localization of an attack source can avoid losing large amounts of data in an All-Optical Network. Attack monitors can collect the information from connections and nodes for diagnostic purpose. However, to detect attack sources, it is not necessary to put monitors on all nodes. Since those connections affected by the attack connection would provide valuable information for diagnosis, we show that placing a relatively small number of monitors on a selected set of nodes in a network is sufficient to achieve the required level of performance. However, the monitor placement, routing, and attack diagnosis are challenging problems which need research attention. We, in this paper, first develop our models of crosstalk attack and monitor node. With these models, we prove the necessary and sufficient condition for one-crosstalk-attack diagnosable network. After that, we develop a scalable diagnosis method which can localize the attack connection efficiently with sparse monitor nodes

Attack monitoring and localization in an all-optical network

An All-Optical Network (AON) is a network in which data does not undergo optical-to-electrical (O-E) or electrical-to-optical (E-O) conversion within the network. Although AONs are a viable technology for future telecommunication and data networks, little attentions has been devoted to the intrinsic differences between AONs and existing existing electro-optic/electronic networks in issues of security management. Without. O-E-O conversion, many security vulnerabilities that do not exist in traditional networks are created. Transparency and non-regeneration features make attack detection and localization difficult. However, it is important to detect and localize an attack connection quickly in a transparent AON;Among all attack methods, crosstalk attack has the highest damage capabilities. Therefore, we specifically focus on crosstalk attacks in this dissertation. We show that it is possible to effectively reduce the number of monitors while still retaining all diagnostic capabilities. We make the following contributions: (1) We provide a crosstalk attack model and a monitoring model. (2) Based on these models, we prove necessary and sufficient conditions for a both one attack and more than one (i.e., k-crosstalk) attack diagnostic network. The key ideas used in our solution are to employ the status of connections as diagnostic data. (3) We develop efficient monitor placement policies, test connection setup policies, and routing policies for such a network. These conditions lead to efficient k-attack detection and diagnosis algorithms. (4) Finally, we analyze the performance of these algorithms;By these conditions and policies, we prove that the concept of a sparse monitor system for monitoring and localizing crosstalk attacks in AON is not only possible but also feasible

Network-wide localization of optical-layer attacks

Optical networks are vulnerable to a range of attacks targeting service disruption at the physical layer, such as the insertion of harmful signals that can propagate through the network and affect co-propagating channels. Detection of such attacks and localization of their source, a prerequisite for securenetwork operation, is a challenging task due to the limitations in optical performance monitoring, as well as the scalability and cost issues. In this paper, we propose an approach for localizing the source of a jamming attack by modeling the worst-case scope of each connection as a potential carrier of a harmful signal. We define binary words called attack syndromes to model the health of each connection at the receiver which, when unique, unambiguously identify the harmful connection. To ensure attack syndrome uniqueness, we propose an optimization approach to design attack monitoring trails such that their number and length is minimal. This allows us to use the optical network as a sensor for physical-layer attacks. Numerical simulation results indicate that our approach obtains network-wide attack source localization at only 5.8% average resource overhead for the attackmonitoring trails

How to Survive Targeted Fiber Cuts: A Game Theoretic Approach for Resilient SDON Control Plane Design

Software-defined optical networking (SDON) paradigm enables programmable, adaptive and application-aware backbone networks via centralized network control and management. Aside from the manifold advantages, the control plane (CP) of an SDON is exposed to diverse security threats. As the CP usually shares the underlying optical infrastructure with the data plane (DP), an attacker can launch physical-layer attacks to cause severe disruption of the CP. This paper studies the problem of resilient CP design under targeted fiber cut attacks, whose effectiveness depends on both the CP designer\u27s and the attacker\u27s strategies. Therefore, we model the problem as a non-cooperative game between the designer and the attacker, where the designer tries to set up the CP to minimize the attack effectiveness, while the attacker aims at maximizing the effectiveness by cutting the most critical links. We define the game strategies and utility functions, conduct theoretical analysis to obtain the Nash Equilibrium (NE) as the solution of the game. Extensive simulations confirm the effectiveness of our proposal in improving the CP resilience to targeted fiber cuts

Machine Learning for Optical Network Security Monitoring: A Practical Perspective

In order to accomplish cost-efficient management of complex optical communication networks, operators are seeking automation of network diagnosis and management by means of Machine Learning (ML). To support these objectives, new functions are needed to enable cognitive, autonomous management of optical network security. This paper focuses on the challenges related to the performance of ML-based approaches for detectionand localization of optical-layer attacks, and to their integration with standard Network Management Systems (NMSs). We propose a framework for cognitive security diagnostics that comprises an attack detection module with Supervised Learning (SL), Semi-Supervised Learning (SSL) and Unsupervised Learning (UL) approaches, and an attack localization module that deduces the location of a harmful connection and/or a breached link. The influence of false positives and false negatives is addressed by a newly proposed Window-based Attack Detection (WAD) approach. We provide practical implementation\ua0guidelines for the integration of the framework into the NMS and evaluate its performance in an experimental network testbed subjected to attacks, resulting with the largest optical-layer security experimental dataset reported to date

Optical Network Security Management: Requirements, Architecture and Efficient Machine Learning Models for Detection of Evolving Threats [Invited]

As the communication infrastructure that sustains critical societal services, optical networks need to function in a secure and agile way. Thus, cognitive and automated security management functionalities are needed, fueled by the proliferating machine learning (ML) techniques and compatible with common network control entities and procedures. Automated management of optical network security requires advancements both in terms of performance and efficiency of ML approaches for security diagnostics, as well as novel management architectures and functionalities. This paper tackles these challenges by proposing a novel functional block called Security Operation Center (SOC), describing its architecture, specifying key requirements on the supported functionalities and providing guidelines on its integration with optical layer controller. Moreover, to boost efficiency of ML-based security diagnostic techniques when processing high-dimensional optical performance monitoring data in the presence of previously unseen physical-layer attacks, we combine unsupervised and semi-supervised learning techniques with three different dimensionality reduction methods and analyze the resulting performance and trade-offs between ML accuracy and run time complexity