Automating Mitigation of Amplification Attacks in NFV Services

The combination of virtualization techniques with capillary computing and storage resources allows the instantiation of Virtual Network Functions throughout the network infrastructure, which brings more agility in the development and operation of network services. Beside forwarding and routing, this can be also used for additional functions, e.g., for security purposes. In this paper, we present a framework to systematically create security analytics for virtualized network services, specifically targeting the detection of cyber-attacks. Our framework largely automates the deployment of security sidecars into existing service templates and their interconnection to an external analytics platform. Notably, it leverages code augmentation techniques to dynamically inject and remove inspection probes without affecting service operation. We describe the implementation of a use case for the detection of DNS amplification attacks in virtualized 5G networks, and provide extensive evaluation of our innovative inspection and detection mechanisms. Our results demonstrate better efficiency with respect to existing network monitoring tools in terms of CPU usage, as well as good accuracy in detecting attacks even with variable traffic patterns

Hunting IoT Cyberattacks With AI - Powered Intrusion Detection

The rapid progression of the Internet of Things allows the seamless integration of cyber and physical environments, thus creating an overall hyper-connected ecosystem. It is evident that this new reality provides several capabilities and benefits, such as real-time decision-making and increased efficiency and productivity. However, it also raises crucial cybersecurity issues that can lead to disastrous consequences due to the vulnerable nature of the Internet model and the new cyber risks originating from the multiple and heterogeneous technologies involved in the loT. Therefore, intrusion detection and prevention are valuable and necessary mechanisms in the arsenal of the loT security. In light of the aforementioned remarks, in this paper, we introduce an Artificial Intelligence (AI)-powered Intrusion Detection and Prevention System (IDPS) that can detect and mitigate potential loT cyberattacks. For the detection process, Deep Neural Networks (DNNs) are used, while Software Defined Networking (SDN) and Q-Learning are combined for the mitigation procedure. The evaluation analysis demonstrates the detection efficiency of the proposed IDPS, while Q- Learning converges successfully in terms of selecting the appropriate mitigation action

Federated learning-based anomaly detection as an enabler for securing network and service management automation in beyond 5G networks

Abstract. Zero-touch network architecture (ZSM) is proposed to cater to unprecedented performance requirements, including network automation. 5G and beyond networks include exceptional latency, reliability, and bandwidth requirements. As a result, network automation is a necessity. ZSM architecture combines closed-loop mechanisms and artificial intelligence (AI) to meet the network automation requirement. Even though AI is prevalent, privacy concerns and resource limitations are growing concerns. However, techniques such as federated learning (FL) can be applied to address such issues. The proposed solution is a hierarchical anomaly detection mechanism based on the ZSM architecture, divided into domains by considering technical or business features. The network flow is categorized as an anomaly or not, and abnormal flows are removed from both stages. Detectors and aggregation servers are placed inside the network based on their purpose. The proposed detector is simulated with the UNSW-NB15 Dataset. The simulation results show accuracy improvement after the 2nd stage, and the detection accuracy varies with training data composition

AI gym for Networks

5G Networks are delivering better services and connecting more devices, but at the same time are becoming more complex. Problems like resource management and control optimization are increasingly dynamic and difficult to model making it very hard to use traditional model-based optimization techniques. Artificial Intelligence (AI) explores techniques such as Deep Reinforcement Learning (DRL), which uses the interaction between the agent and the environment to learn what action to take to obtain the best possible result. Researchers usually need to create and develop a simulation environment for their scenario of interest to be able to experiment with DRL algorithms. This takes a large amount of time from the research process, while the lack of a common environment makes it difficult to compare algorithms. The proposed solution aims to fill this gap by creating a tool that facilitates the setting up of DRL training environments for network scenarios. The developed tool uses three open source software, the Containernet to simulate the connections between devices, the Ryu Controller as the Software Defined Network Controller, and OpenAI Gym which is responsible for setting up the communication between the environment and the DRL agent. With the project developed during the thesis, the users will be capable of creating more scenarios in a short period, opening space to set up different environments, solving various problems as well as providing a common environment where other Agents can be compared. The developed software is used to compare the performance of several DRL agents in two different network control problems: routing and network slice admission control. A novel DRL based solution is used in the case of network slice admission control that jointly optimizes the admission and the placement of traffic of a network slice in the physical resources.As redes 5G oferecem melhores serviços e conectam mais dispositivos, fazendo com que se tornem mais complexas e difíceis de gerir. Problemas como a gestão de recursos e a otimização de controlo são cada vez mais dinâmicos e difíceis de modelar, o que torna difícil usar soluções de optimização basea- das em modelos tradicionais. A Inteligência Artificial (IA) explora técnicas como Deep Reinforcement Learning que utiliza a interação entre o agente e o ambiente para aprender qual a ação a ter para obter o melhor resultado possível. Normalmente, os investigadores precisam de criar e desenvolver um ambiente de simulação para poder estudar os algoritmos DRL e a sua interação com o cenário de interesse. A criação de ambientes a partir do zero retira tempo indispensável para a pesquisa em si, e a falta de ambientes de treino comuns torna difícil a comparação dos algoritmos. A solução proposta foca-se em preencher esta lacuna criando uma ferramenta que facilite a configuração de ambientes de treino DRL para cenários de rede. A ferramenta desenvolvida utiliza três softwares open source, o Containernet para simular as conexões entre os dispositivos, o Ryu Controller como Software Defined Network Controller e o OpenAI Gym que é responsável por configurar a comunicação entre o ambiente e o agente DRL. Através do projeto desenvolvido, os utilizadores serão capazes de criar mais cenários em um curto período, abrindo espaço para configurar diferentes ambientes e resolver diferentes problemas, bem como fornecer um ambiente comum onde diferentes Agentes podem ser comparados. O software desenvolvido foi usado para comparar o desempenho de vários agentes DRL em dois problemas diferentes de controlo de rede, nomeadamente, roteamento e controlo de admissão de slices na rede. Uma solução baseada em DRL é usada no caso do controlo de admissão de slices na rede que otimiza conjuntamente a admissão e a colocação de tráfego de uma slice na rede nos recursos físicos da mesma

Security and risk analysis in the cloud with software defined networking architecture

Cloud computing has emerged as the actual trend in business information technology service models, since it provides processing that is both cost-effective and scalable. Enterprise networks are adopting software-defined networking (SDN) for network management flexibility and lower operating costs. Information technology (IT) services for enterprises tend to use both technologies. Yet, the effects of cloud computing and software defined networking on business network security are unclear. This study addresses this crucial issue. In a business network that uses both technologies, we start by looking at security, namely distributed denial-of-service (DDoS) attack defensive methods. SDN technology may help organizations protect against DDoS assaults provided the defensive architecture is structured appropriately. To mitigate DDoS attacks, we offer a highly configurable network monitoring and flexible control framework. We present a dataset shift-resistant graphic model-based attack detection system for the new architecture. The simulation findings demonstrate that our architecture can efficiently meet the security concerns of the new network paradigm and that our attack detection system can report numerous threats using real-world network data

Hybrid SDN Evolution: A Comprehensive Survey of the State-of-the-Art

Software-Defined Networking (SDN) is an evolutionary networking paradigm which has been adopted by large network and cloud providers, among which are Tech Giants. However, embracing a new and futuristic paradigm as an alternative to well-established and mature legacy networking paradigm requires a lot of time along with considerable financial resources and technical expertise. Consequently, many enterprises can not afford it. A compromise solution then is a hybrid networking environment (a.k.a. Hybrid SDN (hSDN)) in which SDN functionalities are leveraged while existing traditional network infrastructures are acknowledged. Recently, hSDN has been seen as a viable networking solution for a diverse range of businesses and organizations. Accordingly, the body of literature on hSDN research has improved remarkably. On this account, we present this paper as a comprehensive state-of-the-art survey which expands upon hSDN from many different perspectives

Machine Learning Threatens 5G Security

Machine learning (ML) is expected to solve many challenges in the fifth generation (5G) of mobile networks. However, ML will also open the network to several serious cybersecurity vulnerabilities. Most of the learning in ML happens through data gathered from the environment. Un-scrutinized data will have serious consequences on machines absorbing the data to produce actionable intelligence for the network. Scrutinizing the data, on the other hand, opens privacy challenges. Unfortunately, most of the ML systems are borrowed from other disciplines that provide excellent results in small closed environments. The resulting deployment of such ML systems in 5G can inadvertently open the network to serious security challenges such as unfair use of resources, denial of service, as well as leakage of private and confidential information. Therefore, in this article we dig into the weaknesses of the most prominent ML systems that are currently vigorously researched for deployment in 5G. We further classify and survey solutions for avoiding such pitfalls of ML in 5G systems

Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction

A revolution in network technology has been ushered in by software defined networking (SDN), which makes it possible to control the network from a central location and provides an overview of the network’s security. Despite this, SDN has a single point of failure that increases the risk of potential threats. Network intrusion detection systems (NIDS) prevent intrusions into a network and preserve the network’s integrity, availability, and confidentiality. Much work has been done on NIDS but there are still improvements needed in reducing false alarms and increasing threat detection accuracy. Recently advanced approaches such as deep learning (DL) and machine learning (ML) have been implemented in SDN-based NIDS to overcome the security issues within a network. In the first part of this survey paper, we offer an introduction to the NIDS theory, as well as recent research that has been conducted on the topic. After that, we conduct a thorough analysis of the most recent ML- and DL-based NIDS approaches to ensure reliable identification of potential security risks. Finally, we focus on the opportunities and difficulties that lie ahead for future research on SDN-based ML and DL for NIDS.publishedVersio