MERLINS – Moving Target Defense Enhanced with Deep-RL for NFV In-Depth Security

Moving to a multi-cloud environment and service-based architecture, 5G and future 6G networks require additional defensive mechanisms to protect virtualized network resources. This paper presents MERLINS, a novel architecture generating optimal Moving Target Defense (MTD) policies for proactive and reactive security of network slices. By formally modeling telecommunication networks compliant with Network Function Virtualization (NFV) into a multi-objective Markov Decision Process (MOMDP), MERLINS uses deep Reinforcement Learning (deep-RL) to optimize the MTD strategy that considers security, network performance, and service level requirements. Practical experiments on a 5G testbed showcase the feasibility as well as restrictions of MTD operations and the effectiveness in mitigating malware infections. It is observed that multi-objective RL (MORL) algorithms outperform state-of-the-art deep-RL algorithms that scalarize the reward vector of the MOMDP. This improvement by a factor of two leads to a better MTD policy than the baseline static counterpart used for the evaluation

TopoFuzzer - A Network Topology Fuzzer for Moving Target Defense in the Telco Cloud

Telecommunication networks are shifting to multi-cloud environments. This trend is expected to shape the standardization and implementation of future networks. Thus, the protection of virtualized services has become more critical. One of the promising methods to secure virtual resources in that setting is Moving Target Defense (MTD). This paper presents the Network Topology Fuzzer (TopoFuzzer) module, enabling different MTD operations that change the topology of a 5G network. An emphasis is given to live re-instantiations and live migrations of running services and, consequently, security gains against Advanced Persistent Threats (APTs). This work utilizes a 5G testbed to evaluate the TopoFuzzer module and MTD operations on Virtual Network Functions (VNFs)

Graph based liability analysis for the microservice architecture

In this work, we present Graph Based Liability Analysis Framework (GRALAF) for root cause analysis (RCA) of the microservices. In this Proof-of-Concept (PoC) tool, we keep track of the performance metrics of microservices, such as service response time and CPU level values, to detect anomalies. By injecting faults in the services, we construct a Causal Bayesian Network (CBN) which represents the relation between service faults and metrics. The constructed CBN is used to predict the fault probability of services under given metrics which are assigned discrete values according to their anomaly states

IoMiRCA : root cause analysis in IoT-extended 5G microservice environments

Softwarized services in converged networks are evolving from monolithic applications to distributed architectures, often comprising numerous microservices. At the same time, with the massive proliferation of IoT devices, much more complexity and diversity are added to such critical infrastructures. In that regard, Root Cause Analysis (RCA) is an important part of a running distributed service ecosystem to keep the applications available and manageable by finding the root causes of errors and malfunctions. This paper provides a topology graph-based anomaly detection and RCA solution for the microservice architecture in edge-to-cloud environments entailing microservices in combination with IoT

MERLINS : moving target defense enhanced with deep-RL for NFV in-depth security

Moving to a multi-cloud environment and service-based architecture, 5G and future 6G networks require additional defensive mechanisms to protect virtualized network resources. This paper presents MERLINS, a novel architecture generating optimal Moving Target Defense (MTD) policies for proactive and reactive security of network slices. By formally modeling telecommunication networks compliant with Network Function Virtualization (NFV) into a multi-objective Markov Decision Process (MOMDP), MERLINS uses deep Reinforcement Learning (deep-RL) to optimize the MTD strategy that considers security, network performance, and service level requirements. Practical experiments on a 5G testbed showcase the feasibility as well as restrictions of MTD operations and the effectiveness in mitigating malware infections. It is observed that multi-objective RL (MORL) algorithms outperform state-of-the-art deep-RL algorithms that scalarize the reward vector of the MOMDP. This improvement by a factor of two leads to a better MTD policy than the baseline static counterpart used for the evaluation

The impact of Manufacturer Usage Description (MUD) on IoT security

With the growing number of IoT (Internet of Things) devices and their particular characteristics compared to traditional systems, incumbent security mechanisms need to be advanced for secure and resilient IoT operation in current ICT systems. One particular standard, which tries to improve IoT security in that regard, is the Manufacturer Usage Description (MUD) by IETF. In this paper, as our main focus is to highlight the security gains of using MUD, we first discuss the critical threats to IoT devices based on available research. In the second step, we analyze the MUD technology to delineate where MUD is beneficial (or not) to address these security issues

TopoFuzzer : a network topology fuzzer for moving target defense in the telco cloud

Telecommunication networks are shifting to multi-cloud environments. This trend is expected to shape the standardization and implementation of future networks. Thus, the protection of virtualized services has become more critical. One of the promising methods to secure virtual resources in that setting is Moving Target Defense (MTD). This paper presents the Network Topology Fuzzer (TopoFuzzer) module, enabling different MTD operations that change the topology of a 5G network. An emphasis is given to live re-instantiations and live migrations of running services and, consequently, security gains against Advanced Persistent Threats (APTs). This work utilizes a 5G testbed to evaluate the TopoFuzzer module and MTD operations on Virtual Network Functions (VNFs)

Root cause and liability analysis in the microservices architecture for edge IoT services

In this work, we present a liability analysis framework for root cause analysis (RCA) in the microservices architecture with IoT-oriented containerized network services. We keep track of the performance metrics of microservices, such as service response time, memory usage and availability, to detect anomalies. By injecting faults in the services, we construct a Causal Bayesian Network (CBN) which represents the relation between service faults and metrics. Service Level Agreement (SLA) data obtained from a descriptor named TRAILS (sTakeholder Responsibility, AccountabIlity and Liability deScriptor) is also used to flag service providers which have failed their commitments. In the case of SLA violation, the constructed CBN is used to predict the fault probability of services under given metric readings and to identify the root cause

Demo: Closed-Loop Security Orchestration in the Telco Cloud for Moving Target Defense

This work presents a Moving Target Defense (MTD) framework for the protection of network slices and virtual resources in a telco cloud environment. The preliminary implementation provides a closed-loop security management of services with proactive MTD operations to reduce the success probability of attacks, and reactive MTD operations, empowered by a tampering detection and a traffic-based anomaly detection system. MTD strategies are adaptive and optimized with deep reinforcement learning (deep-RL) for balancing costs, security, and availability goals defined in a Multi-Objective Markov Decision Process (MOMDP)

Demo: closed-loop security orchestration in the telco cloud for moving target defense

This work presents a Moving Target Defense (MTD) framework for the protection of network slices and virtual resources in a telco cloud environment. The preliminary implementation provides closed-loop security management of services with proactive MTD operations to reduce the success probability of attacks, and reactive MTD operations, empowered by a tampering detection and a traffic-based anomaly detection system. MTD strategies are adaptive and optimized with deep reinforcement learning (deep-RL) for balancing costs, security, and availability goals defined in a Multi-Objective Markov Decision Process (MOMDP)