Autonomous Security Management in Optical Networks

The paper describes the Optical Security Manager module and focuses on the role of Machine Learning (ML) techniques. Issues related to the accuracy, run-time complexity and interpretability of ML outputs are described and coping strategies outlined

Root Cause Analysis for Autonomous Optical Networks: A Physical Layer Security Use Case

To support secure and reliable operation of optical networks, we propose a framework for autonomous anomaly detection, root cause analysis and visualization of the anomaly impact on optical signal parameters.\ua0Verification on experimental physical layer security data reveals important properties of different attack profiles

Root Cause Analysis for Autonomous Optical Network Security Management

The ongoing evolution of optical networks towards autonomous systems supporting high-performance services beyond 5G requires advanced functionalities for automated security management. To cope with evolving threat landscape, security diagnostic approaches should be able to detect and identify the nature not only of existing attack techniques, but also those hitherto unknown or insufficiently represented. Machine Learning (ML)-based algorithms perform well when identifying known attack types, but cannot guarantee precise identification of unknown attacks. This makes Root Cause Analysis (RCA) crucial for enabling timely attack response when human intervention is unavoidable. We address these challenges by establishing an ML-based framework for security assessment and analyzing RCA alternatives for physical-layer attacks. We first scrutinize different Network Management System (NMS) architectures and the corresponding security assessment capabilities. We then investigate the applicability of supervised and unsupervised learning (SL and UL) approaches for RCA and propose a novel UL-based RCA algorithm called Distance-Based Root Cause Analysis (DB-RCA). The framework’s applicability and performance for autonomous optical network security management is validated on an experimental physical-layer security dataset, assessing the benefits and drawbacks of the SL-and UL-based RCA. Besides confirming that SL-based approaches can provide precise RCA output for known attack types upon training, we show that the proposed UL-based RCA approach offers meaningful insight into the anomalies caused by novel attack types, thus supporting the human security officers in advancing the physical-layer security diagnostics

Optical Network Security Management: Requirements, Architecture and Efficient Machine Learning Models for Detection of Evolving Threats [Invited]

As the communication infrastructure that sustains critical societal services, optical networks need to function in a secure and agile way. Thus, cognitive and automated security management functionalities are needed, fueled by the proliferating machine learning (ML) techniques and compatible with common network control entities and procedures. Automated management of optical network security requires advancements both in terms of performance and efficiency of ML approaches for security diagnostics, as well as novel management architectures and functionalities. This paper tackles these challenges by proposing a novel functional block called Security Operation Center (SOC), describing its architecture, specifying key requirements on the supported functionalities and providing guidelines on its integration with optical layer controller. Moreover, to boost efficiency of ML-based security diagnostic techniques when processing high-dimensional optical performance monitoring data in the presence of previously unseen physical-layer attacks, we combine unsupervised and semi-supervised learning techniques with three different dimensionality reduction methods and analyze the resulting performance and trade-offs between ML accuracy and run time complexity

Autonomous Security Management in Optical Networks

The paper describes the Optical Security Manager module and focuses on the role of Machine Learning (ML) techniques. Issues related to the accuracy, run-time complexity and interpretability of ML outputs are described and coping strategies outlined

Experimental Study of Machine-Learning-Based Detection and Identification of Physical-Layer Attacks in Optical Networks

Optical networks are critical infrastructure supporting vital services and are vulnerable to different types of malicious attacks targeting service disruption at the optical layer. Due to the various attack techniques causing diverse physical- layer effects, as well as the limitations and sparse placement of optical performance monitoring devices, such attacks are difficult to detect, and their signatures are unknown. This paper presents a Machine Learning (ML) framework for detection and identification of physical-layer attacks, based on experimental attack traces from an operator field-deployed testbed with coherent receivers. We perform in-band and out-of-band jamming signal insertion attacks, as well as polarization modulation attacks, each with varying intensities. We then evaluate 8 different ML classifiers in terms of their accuracy, and scalability in processing experimental data. The optical parameters critical for accurate attack identification are identified and the generalization of the models is validated. Results indicate that Artificial Neural Networks (ANNs) achieve 99.9% accuracy in attack type and intensity classification, and are capable of processing 1 million samples in less than 10 seconds

Machine Learning for Optical Network Security Monitoring: A Practical Perspective

In order to accomplish cost-efficient management of complex optical communication networks, operators are seeking automation of network diagnosis and management by means of Machine Learning (ML). To support these objectives, new functions are needed to enable cognitive, autonomous management of optical network security. This paper focuses on the challenges related to the performance of ML-based approaches for detectionand localization of optical-layer attacks, and to their integration with standard Network Management Systems (NMSs). We propose a framework for cognitive security diagnostics that comprises an attack detection module with Supervised Learning (SL), Semi-Supervised Learning (SSL) and Unsupervised Learning (UL) approaches, and an attack localization module that deduces the location of a harmful connection and/or a breached link. The influence of false positives and false negatives is addressed by a newly proposed Window-based Attack Detection (WAD) approach. We provide practical implementation\ua0guidelines for the integration of the framework into the NMS and evaluate its performance in an experimental network testbed subjected to attacks, resulting with the largest optical-layer security experimental dataset reported to date

Immunotherapy in Pancreatic Cancer: Why Do We Keep Failing? A Focus on Tumour Immune Microenvironment, Predictive Biomarkers and Treatment Outcomes

The advent of immunotherapy and targeted therapies has dramatically changed the outcomes of patients affected by many malignancies. Pancreatic cancer (PC) remains one the few tumors that is not treated with new generation therapies, as chemotherapy still represents the only effective therapeutic strategy in advanced-stage disease. Agents aiming to reactivate the host immune system against cancer cells, such as those targeting immune checkpoints, failed to demonstrate significant activity, despite the success of these treatments in other tumors. In many cases, the proportion of patients who derived benefits in early-phase trials was too small and unpredictable to justify larger studies. The population of PC patients with high microsatellite instability/mismatch repair deficiency is currently the only population that may benefit from immunotherapy; nevertheless, the prevalence of these alterations is too low to determine a real change in the treatment scenario of this tumor. The reasons for the unsuccess of immunotherapy may lie in the extremely peculiar tumor microenvironment, including distinctive immune composition and cross talk between different cells. These unique features may also explain why the biomarkers commonly used to predict immunotherapy efficacy in other tumors seem to be useless in PC. In the current paper, we provide a comprehensive and up-to-date review of immunotherapy in PC, from the analysis of the tumor immune microenvironment to immune biomarkers and treatment outcomes, with the aim to highlight that simply transferring the knowledge acquired on immunotherapy in other tumors might not be a successful strategy in patients affected by PC

The Palliative Prognostic (PaP) Score without Clinical Evaluation Predicts Early Mortality among Advanced NSCLC Patients Treated with Immunotherapy

Background: An acceptable risk-benefit ratio may encourage the prescription of immune checkpoint inhibitors (ICI) near the late stage of life. The lung immune prognostic index (LIPI) was validated in advanced non-small cell lung cancer (NSCLC) patients treated with ICIs. The palliative prognostic (PaP) score without clinical prediction of survival (PaPwCPS) predicts early mortality probability in terminal cancer patients. Methods: We performed a retrospective study including 182 deceased advanced NSCLC patients, treated with single-agent ICI at our Institution. Two prognostic categories of high and low mortality risk were identified through ROC curve analysis for PaPwCPS and LIPI scores. Results: Most were >65 years of age (68.3%) and received second-line ICI (61.2%). A total of 29 (15.9%) and 131 (72.0%) patients died within 30 and 90 days from treatment start, respectively. A total of 81 patients (44.5%) received ICI during the last month of life. Baseline PaPwCPS and LIPI scores were assessable for 78 patients. The AUC of ROC curves was significantly increased for PaPwCPS as compared with LIPI score for both 30-day and 90-day mortality. A high PaPwCPS score was associated in multivariate analysis with increased 30-day (HR 2.69, p = 0.037) and 90-day (HR 4.01, p < 0.001) mortality risk. A high LIPI score was associated with increased 90-day mortality risk (p < 0.001). Conclusion: We found a tendency towards ICI prescription near the late stage of life. The PaPwCPS score was a reliable predictor of 30- and 90-day mortality

Demonstration of Machine-Learning-Assisted Security Monitoring in Optical Networks

We report on the first demonstration of machine-learning-assisted detection, identification and localisation of optical-layer attacks integrated into network management system and verified on real-life experimental attack traces from a network operator testbed