Towards Autonomous Defense of SDN Networks Using MuZero Based Intelligent Agents

The Software Defined Networking (SDN) paradigm enables the development of systems that centrally monitor and manage network traffic, providing support for the deployment of machine learning-based systems that automatically detect and mitigate network intrusions. This paper presents an intelligent system capable of deciding which countermeasures to take in order to mitigate an intrusion in a software defined network. The interaction between the intruder and the defender is posed as a Markov game and MuZero algorithm is used to train the model through self-play. Once trained, the model is integrated with an SDN controller, so that it is able to apply the countermeasures of the game in a real network. To measure the performance of the model, attackers and defenders with different training steps have been confronted and the scores obtained by each of them, the duration of the games and the ratio of games won have been collected. The results show that the defender is capable of deciding which measures minimize the impact of the intrusion, isolating the attacker and preventing it from compromising key machines in the network.This work was supported in part by the Spanish Centre for the Development of Industrial Technology (CDTI) through the Project EGIDA-RED DE EXCELENCIA EN TECNOLOGIAS DE SEGURIDAD Y PRIVACIDAD under Grant CER20191012, in part by the Spanish Ministry of Science and Innovation under Grant PID2019-104966GB-I00, in part by the Basque Business Development Agency (SPRI)-Basque Country Government ELKARTEK Program through the projects TRUSTIND under Grant KK-2020/00054 and 3KIA under Grant KK-2020/00049, and in part by the Basque Country Program of Grants for Research Groups under Grant IT-1244-19

Trafikoaren monitorizazioa datu sareetan. Firewall errendimendu analisia

[EU]Gaur egungo sareetan egunetik egunera garraiatzen den paketeen trafikoa handituz doa eskariak horrela behartzen duelako. Beste alde batetik, gure sareen eta batez ere sare pribatuen segurtasuna gero eta garrantzitsuagoa da, bertan dauden datuen eskuragarritasuna mugatze aldera. Ondorioz segurtasun teknika hauek aplikatzeko ahalik eta denbora gutxien erabiltzea garrantzitsua da sareak duen datu garraiorako errendimendu altua manten dezan, segurtasuna bermatua. Proiektu honetan, enpresa eta erakundeetan oso arruntak diren firewall, segurtasun tekniken inguruko azterketa egingo da. Firewall ezagun baten eta driver baten arteko integrazioa burutuko da firewallak sarean duen errendimendua hobetze aldera.[ES]El tráfico de paquetes que se transporta en las redes de hoy en día va creciendo según pide la demanda. Por otra parte, en las redes locales y especialmente en las redes privadas, se le da mucha importancia a la seguridad con la intención de proteger los datos que residen en ellos. Por este motivo, es importante usar el mínimo de tiempo posible en aplicar estas políticas de seguridad con la intención de mantener un alto rendimiento de trafico de datos, garantizando una seguridad a estas. En este proyecto, se analizará el firewall, una técnica de seguridad muy usada en el entorno empresarial. Se procederá a integrar un driver en el sistema de un firewall conocido, con esto buscando una mejora del rendimiento del firewall en las redes de datos.[EN]The packet traffic being transported on networks nowadays is growing as demand requests. Moreover, in local networks and especially in private networks,more importance is given to the security in order to protect the data that resides in these networks. For this reason, it is important to use the minimum amount of time while implementing these security policies intended to maintain high performance data traffic, and ensuring their safety. In this project, the firewall will be analyzed, a security technique widely used in the business environment. A driver will be integrated into a previously known firewall system with the aim of looking for a improvement in the firewall’s performance in data networks