3 research outputs found
Towards Autonomous Defense of SDN Networks Using MuZero Based Intelligent Agents
The Software Defined Networking (SDN) paradigm enables the development of systems that centrally monitor and manage network traffic, providing support for the deployment of machine learning-based systems that automatically detect and mitigate network intrusions. This paper presents an intelligent system capable of deciding which countermeasures to take in order to mitigate an intrusion in a software defined network. The interaction between the intruder and the defender is posed as a Markov game and MuZero algorithm is used to train the model through self-play. Once trained, the model is integrated with an SDN controller, so that it is able to apply the countermeasures of the game in a real network. To measure the performance of the model, attackers and defenders with different training steps have been confronted and the scores obtained by each of them, the duration of the games and the ratio of games won have been collected. The results show that the defender is capable of deciding which measures minimize the impact of the intrusion, isolating the attacker and preventing it from compromising key machines in the network.This work was supported in part by the Spanish Centre for the Development of Industrial Technology (CDTI) through the Project EGIDA-RED DE EXCELENCIA EN TECNOLOGIAS DE SEGURIDAD Y PRIVACIDAD under Grant CER20191012, in part by the Spanish Ministry of Science and Innovation under Grant PID2019-104966GB-I00, in part by the Basque Business Development Agency (SPRI)-Basque Country Government ELKARTEK Program through the projects TRUSTIND under Grant KK-2020/00054 and 3KIA under Grant KK-2020/00049, and in part by the Basque Country Program of Grants for Research Groups under Grant IT-1244-19
Trafikoaren monitorizazioa datu sareetan. Firewall errendimendu analisia
[EU]Gaur egungo sareetan egunetik egunera garraiatzen den paketeen trafikoa
handituz doa eskariak horrela behartzen duelako. Beste alde batetik, gure
sareen eta batez ere sare pribatuen segurtasuna gero eta garrantzitsuagoa da,
bertan dauden datuen eskuragarritasuna mugatze aldera. Ondorioz segurtasun
teknika hauek aplikatzeko ahalik eta denbora gutxien erabiltzea garrantzitsua
da sareak duen datu garraiorako errendimendu altua manten dezan,
segurtasuna bermatua. Proiektu honetan, enpresa eta erakundeetan oso
arruntak diren firewall, segurtasun tekniken inguruko azterketa egingo da.
Firewall ezagun baten eta driver baten arteko integrazioa burutuko da firewallak
sarean duen errendimendua hobetze aldera.[ES]El tráfico de paquetes que se transporta en las redes de hoy en dÃa va
creciendo según pide la demanda. Por otra parte, en las redes locales y
especialmente en las redes privadas, se le da mucha importancia a la
seguridad con la intención de proteger los datos que residen en ellos. Por este
motivo, es importante usar el mÃnimo de tiempo posible en aplicar estas
polÃticas de seguridad con la intención de mantener un alto rendimiento de
trafico de datos, garantizando una seguridad a estas. En este proyecto, se
analizará el firewall, una técnica de seguridad muy usada en el entorno
empresarial. Se procederá a integrar un driver en el sistema de un firewall
conocido, con esto buscando una mejora del rendimiento del firewall en las redes de datos.[EN]The packet traffic being transported on networks nowadays is growing as
demand requests. Moreover, in local networks and especially in private
networks,more importance is given to the security in order to protect the data
that resides in these networks. For this reason, it is important to use the
minimum amount of time while implementing these security policies intended to
maintain high performance data traffic, and ensuring their safety. In this project,
the firewall will be analyzed, a security technique widely used in the business
environment. A driver will be integrated into a previously known firewall system
with the aim of looking for a improvement in the firewall’s performance in data networks