Reinforcement Learning for Autonomous Defence in Software-Defined Networking

Han, Yi; Rubinstein, Benjamin I. P.; Abraham, Tamas; Alpcan, Tansu; Vel, Olivier De; Erfani, Sarah M.; Hubczenko, David; Montague, Paul

doi:10.1007/978-3-030-01554-1_9

Cited by 62 publications

(46 citation statements)

References 68 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…To deal with such problems by logically distributing the control planes, reinforcement learning mechanisms will not only facilitate coordination but also help to improve in improving resilience, as demonstrated in [129]. Reinforcement learning can also be explicitly used to improve the security of SDNs autonomously [130]. related NFV components in the security architecture [136], [137] include the NFV Security Controller, which orchestrates system-wide security policies, and security analytic services, which receive monitoring telemetry across NFV systems and apply ML to detect emerging threats.…”

Section: ) Security Solutions For Sdnmentioning

confidence: 99%

Machine Learning Threatens 5G Security

et al. 2020

View full text Add to dashboard Cite

Machine learning (ML) is expected to solve many challenges in the fifth generation (5G) of mobile networks. However, ML will also open the network to several serious cybersecurity vulnerabilities. Most of the learning in ML happens through data gathered from the environment. Un-scrutinized data will have serious consequences on machines absorbing the data to produce actionable intelligence for the network. Scrutinizing the data, on the other hand, opens privacy challenges. Unfortunately, most of the ML systems are borrowed from other disciplines that provide excellent results in small closed environments. The resulting deployment of such ML systems in 5G can inadvertently open the network to serious security challenges such as unfair use of resources, denial of service, as well as leakage of private and confidential information. Therefore, in this article we dig into the weaknesses of the most prominent ML systems that are currently vigorously researched for deployment in 5G. We further classify and survey solutions for avoiding such pitfalls of ML in 5G systems.

show abstract

Section: ) Security Solutions For Sdnmentioning

confidence: 99%

Machine Learning Threatens 5G Security

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Adversarial Machine Learning (AML) [19] is an emerging research discipline that focuses on making ML techniques resilient to adversarial attacks by assessing their vulnerability to attacks and devising appropriate countermeasures. Unlike computer vision field, very few contributions (e.g., [20]) have been targeted at ML security in the context of networking field. The work in [20] investigates the resilience of RL to different forms of poisoning attacks in the context of autonomous cyber-defense in SDNs.…”

Section: Related Workmentioning

confidence: 99%

“…Unlike computer vision field, very few contributions (e.g., [20]) have been targeted at ML security in the context of networking field. The work in [20] investigates the resilience of RL to different forms of poisoning attacks in the context of autonomous cyber-defense in SDNs. While the authors have briefly discussed the potential countermeasures, they did not implement any defense strategy.…”

Section: Related Workmentioning

confidence: 99%

Robust Self-Protection Against Application-Layer (D)DoS Attacks in SDN Environment

Benzaïd

Boukhalfa

Taleb

2020

2020 IEEE Wireless Communications and Networking Conference (WCNC)

View full text Add to dashboard Cite

The expected high bandwidth of 5G and the envisioned massive number of connected devices will open the door to increased and sophisticated attacks, such as applicationlayer DDoS attacks. Application-layer DDoS attacks are complex to detect and mitigate due to their stealthy nature and their ability to mimic genuine behavior. In this work, we propose a robust application-layer DDoS self-protection framework that empowers a fully autonomous detection and mitigation of the application-layer DDoS attacks leveraging on Deep Learning (DL) and SDN enablers. The DL models have been proven vulnerable to adversarial attacks, which aim to fool the DL model into taking wrong decisions. To overcome this issue, we build a DL-based application-layer DDoS detection model that is robust to adversarial examples. The performance results show the effectiveness of the proposed framework in protecting against application-layer DDoS attacks even in the presence of adversarial attacks.

show abstract

“…RL has emerged in security games in recent years. Han et al use RL for adaptive cyber-defense in a Software-Defined Networking setting and consider adversarial poisoning attacks against the RL training process [9]. Hu et al proposes the idea of using Q-Learning as a defensive strategy in a cybersecurity game for detecting APT attacks in IoT systems [11].…”

Section: Related Workmentioning

confidence: 99%

$$\mathsf {QFlip}$$ : An Adaptive Reinforcement Learning Strategy for the $$\mathsf {FlipIt}$$ Security Game

Oakley

Oprea

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

A rise in Advanced Persistent Threats (APTs) has introduced a need for robustness against long-running, stealthy attacks which circumvent existing cryptographic security guarantees. FlipIt is a security game that models attacker-defender interactions in advanced scenarios such as APTs. Previous work analyzed extensively non-adaptive strategies in FlipIt, but adaptive strategies rise naturally in practical interactions as players receive feedback during the game. We model the FlipIt game as a Markov Decision Process and introduce QFlip, an adaptive strategy for FlipIt based on temporal difference reinforcement learning. We prove theoretical results on the convergence of our new strategy against an opponent playing with a Periodic strategy. We confirm our analysis experimentally by extensive evaluation of QFlip against specific opponents. QFlip converges to the optimal adaptive strategy for Periodic and Exponential opponents using associated state spaces. Finally, we introduce a generalized QFlip strategy with composite state space that outperforms a Greedy strategy for several distributions including Periodic and Uniform, without prior knowledge of the opponent's strategy. We also release an OpenAI Gym environment for FlipIt to facilitate future research.

show abstract

Reinforcement Learning for Autonomous Defence in Software-Defined Networking

Cited by 62 publications

References 68 publications

Machine Learning Threatens 5G Security

Machine Learning Threatens 5G Security

Robust Self-Protection Against Application-Layer (D)DoS Attacks in SDN Environment

$$\mathsf {QFlip}$$ : An Adaptive Reinforcement Learning Strategy for the $$\mathsf {FlipIt}$$ Security Game

Contact Info

Product

Resources

About