Enhancing Network Slicing Security: Machine Learning, Software-Defined Networking, and Network Functions Virtualization-Driven Strategies
Abstract
:1. Introduction
- Enhanced Mobile Broadband (eMBB): eMBB applications, such as high-definition video streaming, virtual reality experiences, and cloud gaming, demand high data rates and significant bandwidth to deliver a seamless user experience. There is an increasing need for massive MIMO and millimetre wave technology integration within cellular networks to cater to the ever-increasing data demands of eMBB users [4].
- Ultra-Reliable Low-Latency Communication (URLLC): URLLC applications, critical for industries like autonomous vehicles, remote surgery, and industrial automation, prioritise reliability and ultra-low latency over high data rates. Some challenges are faced by traditional network architectures in meeting the stringent latency requirements (less than 1 millisecond) and ultra-high reliability (packet loss probability close to zero) demanded by URLLC applications [5]. These applications have stricter Quality-of-Service (QoS) requirements compared to traditional mobile broadband traffic.
- Massive Machine-Type Communication (mMTC): mMTC, a core component of the Internet of Things (IoT), encompasses a vast number of low-power, low-data-rate devices requiring efficient communication for functionalities like sensor data collection and remote monitoring. While data rates for individual devices are minimal, the sheer volume of devices connected within an mMTC network can create significant network management challenges [6].
2. Exploring SDN, NFV, Policies, ML, Network Slicing and Telecom Security
2.1. Software Defining Network
- Security Challenges in Interfaces: SDN interfaces [24], particularly the northbound interface (protocol to support communication between controllers and applications or high-level control plane) and the southbound interface (OpenFlow protocol to support communications between controllers and SDN switches), pose significant security challenges [25,26]. The southbound interface, which uses TLS (Transport Layer Security) and DTLS (Datagram Transport Layer Security), leaves their implementation optional due to configuration complexity, making these interfaces susceptible to attacks like eavesdropping and attacks on the control plane [19,27].
- Security Solutions for SDN: These outline a multidimensional approach to securing SDN, which includes rigorously verifying SDN applications to prevent access by malicious software and implementing security mechanisms like the SE-Floodlight controller for the control plane [28,29], which provides privilege separation and a secure API.
- Control Plane Security: This area is critical due to its central role in network management. Various security enhancements, such as the SE-Floodlight controller, extend the capabilities of existing solutions by providing mechanisms for privilege separation and secure northbound APIs, which act as mediators between the application and data planes.
- Data Plane Security: The data plane handles the actual packet forwarding and is secured through trust methods for authentication and authorization [30] to manage which applications can change flow rules in the network’s forwarding elements.
- Security Enhancements through Network Design: The principles of SDN itself, including centralised network control and enhanced visibility of traffic flows, are used to bolster network security against common threats such as unauthorised access and control plane attacks.
- Challenges in SDN Controllers: The central role of SDN controllers makes them prime targets for DoS and DDoS attacks, compromising network integrity.
2.2. Network Functions Virtualization
- Virtualization Layer Vulnerabilities: NFV relies heavily on virtualization technologies, exposing networks to vulnerabilities inherent in hypervisors and virtual machine managers (VMMs). These vulnerabilities can lead to escalated privileges or escape attacks, where an attacker gains control over the host machine or other virtual machines [36].
- ○
- Proposed solution—Security Reference Architecture (SRA): This solution was proposed in [35]. It includes specific security patterns and reference architectures to mitigate identified threats based on these patterns, which can be reused for continuous monitoring of the virtualized layer.
- Isolation Failures: Proper isolation of network functions is crucial to prevent cross-VM attacks. Any failure to maintain strict isolation can lead to information leakage, unauthorised data access, or denial of service (DoS) attacks. Failures like this could also be related to inadequate resource slicing or temporal interference, wherein co-located services shared infrastructure may lead to performance unpredictability due to shared contention [37].
- ○
- Proposed solution—Hierarchical Real-Time CPU Scheduling: In the work proposed by [37], this solution is introduced based on real-time CPU scheduling techniques. This method, integrated within the Linux kernel itself, allows for precise CPU resource allocation to each container (VNF), ensuring that each service receives a defined share of CPU time regardless of the activities of other containers.
- Management and Orchestration (MANO) Security: The MANO layer orchestrates NFV services and manages their lifecycle. Since it has a comprehensive view of the network functions, it becomes a critical security concern. Compromising the MANO layer can lead to widespread network disruption [38].
- ○
- Proposed solution—Security Framework: The SecMANO framework proposed by [38] is a security-oriented enhancement of the existing MANO framework. It incorporates security by design from the initial stages of network service and throughout the service lifecycle. It enables adaptive deployment and management of security functions according to real-time demands and threats and utilises a policy-based approach to ensure consistent and effective security measures across all network functions.
- Integrity of NFVs: The NFV environment presents a challenge in ensuring the integrity and authenticity of the network functions due to its reliance on virtualization and cloud technologies. The complexity of establishing trust in such a dynamic and distributed environment has been emphasised in [39,40], with concerns about the integrity and privacy of virtual instances hosted on multi-tenant platforms.
- ○
- Proposed solution—Remote Attestation and OpenCIT: In the work of [40], a combination of solutions is proposed, namely the use of Remote Attestation workflows which are used to allow external verification of the system’s integrity. These workflows involve the Trusted Third Party verifying the integrity measures reported by the Trusted Platform Module (TPM) against a known configuration. This TPM is present within OpenCIT, an Intel framework combining hardware elements (TPM) and software elements to establish a Chain of Trust. This approach verifies the integrity of each system component from the hardware level up to the software stack.
2.3. Network Slicing
- Flexibility and Customization: Slices can be tailor-made for applications requiring high bandwidth (e.g., video streaming), ultra-low latency (e.g., remote surgery, industrial automation), or support for massive device connections (e.g., smart cities, Internet of Things) [44].
- Improved Resource Efficiency: Network slicing facilitates the dynamic allocation of resources based on real-time slice demands, maximising efficiency and reducing costs [45].
- New Revenue Streams: Operators can offer custom slices to enterprise customers or other service providers, unlocking new market opportunities [43].
- Management Complexity: Orchestration of multiple slices with distinct configurations demands sophisticated management and automation tools [45].
- Security Concerns: Meticulous security measures are needed to ensure slice isolation and prevent interference or attacks. This is critical as slices share a common infrastructure [46].
- Standardisation: Ongoing efforts by bodies like 3GPP focus on defining interoperability standards, which are crucial for multi-vendor compatibility [46].
2.3.1. The Need for Network Slicing
2.3.2. Conflicting Requirements
2.3.3. Challenges in Network Slicing for Future Networks
2.4. Policy-Based Network Security
2.4.1. Early Concepts of Security Policies
2.4.2. Implementation Challenges in PBN and IBN
2.5. AI, ML and Network Security
Challenges Posed by AI/ML
- Security: ML systems face security threats like poisoning, evasion, API-based attacks, and AI framework infringements, endangering data integrity.
- Privacy: ML’s data analysis and automation can compromise privacy. Insecure IoT devices and model inversion attacks threaten data, making protection crucial.
- Ethical: ML reduces human intervention, but computers lack human ethical consciousness. ML systems follow training but cannot act against logic in certain circumstances.
- Intelligent Attacks: AI can be used to identify patterns in large data volumes, potentially exposing network vulnerabilities.
3. The ML Strategy within Network Slicing
3.1. The Role of Machine Learning
3.1.1. Supervised Learning
3.1.2. Unsupervised Learning
3.2. The Role of Deep Learning
3.3. Practical Applications
4. Policy/Intent-Based Security in SDN and NFV Networks
4.1. Policy-Based Networking Development
- Policy Definition: Network administrators define security policies using the OpenSec language (a high-level policy language).
- Policy Translation: The SDN controller translates these high-level policies into low-level flow rules that can be implemented in the network hardware. This translation is critical to enabling dynamic, automated security management.
- Flow Processing: Based on the translated rules, network flows are directed to appropriate security services. For instance, if a flow is identified as needing deep packet inspection (DPI), others need to be passed through an IDS.
- Security Event Handling: When a security service detects a threat (such as malicious traffic identified by an Intrusion Detection System (IDS)), it alerts the SDN controller. The controller then takes predefined actions, including blocking the traffic, rerouting it, or simply logging the event.
- Policy Enforcement: The SDN controller continuously monitors compliance with security policies and can adjust flow rules dynamically in response to network conditions or security incidents. This continuous monitoring is what security policy enforcement is mostly about and why the development of SDN has been so advantageous for its implementation.
4.2. Advancements in Policy Implementation Techniques
- Separating: this divides the virtual services and decreases the size of the attack flows using a load balancer.
- Chaining: this links many VNFs to prevent various attack flows and constructs extensive security systems.
- Merging: this combines unnecessary VNFs to optimise the security system and the system’s resources.
- Reordering: this reorders current VNFs depending on the type and strength of the current attack flows.
4.3. Transition to Intent-Based Networking
- Intent Profiling: This first step involves defining the intent, which should be in an easily understandable, declarative statement of what is expected from the network. This contrasts with policy-based networking, where specific rules and configurations are detailed.
- Intent Translation: After being defined, the high-level intent must be translated into actionable network policies and configurations. Unlike policy-based systems that apply rules directly, IBN systems interpret intents and determine the best methods to achieve the desired outcomes.
- Intent Resolution and Activation: Before being activated, potential conflicts among different intents must be addressed, ensuring that new intents do not disrupt existing network functions. This dynamic adjustment capability is a significant advancement over static policy-based systems.
- Intent Assurance: Much like in policy-based systems, the process of continuously monitoring network performance to ensure that it aligns with the defined policies, and in this case, the intent, is critical to maintaining a reliable service. However, in the case of intent-based networking, its inherent flexibility allows it to adapt faster to changes in network conditions or business objectives over time.
4.4. Enhancing Security in SDNs and NFVs through PBN
5. Use Case of 6G-OPENSEC-Security
5.1. General Architecture
- SCLA—This component is responsible for processing the results obtained from the monitoring process. It identifies the data samples requiring evaluation and triggers processes to mitigate the detected security threat.
- SCLG—This component oversees the coordination and management of all created closed loops and their governance.
5.2. Security Closed-Loop Automation Architecture
- Proactive Security: Shifting from reactive to proactive measures, the system anticipates and mitigates threats before they manifest by continuously monitoring and adapting its defences based on predictive analysis.
- Real-time Threat Response: Acting swiftly and decisively in the face of security threats, it minimises potential damage through modules like Security Decision and Security Data Analytics, which enable real-time detection of anomalies and a response.
- Adaptive Learning: Staying ahead of evolving threats by continuously learning from past experiences and current data.
- Operational Efficiency: Ensuring that security measures enhance system performance rather than hinder it.
- Security Data Collection: The purpose of this component is to collect network data, as it is proposed to be integrated with network probes that capture packets of network traffic and are later retrieved by the component. Data collection can be carried out via APIs or through data brokers, whichever best fits the network topology.
- Security Data Analytics: This component is responsible for analysing the collected data and detecting any possible threats or anomalies within the surveilled network through the use of AI models. The proposed project model integrates a DDoS detection model such as LUCID [99]; however, this component is flexible enough to integrate other types of ML and DL models that can detect different types of attacks in network traffic.
- Security Decision: Since the deployed and surveilled services must comply with specific security policies, this component was developed to ensure that appropriate action is taken to solve the issue in case of an attack or non-compliance with the requested policies. A knowledge base is required to ensure that each violated policy has an appropriate corrective directive.
- Security and Privacy data service: This is the specialised module responsible for securely managing and storing security data within the closed loop. In other words, it is the SCLA’s database.
5.3. Applying ML/DL and Security Policies
5.3.1. Security Data Analytics
- Proactive Analysis: Security Data Analytics can spot possible dangers before they result in damage by examining network data. This can be achieved by detecting patterns and trends in the data, which can be indicators of consistent threats or system behaviours that need to be kept in check (such as a system vulnerability). ML algorithms can be used to help detect complex patterns.
- Anomaly Detection: Beyond recognizing patterns, the Security Data Analytics component is responsible for detecting anomalies—unusual behaviours or data points that deviate from the norm and can indicate potential security threats. This may include any actions such as unauthorised access, suspicious network traffic, malicious user activity, and more. ML methods will be employed to find anomalies.
- ML Models Ensemble: Security Data Analytics may also offer an ensemble approach for detecting and predicting anomalies. This approach combines the use of multiple ML models to enhance the system’s robustness and accuracy. An approach could be to use anomaly detection models to separate data and then apply different types of predictors.
- Data Visualization: To aid operators and other system components of the system in understanding the security landscape, Security Data Analytics might offer visual representations of data, highlighting key insights, threats, and patterns in real time. This would speed up any particular action that is required to be performed manually in the system.
- Security Report Generation: It is important to create security reports regularly, to document, communicate, and analyse the systems’ security state. The SDA may generate some security reports. These reports can become important documentation for legal purposes. They can also provide detailed information about security incidents, giving information about causes and impacts.
5.3.2. Security Decision
- Data Analysis Interpretation: The Security Decision component interprets the data analysed by the Security Data Analytics to determine potential immediate threats or anomalies.
- Immediate Response Determination: Based on the interpreted data, the Security Decision component determines immediate actions, actions such as blocking a suspicious IP, adjusting a firewall rule, or temporarily isolating a network segment are part of them. As described before, the focus will always be on immediate, tactical responses to any real-time threats.
- Feedback Integration for Tactical Decisions: Like most system components, the security decision component refines its decision-making algorithms based on feedback from previous immediate responses, ensuring a swift and accurate reaction to future threats.
- Severity Assessment: It evaluates the severity of detected anomalies or threats, prioritising responses based on potential impact and immediacy.
- Interface with Response Mechanisms: Once an immediate action is determined, the Security Decision component interfaces with the necessary system components to execute it, be it network configurations, security tools, or alert systems in case of issue escalation.
5.4. Expected Results
5.5. Application Deployment Scenarios
5.5.1. Integrating SCLA in V2X Slicing
5.5.2. Integrating SCLA in Smart Healthcare Slicing
- Logical Isolation: Creation of multiple logical networks (slices) over a single physical infrastructure, each customized to meet specific healthcare application requirements.
- Service Customization: Utilizing SDN and NFV, network slicing provides tailored properties such as low latency and high reliability, essential for applications like telemedicine and remote surgery.
- High Reliability: Configuring slices to ensure successful data transmission without exceeding maximum latency, critical for extreme critical care monitoring.
- Scalability and Density Management: Managing high density and scalability during scenarios like natural disasters, accommodating many wearable devices.
- Fingerprinting Techniques: Using ML algorithms for fingerprinting network traffic to quickly customize network resources, achieving about 90% accuracy, and significantly aiding in network resource adaptation and automation.
- Real-Time Threat Detection and Response: it enables continuous monitoring of the smart healthcare network. This allows for the immediate detection of security threats such as unauthorized access, data breaches, and malware. Also, it can automatically adapt the network configuration to mitigate the threat. For instance, it can isolate affected network slices or reroute traffic to secure channels.
- Automation and Efficiency: it eliminates the need for manual intervention in security management. Automated decision-making processes ensure quick and efficient responses to threats, reducing the window of vulnerability and minimizing the impact on healthcare services.
- Enhanced Reliability and Resilience: it can implement proactive security measures by predicting potential threats based on historical data and current network behaviour.
- Compliance and Reporting: automated compliance checks and reporting ensure that the smart healthcare network adheres to regulatory standards and policies, such as those mandated by healthcare authorities and data protection regulations.
6. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Liu, G.; Huang, Y.; Chen, Z.; Liu, L.; Wang, Q.; Li, N. 5G Deployment: Standalone vs. Non-Standalone from the Operator Perspective. IEEE Commun. Mag. 2020, 58, 83–89. [Google Scholar] [CrossRef]
- Kimura, D.; Seki, H.; Kubo, T.; Taniguchi, T. Wireless network technologies toward 5G. APSIPA Trans. Signal Inf. Process. 2015, 4, e12. [Google Scholar] [CrossRef]
- Dogra, A.; Jha, R.K.; Jain, S. A Survey on Beyond 5G Network With the Advent of 6G: Architecture and Emerging Technologies. IEEE Access 2021, 9, 67512–67547. [Google Scholar] [CrossRef]
- Polese, M.; Bonati, L.; D’Oro, S.; Basagni, S.; Melodia, T. Understanding O-RAN: Architecture, Interfaces, Algorithms, Security, and Research Challenges. IEEE Commun. Surv. Tutor. 2023, 25, 1376–1411. [Google Scholar] [CrossRef]
- Chen, M.; Yang, J.; Hao, Y.; Mao, S.; Hwang, K. A 5G Cognitive System for Healthcare. Big Data Cogn. Comput. 2017, 1, 2. [Google Scholar] [CrossRef]
- Wu, Y.-J.; Hwang, W.-S.; Shen, C.-Y.; Chen, Y.-Y. Network Slicing for mMTC and URLLC Using Software-Defined Networking with P4 Switches. Electronics 2022, 11, 2111. [Google Scholar] [CrossRef]
- Ordonez-Lucena, J.; Ameigeiras, P.; Lopez, D.; Ramos-Munoz, J.J.; Lorca, J.; Folgueira, J. Network Slicing for 5G with SDN/NFV: Concepts, Architectures, and Challenges. IEEE Commun. Mag. 2017, 55, 80–87. [Google Scholar] [CrossRef]
- Barakabitze, A.A.; Barman, N.; Ahmad, A.; Zadtootaghaj, S.; Sun, L.; Martini, M.G.; Atzori, L. QoE management of multimedia streaming services in future networks: A tutorial and survey. IEEE Commun. Surv. Tutor. 2020, 22, 526–565. [Google Scholar] [CrossRef]
- Moya Osorio, D.P.; Ahmad, I.; Sánchez, J.D.V.; Gurtov, A.; Scholliers, J.; Kutila, M.; Porambage, P. Towards 6G-Enabled Internet of Vehicles: Security and Privacy. IEEE Open J. Commun. Soc. 2022, 3, 82–105. [Google Scholar] [CrossRef]
- Zhang, S. An Overview of Network Slicing for 5G. IEEE Wirel. Commun. 2019, 26, 111–117. [Google Scholar] [CrossRef]
- Uusitalo, M.A.; Rugeland, P.; Boldi, M.R.; Strinati, E.C.; Demestichas, P.; Ericson, M.; Fettweis, G.P.; Filippou, M.C.; Gati, A.; Hamon, M.-H.; et al. 6G Vision, Value, Use Cases and Technologies From European 6G Flagship Project Hexa-X. IEEE Access 2021, 9, 160004–160020. [Google Scholar] [CrossRef]
- Bernardos, C.J.; Uusitalo, M.A. European Vision for the 6G Network Ecosystem; Zenodo: Geneve, Switzerland, 2021. [Google Scholar]
- Yi, B.; Wang, X.; Li, K.; Das, S.K.; Huang, M. A comprehensive survey of Network Function Virtualization. Comput. Netw. 2018, 133, 212–262. [Google Scholar] [CrossRef]
- Kreutz, D.; Ramos, F.M.V.; Esteves Verissimo, P.; Esteve Rothenberg, C.; Azodolmolky, S.; Uhlig, S. Software-Defined Networking: A Comprehensive Survey. Proc. IEEE 2015, 103, 14–76. [Google Scholar] [CrossRef]
- Vassilaras, S.; Gkatzikis, L.; Liakopoulos, N.; Stiakogiannakis, I.N.; Qi, M.; Shi, L.; Liu, L.; Debbah, M.; Paschos, G.S. The Algorithmic Aspects of Network Slicing. IEEE Commun. Mag. 2017, 55, 112–119. [Google Scholar] [CrossRef]
- Feamster, N.; Rexford, J.; Zegura, E. The Road to SDN: An intellectual history of programmable networks. Queue 2013, 11, 20–40. [Google Scholar] [CrossRef]
- ETSI Network Functions Virtualisation (NFV); Terminology for Main Concepts in NFV 2020; ETSI: Sophia Antipolis, France, 2020.
- Nunes, B.A.A.; Mendonca, M.; Nguyen, X.-N.; Obraczka, K.; Turletti, T. A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks. IEEE Commun. Surv. Tutor. 2014, 16, 1617–1634. [Google Scholar] [CrossRef]
- Maleh, Y.; Qasmaoui, Y.; El Gholami, K.; Sadqi, Y.; Mounir, S. A comprehensive survey on SDN security: Threats, mitigations, and future directions. J. Reliab. Intell. Environ. 2023, 9, 201–239. [Google Scholar] [CrossRef]
- Barakabitze, A.A.; Ahmad, A.; Mijumbi, R.; Hines, A. 5G network slicing using SDN and NFV: A survey of taxonomy, architectures and future challenges. Comput. Netw. 2020, 167, 106984. [Google Scholar] [CrossRef]
- Rana, D.S.; Dhondiyal, S.A.; Chamoli, S.K. Software Defined Networking (SDN) Challenges, issues and Solution. Int. J. Comput. Sci. Eng. 2019, 7, 884–889. [Google Scholar] [CrossRef]
- Khan, R.; Kumar, P.; Jayakody, D.N.K.; Liyanage, M. A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements, and Future Directions. IEEE Commun. Surv. Tutor. 2020, 22, 196–248. [Google Scholar] [CrossRef]
- Ahmad, I.; Shahabuddin, S.; Kumar, T.; Okwuibe, J.; Gurtov, A.; Ylianttila, M. Security for 5G and Beyond. IEEE Commun. Surv. Tutor. 2019, 21, 3682–3722. [Google Scholar] [CrossRef]
- Rafique, W.; Qi, L.; Yaqoob, I.; Imran, M.; Rasool, R.U.; Dou, W. Complementing IoT Services Through Software Defined Networking and Edge Computing: A Comprehensive Survey. IEEE Commun. Surv. Tutor. 2020, 22, 1761–1804. [Google Scholar] [CrossRef]
- Macedo, D.F.; Guedes, D.; Vieira, L.F.M.; Vieira, M.A.M.; Nogueira, M. Programmable Networks—From Software-Defined Radio to Software-Defined Networking. IEEE Commun. Surv. Tutor. 2015, 17, 1102–1125. [Google Scholar] [CrossRef]
- Ahmad, S.; Mir, A.H. SDN Interfaces: Protocols, Taxonomy and Challenges. Int. J. Wirel. Microw. Technol. 2022, 12, 11–32. [Google Scholar] [CrossRef]
- Singh, P.K.; Brahma, M.; Nath, P.; Ghosh, U. A Study on Secure Network Slicing in 5G. In Proceedings of the 2023 IEEE/ACM 23rd International Symposium on Cluster, Cloud and Internet Computing Workshops (CCGridW), Bangalore, India, 1–4 May 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 52–61. [Google Scholar]
- Al-Alaj, A.; Sandhu, R.; Krishnan, R. A Formal Access Control Model for SE-Floodlight Controller. In Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Richardson, TX, USA, 27 March 2019; ACM: New York, NY, USA, 2019; pp. 1–6. [Google Scholar]
- Porras, P.; Cheung, S.; Fong, M.; Skinner, K.; Yegneswaran, V. Securing the Software Defined Network Control Layer. In Proceedings of the 2015 Network and Distributed System Security Symposium, San Diego, CA, USA, 8–11 February 2015; Internet Society: Reston, VA, USA, 2015. [Google Scholar]
- Correa Chica, J.C.; Imbachi, J.C.; Botero Vega, J.F. Security in SDN: A comprehensive survey. J. Netw. Comput. Appl. 2020, 159, 102595. [Google Scholar] [CrossRef]
- Chiosi, M.; Clarke, D.; Willis, P.; Reid, A.; Feger, J.; Bugenhagen, M.; Khan, W.; Fargano, M.; Cui, C.; Deng, H.; et al. Network Functions Virtualisation: An Introduction, Benefits, Enablers, Challenges & Call for Action. Available online: https://portal.etsi.org/NFV/NFV_White_Paper.pdf (accessed on 6 May 2024).
- European Union Agency for Cybersecurity. NFV Security in 5G: Challenges and Best Practices; Publications Office: Luxembourg, 2022. [Google Scholar]
- Yang, W.; Fung, C. A survey on security in network functions virtualization. In Proceedings of the 2016 IEEE NetSoft Conference and Workshops (NetSoft), Seoul, Republic of Korea, 6–10 June 2016; pp. 15–19. [Google Scholar]
- Han, B.; Gopalakrishnan, V.; Ji, L.; Lee, S. Network function virtualization: Challenges and opportunities for innovations. IEEE Commun. Mag. 2015, 53, 90–97. [Google Scholar] [CrossRef]
- Abdelwahab, S.; Hamdaoui, B.; Guizani, M.; Znati, T. Network function virtualization in 5G. IEEE Commun. Mag. 2016, 54, 84–91. [Google Scholar] [CrossRef]
- Alnaim, A.K.; Alwakeel, A.M.; Fernandez, E.B. Towards a Security Reference Architecture for NFV. Sensors 2022, 22, 3750. [Google Scholar] [CrossRef] [PubMed]
- Cucinotta, T.; Abeni, L.; Marinoni, M.; Mancini, R.; Vitucci, C. Strong Temporal Isolation Among Containers in OpenStack for NFV Services. IEEE Trans. Cloud Comput. 2023, 11, 763–778. [Google Scholar] [CrossRef]
- Pattaranantakul, M.; He, R.; Meddahi, A.; Zhang, Z. SecMANO: Towards Network Functions Virtualization (NFV) Based Security MANagement and Orchestration. In Proceedings of the 2016 IEEE Trustcom/BigDataSE/ISPA, Tianjin, China, 23–26 August 2016; pp. 598–605. [Google Scholar]
- Abdulqadder, I.H.; Zhou, S.; Zou, D.; Aziz, I.T.; Akber, S.M.A. Bloc-Sec: Blockchain-Based Lightweight Security Architecture for 5G/B5G Enabled SDN/NFV Cloud of IoT. In Proceedings of the 2020 IEEE 20th International Conference on Communication Technology (ICCT), Nanning, China, 28–31 October 2020; pp. 499–507. [Google Scholar]
- De Benedictis, M.; Lioy, A. On the establishment of trust in the cloud-based ETSI NFV framework. In Proceedings of the 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Berlin, Germany, 6–8 November 2017; pp. 280–285. [Google Scholar]
- Afolabi, I.; Taleb, T.; Samdanis, K.; Ksentini, A.; Flinck, H. Network Slicing and Softwarization: A Survey on Principles, Enabling Technologies, and Solutions. IEEE Commun. Surv. Tutor. 2018, 20, 2429–2453. [Google Scholar] [CrossRef]
- Chowdhury, M.Z.; Shahjalal, M.; Ahmed, S.; Jang, Y.M. 6G Wireless Communication Systems: Applications, Requirements, Technologies, Challenges, and Research Directions. IEEE Open J. Commun. Soc. 2020, 1, 957–975. [Google Scholar] [CrossRef]
- Dang, X.-T.; Sivrikaya, F. A Lightweight Policy-aware Broker for Multi-domain Network Slice Composition. In Proceedings of the 2020 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), Paris, France, 24–27 February 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 123–130. [Google Scholar]
- Li, X.; He, M.; Ni, J. Secure and Privacy-preserving Network Slicing in 3GPP 5G System Architecture. In Proceedings of the 2023 IEEE/CIC International Conference on Communications in China (ICCC), Dalian, China, 10–12 August 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 1–6. [Google Scholar]
- Karunarathna, S.; Wijethilaka, S.; Ranaweera, P.; Hemachandra, K.T.; Samarasinghe, T.; Liyanage, M. The Role of Network Slicing and Edge Computing in the Metaverse Realization. IEEE Access 2023, 11, 25502–25530. [Google Scholar] [CrossRef]
- Li, Y.; Zhang, J.; Xue, H.; Ma, J.; Wu, J.; Zhao, M.; Han, C.; Dang, X. 5G Core Network Slices Embedding and Deploying Based on Greedy Algorithm in Smart Grids; IEEE: Piscataway, NJ, USA, 2022; pp. 31–35. [Google Scholar]
- Bao, S.; Liang, Y.; Xu, H. Blockchain for Network Slicing in 5G and Beyond: Survey and Challenges. J. Commun. Inf. Netw. 2022, 7, 349–359. [Google Scholar] [CrossRef]
- Dangi, R.; Jadhav, A.; Choudhary, G.; Dragoni, N.; Mishra, M.K.; Lalwani, P. ML-Based 5G Network Slicing Security: A Comprehensive Survey. Future Internet 2022, 14, 116. [Google Scholar] [CrossRef]
- Khan, L.U.; Yaqoob, I.; Tran, N.H.; Han, Z.; Hong, C.S. Network Slicing: Recent Advances, Taxonomy, Requirements, and Open Research Challenges. IEEE Access 2020, 8, 36009–36028. [Google Scholar] [CrossRef]
- Dalgitsis, M.; Cadenelli, N.; Serrano, M.A.; Bartzoudis, N.; Alonso, L.; Antonopoulos, A. NSFaaS: Network Slice Federation as a Service in Cloud-Native 5G and Beyond Mobile Networks. In Proceedings of the 2023 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Dresden, Germany, 7–9 November 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 59–64. [Google Scholar]
- Wu, W.; Zhou, C.; Li, M.; Wu, H.; Zhou, H.; Zhang, N.; Shen, X.S.; Zhuang, W. AI-Native Network Slicing for 6G Networks. IEEE Wirel. Commun. 2022, 29, 96–103. [Google Scholar] [CrossRef]
- De Alwis, C.; Porambage, P.; Dev, K.; Gadekallu, T.R.; Liyanage, M. A Survey on Network Slicing Security: Attacks, Challenges, Solutions and Research Directions. IEEE Commun. Surv. Tutor. 2024, 26, 534–570. [Google Scholar] [CrossRef]
- Burns, J.; Cheng, A.; Gurung, P.; Rajagopalan, S.; Rao, P.; Rosenbluth, D.; Surendran, A.V.; Martin, D.M. Automatic management of network security policy. In Proceedings of the Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX’01, Anaheim, CA, USA, 12–14 June 2001; IEEE Computer Society: Washington, DC, USA, 2001; Volume 2, pp. 12–26. [Google Scholar]
- Rycroft, R.W.; Kash, D.E. Self-organizing innovation networks: Implications for globalization. Technovation 2004, 24, 187–197. [Google Scholar] [CrossRef]
- Schneider, F.B. Enforceable security policies. ACM Trans. Inf. Syst. Secur. 2000, 3, 30–50. [Google Scholar] [CrossRef]
- Scheid, E.J.; Machado, C.C.; Franco, M.F.; Dos Santos, R.L.; Pfitscher, R.P.; Schaeffer-Filho, A.E.; Granville, L.Z. INSpIRE: Integrated NFV-based Intent Refinement Environment. In Proceedings of the 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Lisbon, Portugal, 8–12 May 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 186–194. [Google Scholar]
- Chadha, R.; Lapiotis, G.; Wright, S. Guest editorial—Policy-based networking. IEEE Netw. 2002, 16, 8–9. [Google Scholar] [CrossRef]
- Foster, N.; Freedman, M.J.; Harrison, R.; Rexford, J.; Meola, M.L.; Walker, D. Frenetic: A high-level language for OpenFlow networks. In Proceedings of the Workshop on Programmable Routers for Extensible Services of Tomorrow, Philadelphia, PA, USA, 30 November 2010; ACM: New York, NY, USA, 2010; pp. 1–6. [Google Scholar]
- Batista, B.; Fernandez, M. PonderFlow: A New Policy Specification Language to SDN OpenFlow-based Networks. Int. J. Adv. Netw. Serv. 2014, 7, 163–172. [Google Scholar]
- Damianou, N.; Dulay, N.; Lupu, E.; Sloman, M. Ponder: A Language for Specifying Security and Management Policies for Distributed Systems; Imperial College London: London, UK, 2000. [Google Scholar]
- Amoroso, A. Automated Policy Enforcement in Software Defined Networking and Network Function Virtualization Environment. Master’s Thesis, Politecnico di Torino, Turin, Italy, 2020. [Google Scholar]
- Giotis, K.; Kryftis, Y.; Maglaris, V. Policy-based orchestration of NFV services in Software-Defined Networks. In Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft), London, UK, 13–17 April 2015; IEEE: Piscataway, NJ, USA, 2015; pp. 1–5. [Google Scholar]
- Abbas, K.; Afaq, M.; Khan, T.A.; Mehmood, A.; Song, W.-C. IBNSlicing: Intent-Based Network Slicing Framework for 5G Networks using Deep Learning. In Proceedings of the 2020 21st Asia-Pacific Network Operations and Management Symposium (APNOMS), Daegu, Republic of Korea, 23–25 September 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 19–24. [Google Scholar]
- Martins, J.S.B.; Carvalho, T.C.; Moreira, R.; Both, C.B.; Donatti, A.; Correa, J.H.; Suruagy, J.A.; Correa, S.L.; Abelem, A.J.G.; Ribeiro, M.R.N.; et al. Enhancing Network Slicing Architectures With Machine Learning, Security, Sustainability and Experimental Networks Integration. IEEE Access 2023, 11, 69144–69163. [Google Scholar] [CrossRef]
- Salahdine, F.; Han, T.; Zhang, N. 5G, 6G, and Beyond: Recent advances and future challenges. Ann. Telecommun. Telecommun. 2023, 78, 525–549. [Google Scholar] [CrossRef]
- Dangi, R.; Choudhary, G.; Dragoni, N.; Lalwani, P.; Khare, U.; Kundu, S. 6G Mobile Networks: Key Technologies, Directions, and Advances. Telecom 2023, 4, 836–876. [Google Scholar] [CrossRef]
- Alanazi, M.N. 5G Security Threat Landscape, AI and Blockchain. Wirel. Pers. Commun. 2023, 133, 1467–1482. [Google Scholar] [CrossRef]
- Kaloxylos, A.; Gavras, A.; Camps Mur, D.; Ghoraishi, M.; Hrasnica, H. AI and ML—Enablers for Beyond 5G Networks; 5G PPP: Heidelberg, Germany, 2020. [Google Scholar] [CrossRef]
- Fakhouri, H.N.; Alawadi, S.; Awaysheh, F.M.; Hani, I.B.; Alkhalaileh, M.; Hamad, F. A Comprehensive Study on the Role of Machine Learning in 5G Security: Challenges, Technologies, and Solutions. Electronics 2023, 12, 4604. [Google Scholar] [CrossRef]
- Meduri, K.; Nadella, G.S.; Gonaygunta, H. Enhancing Cybersecurity with Artificial Intelligence: Predictive Techniques and Challenges in the Age of IoT. Int. J. Sci. Eng. Appl. 2024, 13, 30–33. [Google Scholar] [CrossRef]
- Haider, N.; Baig, M.Z.; Imran, M. Artificial Intelligence and Machine Learning in 5G Network Security: Opportunities, advantages, and future research trends 2020. arXiv 2020, arXiv:2007.04490. [Google Scholar]
- Afaq, A.; Haider, N.; Baig, M.Z.; Khan, K.S.; Imran, M.; Razzak, I. Machine learning for 5G security: Architecture, recent advances, and challenges. Ad Hoc Netw. 2021, 123, 102667. [Google Scholar] [CrossRef]
- Suomalainen, J.; Juhola, A.; Shahabuddin, S.; Mammela, A.; Ahmad, I. Machine Learning Threatens 5G Security. IEEE Access 2020, 8, 190822–190842. [Google Scholar] [CrossRef]
- Siriwardhana, Y.; Porambage, P.; Liyanage, M.; Ylianttila, M. AI and 6G Security: Opportunities and Challenges. In Proceedings of the 2021 Joint European Conference on Networks and Communications & 6G Summit (EuCNC/6G Summit), Porto, Portugal, 8–11 June 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 616–621. [Google Scholar]
- Wang, W.; Liang, C.; Chen, Q.; Tang, L.; Yanikomeroglu, H.; Liu, T. Distributed Online Anomaly Detection for Virtualized Network Slicing Environment. IEEE Trans. Veh. Technol. 2022, 71, 12235–12249. [Google Scholar] [CrossRef]
- Jain, A.; Singh, T.; Sharma, S.K. Security as a solution: An intrusion detection system using a neural network for IoT enabled healthcare ecosystem. Interdiscip. J. Inf. Knowl. Manag. 2021, 16, 331–369. [Google Scholar] [CrossRef] [PubMed]
- Sattar, D.; Matrawy, A. Towards Secure Slicing: Using Slice Isolation to Mitigate DDoS Attacks on 5G Core Network Slices. In Proceedings of the 2019 IEEE Conference on Communications and Network Security (CNS), Washington, DC, USA, 10–12 June 2019; pp. 82–90. [Google Scholar]
- Tonini, F.; Natalino, C.; Furdek, M.; Raffaelli, C.; Monti, P. Network Slicing Automation: Challenges and Benefits. In Proceedings of the 2020 International Conference on Optical Network Design and Modeling (ONDM), Barcelona, Spain, 18–21 May 2020; pp. 1–6. [Google Scholar]
- Kaur, J.; Khan, M.A.; Iftikhar, M.; Imran, M.; Emad Ul Haq, Q. Machine Learning Techniques for 5G and Beyond. IEEE Access 2021, 9, 23472–23488. [Google Scholar] [CrossRef]
- Fourati, H.; Maaloul, R.; Chaari, L. A survey of 5G network systems: Challenges and machine learning approaches. Int. J. Mach. Learn. Cybern. 2021, 12, 385–431. [Google Scholar] [CrossRef]
- Asghar, M.Z.; Abbas, M.; Zeeshan, K.; Kotilainen, P.; Hämäläinen, T. Assessment of Deep Learning Methodology for Self-Organizing 5G Networks. Appl. Sci. 2019, 9, 2975. [Google Scholar] [CrossRef]
- Mahesh, B. Machine Learning Algorithms—A Review. Int. J. Sci. Res. IJSR 2020, 9, 381–386. [Google Scholar]
- Morocho-Cayamcela, M.E.; Lee, H.; Lim, W. Machine Learning for 5G/B5G Mobile and Wireless Communications: Potential, Limitations, and Future Directions. IEEE Access 2019, 7, 137184–137206. [Google Scholar] [CrossRef]
- Ghahramani, Z. Unsupervised Learning. In Advanced Lectures on Machine Learning; Bousquet, O., Von Luxburg, U., Rätsch, G., Eds.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2004; Volume 3176, pp. 72–112. ISBN 978-3-540-23122-6. [Google Scholar]
- Sharma, V.; Rai, S.; Dev, A. A Comprehensive Study of Artificial Neural Networks. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 2012, 2, 278–284. [Google Scholar]
- Ly, A.; Yao, Y.-D. A Review of Deep Learning in 5G Research: Channel Coding, Massive MIMO, Multiple Access, Resource Allocation, and Network Security. IEEE Open J. Commun. Soc. 2021, 2, 396–408. [Google Scholar] [CrossRef]
- Doan, M.; Zhang, Z. Deep Learning in 5G Wireless Networks—Anomaly Detections. In Proceedings of the 2020 29th Wireless and Optical Communications Conference (WOCC), Newark, NJ, USA, 1–2 May 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 1–6. [Google Scholar]
- Sharma, H.; Kumar, N. Deep learning based physical layer security for terrestrial communications in 5G and beyond networks: A survey. Phys. Commun. 2023, 57, 102002. [Google Scholar] [CrossRef]
- Thantharate, A.; Paropkari, R.; Walunj, V.; Beard, C.; Kankariya, P. Secure5G: A Deep Learning Framework Towards a Secure Network Slicing in 5G and Beyond. In Proceedings of the 2020 10th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 6–8 January 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 0852–0857. [Google Scholar]
- Thantharate, A.; Paropkari, R.; Walunj, V.; Beard, C. DeepSlice: A Deep Learning Approach towards an Efficient and Reliable Network Slicing in 5G Networks. In Proceedings of the 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), New York City, NY, USA, 10–12 October 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 0762–0767. [Google Scholar]
- Kuadey, N.A.E.; Maale, G.T.; Kwantwi, T.; Sun, G.; Liu, G. DeepSecure: Detection of Distributed Denial of Service Attacks on 5G Network Slicing—Deep Learning Approach. IEEE Wirel. Commun. Lett. 2022, 11, 488–492. [Google Scholar] [CrossRef]
- Sharafaldin, I.; Lashkari, A.H.; Hakak, S.; Ghorbani, A.A. Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy. In Proceedings of the 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India, 1–3 October 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 1–8. [Google Scholar]
- Jiang, W.; Anton, S.D.; Dieter Schotten, H. Intelligence Slicing: A Unified Framework to Integrate Artificial Intelligence into 5G Networks. In Proceedings of the 2019 12th IFIP Wireless and Mobile Networking Conference (WMNC), Paris, France, 11–13 September 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 227–232. [Google Scholar]
- Lemay, A. Fernandez Providing SCADA network data sets for intrusion detection research. In Proceedings of the 9th USENIX Conference on Cyber Security Experimentation and Test, Austin, TX, USA, 8 August 2016; USENIX Association: Berkeley, CA, USA, 2016; p. 6. [Google Scholar]
- Liu, Q.; Han, T.; Ansari, N. Learning-Assisted Secure End-to-End Network Slicing for Cyber-Physical Systems. IEEE Netw. 2020, 34, 37–43. [Google Scholar] [CrossRef]
- Bonfim, M.; Santos, M.; Dias, K.; Fernandes, S. A real-time attack defense framework for 5G network slicing. Softw. Pract. Exp. 2020, 50, 1228–1257. [Google Scholar] [CrossRef]
- García, S.; Grill, M.; Stiborek, J.; Zunino, A. An empirical comparison of botnet detection methods. Comput. Secur. 2014, 45, 100–123. [Google Scholar] [CrossRef]
- Bousalem, B.; Silva, V.F.; Langar, R.; Cherrier, S. DDoS Attacks Detection and Mitigation in 5G and Beyond Networks: A Deep Learning-based Approach. In Proceedings of the GLOBECOM 2022—2022 IEEE Global Communications Conference, Rio de Janeiro, Brazil, 4–8 December 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 1259–1264. [Google Scholar]
- Doriguzzi-Corin, R.; Millar, S.; Scott-Hayward, S.; Martinez-del-Rincon, J.; Siracusa, D. Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection. IEEE Trans. Netw. Serv. Manag. 2020, 17, 876–889. [Google Scholar] [CrossRef]
- Riekstin, A.C.; Januario, G.C.; Rodrigues, B.B.; Nascimento, V.T.; Carvalho, T.C.M.D.B.; Meirosu, C. A Survey of Policy Refinement Methods as a Support for Sustainable Networks. IEEE Commun. Surv. Tutor. 2016, 18, 222–235. [Google Scholar] [CrossRef]
- Lara, A.; Ramamurthy, B. OpenSec: Policy-Based Security Using Software-Defined Networking. IEEE Trans. Netw. Serv. Manag. 2016, 13, 30–42. [Google Scholar] [CrossRef]
- Tsorouchis, C.; Denazis, S.; Kitchara, C.; Vivero, J.; Salamanca, E.; Magana, E.; Galis, A.; Manas, J.L.; Corlinet, Y.; Mathieu, B.; et al. A policy-based management architecture for active and programmable networks. IEEE Netw. 2003, 17, 22–28. [Google Scholar] [CrossRef]
- Varadharajan, V.; Karmakar, K.K.; Tupakula, U.; Hitchens, M. Toward a Trust Aware Network Slice-Based Service Provision in Virtualized Infrastructures. IEEE Trans. Netw. Serv. Manag. 2022, 19, 1065–1082. [Google Scholar] [CrossRef]
- Samuel, F.; Chowdhury, M.; Boutaba, R. PolyViNE: Policy-based virtual network embedding across multiple domains. J. Internet Serv. Appl. 2013, 4, 6. [Google Scholar] [CrossRef]
- Lee, W.; Kim, N. Security Policy Scheme for an Efficient Security Architecture in Software-Defined Networking. Information 2017, 8, 65. [Google Scholar] [CrossRef]
- Leivadeas, A.; Falkner, M. A Survey on Intent-Based Networking. IEEE Commun. Surv. Tutor. 2023, 25, 625–655. [Google Scholar] [CrossRef]
- Falkner, M.; Apostolopoulos, J. Intent-based networking for the enterprise: A modern network architecture. Commun. ACM 2022, 65, 108–117. [Google Scholar] [CrossRef]
- Wei, Y.; Peng, M.; Liu, Y. Intent-based networks for 6G: Insights and challenges. Digit. Commun. Netw. 2020, 6, 270–280. [Google Scholar] [CrossRef]
- Basile, C.; Valenza, F.; Lioy, A.; Lopez, D.R.; Pastor Perales, A. Adding Support for Automatic Enforcement of Security Policies in NFV Networks. IEEEACM Trans. Netw. 2019, 27, 707–720. [Google Scholar] [CrossRef]
- Molina Zarca, A.; Bagaa, M.; Bernal Bernabe, J.; Taleb, T.; Skarmeta, A.F. Semantic-Aware Security Orchestration in SDN/NFV-Enabled IoT Systems. Sensors 2020, 20, 3622. [Google Scholar] [CrossRef] [PubMed]
- Bringhenti, D.; Yusupov, J.; Zarca, A.M.; Valenza, F.; Sisto, R.; Bernabe, J.B.; Skarmeta, A. Automatic, verifiable and optimized policy-based security enforcement for SDN-aware IoT networks. Comput. Netw. 2022, 213, 109123. [Google Scholar] [CrossRef]
- Sousa, N.F.S.D.; Rothenberg, C.E. CLARA: Closed Loop-based Zero-touch Network Management Framework. In Proceedings of the 2021 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Heraklion, Greece, 9–11 November 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 110–115. [Google Scholar]
- Tam, P.; Ros, S.; Song, I.; Kim, S. QoS-Driven Slicing Management for Vehicular Communications. Electronics 2024, 13, 314. [Google Scholar] [CrossRef]
- Vergutz, A.; Noubir, G.; Nogueira, M. Reliability for Smart Healthcare: A Network Slicing Perspective. IEEE Netw. 2020, 34, 91–97. [Google Scholar] [CrossRef]
- Abdellatif, A.A.; Mohamed, A.; Chiasserini, C.F.; Tlili, M.; Erbad, A. Edge Computing for Smart Health: Context-Aware Approaches, Opportunities, and Challenges. IEEE Netw. 2019, 33, 196–203. [Google Scholar] [CrossRef]
Applications | Description | Use Cases | Strengths | Weaknesses |
---|---|---|---|---|
Anomaly Detection | Network Traffic Analysis User Behaviour Analysis | A decentralized one-class support vector machine analyses virtual nodes for anomalies, using canonical correlation to measure neighbour correlations [75]. | Rapid detection of abnormal activities | Susceptible to false positives/ negatives |
Intrusion Detection | ML-driven intrusion detection systems | Intrusion detection systems can identify intruders in a network using neural networks and ML techniques [76]. | High accuracy in identifying threats | Resource intensive may impact efficiency |
Threat Response | Rapid response to potential threats | Optimization models can mitigate DDoS attacks through slice isolation, enhanced by AI optimization techniques [77] | Swift mitigation of security breaches | May require human oversight for validation |
Predictive Analytics | Anticipating security breaches | Reinforcement Learning models can manage slicing resources and predict threats based on past data and network changes [78]. | Proactive identification of threats | Reliance on historical data for predictions |
Adaptive Defences | AI-driven adaptive security measures | AI-based Expert Systems can automate defence and mitigation decisions based on the specific threat | Ability to adapt to evolving threats | Vulnerable to attacks targeting AI systems |
Security Orchestration | Coordinating security measures across different network slices and components | Creating frameworks based on ETSI ZSM principles for security management, like in the 6G-OPENSEC-SECURITY project. | Effective coordination of security measures | Complexity in integration and management |
Framework | Used Algorithms | Performance Metric | Protected Attack | Description | Dataset Used |
---|---|---|---|---|---|
Secure5G [89] | Deep learning CNNs | Detection Accuracy 98% | DDoS | Pre-emptively identifies and neutralises volume-based flooding and spoofing attacks. | Custom Dataset |
DeepSecure [91] | Long Short-Term Memory (LSTM) | Detection Accuracy 99.97% | DDoS | Predicts slices and detects attacks within 5G networks, focused on DDoS attacks. | CICDDoS2019 [92] |
Intelligence Slicing [93] | Random Forest, Support Vector Machine | Detection Accuracy 100% | Malware | Offers 5G network management and security, with a specialised “security intelligence slice” employing ML-based anomaly detection. | DS1, DS2, DS3 datasets [94] |
Resource Allocation Framework [95] | ADMM Learning-assisted algorithm | Slice performance restoration rate 98% | DoS | Optimises resource allocation in network slicing for cyber–physical systems, adapting dynamically to counteract DoS attacks. | N/A |
FrameRTP4 [96] | Random Forest | True Positive Rate—99.99% | Multiple attacks such as DoS and PortScans | It provides real-time detection and mitigation of attacks in 5G network slicing scenarios using ML algorithms based on Random Forests. | CTU-13 [97] |
5G Prototype [98] | Lightweight, usable CNN (LUCID) [99] | Detection Accuracy 97% | DDoS | Tailored for detecting and mitigating DDoS attacks within Vehicle-to-Everything slices. | Custom dataset |
Subcomponent | Purpose | Key Features | Interfaces |
---|---|---|---|
Data Processing & Transformation Engine (DPTE) | Prepares/reconstructs the collected data. | Collection of data. | Input: Data collected from Security Data Collection. Output: Analytics-ready data. |
Anomaly Detection Engine (ADE) | Identifies anomalies in the data that might indicate security threats, breaches, or other significant deviations from expected patterns. | Statistical Analysis Machine Learning Models Threshold Settings & Alerts | Input: Analytics-ready data. Output: Identified anomalies, insights, or alerts. |
Real-time Analytics & Stream Processing (RASP) | Enables real-time data analysis for immediate insights, which is crucial for detecting ongoing security threats. | Stream Process Engine Real-time Dashboards | Input: Real-time insights and analysed streams Output: Dashboards and processed data. |
Alert Module (AM) | Serves as a communication interface with Security Decision, sending alerts for detected threats. | Real-time alert Alert Generation | Input: Processed data. Output: Alerts. |
Reporting Module (RM) | Prepares analysed data to generate reports. | Report Generation | Input: Analytical results and insights. Output: Reports and processed data. |
Feedback & Optimization Engine (FOE) | Improves the analytical processes based on feedback and continuously optimises the algorithms. | Model Training & Retraining | Input: ML model testing Output: Optimised models |
Subcomponent | Purpose | Key Features | Interfaces |
---|---|---|---|
Threat Assessment (TA) | Evaluates risks of detected anomalies | Threat Categorization Threat/SSLA association | Input: SDA anomaly reports/flags Output: Categorizes threats per SSLAs. |
Decision Engine (DE) | Determines action based on TA assessment. | Action Mapping Escalation Logic Policy Enforcing | Input: Policies, action sets, playbooks Output: Chosen response, escalation alerts |
Communication Interface | Connecting components within SCLA. | Broker Producer/Consumer | Input: Config parameters for SCL/threat alerts/Pcap Output: System feedback/status updates |
Policy Compliance (PC) | Maintaining security policies for decision-making | Policy Storage & Retrieval Policy Compliance Revision | Input: SSLA&P policy requirements for compliance. Output: Delivers policies to DE, logs for audit/version. |
Incident Logging & Reporting Module (ILR) | Logs decisions/incidents for audit trail, generates reports for analysis/compliance | Mitigation Logs Generate Logs | Input: Incident data, user feedback. Output: Mitigation logs, reports. |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Cunha, J.; Ferreira, P.; Castro, E.M.; Oliveira, P.C.; Nicolau, M.J.; Núñez, I.; Sousa, X.R.; Serôdio, C. Enhancing Network Slicing Security: Machine Learning, Software-Defined Networking, and Network Functions Virtualization-Driven Strategies. Future Internet 2024, 16, 226. https://doi.org/10.3390/fi16070226
Cunha J, Ferreira P, Castro EM, Oliveira PC, Nicolau MJ, Núñez I, Sousa XR, Serôdio C. Enhancing Network Slicing Security: Machine Learning, Software-Defined Networking, and Network Functions Virtualization-Driven Strategies. Future Internet. 2024; 16(7):226. https://doi.org/10.3390/fi16070226
Chicago/Turabian StyleCunha, José, Pedro Ferreira, Eva M. Castro, Paula Cristina Oliveira, Maria João Nicolau, Iván Núñez, Xosé Ramon Sousa, and Carlos Serôdio. 2024. "Enhancing Network Slicing Security: Machine Learning, Software-Defined Networking, and Network Functions Virtualization-Driven Strategies" Future Internet 16, no. 7: 226. https://doi.org/10.3390/fi16070226
APA StyleCunha, J., Ferreira, P., Castro, E. M., Oliveira, P. C., Nicolau, M. J., Núñez, I., Sousa, X. R., & Serôdio, C. (2024). Enhancing Network Slicing Security: Machine Learning, Software-Defined Networking, and Network Functions Virtualization-Driven Strategies. Future Internet, 16(7), 226. https://doi.org/10.3390/fi16070226