Next Article in Journal
Edge Cloud Computing and Federated–Split Learning in Internet of Things
Next Article in Special Issue
Malware Detection Based on API Call Sequence Analysis: A Gated Recurrent Unit–Generative Adversarial Network Model Approach
Previous Article in Journal
Building Information Modeling and Digital Twins for Functional and Technical Design of Smart Buildings with Distributed IoT Networks—Review and New Challenges Discussion
Previous Article in Special Issue
Evaluating Quantized Llama 2 Models for IoT Privacy Policy Language Generation
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Enhancing Network Slicing Security: Machine Learning, Software-Defined Networking, and Network Functions Virtualization-Driven Strategies

1
Department of Engineering, School of Sciences and Technology, Universidade de Trás-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal
2
Optare Solutions, Parque Tecnológico de Vigo, 35315 Vigo, Spain
3
Algoritmi Center, University of Minho, 4710-057 Braga, Portugal
4
Department of Information Systems, School of Engineering, University of Minho, Campus de Azurém, 4800-058 Guimarães, Portugal
5
Centre for the Research and Technology of Agro-Environmental and Biological Sciences (CITAB), Universidade de Trás-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal
*
Authors to whom correspondence should be addressed.
Future Internet 2024, 16(7), 226; https://doi.org/10.3390/fi16070226
Submission received: 7 May 2024 / Revised: 14 June 2024 / Accepted: 24 June 2024 / Published: 27 June 2024
(This article belongs to the Special Issue Privacy and Security in Computing Continuum and Data-Driven Workflows)

Abstract

:
The rapid development of 5G networks and the anticipation of 6G technologies have ushered in an era of highly customizable network environments facilitated by the innovative concept of network slicing. This technology allows the creation of multiple virtual networks on the same physical infrastructure, each optimized for specific service requirements. Despite its numerous benefits, network slicing introduces significant security vulnerabilities that must be addressed to prevent exploitation by increasingly sophisticated cyber threats. This review explores the application of cutting-edge technologies—Artificial Intelligence (AI), specifically Machine Learning (ML), Software-Defined Networking (SDN), and Network Functions Virtualization (NFV)—in crafting advanced security solutions tailored for network slicing. AI’s predictive threat detection and automated response capabilities are analysed, highlighting its role in maintaining service integrity and resilience. Meanwhile, SDN and NFV are scrutinized for their ability to enforce flexible security policies and manage network functionalities dynamically, thereby enhancing the adaptability of security measures to meet evolving network demands. Thoroughly examining the current literature and industry practices, this paper identifies critical research gaps in security frameworks and proposes innovative solutions. We advocate for a holistic security strategy integrating ML, SDN, and NFV to enhance data confidentiality, integrity, and availability across network slices. The paper concludes with future research directions to develop robust, scalable, and efficient security frameworks capable of supporting the safe deployment of network slicing in next-generation networks.

1. Introduction

The ongoing rollout of 5G networks and the anticipatory designs of 6G infrastructures represent monumental leaps in telecommunications technology. These advances herald a new era characterised by unprecedented data speeds, massive connectivity, and highly customizable network environments. Central to these innovations is network slicing, a transformative approach that allows multiple virtual networks to operate on the same physical hardware, each tailored to meet specific service requirements.
Network operators are beginning to adopt advanced 5G technologies, including the Stand-Alone (SA) version, which boasts enhanced features [1]. The SA version is a fully independent 5G network that operates without relying on existing 4G LTE infrastructure. It uses a new 5G core (5GC) architecture, which allows it to leverage the full capabilities of 5G technology, including lower latency, higher efficiency, and better support for advanced applications. Unlike the Non-Standalone (NSA) version, which uses a combination of 4G and 5G infrastructure, SA 5G offers enhanced features such as improved network performance, greater flexibility, and the ability to provide dedicated resources for specific use cases [2,3]. Known for its faster speeds, lower latency, and increased capacity, 5G technology significantly outperforms its predecessors. A key feature of 5G is network slicing, illustrated in Figure 1, which allows the network to be segmented into multiple virtual networks, each customizable for different services and applications. Network slicing provides the flexibility to meet a wide range of dynamic user needs by leveraging three main network properties that can be seen in Figure 1 with the correspondent colour associated with each type of slice: Enhanced Mobile Broadband (eMBB) the blue slice, Ultra-Reliable Low-Latency Communication (URLLC) the green slice, and Massive Machine-Type Communication (mMTC), often referred to collectively as IoT (Internet of Things) the red slice. These prominent categories can be summarized:
  • Enhanced Mobile Broadband (eMBB): eMBB applications, such as high-definition video streaming, virtual reality experiences, and cloud gaming, demand high data rates and significant bandwidth to deliver a seamless user experience. There is an increasing need for massive MIMO and millimetre wave technology integration within cellular networks to cater to the ever-increasing data demands of eMBB users [4].
  • Ultra-Reliable Low-Latency Communication (URLLC): URLLC applications, critical for industries like autonomous vehicles, remote surgery, and industrial automation, prioritise reliability and ultra-low latency over high data rates. Some challenges are faced by traditional network architectures in meeting the stringent latency requirements (less than 1 millisecond) and ultra-high reliability (packet loss probability close to zero) demanded by URLLC applications [5]. These applications have stricter Quality-of-Service (QoS) requirements compared to traditional mobile broadband traffic.
  • Massive Machine-Type Communication (mMTC): mMTC, a core component of the Internet of Things (IoT), encompasses a vast number of low-power, low-data-rate devices requiring efficient communication for functionalities like sensor data collection and remote monitoring. While data rates for individual devices are minimal, the sheer volume of devices connected within an mMTC network can create significant network management challenges [6].
Additionally, network slicing improves resource efficiency and offers greater flexibility, scalability, security, and isolation [7].
Figure 1. A 5G network slice function within a shared, multi-vendor, and multi-access network environment, where each slice is independently managed to address specific use cases [7].
Figure 1. A 5G network slice function within a shared, multi-vendor, and multi-access network environment, where each slice is independently managed to address specific use cases [7].
Futureinternet 16 00226 g001
Network slicing is poised to revolutionise how services are delivered across various industries, from enabling lower latencies in telemedicine [5] to managing the Quality of Experience (QoE) of the massive throughput needed for ultra-high-definition streaming services [8]. However, the dynamic nature of network slicing introduces complex security challenges, and each slice, potentially running different services with distinct performance metrics, presents unique security needs and vulnerabilities [9]. In this context, the traditional one-size-fits-all security model is ineffectual, necessitating a paradigm shift towards more flexible, adaptive security frameworks [10]. One innovative concept in 6G technology is the “network of networks” (NoN) [11], which involves dynamically aggregating different networks or network segments. This aggregation enables seamless communication and resource sharing among them, thus supporting the delivery of comprehensive services [12]. In one possible implementation of NoN, network operators could assume the roles of network brokers or coordinators for different segments, including their own capacity, such as fixed access or transport connectivity, along with those provided by third parties. Client services would then be delivered as network slices, coordinated across multiple networks. This brings into play the concept of a multi-provider or multi-stakeholder, where these providers contribute their network capacity for different segments and technologies to be utilized by network operators in is integrator role. To provide secure and reliable services across different network domains, network operators will require some mechanisms to establish and manage end-to-end security slices. These slices will ensure the protection of data and resources from unauthorized access and malicious attacks. Moreover, network operators will have to guarantee some Service Level Agreements (SLA) in terms of security, also known as Security SLAs (SSLA) which will specify the expected performance and quality of the security capacities. The SSLA will also define the roles and responsibilities of the different parties involved in the heterogeneous network of networks.
This review explores cutting-edge network slicing security, emphasising the integration of Artificial Intelligence (AI), namely Machine Learning (ML), Software Defined Networking (SDN), and Network Functions Virtualization (NFV). These technologies are not merely enhancements to existing frameworks but pivotal to developing robust, scalable security solutions. The role of AI/ML in predictive threat detection and response transforms security from a reactive to a proactive stance, which is crucial for maintaining the integrity of real-time services. Meanwhile, SDN and NFV enable the agile implementation of security policies customized to the unique context of each slice, supporting dynamic management and orchestration of network resources. This paper aims to review the current research landscape regarding these technologies in network slicing security, assess their effectiveness, and identify research gaps and associate the research with the current findings within the 6G-OPENSEC-SECURITY (https://www.cttc.cat/project/secure-network-slice-manager-for-open-and-disaggregated-6g-networks/ (accessed on 29 April 2024)) project. This project aims to design and develop an intelligent and autonomous Security 6G Network Slice Manager solution for the management of network slices with security requirements in 6G multi-provider networks. Through an examination of contemporary literature, this review aims to advance the discourse on securing next-generation network architectures and propose directions for future research that will fortify the security frameworks necessary for the safe deployment of network slicing. By bridging these advanced technological solutions, the paper underscores the imperative of a unified approach to confidentiality, integrity, and availability in increasingly complex network environments targeted by sophisticated threats.
Section 2 highlights the evolution of SDN, NFV, AI, and network slicing in telecommunications to the present day as well introduces the background of the technology and its enablers and presents the challenges that security must attend to overcome the potential threats and vulnerabilities that encompass the evolution of this technology stack. Section 3 begins the analysis of the AI strategy regarding security in network slicing, and Section 4 explores the perspective of policy-based security within SDN and NFV networks. In Section 5, we delve into more specific details of the implementation of a Security Closed-Loop Automation, which is the focus of the research presented in this paper and we present the use case where the exploratory work is being conducted. Our conclusions are shown in Section 6.

2. Exploring SDN, NFV, Policies, ML, Network Slicing and Telecom Security

The concept of network slicing has existed since the 1960s [13], when the concept of network virtualization emerged. This allowed virtual entities to be created from physical ones by virtualizing systems through network resources, computing infrastructures, and storage devices [14]. Essentially, this meant running multiple virtual machines (VMs) on a single physical machine, each VM acting as if it were a separate physical entity. During the 1970s and the beginning of the 1980s, the concept of network virtualization was commonly implemented in data centres [15]. Near the end of the 1980s, surface overlay networks were the primordial embodiment of the network slicing concept. However, they did not have the automation and programmability needed in the network controls, which proposal appeared and happened in the following two decades [14]. Over time, the idea of network virtualization has contributed to the evolution of the definition of SDN [14] and was one of its first successful use cases [16]. However, it was not until 2009 that SDN first experimented to apply programmability capabilities in a network slice using open interfaces [14]. Although it seems that SDN appears suddenly, it has been around for the past 20 years, and it is revolutionising network design and management with two key features. Firstly, it decouples the control plane, which makes traffic decisions, from the data plane, which executes these decisions by forwarding traffic. Secondly, it centralises the control plane, allowing a single software program to manage multiple data plane elements [16]. Nowadays, it is becoming more evident that the complementary relationship between SDN and NFV enables and leads to the softwarization of the network [13] and is the principle of separating network functions from the hardware they run on using virtual hardware abstraction [17].
In the following subsections, we provide a concise overview of SDN and its significance in contemporary networks, examine NFV’s pivotal role in transforming network architecture, and discuss the critical importance of network slicing in future networks while exploring their security dynamics, concerns and implications considering how policy-based network security interacts with these concepts, as well as the approach related to AI/ML associated with network security and its challenges.

2.1. Software Defining Network

SDN represents a paradigm shift in how networks are designed, operated, and managed [18]. Unlike traditional networks, where control functions are distributed among various devices, SDN centralises network intelligence in a software-based controller, separating the control plane (decision-making) from the data plane (traffic handling), which presents a different type of threat to the network [19]. This architecture allows for more flexible and dynamic network management, enabling administrators to adjust behaviour via software interfaces without modifying physical devices [20]. SDN simplifies network configuration and optimization tasks, reducing the complexity and cost associated with traditional network management [21]. As well, SDN facilitates a programmable network environment where changes are implemented through software controls rather than hardware reconfigurations, promoting a more dynamic and cost-effective network infrastructure [18]. This evolution raises, as in the previous network generations, security concerns. The attacks and threat vectors associated with SDN have been summarised by [22] and present relevance to both 5G and pre-5G networks. Several aspects can be considered regarding the vulnerabilities and defence mechanisms within different layers and interfaces of SDN architecture, and we can delve into the insights of those key points [23]:
  • Security Challenges in Interfaces: SDN interfaces [24], particularly the northbound interface (protocol to support communication between controllers and applications or high-level control plane) and the southbound interface (OpenFlow protocol to support communications between controllers and SDN switches), pose significant security challenges [25,26]. The southbound interface, which uses TLS (Transport Layer Security) and DTLS (Datagram Transport Layer Security), leaves their implementation optional due to configuration complexity, making these interfaces susceptible to attacks like eavesdropping and attacks on the control plane [19,27].
  • Security Solutions for SDN: These outline a multidimensional approach to securing SDN, which includes rigorously verifying SDN applications to prevent access by malicious software and implementing security mechanisms like the SE-Floodlight controller for the control plane [28,29], which provides privilege separation and a secure API.
  • Control Plane Security: This area is critical due to its central role in network management. Various security enhancements, such as the SE-Floodlight controller, extend the capabilities of existing solutions by providing mechanisms for privilege separation and secure northbound APIs, which act as mediators between the application and data planes.
  • Data Plane Security: The data plane handles the actual packet forwarding and is secured through trust methods for authentication and authorization [30] to manage which applications can change flow rules in the network’s forwarding elements.
  • Security Enhancements through Network Design: The principles of SDN itself, including centralised network control and enhanced visibility of traffic flows, are used to bolster network security against common threats such as unauthorised access and control plane attacks.
  • Challenges in SDN Controllers: The central role of SDN controllers makes them prime targets for DoS and DDoS attacks, compromising network integrity.

2.2. Network Functions Virtualization

Network Functions Virtualization (NFV) revolutionizes telecommunications infrastructure by decoupling network functions from proprietary hardware and migrating them to software running on general-purpose servers. NFV is seen as complementary to SDN, and it involves implementing network functions in software that can run on a range of industry-standard server hardware. These functions can be moved to or instantiated in different network locations as needed, without installing new equipment [31]. While offering agility and cost-efficiency, this shift fundamentally alters the security landscape. NFV’s acting as a support for cloud computing, Software-Defined Networking (SDN), and open architectures introduce new vulnerabilities absent in traditional hardware-centric networks [32]. Furthermore, the increased network complexity in NFV architectures, with dynamic interactions between VNFs, makes it challenging to enforce consistent security policies across the entire infrastructure [33]. NFV is a transformative approach introduced to enhance the agility and flexibility of network service provisioning. Initially proposed to address the escalating complexity of traditional networks filled with proprietary hardware appliances, NFV leverages virtualization technologies to decouple network functions from physical hardware. This decoupling allows network services like firewalls, switches, and routers to be hosted on standard commercial off-the-shelf (COTS) hardware. The essence of NFV lies in its ability to instantiate these virtual network functions (VNFs) dynamically, thus enabling on-demand deployment without additional physical equipment [34]. NFV offers a wide range of benefits that promise to revolutionise the telecommunications industry associated with 5G [35]. For network carriers, it potentially reduces the capital and operational expenses by consolidating network appliances into virtual functions that can be managed and scaled as required. This transition also shortens the time-to-market for new services and facilitates more rapid deployment of network services tailored to specific user needs. However, the adoption of NFV is not devoid of challenges. One significant issue is ensuring that the network performance of virtual appliances meets or exceeds that of traditional hardware-based solutions. Furthermore, the dynamic nature of NFV introduces complexities in managing virtual appliances, including their efficient placement, instantiation, and migration across the network. These challenges necessitate ongoing research and development to ensure that NFV can reliably meet the performance and reliability expectations of modern network environments, as explored in the survey by [13]. Similarly to the rise of other technologies, new solutions and advances also come with new challenges, and keeping with the theme of security, the following items showcase a few issues found within NFV security, as well as a few possible solutions disseminated in the literature:
  • Virtualization Layer Vulnerabilities: NFV relies heavily on virtualization technologies, exposing networks to vulnerabilities inherent in hypervisors and virtual machine managers (VMMs). These vulnerabilities can lead to escalated privileges or escape attacks, where an attacker gains control over the host machine or other virtual machines [36].
    Proposed solution—Security Reference Architecture (SRA): This solution was proposed in [35]. It includes specific security patterns and reference architectures to mitigate identified threats based on these patterns, which can be reused for continuous monitoring of the virtualized layer.
  • Isolation Failures: Proper isolation of network functions is crucial to prevent cross-VM attacks. Any failure to maintain strict isolation can lead to information leakage, unauthorised data access, or denial of service (DoS) attacks. Failures like this could also be related to inadequate resource slicing or temporal interference, wherein co-located services shared infrastructure may lead to performance unpredictability due to shared contention [37].
    Proposed solution—Hierarchical Real-Time CPU Scheduling: In the work proposed by [37], this solution is introduced based on real-time CPU scheduling techniques. This method, integrated within the Linux kernel itself, allows for precise CPU resource allocation to each container (VNF), ensuring that each service receives a defined share of CPU time regardless of the activities of other containers.
  • Management and Orchestration (MANO) Security: The MANO layer orchestrates NFV services and manages their lifecycle. Since it has a comprehensive view of the network functions, it becomes a critical security concern. Compromising the MANO layer can lead to widespread network disruption [38].
    Proposed solution—Security Framework: The SecMANO framework proposed by [38] is a security-oriented enhancement of the existing MANO framework. It incorporates security by design from the initial stages of network service and throughout the service lifecycle. It enables adaptive deployment and management of security functions according to real-time demands and threats and utilises a policy-based approach to ensure consistent and effective security measures across all network functions.
  • Integrity of NFVs: The NFV environment presents a challenge in ensuring the integrity and authenticity of the network functions due to its reliance on virtualization and cloud technologies. The complexity of establishing trust in such a dynamic and distributed environment has been emphasised in [39,40], with concerns about the integrity and privacy of virtual instances hosted on multi-tenant platforms.
    Proposed solution—Remote Attestation and OpenCIT: In the work of [40], a combination of solutions is proposed, namely the use of Remote Attestation workflows which are used to allow external verification of the system’s integrity. These workflows involve the Trusted Third Party verifying the integrity measures reported by the Trusted Platform Module (TPM) against a known configuration. This TPM is present within OpenCIT, an Intel framework combining hardware elements (TPM) and software elements to establish a Chain of Trust. This approach verifies the integrity of each system component from the hardware level up to the software stack.

2.3. Network Slicing

A network slice is a virtual network architecture built over a physical network, giving the impression to the slice tenant that they are operating their exclusive physical network, and it is a pivotal technology within 5G and future cellular networks [41]. Network slicing as a service and the unification of the 5G end-to-end service platform can be enabled by network softwarization and virtualization using SDN, NFV, and cloud computing. This needs new designs and implementations across various 5G network segments like RAN, transport, core, mobile-edge networks, and network clouds to meet business demands and drive innovation [20]. Some of the network characteristics needed to enable and implement this can include a high-capacity backhaul based on high-speed optical fiber and free-space optical systems (FSO) that must enhance the backhaul connectivity. This is a challenge for 5G and beyond networks as it will not be possible to have always optical fiber connectivity as a backhaul due to geographical constraints and complexities. FSO associated with RF can be seen as a possibility to overcome limitations presented by the atmosphere and overcome some of the limitations associated with the infrastructure that enables 5G and beyond networks [42]. The fundamental principles that underlie network slicing and its operations within software-based 5G networks include the following [20]: automation of network operations; high reliability, scalability and isolation; programmability; hierarchical abstraction; slice customization and network resource elasticity.
Network slicing addresses the inflexibility of traditional “one-size-fits-all” network architectures, which struggle to accommodate the diverse performance requirements of emerging applications. By leveraging SDN and NFV, network slicing allows operators to partition a physical network into multiple, isolated virtual networks (slices), each optimised for specific use cases [43]. Network slicing introduces several compelling benefits for operators and industries:
  • Flexibility and Customization: Slices can be tailor-made for applications requiring high bandwidth (e.g., video streaming), ultra-low latency (e.g., remote surgery, industrial automation), or support for massive device connections (e.g., smart cities, Internet of Things) [44].
  • Improved Resource Efficiency: Network slicing facilitates the dynamic allocation of resources based on real-time slice demands, maximising efficiency and reducing costs [45].
  • New Revenue Streams: Operators can offer custom slices to enterprise customers or other service providers, unlocking new market opportunities [43].
  • Management Complexity: Orchestration of multiple slices with distinct configurations demands sophisticated management and automation tools [45].
  • Security Concerns: Meticulous security measures are needed to ensure slice isolation and prevent interference or attacks. This is critical as slices share a common infrastructure [46].
  • Standardisation: Ongoing efforts by bodies like 3GPP focus on defining interoperability standards, which are crucial for multi-vendor compatibility [46].
The landscape of mobile communication networks is undergoing a significant transformation driven by the emergence of many diverse use cases with vastly different requirements. The challenges posed by these diverse use cases and how traditional, one-size-fits-all network architectures fall short in addressing their unique needs. Those use cases are mainly associated with the three prominent categories in network slicing seen previously: eMBB, URLLC, and mMTC, often referred to as an important feature of the Internet of Things (IoT) [41].

2.3.1. The Need for Network Slicing

The emergence of these diverse use cases underscores the need for a more flexible network architecture capable of dynamically adapting to accommodate their contrasting requirements. Network slicing, a key technology within 5G and beyond, is a potential solution. Network slicing allows network operators to carve out virtual slices from the shared physical infrastructure, each tailored to the specific needs of a particular use case. This enables the concurrent support of eMBB, URLLC, and mMTC applications within a single network, ensuring optimal performance for each category. The role of network slicing in addressing the diverse QoS requirements of various applications, implicitly highlighting the limitations of traditional networks in providing such differentiated services is being discussed in several works [27,47]. The proliferation of diverse use cases with conflicting requirements necessitates a paradigm shift in network design. Traditional one-size-fits-all networks are ill equipped to handle the intricate demands of eMBB, URLLC, and mMTC applications. Network slicing emerges as a promising solution, offering network operators the flexibility to create virtualized slices tailored to each use case’s specific needs. Further research and development efforts are crucial to fully realise the potential of network slicing and pave the way for a future where diverse applications coexist and thrive within a single, adaptable network infrastructure.

2.3.2. Conflicting Requirements

These diverse use cases present conflicting requirements that traditional networks struggle to reconcile. For instance, eMBB applications require high bandwidth and data rates, potentially congesting the network and impacting the reliability of URLLC services. Conversely, the sheer number of devices in an mMTC network can introduce additional latency and potentially disrupt the time-sensitive nature of URLLC applications. Works by [48] support this argument, highlighting the limitations of traditional 5G networks in addressing the needs of such diverse applications due to their inherent inflexibility and lack of scalability.

2.3.3. Challenges in Network Slicing for Future Networks

Besides the conflicting requirements discussed, the use of network slicing in the next generation of networks brings forth a myriad of challenges. These challenges are present in different areas of network slicing implementation, namely resource management and scalability, inter-slice handover, integration of AI tools, such as ML, DL, and expert systems, and the security aspects of its implementation in such networks.
In the case of resource management and scalability, the integration of various network segments, space, air, and ground, into a cohesive Space–Air–Ground Integrated Network (SAGIN) requires sophisticated coordination. The dynamic nature of such segments, especially with the mobility of satellites and unmanned aerial vehicles (UAVs), complicates resource allocation and scalability [49]. Efficient management of these heterogeneous resources is essential to meet the diverse and stringent QoS requirements of 6G applications.
Inter-slice handover is another critical aspect of 6G network slicing. As 6G networks are envisioned to support a wide variety of applications with varying QoS requirements, ensuring seamless handover between slices is necessary. Current methods often require re-running the entire authentication process during a slice switch, which is resource-intensive and time-consuming. The work in [50] introduces a cloud-native orchestration framework for network slice federation, which aids in the maintenance and continuity of the service across different network domains without significant overhead.
As will be disseminated further along in this review, the integration of AI tools in the current and future mobile networks is a common subject of discussion, and in the case of network slicing, it is no different. The integration of these tools into network slicing can optimise resource allocation and predict network demands, but they also require substantial computational resources and add complexity to network management. Ensuring real-time processing and decision-making through these tools within the constraints of such networks is a formidable task [51]. Furthermore, constructing customised network slices to support the emerging services provided by these tools, such as DL applications, involves managing new QoS requirements like data quality and inference accuracy.
Lastly, the security aspects of network slicing in future 6G networks are a focal point in discussion within the current literature. The survey presented in [52] highlights various security issues such as slice lifecycle security, inter-slice and intra-slice security, and the need for robust slice isolation to prevent unauthorised access and attacks. Their survey emphasises the importance of addressing novel security and privacy challenges, such as impersonation attacks, DDoS attacks, and data breaches, which are critical in maintaining the integrity and reliability of network slicing in future network environments.

2.4. Policy-Based Network Security

As has been seen in the past years, the complexity of network structures and environments has become increasingly complex, and this is a pattern that will only increase as the technologies evolve [53,54]. Network security policies are, therefore, one of the methods used to streamline security in such complex environments since, unlike network environments, which are becoming increasingly flexible and malleable in terms of structure and functionalities, network policies and even more so in network security policies are immutable. They are a set of invariable specifications or instructions to achieve a desired objective, which in the context of our study is the security of deployed network slices.

2.4.1. Early Concepts of Security Policies

The concept of network security policies is not new, as seen in the work of Schneider [55], where their importance is discussed, as well as one of the most important features when it comes to their implementation, their enforceability. Security policies (SPs) must be enforceable; otherwise, they are nothing more than guidelines for safe network environments. This work can outline what enforceable and non-enforceable security policies are; however, networks have advanced since then, and some of the limitations imposed by the technologies at the time did not allow the enforcement of some of the security aspects of these networks are now being surpassed as networks evolve [56].
This was described relatively shortly after in the work of [57], which introduced how technological advancements allowed for more sophisticated implementations of network policies by introducing abstraction in the language used for policy definition.
The introduction of high-level programming languages for network configurations can be seen in the work of [58], which developed Frenetic, a high-level language for OpenFlow networks. This work demonstrates how raising the level of abstraction in network programming benefits the management of complex configurations and the effective enforcement of security policies. Similarly, [59] introduced PonderFlow, another language designed for higher abstraction in network configuration, specifically for OpenFlow networks. PonderFlow is an extension of Ponder, a declarative, object-oriented language for specifying management and security policies proposed by [60].

2.4.2. Implementation Challenges in PBN and IBN

Throughout this research about policy-based networking (PBN) and intent-based networking (IBN), some common themes were discussed regarding the limitations present in these technologies. Namely, the process of policy refinement and translation, as discussed in [61], may cause issues if no standard is defined to regulate the process and make it universally interpreted amongst different vendors, which means a vendor-agnostic approach. Also, the scalability issues related to policy rigidity, presented in [62], limit most of the policy-based networks implemented in the studied work. Intent-based networks do, indeed, provide more flexibility, which in turn improves scalability. However, as disseminated in [63], the high level of abstraction inherent to intents requires very sophisticated models that can translate them into policies that can be enforced appropriately, which may be a source of errors and inefficiencies in larger network implementations. Nonetheless, working on standardising these processes and coupling them with the existing base architecture for policy-based networks, as previously discussed in [57], may bring us closer to practically implementing these types of networks on large-scale scenarios of heterogeneous networks, namely in network slicing.

2.5. AI, ML and Network Security

The challenges in managing telecommunications networks have increased due to service offerings’ growth and network settings’ escalating complexity [52,64]. AI has emerged as a viable option to meet the demands of the new paradigm of networks, as varied services with varying requirements must be handled efficiently [65]. In this context, AI is a crucial automation tool, simplifying a range of network operations, including design, deployment, monitoring, configuration changes, planning, problem detection, and security enhancement [48]. AI can help with growth, intelligent planning and strategy, data retrieval, and autonomous network modification [66]. Thus, it is expected that AI will allow advanced security measures to be implemented, protecting sensitive data and network integrity from constantly evolving cyberthreats.
As previously mentioned, integrating AI is a significant option in this constantly changing environment, where a range of services need to run inside slices while maintaining strong security measures. The dynamic and ever-changing nature of the threat landscape highlights the importance of deploying cutting-edge systems for threat detection and incident response [67]. Using AI to enhance security in network slicing is paramount due to its multifaceted capabilities [68]. AI is thought to tackle several current issues, mainly when powered by ML algorithms. It gives machines the ability to think, reason, anticipate, make decisions, and behave intelligently—similar to human capacities [65]. This capability makes real-time resource optimization and proactive problem-solving possible. AI can provide security through several techniques, including anomaly detection, intrusion detection, and quickly resolving possible threats [69]. Large volumes of data, including network traffic, user actions, and device interactions, are analysed by these systems in real-time to spot anomalies and possible security breaches. AI-driven intrusion detection systems can sound alarms and launch quick reactions to efficiently neutralise threats by continually scanning for suspicious activity and new attack patterns [67]. AI’s capacity to adapt and learn from historical data, which enables it to detect known and unknown threats accurately, is one of its main advantages in increasing security. It is effective at spotting suspicious behaviour patterns, even when they diverge from established dangers, making the network more flexible [69]. Predictive analytics powered by AI also helps operators foresee security breaches by seeing new risks before they become serious [70]. The network’s adaptive capabilities are strengthened by this proactive strategy, which enables it to keep up with changing threats and uphold robust security protocols [71,72]. Using AI also benefits from facing more automated and sophisticated attacks [22]. Overall, AI significantly enhances the security of 5G networks by providing intelligent threat detection, adaptive defences, and rapid response capabilities. Its ability to analyse vast amounts of data, adapt to evolving threats, and anticipate security breaches makes it an indispensable tool for safeguarding critical assets and ensuring the integrity of telecommunications networks in the face of increasingly sophisticated cyber threats.

Challenges Posed by AI/ML

Despite becoming the most popular method for improving network slicing security, it has a few drawbacks. First, to produce intelligent actions for classification or prediction, ML algorithms rely on the collection and processing of data for training. Malicious actors, conversely, can take advantage of security flaws by executing adversarial attacks on ML systems, such as injecting fictitious datasets for training or altering transmitted data, leading to incorrect results [65]. The nature of ML also has drawbacks, such as a high false alarm rate (false positives) or even false negatives when the algorithm fails to identify a threat and the need for a lot of resources to train and maintain these algorithms. Additionally, the possible difficulties arising from the integration of ML in 5G/network slicing scenarios have been examined in [73]. The study concludes, among other things, that there are more security issues because of the dynamic nature of mobile networks, which are marked by an extensive number of users and services with different requirements and characteristics. While ML algorithms have proven effective in controlled settings with small amounts of data, mobile networks’ hyper-dynamic natures expose them to new and sophisticated security threats from expert hackers and attackers. Ensuring ML algorithm stability is crucial to prevent performance degradation in dynamic environments like high-speed trains. Deploying ML in SDN requires visibility and control to avoid bottlenecks and scalability issues. IoT-triggered event spikes challenge ML system latency and capacity, highlighting the need for interdisciplinary research on defensive solutions for 5G and beyond networks. Using ML in these contexts is like handling a double-edged sword; tactics to counteract negative consequences must be evaluated. Furthermore, using AI technologies in network slicing amplifies privacy concerns. While AI can potentially safeguard the networks’ privacy, it also introduces vulnerabilities throughout the development and training stages. Some of the challenges presented are [66,74]:
  • Security: ML systems face security threats like poisoning, evasion, API-based attacks, and AI framework infringements, endangering data integrity.
  • Privacy: ML’s data analysis and automation can compromise privacy. Insecure IoT devices and model inversion attacks threaten data, making protection crucial.
  • Ethical: ML reduces human intervention, but computers lack human ethical consciousness. ML systems follow training but cannot act against logic in certain circumstances.
  • Intelligent Attacks: AI can be used to identify patterns in large data volumes, potentially exposing network vulnerabilities.
Without a doubt, AI, especially ML, has the potential to revolutionise the future of networks. However, it is necessary to consider the challenges it can bring. Addressing these security challenges is imperative to ensure the effectiveness and trustworthiness of AI-driven security solutions in network-slicing environments.
Table 1 presents an overview of the importance and role of AI in network security for different applications, objectives, and scenarios, highlighting the strengths and weaknesses derived from including this functionality.

3. The ML Strategy within Network Slicing

3.1. The Role of Machine Learning

As previously noted, ML is one of the most promising security-enhancing techniques. ML systems are trained with a set of data and learn to make decisions, after that, they can make predictions or decisions with unknown data without explicit instructions or human intervention [79]. Conducting this with the capacity to process vast volumes of data, ML systems give valuable insights into the security situation of the network and predict/prevent potential attacks [80].
As networks evolve in complexity, traditional security measures find it challenging to cope. However, ML brings advanced capabilities, transcending rule-based systems, enabling intelligent processing of vast network data, and identifying potential security threats across various domains, including intrusion detection, privacy preservation, secure routing, and threat intelligence [69,81]. ML’s ability to leverage past data and experiences to detect malicious activities enables real-time threat detection. Moreover, its predictive analytics provide lead time for mitigation against potential attacks. Additionally, its adaptability facilitates continuous learning and model updates to address the evolving landscape of cyber threats effectively.
There are many ML techniques that can be used to address the security challenges in NS. Supervised learning and unsupervised learning are two widespread ML techniques. The following will discuss these techniques and their applications in the security domain.

3.1.1. Supervised Learning

Supervised learning involves training a model with a labelled dataset, allowing it to learn between input features and the respective outputs. After the training, the model is tested with unlabelled data and generates output based on input–output pairings [82]. These algorithms rely on external guidance for the learning process.
Supervised learning, focusing on classification, finds particular efficacy in various security applications such as intrusion detection systems (IDS), malware detection, spam filtering, and anomaly detection [72]. Through labelled data, supervised learning models can accurately categorize incoming data instances. This proficiency efficiently identifies potential intrusions, malicious software, unsolicited emails, and abnormal patterns within datasets. Notably, supervised learning exhibits high accuracy in detecting known threats and can continually improve through feedback and retraining. However, it is not without its drawbacks. Dependency on labelled datasets and susceptibility to overfitting, wherein the model performs well on training data but struggles with unseen data, are among the challenges associated with this technique [83].

3.1.2. Unsupervised Learning

Unsupervised learning is an ML paradigm in which the system solely receives input data without associated target outputs. In this approach, data instances are unlabelled, and the system endeavours to identify patterns or relationships among the variables and group the data without external guidance. When new data are introduced, the system utilises previously learned features to determine the data’s group [84]. This technique is valuable for uncovering hidden structures, detecting patterns, and identifying relationships within datasets [83].
Unsupervised learning is particularly advantageous in various security applications such as network traffic analysis, and clustering for identifying similar network behaviours and categorising threats [71]. Operating without the need for labelled data, unsupervised learning algorithms excel in uncovering hidden structures and detecting abnormalities within datasets. This capability allows for the efficient identification of unknown potential threats, unusual user behaviours, and emerging undefined attack patterns. Because it can deal better with unknown threats, unsupervised learning can create more robust anomaly detection systems [72]. Notably, unsupervised learning offers the flexibility to adapt to evolving threats and can uncover novel attack vectors that traditional security measures may not capture. However, challenges such as the interpretability of results, lower accuracy, and high computational complexity are among the considerations associated with this approach [79].

3.2. The Role of Deep Learning

Deep learning, a subset of ML, employs artificial neural networks to tackle tasks ranging from classification to decision-making. The standard artificial neural networks are Convolutional Neural Networks and Recurrent Neural Networks. Deep learning mimics how the human brain works, allowing machines to recognize patterns, classify information, and make decisions [85]. Unlike traditional ML methods, deep learning algorithms learn intricate patterns and features directly from raw data without requiring extensive human intervention to handle undesirable outputs, fine-tune algorithms, and manual feature extraction, deep learning operates differently. Its nested layers process data hierarchically, independently learning intricate features and patterns [86].
Deep learning algorithms can process vast amounts of data, providing detailed insights and precise predictions. In contrast to traditional analytics methods, which struggle with the scale and complexity of these networks, deep learning shines in recognizing complicated data patterns [87].
Also, DL techniques can effectively predict new attacks, often mutations of previous ones, by learning from current instances, showcasing strong performance in identifying cyber threats [86,88].
Thus, deep learning is a powerful tool for analysing large datasets and detecting complex patterns, especially within network slicing and 5G, where networks’ dynamic and heterogeneous nature demands robust security enforcement solutions.
However, despite its immense potential, deep learning poses challenges such as computational intensity, the need for larger datasets, and the interpretability of the decision-making process [79].

3.3. Practical Applications

Numerous instances in the literature showcase the application of AI to bolster security within network slicing. This section aims to elucidate several examples, providing an overview of their implementations and outcomes.
Authors of [89] have proposed the Secure5G framework aimed at fortifying the security of network slicing functionalities within 5G networks. This framework adopts a network slicing model driven by deep learning CNNs. It is strategically designed to pre-emptively identify and neutralise potential risks posed by incoming connections before they penetrate the core of the 5G network. The framework aims to achieve various objectives, including detecting and mitigating Distributed Denial of Service (DDoS) attacks, analysing traffic patterns, predicting future traffic trends, resource allocation to optimise slice performance, and detecting unauthorised operations through User Equipment. It also keeps a detailed database of devices and how users behave, learning from this information over time.
This includes all past and present connection requests from any device. Introducing a new concept termed “Quarantine Slice,” the framework proposes a unique approach to mitigate attacks by deploying a slice with minimal Quality-of-Service (QoS) parameters and stringent requirements. Building upon the foundation laid by the DeepSlice [90] research, Secure5G was evaluated with volume-based flooding and spoofing attack scenarios, achieving a detection accuracy rate exceeding 98%. Future endeavours are poised to refine the framework’s capabilities further, focusing on real-time model training.
The authors of [91] introduced the DeepSecure framework, leveraging Long Short-Term Memory (LSTM) deep learning techniques to develop models for predicting slices and detecting attacks within 5G network environments. The attack detection model, powered by LSTM, predicts DDoS attacks originating from User Equipment network traffic, while the slice prediction model anticipates appropriate slices for authorised User Equipment. DeepSecure shares similarities with the previously discussed Secure5G [89] framework. Evaluation of DeepSecure utilised the CICDDoS2019 [92] dataset, with training parameters for attack detection and slice prediction models including learning rate, activation function, optimizer, and epochs. The tests resulted in a 99.970% detection accuracy, surpassing the performance of the Secure5G [89] framework.
The framework described by [93] introduces Intelligence Slicing, a unified AI framework tailored for the software-defined virtualized 5G infrastructure, offering a holistic approach to network management and security. The key features of this framework include the cooperation between SDN and NFV. A notable aspect of the framework is the introduction of “intelligence slicing”, a concept allowing AI functional modules, or “intelligence slices”, to be deployed on demand within the network. These slices are designed to execute specific intelligent tasks and can utilise the most suitable AI algorithms optimised for the task at hand. The framework also incorporates a specialised “security intelligence slice” to address security challenges within industrial networks connected to the 5G infrastructure. This slice employs Machine Learning-based anomaly detection algorithms such as Random Forest and Support Vector Machine (SVM). The efficacy of the anomaly detection algorithms utilised within the security intelligence slice is thoroughly evaluated using industrial network datasets; the DS1, DS2, and DS3 datasets were provided by Lemay and Fernandez [94], and they are focused on detecting malware. The results show good performance metrics, including high detection accuracy and F1-score, such as an accuracy of 100% using the DS1 dataset and both algorithms.
Authors from [95] proposed a framework for managing resource allocation within network slicing scenarios for cyber–physical systems under DDoS attacks. It consists of two key components: the Radio Resource Hypervisor and the Computing Resource Hypervisor. The former optimises the allocation of virtual radio resources to physical resources based on user channel conditions. At the same time, the latter efficiently allocates computing resources to different network slices using a token-based kernel scheduler. Central to the framework’s functionality is its alternating direction method of multipliers and a learning-assisted algorithm, which continuously learns the performance characteristics of network slices. When a DoS attack occurs, causing degradation in slice performance despite consistent resource allocation, the algorithm detects this anomaly by observing changes in resource utilisation efficiency. Subsequently, it dynamically adjusts resource allocation to mitigate the attack’s impact, restoring network slice performance. The framework demonstrates its effectiveness in maintaining network performance through experimental setups involving multiple network slices and simulated DoS attacks. The learning-assisted algorithm successfully mitigates the impact of DoS attacks, restoring nearly 98% of slice performance.
The FrameRTP4 framework proposed in [96] is designed to provide real-time detection and mitigation of attacks in 5G network scenarios. It follows the SDN architecture, separating the solutions into data and control planes. The data plane uses a customizable P4 program to implement a P4 table-based Access Control List for detecting and mitigating known attacks. It also deploys a monitoring system called SFCMon, which uses probabilistic data structures to track network flows and aid in attack detection. In the control plane, FrameRTP4 uses a Python-based controller to manage the lifecycle of SFCs and wildcard rules within the P4 table-based Access Control List. It also includes a decision-making module that periodically collects statistical data from SFCMon and uses it as input to ML algorithms to detect new threats automatically. When a new attack is detected, the module triggers the creation of access control rules within the switches. The ML algorithms used in the framework are based on the Random Forest model, which is trained using a custom labelled dataset generated from real/controlled traffic measurements. The dataset includes both legitimate user behaviours and real network threats, such as denial of service attacks and port scans, but it was tested using the CTU-13 dataset [97]. The performance metric of the algorithms that oversee threat detection was the True Positive Rate, and after several tests, it could achieve a 99.99% True Positive Rate. However, the execution time is still a limiting factor and future work aims to improve the algorithm’s performance using metaheuristics. The study by [98] showcased a 5G prototype tailored for detecting and mitigating DDoS attacks within sliced networks, focusing on the context of the European project 5G-INSIGHT. This project aims to enhance security features in 5G and beyond, particularly in Vehicle-to-Everything slicing, covering the spectrum from attack detection to mitigation. Their prototype leverages a CNN-based Deep Learning model, implemented using a lightweight, usable CNN in DDoS detection (LUCID) [99] model. LUCID is described as a practical and lightweight solution for deep learning-based DDoS detection, employing CNN features to classify traffic flows as either benign or malicious. The authors constructed a labelled custom dataset to train, validate, and test our DL models. This dataset encompasses synthetic DDoS attack samples alongside benign traffic samples. The prototype employs a sinkhole-type slice strategy to mitigate attacks, isolating malicious users within slices with limited physical resources. The authors claim that the prototype achieves an impressive accuracy rate of nearly 97%.
Table 2 summarises the described works, giving insights into the framework’s name, the algorithm used, the performance metric used to evaluate the framework, a brief description, and the dataset used to test the framework. As is evident, Deep Learning emerges as the most prevalent technique, and the frameworks demonstrate consistently strong performance across the board. Also, it is possible to see a tendency to develop these mechanisms to protect against DDoS/DoS attacks.

4. Policy/Intent-Based Security in SDN and NFV Networks

4.1. Policy-Based Networking Development

Previously, when enhancing the security of networks using policies, all methods required manual configurations, and even though high-level policy languages have been around for quite some time, as in the case of Ponder, which was defined in 2001, implementations that used them were scarce and very limited, since most of the process could not be automated. The development of policy-based networking (PBN) has evolved to uphold network security and efficient resource management, as discussed in the work of [100], which focuses on designing energy-efficient networks with minimal environmental impact. This is possible due to the research conducted into refining policies using algorithms that adapt them based on predefined criteria such as energy efficiency. Still, in the context of the development of this tool since its inception, [101] explains how the development of technologies such as SDN further increased the integration of policies into the definition of how networks are structured and deployed. In this work, OpenFlow was used in the automation of policy enforcement across network devices, and these policies were translated from human-readable security policies into actionable network configurations through the OpenSec framework explicitly developed for this work and with the intent of making it possible to enforce these abstract security policies dynamically within SDN. For future reference, since even though there are some discrepancies in how the policies are applied, translated, or enforced, the process itself is usually very similar; the following are the procedures in OpenSec for a successful security policy enforcement in networks that are instantiated through SDN and utilise Network Function Virtualization (NFV), and the further-discussed implementations will have many similarities:
  • Policy Definition: Network administrators define security policies using the OpenSec language (a high-level policy language).
  • Policy Translation: The SDN controller translates these high-level policies into low-level flow rules that can be implemented in the network hardware. This translation is critical to enabling dynamic, automated security management.
  • Flow Processing: Based on the translated rules, network flows are directed to appropriate security services. For instance, if a flow is identified as needing deep packet inspection (DPI), others need to be passed through an IDS.
  • Security Event Handling: When a security service detects a threat (such as malicious traffic identified by an Intrusion Detection System (IDS)), it alerts the SDN controller. The controller then takes predefined actions, including blocking the traffic, rerouting it, or simply logging the event.
  • Policy Enforcement: The SDN controller continuously monitors compliance with security policies and can adjust flow rules dynamically in response to network conditions or security incidents. This continuous monitoring is what security policy enforcement is mostly about and why the development of SDN has been so advantageous for its implementation.
Furthermore, the process can also be found in the older literature articles that preceded the implementations that will be discussed further in this section and have defined architectures of policy-based management for what used to be described as programmable networks, now referred to as SDNs. One of these examples of architecture on which most current implementations are based is present in the work of [102]. In their proposed architecture, it is possible to find a hierarchical structure organised into two tiers consisting of the Network Management System (NMS) and the Element Management System (EMS); both are still present to a point in current SDN architectures in terms of functionality, albeit with different terminology. The policies are defined at the NMS level and translated as well as enforced down to the EMS and network elements. Both the NMS and EMS can extend their functionalities dynamically to support new services, and the following illustration (Figure 2) depicts how this architecture was defined.
As it is feasible to see, within the architecture, it can be found components such as Policy Definition Points (PDPs), Policy Enforcement Points (PEPs), and Resource Enforcement Points (REP) which are also replicated in Virtual Environments (VEs) within the Active Network (AN) nodes. The roles of PDPs and PEPs are crucial for the policy-based management of these networks, the PDPs are responsible for making decisions based on management policies present within the REPs enforced by PEPs at various levels and points within the network itself. These PEPs translate the decisions into actionable configurations on the network elements. The architecture utilises an AN node that can execute dynamically deployed services, enhancing the network’s flexibility and responsiveness. This translation process is a recurrent theme within policy-based networking, and in the case of this precursor architecture, the NMS handles the higher-level policies, and only after a translation process can they be used by the EMS, which focuses on element-specific configurations.

4.2. Advancements in Policy Implementation Techniques

It was mentioned how SDN has helped propel the use of policies to enforce security in modern networks [101]. Indeed, this has been advantageous for disseminating security policy enforcement in networks at large; however, the combination of SDNs with NFVs is when security policy enforcement is truly at its best in the current state of networking. This combination provides a flexible and dynamic environment for managing security policies efficiently, as is described in the work of [103], which, similarly to the work of [101], takes advantage of the centralised nature of SDN’s control mechanisms to dynamically apply and modify security policies based on real-time network conditions and threats. The flexibility of this policy enforcement can be enhanced using NFVs as demonstrated in [104], whose work deals with embedding virtual networks that adhere to specific security policies across multiple domains, leveraging SDN and NFV technologies to emphasise inter-domain consistency. The study showcases how policy-based virtual network embedding can significantly enhance security in a multi-tenant environment, which is precisely what it is shifting towards, by maintaining strict adherence to security policies across the different network domains. Another way to approach security enforcement is by using the framework proposed in [105], which defines a policy scheme comprising four policy functions: separating, chaining, merging, and reordering. Even though the name of these functions is quite suggestive, a brief description will make it easier to understand how they benefit the network into which they are implemented.
  • Separating: this divides the virtual services and decreases the size of the attack flows using a load balancer.
  • Chaining: this links many VNFs to prevent various attack flows and constructs extensive security systems.
  • Merging: this combines unnecessary VNFs to optimise the security system and the system’s resources.
  • Reordering: this reorders current VNFs depending on the type and strength of the current attack flows.
With these four policy functions, not only were the system’s resources applied more effectively, but the network was also designed more efficiently, and the system’s security was enhanced due to these dynamic intra-domain configuration and reconfiguration capabilities. Besides this approach to policy-based networking, it is also possible to find in this work, as well as in the aforementioned work of [103], examples of how the policy-based network architecture has changed since its inception, as has been discussed previously in the FAIN architecture presented. In [103], it is found that policy-based networking is easily integrated into SDNs, which decouples the architecture into three different planes. The data plane is where the physical (or virtualized) infrastructure lies and connects to the control plane (via Southbound Interfaces), where network services are managed through the SDN Controller. This plane is connected to the application plane (via Southbound Interfaces) where the applications themselves are deployed as well as the Policy-based Security Architecture (PbSA) as described in the following depiction (Figure 3).
Within the PbSA found two types of repositories: a Topology Repository, which contains information on the network’s topology and is critical for routing and managing traffic, and a Policy Repository, which holds the policy expressions that define the security and operational guidelines for the network. Another crucial component in the PbSA is the Policy Manager, which manages all security operations within the network, ensuring policies are correctly implemented as well as updated. The Extraction Engine or Evaluation Engine is responsible for monitoring incoming network traffic and evaluating it against the stored policies to determine if they are being compiled (notice the similarity of PDPs with the functionality of this component and the Policy Manager). The Policy Enforcer (analogous to the PEPs) is the component that applies the determined flow rules to the network’s traffic, ensuring that only policy-compliant traffic is allowed, lastly, the Handle Creator generates handles for packets that travel across the network, enhancing security by ensuring packet authenticity and integrity. This decoupling of network layers based on functionality is expected in SDNs and allows them to be flexible and dynamic. The PbSA takes full advantage of this by being able to manage security policies from a single point of control. This centralization simplifies the administration of complex policy rules across various network devices, enabling consistency and fast adjustments throughout the whole network topology. Since the SDNs allow a comprehensive network view, the PbSA can use this enhanced visibility to monitor all traffic flows across the network more effectively, thus providing a more accurate and timely detection of anomalies or policy violations.

4.3. Transition to Intent-Based Networking

After delving into the literature on the current state of networking paradigms, it was easy to notice a shift toward what is referred to as intent-based networking. This relatively recent concept adds another level of abstraction to what has been seen in policy-based networks, and in this new paradigm of networking, which is much more user-centric than previous ones; the objective is to give the user the possibility of asking what it wants from the network without worrying how this is achieved in a way that is as user-friendly as possible. To better understand this concept, studying the works of [106,107] shows how and why this transition from policy-based networking to intent-based networking happened.
Their works discuss the limitations of policy-based networking, which is a more rigid, less scalable network methodology, and this causes it to struggle with the current rise of network complexity leveraged by technologies such as cloud computing, IoT, and the ever-present NS into which these technologies can be integrated. This means that the issue lies in scalability and flexibility, and even though policy-based networks are considerably more autonomous than previous network paradigms, they still require manual intervention for changes and updates, which also introduces the possibility of human error in network configuration. This is the gap that intent-based networking (IBN) tries to bridge; by granting a higher level of abstraction in the network configuration, it introduces more flexibility, which was not possible when using policy-based methods that required the network to follow static configurations that do not easily accommodate changes in business requirements or network conditions. This flexibility will be demonstrated further in this section, but first, the process that is required to deploy intent-based networks must be known, and therefore we look at some of the things that remained from policy-based networking and what has changed in this new methodology. For that purpose, insights from the work of [108] can also be drawn, which showcases how IBNs translate users’ business intent(s) into network strategies, thereby moving beyond policy-driven approaches. This work also demonstrates how AI, which was already discussed previously in the context of NS, can be integrated into this paradigm for real-time network fault identification, network optimization, and the integral process of intent translation, which is the key to IBNs. Therefore, it is safe to say that AI will undoubtedly help propel this paradigm shift once it has matured enough in these applications. Nonetheless, the whole process can be illustrated as follows.
Summing up, the illustrated process (Figure 4) can be described in a few steps:
  • Intent Profiling: This first step involves defining the intent, which should be in an easily understandable, declarative statement of what is expected from the network. This contrasts with policy-based networking, where specific rules and configurations are detailed.
  • Intent Translation: After being defined, the high-level intent must be translated into actionable network policies and configurations. Unlike policy-based systems that apply rules directly, IBN systems interpret intents and determine the best methods to achieve the desired outcomes.
  • Intent Resolution and Activation: Before being activated, potential conflicts among different intents must be addressed, ensuring that new intents do not disrupt existing network functions. This dynamic adjustment capability is a significant advancement over static policy-based systems.
  • Intent Assurance: Much like in policy-based systems, the process of continuously monitoring network performance to ensure that it aligns with the defined policies, and in this case, the intent, is critical to maintaining a reliable service. However, in the case of intent-based networking, its inherent flexibility allows it to adapt faster to changes in network conditions or business objectives over time.
This helps us understand the general process; however, there are still a lot of discrepancies in the literature regarding the process of translation. For that reason, the following figure of an IBN model for intent translation, present in the same work as the previous figure, can help clear up how this is handled.
Looking at the depiction (Figure 5), one might ask what would happen in the case of conflicting policies because, as mentioned before, a conflict resolution process must be implemented for these scenarios. In these situations, the system relies on its built-in logic to determine which policies are essential for maintaining critical services and which can be temporarily relaxed. This decision is based on predefined business priorities and the potential impact of each policy on overall network performance. For instance, if an IBN system is tasked with ensuring high-quality video conferencing (this would represent a high-priority intent) while also managing extensive file transfers (this would represent a lower-priority intent), the system might temporarily degrade the bandwidth available for file transfers during crucial business hours to ensure video conferencing quality is not compromised.

4.4. Enhancing Security in SDNs and NFVs through PBN

While researching how policy-based networking can be applied to network security, quite a few examples of proposed systems for automating policy enforcement in SDNs and NFVs came across. One is the work proposed, implemented, and validated in the thesis of [61] that revolves around using the VEREFOO (Verified Refinement and Optimised Orchestration) framework, designed to automate security policies in an NFV environment. This framework enhances security automation by providing tools for refining policies from high-level language to medium-level and eventually into network configurations like IP quintuples. The framework is leveraged to develop a module that allows for consistent multi-language translation among several packet filters in the market and focuses on the security within NFV by analysing packet filter behaviour and facilitating the translation process by considering the different firewall languages used in various scenarios. The implementation described in this extensive work is tailored to multiple firewall platforms, including Iptables, IpFirewall, BPF-iptables (developed by the University of Torino), Open vSwitch, and Fortinet. The network is configured in a way that is enforced across all these platforms, ensuring that the translated security policies adhere to the defined medium-level abstraction model. In terms of testing and validation, the implemented models were tested in various network scenarios, confirming that the policy translations act as intended by the medium-level abstraction model. Another instance of security enhancement via security policies in this type of network is explored in [109], which also uses a refinement model that transforms high-level security requirements into specific configurations for network security functions (NSFs). This work required two models: a capability model that defines the NSFs and ensures they meet the specific security policy requirements and optimization models used to select the optimal NSFs to implement the required security measures based on performance and security criteria. In its implementation, the proposed system extends the OpenMANO framework, incorporating a Security Awareness Manager (SAM) to execute policy refinements. This addition allowed for real-time adaptations to the network or policy changes, mitigating one of the usual limitations in policy-based networking, and since it extends upon an already existing framework, implementing it becomes easier than developing a standalone system. After implementation, the system was validated using different network scenarios to ensure its practicality and efficiency in real-world applications, which entailed performance testing to confirm that policy refinement scales appropriately for current networks and for what is expected in larger-scale virtualized networks.
For IoT systems that utilise SDN and NFV technologies, an innovative approach to enhance the flexibility of these systems via a semantic-aware, zero-touch, policy-driven security orchestration framework that facilitates dynamic and conflict-free security policy enforcement and VNF, or in this case Virtual Network Security Function (VSF) orchestration, was also found in [110]. Beyond the use of semantic-aware orchestration that can handle high-level security requirements, this approach incorporates an optimised algorithm for Service Function Chaining (SFC) that maximises QoS, security aspects, and resource usage during the deployment and lifecycle management of VSFs. Still, in the context of IoT networks which possess an inherent heterogeneity and constrained nature of devices, the work of [111] proposes a methodology that utilises optimization theory, in this case, the Maximum Satisfiability Modulo Theories (MaxSMT), to automatically compute and enforce security configurations in SDN-based IoT networks. Like in previous examples of applied policy enforcement, this enforcement is carried out dynamically by adapting to network conditions or threat landscape changes by configuring SDN switches in response to detected threats or policy changes. Using MaxSMT, the framework guarantees the formal correctness of the security conditions applied, ensuring that the implemented security measures match the specified policies without needing post-configuration verification. This methodology also provides some advantages to previously discussed examples, since it optimises the placement and configuration of SDN switches to minimise resource usage while maximising security effectiveness, which includes minimising the impact of attacks and enhancing bandwidth allocation by placing SDN switch rules as close to the traffic source as possible.

5. Use Case of 6G-OPENSEC-Security

In the ever-evolving landscape of telecommunications, driven by the advent of 6G and the increasing demand for ultra-fast and highly reliable connectivity, security has emerged as a critical priority. With the proliferation of connected devices and the growing virtualization of network infrastructure, ensuring data integrity, confidentiality, and availability has become a complex and multifaceted challenge. In this scenario, which has already been mentioned, the traditional approach to security, based on static and reactive measures, is no longer adequate to address today’s dynamic and sophisticated threats. There is a need to adopt a more agile, proactive, and adaptable approach to ensure the proper protection of network resources and sensitive user data. This section aims to explore the use cases and applications of dynamic security service provisioning as an effective response to emerging challenges in network-slicing environments. Through the analysis of concrete cases and specific use scenarios, it will be examined how dynamic security service provisioning can enhance security in network slicing, ensuring robust and adaptable protection in the face of evolving threats. In particular, the focus will be on the crucial role of a Security Closed-Loop (SCL) as a fundamental component in dynamic security service provisioning, highlighting its essential functionalities and its impact on ensuring security in network slicing. One project being developed is 6G-OPENSEC. This project aims to deliver security, trust, and quantum critical distribution solutions designed for 6G transport networks, employing an open and adaptable architecture. This project is divided into three projects: 6G-OPENSEC-SECURITY (https://www.cttc.cat/project/secure-network-slice-manager-for-open-and-disaggregated-6g-networks/ (accessed on 29 April 2024)), 6G-OPENSEC-TRUST (https://www.cttc.cat/project/dlt-based-trust-management-for-open-and-disaggregated-6g-networks/ (accessed on 29 April 2024)), and 6G-OPENSEC-KEYS (https://www.cttc.cat/project/quantum-key-distribution-for-security-in-open-and-disaggregated-6g-networks/ (accessed on 29 April 2024)).
Since the security aspects of these upcoming networks have been discussed, our focus will be on 6G-OPENSEC-SECURITY. It promotes network management and security automation by following ETSI’s standardised ZSM architecture. Also, it proposes a security model designed in a Closed-Loop architecture, which has been showcased in the work of [112], enabling not only the automation of network management in terms of resources and deployment as well as security features that are enforced via network policies. This automation not only reduces the complexity of management and security tasks from the operator’s point of view but also the possibility of human error present in previously employed architectures that did not rely as much on automating tasks.
Indeed, this automation does provide some new challenges in terms of reliability; however, this is why a Closed-Loop architecture was chosen when applying security. This type of architecture ensures continuous monitoring of network operations as well as auditability for any past actions or configurations that may result in network faults, which are used to facilitate processes of self-healing, self-optimization, and self-configuration of the network based not only on prior knowledge to its deployment but also after the service has been implemented.

5.1. General Architecture

The framework for the 6G-OPENSEC-SECURITY project is rooted in the ETSI GS ZSM 002 specification. ZSM aims to create a fundamental architecture (Figure 6) that allows for completely autonomous solutions for 5G and beyond network operations, i.e., with zero human intervention.
This way, it is possible to draw the alignment of the 6G-OPENSEC-SECURITY with the ZSM architecture. Figure 7 illustrates this alignment with the general ZSM structure.
The framework for the 6G-OPENSEC-SECURITY project is rooted in the ETSI GS ZSM 002 specification. Figure 7 illustrates this framework, drawing its alignment with the general ZSM structure.
In Figure 7, two pivotal elements emerge within this framework: the Security Closed-Loop Governance (SCLG) and the Security Closed-Loop Automation (SCLA). The SCLG consists of two integral modules: the Closed-Loop Manager and the Closed-Loop Coordinator. On the other hand, the SCLA comprises four distinct modules: Security Decision, Security Data Analytics, Security Data Collection, and Security and Privacy data service. The responsibilities of each one of these elements are:
  • SCLA—This component is responsible for processing the results obtained from the monitoring process. It identifies the data samples requiring evaluation and triggers processes to mitigate the detected security threat.
  • SCLG—This component oversees the coordination and management of all created closed loops and their governance.
Collectively, these components form the Security Closed-Loop (SCL), working in tandem to ensure robust governance and automation within the network-slicing environment. Overall, the SCL is a mechanism that serves as the backbone for continuous monitoring and analysis of network service performance. It helps operators take proactive measures, anticipating potential issues before they arise while enabling prompt, reactive responses to detected anomalies. This comprehensive approach ensures the sustained delivery of high-quality services while maximising security within the network slice. However, in this section, the focus will be on the SCLA component and its modules.

5.2. Security Closed-Loop Automation Architecture

At its core, the SCLA integrates monitoring, decision-making, and automated responses to ensure robustness against potential threats while maintaining adaptability and scalability. Unlike conventional security systems that react to known threats, the SCLA continuously monitors the environment, learns from it, and adjusts its defences in real-time based on predictive analysis, taking advantage of technologies like AI and policy-based networking. Its key objectives include:
  • Proactive Security: Shifting from reactive to proactive measures, the system anticipates and mitigates threats before they manifest by continuously monitoring and adapting its defences based on predictive analysis.
  • Real-time Threat Response: Acting swiftly and decisively in the face of security threats, it minimises potential damage through modules like Security Decision and Security Data Analytics, which enable real-time detection of anomalies and a response.
  • Adaptive Learning: Staying ahead of evolving threats by continuously learning from past experiences and current data.
  • Operational Efficiency: Ensuring that security measures enhance system performance rather than hinder it.
To fulfil these objectives, the SCLA has been proposed to contain the following software components, which are the primary line of defence in networks that implement this kind of security architecture:
  • Security Data Collection: The purpose of this component is to collect network data, as it is proposed to be integrated with network probes that capture packets of network traffic and are later retrieved by the component. Data collection can be carried out via APIs or through data brokers, whichever best fits the network topology.
  • Security Data Analytics: This component is responsible for analysing the collected data and detecting any possible threats or anomalies within the surveilled network through the use of AI models. The proposed project model integrates a DDoS detection model such as LUCID [99]; however, this component is flexible enough to integrate other types of ML and DL models that can detect different types of attacks in network traffic.
  • Security Decision: Since the deployed and surveilled services must comply with specific security policies, this component was developed to ensure that appropriate action is taken to solve the issue in case of an attack or non-compliance with the requested policies. A knowledge base is required to ensure that each violated policy has an appropriate corrective directive.
  • Security and Privacy data service: This is the specialised module responsible for securely managing and storing security data within the closed loop. In other words, it is the SCLA’s database.
In Figure 8 it is possible to see how these components interact with each other in a high-level way.

5.3. Applying ML/DL and Security Policies

From what has been discussed in Section 3 and Section 4, it is necessary to disseminate where and how AI and security policies have been applied and enforced within the proposed Closed-Loop architecture. All the components within the SCL are essential for the continuous monitoring and security of deployed service-based slices; however, most of the complexity within these processes is handled by two components, namely the Security Data Analytics and Security Decision components, which are where Deep Learning/Machine Learning models and security policies are enforced, respectively. The use of AI in the SCL closely resembles how it was used in the work of [89], wherein Deep Learning was applied in the network slicing infrastructure of 5G networks to detect and mitigate threats proactively. The way that policies were reinforced is also like how, in the ANASTACIA (http://www.anastacia-h2020.eu/ (accessed on 29 April 2024)) Project, policy conflicts are resolved by checking already applied policies to requested policies, and these are further enforced through the integration of security orchestrators that check their compliance throughout the network.
However, in this project, the role of these security orchestrators is attributed to the Security Decision to mitigate detected threats by the Security Data Analytics, which, in a sense, showcases that the SCL combines principles from both these projects into one. The following are details of both key components of the SCL for a better understanding of their context within the SCL and their roles.

5.3.1. Security Data Analytics

The SDA component is the analytical powerhouse of this subdomain of components in the closed-loop system. It processes raw security data collected by the Security Data Collection component, turning them into meaningful insights that can be acted upon. Its primary focus is on dissecting and understanding the vast amounts of data expected to flow through the network and system to identify patterns, anomalies, and potential threats. In other words, the Security Data Analytics component is responsible for making sense of the massive amounts of security data constantly being collected and identifying critical threats and vulnerabilities.
This component uses a variety of advanced analytics techniques, such as ML, to identify trends and anomalies in the data. Also, it generates alerts when it detects suspicious activity and can provide reports and recommendations on the overall security posture of the network.
Key Features/Responsibilities:
  • Proactive Analysis: Security Data Analytics can spot possible dangers before they result in damage by examining network data. This can be achieved by detecting patterns and trends in the data, which can be indicators of consistent threats or system behaviours that need to be kept in check (such as a system vulnerability). ML algorithms can be used to help detect complex patterns.
  • Anomaly Detection: Beyond recognizing patterns, the Security Data Analytics component is responsible for detecting anomalies—unusual behaviours or data points that deviate from the norm and can indicate potential security threats. This may include any actions such as unauthorised access, suspicious network traffic, malicious user activity, and more. ML methods will be employed to find anomalies.
  • ML Models Ensemble: Security Data Analytics may also offer an ensemble approach for detecting and predicting anomalies. This approach combines the use of multiple ML models to enhance the system’s robustness and accuracy. An approach could be to use anomaly detection models to separate data and then apply different types of predictors.
  • Data Visualization: To aid operators and other system components of the system in understanding the security landscape, Security Data Analytics might offer visual representations of data, highlighting key insights, threats, and patterns in real time. This would speed up any particular action that is required to be performed manually in the system.
  • Security Report Generation: It is important to create security reports regularly, to document, communicate, and analyse the systems’ security state. The SDA may generate some security reports. These reports can become important documentation for legal purposes. They can also provide detailed information about security incidents, giving information about causes and impacts.
Table 3 gives a detailed description of all the modules that constitute the Security Data Analytics component that work together to achieve its functionality.
Figure 9 also shows the interactions between these modules by presenting the SDA workflow, detailing data transfer from SPDS to DPTE, processing by ADE and RASP, and insights sent to RM for reporting and alerts managed by AM, with periodic model testing for accuracy checks.

5.3.2. Security Decision

This is the component with a higher degree of responsibility in the CL Automation subdomain of the Security CL. Its focus is on evaluating specific security data insights and determining the immediate responses required. While the CLM oversees the broader strategy and direction, the Security Decision component delves deeper into the specifics of immediate threat response based on real-time data.
Key Features/Responsibilities:
  • Data Analysis Interpretation: The Security Decision component interprets the data analysed by the Security Data Analytics to determine potential immediate threats or anomalies.
  • Immediate Response Determination: Based on the interpreted data, the Security Decision component determines immediate actions, actions such as blocking a suspicious IP, adjusting a firewall rule, or temporarily isolating a network segment are part of them. As described before, the focus will always be on immediate, tactical responses to any real-time threats.
  • Feedback Integration for Tactical Decisions: Like most system components, the security decision component refines its decision-making algorithms based on feedback from previous immediate responses, ensuring a swift and accurate reaction to future threats.
  • Severity Assessment: It evaluates the severity of detected anomalies or threats, prioritising responses based on potential impact and immediacy.
  • Interface with Response Mechanisms: Once an immediate action is determined, the Security Decision component interfaces with the necessary system components to execute it, be it network configurations, security tools, or alert systems in case of issue escalation.
Table 4 shows an overview of the modules that are part of the Security Decision component and their functionalities.
In Figure 10, we can identify the internal interactions of the Security Decision subcomponents.

5.4. Expected Results

As mentioned at the beginning of this section, the proposed SCL model aims to automate the security processes within deployed services to minimise human intervention in these procedures, having significant outcomes. However, since it belongs to a project that is being developed towards standardising security in upcoming network environments, it is essential to note that not only is it defined with automation in mind (following ZSM’s principles), but also flexibility and dynamism. Furthermore, there are several expected advantages to putting the SCL into practice. First, automating security procedures and reducing human error should significantly enhance the overall security posture of network settings. This strengthens resilience against new cyber threats by enabling quicker reaction times to security problems. Because of its service-based security architecture, the SCL’s flexibility makes it easy to pivot and respond to a wide range of security breaches and attacks on different kinds of services. Additionally, the policies that are integrated into the service and the overall project have two functions: they provide enforceable standards that services must follow in addition to offering suggestions. As a result, it is intended that the Security Closed-Loop would seamlessly integrate into the wide range of services that the upcoming generation of mobile networks will offer. For these reasons, it’s expected a seamless integration of the SCL in different kinds of services that this next generation of mobile networks may require, as well as a streamlined method of securing and continuously maintaining security from instantiation to termination of services.

5.5. Application Deployment Scenarios

This section explores potential deployment scenarios for the SCLA applications based on the experiments conducted until now on this research and other frameworks proposed. The potential deployment scenarios are focused on smart healthcare and vehicular communication systems slicing. We delve into the application of the SCLA in Vehicle-to-Everything (V2x) communications [113], showcasing how it can enhance V2x interactions in the proposed framework by providing reliable, low-latency connections and granular security protocols, necessary for safety and efficiency in intelligent transportation systems. Additionally, the integration of SCLA in smart healthcare through the FLIPER [114] framework will be discussed, highlighting its benefits and addressing critical security concerns.

5.5.1. Integrating SCLA in V2X Slicing

Vehicle-to-Everything (V2X) communication is one of the currently emerging application scenarios for network slicing. V2X enables seamless interaction between vehicles, infrastructure, pedestrians, and networks. Network slicing is pivotal in meeting the diverse and stringent Quality-of-Service (QoS) requirements of such V2X scenarios, ensuring that safety-critical applications, traffic management, and infotainment services can coexist efficiently without compromising performance.
The framework detailed in [113] proposes a three-tier architecture for implementing network slicing in V2X communications. Leveraging SDN and NFV, the system dynamically allocates resources, manages traffic, and maintains service quality across small base stations (SBS), macro base stations (MBS), and the core network. The integration of Recurrent Neural Networks (RNN) and Deep Q-Networks (DQN), forming the RDQ3N model, facilitates intelligent slice management. This model predicts resource availability and QoS, enabling proactive resource allocation and efficient slice instantiation.
Incorporating the SCLA into this framework would provide significant enhancements. The SCLA continuously monitors network slices, analyses traffic patterns, and dynamically adjusts security policies based on real-time threat assessments. Each slice monitored by the SCLA receives tailored security measures appropriate to its specific requirements, ensuring optimal protection and security service granularity without compromising performance. For instance, safety-critical slices would benefit from stringent security protocols to prevent data breaches and ensure the integrity of critical communications, while slices that are not categorized as mission-critical would allow for more flexible security policies. This proactive security approach helps maintain high QoS levels by preventing performance degradation due to security incidents and ensures efficient resource allocation, as intended by the proposed framework as well.

5.5.2. Integrating SCLA in Smart Healthcare Slicing

The integration of network slicing in smart healthcare (s-health) aims to enhance the reliability and efficiency of healthcare applications and services, which include real-time critical care monitoring, telemedicine, and remote surgery [115]. These applications demand specific requirements such as low latency, high reliability, and security, which can be effectively managed through network slicing.
An example is the FLIPER framework [114]. It leverages network slicing to provide automation, customization, and on-demand resource allocation based on fingerprinting analysis. Operating within a smart hospital network infrastructure, it includes devices like wearables, video surveillance cameras, desktops, servers, and routers. These devices collect and transmit data through a gateway to the Internet and cloud, facilitating continuous monitoring and real-time data access for healthcare practitioners.
Key functionalities of this framework include the following:
  • Logical Isolation: Creation of multiple logical networks (slices) over a single physical infrastructure, each customized to meet specific healthcare application requirements.
  • Service Customization: Utilizing SDN and NFV, network slicing provides tailored properties such as low latency and high reliability, essential for applications like telemedicine and remote surgery.
  • High Reliability: Configuring slices to ensure successful data transmission without exceeding maximum latency, critical for extreme critical care monitoring.
  • Scalability and Density Management: Managing high density and scalability during scenarios like natural disasters, accommodating many wearable devices.
  • Fingerprinting Techniques: Using ML algorithms for fingerprinting network traffic to quickly customize network resources, achieving about 90% accuracy, and significantly aiding in network resource adaptation and automation.
However, this framework, as stated by the authors, presents some security faults. The use of the SCLA based on the ZSM architecture can enhance the security of the framework, and consequentially of the slicing for Smart Healthcare. The benefits that the SCLA can bring to the FLIPER framework are the following:
  • Real-Time Threat Detection and Response: it enables continuous monitoring of the smart healthcare network. This allows for the immediate detection of security threats such as unauthorized access, data breaches, and malware. Also, it can automatically adapt the network configuration to mitigate the threat. For instance, it can isolate affected network slices or reroute traffic to secure channels.
  • Automation and Efficiency: it eliminates the need for manual intervention in security management. Automated decision-making processes ensure quick and efficient responses to threats, reducing the window of vulnerability and minimizing the impact on healthcare services.
  • Enhanced Reliability and Resilience: it can implement proactive security measures by predicting potential threats based on historical data and current network behaviour.
  • Compliance and Reporting: automated compliance checks and reporting ensure that the smart healthcare network adheres to regulatory standards and policies, such as those mandated by healthcare authorities and data protection regulations.
Integrating an SCLA into the FLIPER framework significantly enhances the security of smart healthcare slicing. By providing real-time, automated, and adaptive security management, it ensures continuous protection against threats, thereby maintaining the integrity, reliability, and efficiency of healthcare services. This integration aligns with the growing need for resilient and secure healthcare networks in an increasingly digital and interconnected world.

6. Conclusions

AI is crucial for achieving more robust security solutions in network slicing. Its ability to analyse vast amounts of data, detect anomalies, and adapt in real-time makes it indispensable in the realm of cybersecurity, especially in such a dynamic environment as network slicing. However, while AI improves security, it also exposes systems to a new range of threats and vulnerabilities, so it is essential to be aware of the risks involved when employing it. The scientific community should give top priority to prioritising efforts aimed at reducing the dangers associated with using AI, which include ethical issues and potential attacks on models. This calls for extensive research and development to ensure AI’s ethical and secure implementation in network contexts while enhancing its resilience. By taking pre-emptive measures to address these issues, we can fully utilise AI while avoiding potential hazards and promoting a more secure and reliable digital ecosystem for all parties involved. Similarly, employing network security policies also has its advantages and disadvantages. Using network security policies simplifies deploying a secure and user-centric network and network services while maintaining the same level of security throughout its lifecycle due to policy enforcement methodologies, as discussed in Section 4. Despite this, there are still some pending issues related to policy refinement and translation since it is imperative to turn these policies into low-level network configurations for the devices with which to deploy said networks, and this is usually where entropy is generated due to a lack of interoperability between devices from different vendors. One project that may be used to solve some of these issues, at least in the case of network configurations that can be employed across a heterogeneous network, is ETSI’s TeraFlow (https://www.teraflow-h2020.eu/ (accessed on 29 April 2024)), which facilitates this desired interoperability between network devices from different vendors. Nonetheless, in the case of intent-based networking, the translation of intents into policies (which are later translated into network configurations) still lacks standardisation and to fully take advantage of this type of networking, which provides an even higher level of abstraction for operators, would require more research into this matter.

Author Contributions

Conceptualisation, J.C. and C.S.; Methodology, J.C. and C.S.; Investigation: J.C., P.F., E.M.C., I.N. and X.R.S.; Writing—original draft, J.C., P.F. and E.M.C.; Writing—review and editing, J.C., P.F., E.M.C., P.C.O., M.J.N. and C.S.; Supervision, C.S.; Funding acquisition, C.S. All authors have read and agreed to the published version of the manuscript.

Funding

This work has been partially funded by the “Ministerio de Asuntos Económicos y Transformación Digital” and the European Union-NextGenerationEU in the frameworks of the “Plan de Recuperación, Transformación y Resiliencia” and of the “Mecanismo de Recuperación y Resiliencia” through UNICO-5G I+D 6G-OPENSEC project under references TSI-063000-2021-58, TSI-063000-2021-60, TSI-063000-2021-61.

Data Availability Statement

The data presented in this study are available upon request from the corresponding author. The data are not publicly available due to institutional indications.

Conflicts of Interest

Author José Cunha is a full time employee with the role of Software Architect at Company Optare Solutions. Author Miriam Castro is a full time employee with the role of Analyst/Developer at Company Optare Solutions. Author Pedro Ferreira Castro is a full time employee with the role of Analyst/Developer at Company Optare Solutions. Author Iván Núñez is a full time employee with the role of Project Manager at Company Optare Solutions. Author Xosé Ramón Sousa is a full time employee with the roles of R&D Director and Software Architect at Company Optare Solutions and is a company partner of Company Optare Solutions. The authors declare no conflict of interest. The remaining authors declare that the research was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.

References

  1. Liu, G.; Huang, Y.; Chen, Z.; Liu, L.; Wang, Q.; Li, N. 5G Deployment: Standalone vs. Non-Standalone from the Operator Perspective. IEEE Commun. Mag. 2020, 58, 83–89. [Google Scholar] [CrossRef]
  2. Kimura, D.; Seki, H.; Kubo, T.; Taniguchi, T. Wireless network technologies toward 5G. APSIPA Trans. Signal Inf. Process. 2015, 4, e12. [Google Scholar] [CrossRef]
  3. Dogra, A.; Jha, R.K.; Jain, S. A Survey on Beyond 5G Network With the Advent of 6G: Architecture and Emerging Technologies. IEEE Access 2021, 9, 67512–67547. [Google Scholar] [CrossRef]
  4. Polese, M.; Bonati, L.; D’Oro, S.; Basagni, S.; Melodia, T. Understanding O-RAN: Architecture, Interfaces, Algorithms, Security, and Research Challenges. IEEE Commun. Surv. Tutor. 2023, 25, 1376–1411. [Google Scholar] [CrossRef]
  5. Chen, M.; Yang, J.; Hao, Y.; Mao, S.; Hwang, K. A 5G Cognitive System for Healthcare. Big Data Cogn. Comput. 2017, 1, 2. [Google Scholar] [CrossRef]
  6. Wu, Y.-J.; Hwang, W.-S.; Shen, C.-Y.; Chen, Y.-Y. Network Slicing for mMTC and URLLC Using Software-Defined Networking with P4 Switches. Electronics 2022, 11, 2111. [Google Scholar] [CrossRef]
  7. Ordonez-Lucena, J.; Ameigeiras, P.; Lopez, D.; Ramos-Munoz, J.J.; Lorca, J.; Folgueira, J. Network Slicing for 5G with SDN/NFV: Concepts, Architectures, and Challenges. IEEE Commun. Mag. 2017, 55, 80–87. [Google Scholar] [CrossRef]
  8. Barakabitze, A.A.; Barman, N.; Ahmad, A.; Zadtootaghaj, S.; Sun, L.; Martini, M.G.; Atzori, L. QoE management of multimedia streaming services in future networks: A tutorial and survey. IEEE Commun. Surv. Tutor. 2020, 22, 526–565. [Google Scholar] [CrossRef]
  9. Moya Osorio, D.P.; Ahmad, I.; Sánchez, J.D.V.; Gurtov, A.; Scholliers, J.; Kutila, M.; Porambage, P. Towards 6G-Enabled Internet of Vehicles: Security and Privacy. IEEE Open J. Commun. Soc. 2022, 3, 82–105. [Google Scholar] [CrossRef]
  10. Zhang, S. An Overview of Network Slicing for 5G. IEEE Wirel. Commun. 2019, 26, 111–117. [Google Scholar] [CrossRef]
  11. Uusitalo, M.A.; Rugeland, P.; Boldi, M.R.; Strinati, E.C.; Demestichas, P.; Ericson, M.; Fettweis, G.P.; Filippou, M.C.; Gati, A.; Hamon, M.-H.; et al. 6G Vision, Value, Use Cases and Technologies From European 6G Flagship Project Hexa-X. IEEE Access 2021, 9, 160004–160020. [Google Scholar] [CrossRef]
  12. Bernardos, C.J.; Uusitalo, M.A. European Vision for the 6G Network Ecosystem; Zenodo: Geneve, Switzerland, 2021. [Google Scholar]
  13. Yi, B.; Wang, X.; Li, K.; Das, S.K.; Huang, M. A comprehensive survey of Network Function Virtualization. Comput. Netw. 2018, 133, 212–262. [Google Scholar] [CrossRef]
  14. Kreutz, D.; Ramos, F.M.V.; Esteves Verissimo, P.; Esteve Rothenberg, C.; Azodolmolky, S.; Uhlig, S. Software-Defined Networking: A Comprehensive Survey. Proc. IEEE 2015, 103, 14–76. [Google Scholar] [CrossRef]
  15. Vassilaras, S.; Gkatzikis, L.; Liakopoulos, N.; Stiakogiannakis, I.N.; Qi, M.; Shi, L.; Liu, L.; Debbah, M.; Paschos, G.S. The Algorithmic Aspects of Network Slicing. IEEE Commun. Mag. 2017, 55, 112–119. [Google Scholar] [CrossRef]
  16. Feamster, N.; Rexford, J.; Zegura, E. The Road to SDN: An intellectual history of programmable networks. Queue 2013, 11, 20–40. [Google Scholar] [CrossRef]
  17. ETSI Network Functions Virtualisation (NFV); Terminology for Main Concepts in NFV 2020; ETSI: Sophia Antipolis, France, 2020.
  18. Nunes, B.A.A.; Mendonca, M.; Nguyen, X.-N.; Obraczka, K.; Turletti, T. A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks. IEEE Commun. Surv. Tutor. 2014, 16, 1617–1634. [Google Scholar] [CrossRef]
  19. Maleh, Y.; Qasmaoui, Y.; El Gholami, K.; Sadqi, Y.; Mounir, S. A comprehensive survey on SDN security: Threats, mitigations, and future directions. J. Reliab. Intell. Environ. 2023, 9, 201–239. [Google Scholar] [CrossRef]
  20. Barakabitze, A.A.; Ahmad, A.; Mijumbi, R.; Hines, A. 5G network slicing using SDN and NFV: A survey of taxonomy, architectures and future challenges. Comput. Netw. 2020, 167, 106984. [Google Scholar] [CrossRef]
  21. Rana, D.S.; Dhondiyal, S.A.; Chamoli, S.K. Software Defined Networking (SDN) Challenges, issues and Solution. Int. J. Comput. Sci. Eng. 2019, 7, 884–889. [Google Scholar] [CrossRef]
  22. Khan, R.; Kumar, P.; Jayakody, D.N.K.; Liyanage, M. A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements, and Future Directions. IEEE Commun. Surv. Tutor. 2020, 22, 196–248. [Google Scholar] [CrossRef]
  23. Ahmad, I.; Shahabuddin, S.; Kumar, T.; Okwuibe, J.; Gurtov, A.; Ylianttila, M. Security for 5G and Beyond. IEEE Commun. Surv. Tutor. 2019, 21, 3682–3722. [Google Scholar] [CrossRef]
  24. Rafique, W.; Qi, L.; Yaqoob, I.; Imran, M.; Rasool, R.U.; Dou, W. Complementing IoT Services Through Software Defined Networking and Edge Computing: A Comprehensive Survey. IEEE Commun. Surv. Tutor. 2020, 22, 1761–1804. [Google Scholar] [CrossRef]
  25. Macedo, D.F.; Guedes, D.; Vieira, L.F.M.; Vieira, M.A.M.; Nogueira, M. Programmable Networks—From Software-Defined Radio to Software-Defined Networking. IEEE Commun. Surv. Tutor. 2015, 17, 1102–1125. [Google Scholar] [CrossRef]
  26. Ahmad, S.; Mir, A.H. SDN Interfaces: Protocols, Taxonomy and Challenges. Int. J. Wirel. Microw. Technol. 2022, 12, 11–32. [Google Scholar] [CrossRef]
  27. Singh, P.K.; Brahma, M.; Nath, P.; Ghosh, U. A Study on Secure Network Slicing in 5G. In Proceedings of the 2023 IEEE/ACM 23rd International Symposium on Cluster, Cloud and Internet Computing Workshops (CCGridW), Bangalore, India, 1–4 May 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 52–61. [Google Scholar]
  28. Al-Alaj, A.; Sandhu, R.; Krishnan, R. A Formal Access Control Model for SE-Floodlight Controller. In Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Richardson, TX, USA, 27 March 2019; ACM: New York, NY, USA, 2019; pp. 1–6. [Google Scholar]
  29. Porras, P.; Cheung, S.; Fong, M.; Skinner, K.; Yegneswaran, V. Securing the Software Defined Network Control Layer. In Proceedings of the 2015 Network and Distributed System Security Symposium, San Diego, CA, USA, 8–11 February 2015; Internet Society: Reston, VA, USA, 2015. [Google Scholar]
  30. Correa Chica, J.C.; Imbachi, J.C.; Botero Vega, J.F. Security in SDN: A comprehensive survey. J. Netw. Comput. Appl. 2020, 159, 102595. [Google Scholar] [CrossRef]
  31. Chiosi, M.; Clarke, D.; Willis, P.; Reid, A.; Feger, J.; Bugenhagen, M.; Khan, W.; Fargano, M.; Cui, C.; Deng, H.; et al. Network Functions Virtualisation: An Introduction, Benefits, Enablers, Challenges & Call for Action. Available online: https://portal.etsi.org/NFV/NFV_White_Paper.pdf (accessed on 6 May 2024).
  32. European Union Agency for Cybersecurity. NFV Security in 5G: Challenges and Best Practices; Publications Office: Luxembourg, 2022. [Google Scholar]
  33. Yang, W.; Fung, C. A survey on security in network functions virtualization. In Proceedings of the 2016 IEEE NetSoft Conference and Workshops (NetSoft), Seoul, Republic of Korea, 6–10 June 2016; pp. 15–19. [Google Scholar]
  34. Han, B.; Gopalakrishnan, V.; Ji, L.; Lee, S. Network function virtualization: Challenges and opportunities for innovations. IEEE Commun. Mag. 2015, 53, 90–97. [Google Scholar] [CrossRef]
  35. Abdelwahab, S.; Hamdaoui, B.; Guizani, M.; Znati, T. Network function virtualization in 5G. IEEE Commun. Mag. 2016, 54, 84–91. [Google Scholar] [CrossRef]
  36. Alnaim, A.K.; Alwakeel, A.M.; Fernandez, E.B. Towards a Security Reference Architecture for NFV. Sensors 2022, 22, 3750. [Google Scholar] [CrossRef] [PubMed]
  37. Cucinotta, T.; Abeni, L.; Marinoni, M.; Mancini, R.; Vitucci, C. Strong Temporal Isolation Among Containers in OpenStack for NFV Services. IEEE Trans. Cloud Comput. 2023, 11, 763–778. [Google Scholar] [CrossRef]
  38. Pattaranantakul, M.; He, R.; Meddahi, A.; Zhang, Z. SecMANO: Towards Network Functions Virtualization (NFV) Based Security MANagement and Orchestration. In Proceedings of the 2016 IEEE Trustcom/BigDataSE/ISPA, Tianjin, China, 23–26 August 2016; pp. 598–605. [Google Scholar]
  39. Abdulqadder, I.H.; Zhou, S.; Zou, D.; Aziz, I.T.; Akber, S.M.A. Bloc-Sec: Blockchain-Based Lightweight Security Architecture for 5G/B5G Enabled SDN/NFV Cloud of IoT. In Proceedings of the 2020 IEEE 20th International Conference on Communication Technology (ICCT), Nanning, China, 28–31 October 2020; pp. 499–507. [Google Scholar]
  40. De Benedictis, M.; Lioy, A. On the establishment of trust in the cloud-based ETSI NFV framework. In Proceedings of the 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Berlin, Germany, 6–8 November 2017; pp. 280–285. [Google Scholar]
  41. Afolabi, I.; Taleb, T.; Samdanis, K.; Ksentini, A.; Flinck, H. Network Slicing and Softwarization: A Survey on Principles, Enabling Technologies, and Solutions. IEEE Commun. Surv. Tutor. 2018, 20, 2429–2453. [Google Scholar] [CrossRef]
  42. Chowdhury, M.Z.; Shahjalal, M.; Ahmed, S.; Jang, Y.M. 6G Wireless Communication Systems: Applications, Requirements, Technologies, Challenges, and Research Directions. IEEE Open J. Commun. Soc. 2020, 1, 957–975. [Google Scholar] [CrossRef]
  43. Dang, X.-T.; Sivrikaya, F. A Lightweight Policy-aware Broker for Multi-domain Network Slice Composition. In Proceedings of the 2020 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), Paris, France, 24–27 February 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 123–130. [Google Scholar]
  44. Li, X.; He, M.; Ni, J. Secure and Privacy-preserving Network Slicing in 3GPP 5G System Architecture. In Proceedings of the 2023 IEEE/CIC International Conference on Communications in China (ICCC), Dalian, China, 10–12 August 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 1–6. [Google Scholar]
  45. Karunarathna, S.; Wijethilaka, S.; Ranaweera, P.; Hemachandra, K.T.; Samarasinghe, T.; Liyanage, M. The Role of Network Slicing and Edge Computing in the Metaverse Realization. IEEE Access 2023, 11, 25502–25530. [Google Scholar] [CrossRef]
  46. Li, Y.; Zhang, J.; Xue, H.; Ma, J.; Wu, J.; Zhao, M.; Han, C.; Dang, X. 5G Core Network Slices Embedding and Deploying Based on Greedy Algorithm in Smart Grids; IEEE: Piscataway, NJ, USA, 2022; pp. 31–35. [Google Scholar]
  47. Bao, S.; Liang, Y.; Xu, H. Blockchain for Network Slicing in 5G and Beyond: Survey and Challenges. J. Commun. Inf. Netw. 2022, 7, 349–359. [Google Scholar] [CrossRef]
  48. Dangi, R.; Jadhav, A.; Choudhary, G.; Dragoni, N.; Mishra, M.K.; Lalwani, P. ML-Based 5G Network Slicing Security: A Comprehensive Survey. Future Internet 2022, 14, 116. [Google Scholar] [CrossRef]
  49. Khan, L.U.; Yaqoob, I.; Tran, N.H.; Han, Z.; Hong, C.S. Network Slicing: Recent Advances, Taxonomy, Requirements, and Open Research Challenges. IEEE Access 2020, 8, 36009–36028. [Google Scholar] [CrossRef]
  50. Dalgitsis, M.; Cadenelli, N.; Serrano, M.A.; Bartzoudis, N.; Alonso, L.; Antonopoulos, A. NSFaaS: Network Slice Federation as a Service in Cloud-Native 5G and Beyond Mobile Networks. In Proceedings of the 2023 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Dresden, Germany, 7–9 November 2023; IEEE: Piscataway, NJ, USA, 2023; pp. 59–64. [Google Scholar]
  51. Wu, W.; Zhou, C.; Li, M.; Wu, H.; Zhou, H.; Zhang, N.; Shen, X.S.; Zhuang, W. AI-Native Network Slicing for 6G Networks. IEEE Wirel. Commun. 2022, 29, 96–103. [Google Scholar] [CrossRef]
  52. De Alwis, C.; Porambage, P.; Dev, K.; Gadekallu, T.R.; Liyanage, M. A Survey on Network Slicing Security: Attacks, Challenges, Solutions and Research Directions. IEEE Commun. Surv. Tutor. 2024, 26, 534–570. [Google Scholar] [CrossRef]
  53. Burns, J.; Cheng, A.; Gurung, P.; Rajagopalan, S.; Rao, P.; Rosenbluth, D.; Surendran, A.V.; Martin, D.M. Automatic management of network security policy. In Proceedings of the Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX’01, Anaheim, CA, USA, 12–14 June 2001; IEEE Computer Society: Washington, DC, USA, 2001; Volume 2, pp. 12–26. [Google Scholar]
  54. Rycroft, R.W.; Kash, D.E. Self-organizing innovation networks: Implications for globalization. Technovation 2004, 24, 187–197. [Google Scholar] [CrossRef]
  55. Schneider, F.B. Enforceable security policies. ACM Trans. Inf. Syst. Secur. 2000, 3, 30–50. [Google Scholar] [CrossRef]
  56. Scheid, E.J.; Machado, C.C.; Franco, M.F.; Dos Santos, R.L.; Pfitscher, R.P.; Schaeffer-Filho, A.E.; Granville, L.Z. INSpIRE: Integrated NFV-based Intent Refinement Environment. In Proceedings of the 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Lisbon, Portugal, 8–12 May 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 186–194. [Google Scholar]
  57. Chadha, R.; Lapiotis, G.; Wright, S. Guest editorial—Policy-based networking. IEEE Netw. 2002, 16, 8–9. [Google Scholar] [CrossRef]
  58. Foster, N.; Freedman, M.J.; Harrison, R.; Rexford, J.; Meola, M.L.; Walker, D. Frenetic: A high-level language for OpenFlow networks. In Proceedings of the Workshop on Programmable Routers for Extensible Services of Tomorrow, Philadelphia, PA, USA, 30 November 2010; ACM: New York, NY, USA, 2010; pp. 1–6. [Google Scholar]
  59. Batista, B.; Fernandez, M. PonderFlow: A New Policy Specification Language to SDN OpenFlow-based Networks. Int. J. Adv. Netw. Serv. 2014, 7, 163–172. [Google Scholar]
  60. Damianou, N.; Dulay, N.; Lupu, E.; Sloman, M. Ponder: A Language for Specifying Security and Management Policies for Distributed Systems; Imperial College London: London, UK, 2000. [Google Scholar]
  61. Amoroso, A. Automated Policy Enforcement in Software Defined Networking and Network Function Virtualization Environment. Master’s Thesis, Politecnico di Torino, Turin, Italy, 2020. [Google Scholar]
  62. Giotis, K.; Kryftis, Y.; Maglaris, V. Policy-based orchestration of NFV services in Software-Defined Networks. In Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft), London, UK, 13–17 April 2015; IEEE: Piscataway, NJ, USA, 2015; pp. 1–5. [Google Scholar]
  63. Abbas, K.; Afaq, M.; Khan, T.A.; Mehmood, A.; Song, W.-C. IBNSlicing: Intent-Based Network Slicing Framework for 5G Networks using Deep Learning. In Proceedings of the 2020 21st Asia-Pacific Network Operations and Management Symposium (APNOMS), Daegu, Republic of Korea, 23–25 September 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 19–24. [Google Scholar]
  64. Martins, J.S.B.; Carvalho, T.C.; Moreira, R.; Both, C.B.; Donatti, A.; Correa, J.H.; Suruagy, J.A.; Correa, S.L.; Abelem, A.J.G.; Ribeiro, M.R.N.; et al. Enhancing Network Slicing Architectures With Machine Learning, Security, Sustainability and Experimental Networks Integration. IEEE Access 2023, 11, 69144–69163. [Google Scholar] [CrossRef]
  65. Salahdine, F.; Han, T.; Zhang, N. 5G, 6G, and Beyond: Recent advances and future challenges. Ann. Telecommun. Telecommun. 2023, 78, 525–549. [Google Scholar] [CrossRef]
  66. Dangi, R.; Choudhary, G.; Dragoni, N.; Lalwani, P.; Khare, U.; Kundu, S. 6G Mobile Networks: Key Technologies, Directions, and Advances. Telecom 2023, 4, 836–876. [Google Scholar] [CrossRef]
  67. Alanazi, M.N. 5G Security Threat Landscape, AI and Blockchain. Wirel. Pers. Commun. 2023, 133, 1467–1482. [Google Scholar] [CrossRef]
  68. Kaloxylos, A.; Gavras, A.; Camps Mur, D.; Ghoraishi, M.; Hrasnica, H. AI and ML—Enablers for Beyond 5G Networks; 5G PPP: Heidelberg, Germany, 2020. [Google Scholar] [CrossRef]
  69. Fakhouri, H.N.; Alawadi, S.; Awaysheh, F.M.; Hani, I.B.; Alkhalaileh, M.; Hamad, F. A Comprehensive Study on the Role of Machine Learning in 5G Security: Challenges, Technologies, and Solutions. Electronics 2023, 12, 4604. [Google Scholar] [CrossRef]
  70. Meduri, K.; Nadella, G.S.; Gonaygunta, H. Enhancing Cybersecurity with Artificial Intelligence: Predictive Techniques and Challenges in the Age of IoT. Int. J. Sci. Eng. Appl. 2024, 13, 30–33. [Google Scholar] [CrossRef]
  71. Haider, N.; Baig, M.Z.; Imran, M. Artificial Intelligence and Machine Learning in 5G Network Security: Opportunities, advantages, and future research trends 2020. arXiv 2020, arXiv:2007.04490. [Google Scholar]
  72. Afaq, A.; Haider, N.; Baig, M.Z.; Khan, K.S.; Imran, M.; Razzak, I. Machine learning for 5G security: Architecture, recent advances, and challenges. Ad Hoc Netw. 2021, 123, 102667. [Google Scholar] [CrossRef]
  73. Suomalainen, J.; Juhola, A.; Shahabuddin, S.; Mammela, A.; Ahmad, I. Machine Learning Threatens 5G Security. IEEE Access 2020, 8, 190822–190842. [Google Scholar] [CrossRef]
  74. Siriwardhana, Y.; Porambage, P.; Liyanage, M.; Ylianttila, M. AI and 6G Security: Opportunities and Challenges. In Proceedings of the 2021 Joint European Conference on Networks and Communications & 6G Summit (EuCNC/6G Summit), Porto, Portugal, 8–11 June 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 616–621. [Google Scholar]
  75. Wang, W.; Liang, C.; Chen, Q.; Tang, L.; Yanikomeroglu, H.; Liu, T. Distributed Online Anomaly Detection for Virtualized Network Slicing Environment. IEEE Trans. Veh. Technol. 2022, 71, 12235–12249. [Google Scholar] [CrossRef]
  76. Jain, A.; Singh, T.; Sharma, S.K. Security as a solution: An intrusion detection system using a neural network for IoT enabled healthcare ecosystem. Interdiscip. J. Inf. Knowl. Manag. 2021, 16, 331–369. [Google Scholar] [CrossRef] [PubMed]
  77. Sattar, D.; Matrawy, A. Towards Secure Slicing: Using Slice Isolation to Mitigate DDoS Attacks on 5G Core Network Slices. In Proceedings of the 2019 IEEE Conference on Communications and Network Security (CNS), Washington, DC, USA, 10–12 June 2019; pp. 82–90. [Google Scholar]
  78. Tonini, F.; Natalino, C.; Furdek, M.; Raffaelli, C.; Monti, P. Network Slicing Automation: Challenges and Benefits. In Proceedings of the 2020 International Conference on Optical Network Design and Modeling (ONDM), Barcelona, Spain, 18–21 May 2020; pp. 1–6. [Google Scholar]
  79. Kaur, J.; Khan, M.A.; Iftikhar, M.; Imran, M.; Emad Ul Haq, Q. Machine Learning Techniques for 5G and Beyond. IEEE Access 2021, 9, 23472–23488. [Google Scholar] [CrossRef]
  80. Fourati, H.; Maaloul, R.; Chaari, L. A survey of 5G network systems: Challenges and machine learning approaches. Int. J. Mach. Learn. Cybern. 2021, 12, 385–431. [Google Scholar] [CrossRef]
  81. Asghar, M.Z.; Abbas, M.; Zeeshan, K.; Kotilainen, P.; Hämäläinen, T. Assessment of Deep Learning Methodology for Self-Organizing 5G Networks. Appl. Sci. 2019, 9, 2975. [Google Scholar] [CrossRef]
  82. Mahesh, B. Machine Learning Algorithms—A Review. Int. J. Sci. Res. IJSR 2020, 9, 381–386. [Google Scholar]
  83. Morocho-Cayamcela, M.E.; Lee, H.; Lim, W. Machine Learning for 5G/B5G Mobile and Wireless Communications: Potential, Limitations, and Future Directions. IEEE Access 2019, 7, 137184–137206. [Google Scholar] [CrossRef]
  84. Ghahramani, Z. Unsupervised Learning. In Advanced Lectures on Machine Learning; Bousquet, O., Von Luxburg, U., Rätsch, G., Eds.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2004; Volume 3176, pp. 72–112. ISBN 978-3-540-23122-6. [Google Scholar]
  85. Sharma, V.; Rai, S.; Dev, A. A Comprehensive Study of Artificial Neural Networks. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 2012, 2, 278–284. [Google Scholar]
  86. Ly, A.; Yao, Y.-D. A Review of Deep Learning in 5G Research: Channel Coding, Massive MIMO, Multiple Access, Resource Allocation, and Network Security. IEEE Open J. Commun. Soc. 2021, 2, 396–408. [Google Scholar] [CrossRef]
  87. Doan, M.; Zhang, Z. Deep Learning in 5G Wireless Networks—Anomaly Detections. In Proceedings of the 2020 29th Wireless and Optical Communications Conference (WOCC), Newark, NJ, USA, 1–2 May 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 1–6. [Google Scholar]
  88. Sharma, H.; Kumar, N. Deep learning based physical layer security for terrestrial communications in 5G and beyond networks: A survey. Phys. Commun. 2023, 57, 102002. [Google Scholar] [CrossRef]
  89. Thantharate, A.; Paropkari, R.; Walunj, V.; Beard, C.; Kankariya, P. Secure5G: A Deep Learning Framework Towards a Secure Network Slicing in 5G and Beyond. In Proceedings of the 2020 10th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 6–8 January 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 0852–0857. [Google Scholar]
  90. Thantharate, A.; Paropkari, R.; Walunj, V.; Beard, C. DeepSlice: A Deep Learning Approach towards an Efficient and Reliable Network Slicing in 5G Networks. In Proceedings of the 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), New York City, NY, USA, 10–12 October 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 0762–0767. [Google Scholar]
  91. Kuadey, N.A.E.; Maale, G.T.; Kwantwi, T.; Sun, G.; Liu, G. DeepSecure: Detection of Distributed Denial of Service Attacks on 5G Network Slicing—Deep Learning Approach. IEEE Wirel. Commun. Lett. 2022, 11, 488–492. [Google Scholar] [CrossRef]
  92. Sharafaldin, I.; Lashkari, A.H.; Hakak, S.; Ghorbani, A.A. Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy. In Proceedings of the 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India, 1–3 October 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 1–8. [Google Scholar]
  93. Jiang, W.; Anton, S.D.; Dieter Schotten, H. Intelligence Slicing: A Unified Framework to Integrate Artificial Intelligence into 5G Networks. In Proceedings of the 2019 12th IFIP Wireless and Mobile Networking Conference (WMNC), Paris, France, 11–13 September 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 227–232. [Google Scholar]
  94. Lemay, A. Fernandez Providing SCADA network data sets for intrusion detection research. In Proceedings of the 9th USENIX Conference on Cyber Security Experimentation and Test, Austin, TX, USA, 8 August 2016; USENIX Association: Berkeley, CA, USA, 2016; p. 6. [Google Scholar]
  95. Liu, Q.; Han, T.; Ansari, N. Learning-Assisted Secure End-to-End Network Slicing for Cyber-Physical Systems. IEEE Netw. 2020, 34, 37–43. [Google Scholar] [CrossRef]
  96. Bonfim, M.; Santos, M.; Dias, K.; Fernandes, S. A real-time attack defense framework for 5G network slicing. Softw. Pract. Exp. 2020, 50, 1228–1257. [Google Scholar] [CrossRef]
  97. García, S.; Grill, M.; Stiborek, J.; Zunino, A. An empirical comparison of botnet detection methods. Comput. Secur. 2014, 45, 100–123. [Google Scholar] [CrossRef]
  98. Bousalem, B.; Silva, V.F.; Langar, R.; Cherrier, S. DDoS Attacks Detection and Mitigation in 5G and Beyond Networks: A Deep Learning-based Approach. In Proceedings of the GLOBECOM 2022—2022 IEEE Global Communications Conference, Rio de Janeiro, Brazil, 4–8 December 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 1259–1264. [Google Scholar]
  99. Doriguzzi-Corin, R.; Millar, S.; Scott-Hayward, S.; Martinez-del-Rincon, J.; Siracusa, D. Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection. IEEE Trans. Netw. Serv. Manag. 2020, 17, 876–889. [Google Scholar] [CrossRef]
  100. Riekstin, A.C.; Januario, G.C.; Rodrigues, B.B.; Nascimento, V.T.; Carvalho, T.C.M.D.B.; Meirosu, C. A Survey of Policy Refinement Methods as a Support for Sustainable Networks. IEEE Commun. Surv. Tutor. 2016, 18, 222–235. [Google Scholar] [CrossRef]
  101. Lara, A.; Ramamurthy, B. OpenSec: Policy-Based Security Using Software-Defined Networking. IEEE Trans. Netw. Serv. Manag. 2016, 13, 30–42. [Google Scholar] [CrossRef]
  102. Tsorouchis, C.; Denazis, S.; Kitchara, C.; Vivero, J.; Salamanca, E.; Magana, E.; Galis, A.; Manas, J.L.; Corlinet, Y.; Mathieu, B.; et al. A policy-based management architecture for active and programmable networks. IEEE Netw. 2003, 17, 22–28. [Google Scholar] [CrossRef]
  103. Varadharajan, V.; Karmakar, K.K.; Tupakula, U.; Hitchens, M. Toward a Trust Aware Network Slice-Based Service Provision in Virtualized Infrastructures. IEEE Trans. Netw. Serv. Manag. 2022, 19, 1065–1082. [Google Scholar] [CrossRef]
  104. Samuel, F.; Chowdhury, M.; Boutaba, R. PolyViNE: Policy-based virtual network embedding across multiple domains. J. Internet Serv. Appl. 2013, 4, 6. [Google Scholar] [CrossRef]
  105. Lee, W.; Kim, N. Security Policy Scheme for an Efficient Security Architecture in Software-Defined Networking. Information 2017, 8, 65. [Google Scholar] [CrossRef]
  106. Leivadeas, A.; Falkner, M. A Survey on Intent-Based Networking. IEEE Commun. Surv. Tutor. 2023, 25, 625–655. [Google Scholar] [CrossRef]
  107. Falkner, M.; Apostolopoulos, J. Intent-based networking for the enterprise: A modern network architecture. Commun. ACM 2022, 65, 108–117. [Google Scholar] [CrossRef]
  108. Wei, Y.; Peng, M.; Liu, Y. Intent-based networks for 6G: Insights and challenges. Digit. Commun. Netw. 2020, 6, 270–280. [Google Scholar] [CrossRef]
  109. Basile, C.; Valenza, F.; Lioy, A.; Lopez, D.R.; Pastor Perales, A. Adding Support for Automatic Enforcement of Security Policies in NFV Networks. IEEEACM Trans. Netw. 2019, 27, 707–720. [Google Scholar] [CrossRef]
  110. Molina Zarca, A.; Bagaa, M.; Bernal Bernabe, J.; Taleb, T.; Skarmeta, A.F. Semantic-Aware Security Orchestration in SDN/NFV-Enabled IoT Systems. Sensors 2020, 20, 3622. [Google Scholar] [CrossRef] [PubMed]
  111. Bringhenti, D.; Yusupov, J.; Zarca, A.M.; Valenza, F.; Sisto, R.; Bernabe, J.B.; Skarmeta, A. Automatic, verifiable and optimized policy-based security enforcement for SDN-aware IoT networks. Comput. Netw. 2022, 213, 109123. [Google Scholar] [CrossRef]
  112. Sousa, N.F.S.D.; Rothenberg, C.E. CLARA: Closed Loop-based Zero-touch Network Management Framework. In Proceedings of the 2021 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Heraklion, Greece, 9–11 November 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 110–115. [Google Scholar]
  113. Tam, P.; Ros, S.; Song, I.; Kim, S. QoS-Driven Slicing Management for Vehicular Communications. Electronics 2024, 13, 314. [Google Scholar] [CrossRef]
  114. Vergutz, A.; Noubir, G.; Nogueira, M. Reliability for Smart Healthcare: A Network Slicing Perspective. IEEE Netw. 2020, 34, 91–97. [Google Scholar] [CrossRef]
  115. Abdellatif, A.A.; Mohamed, A.; Chiasserini, C.F.; Tlili, M.; Erbad, A. Edge Computing for Smart Health: Context-Aware Approaches, Opportunities, and Challenges. IEEE Netw. 2019, 33, 196–203. [Google Scholar] [CrossRef]
Figure 2. FAIN architecture from [102].
Figure 2. FAIN architecture from [102].
Futureinternet 16 00226 g002
Figure 3. PbSA integrated into SDN architecture [103].
Figure 3. PbSA integrated into SDN architecture [103].
Futureinternet 16 00226 g003
Figure 4. Intent-based networking deployment process [106].
Figure 4. Intent-based networking deployment process [106].
Futureinternet 16 00226 g004
Figure 5. IBN model for intent translation [106].
Figure 5. IBN model for intent translation [106].
Futureinternet 16 00226 g005
Figure 6. ZSM reference architecture.
Figure 6. ZSM reference architecture.
Futureinternet 16 00226 g006
Figure 7. 6G-OPENSEC-SECURITY reference architecture.
Figure 7. 6G-OPENSEC-SECURITY reference architecture.
Futureinternet 16 00226 g007
Figure 8. A high-level overview of the interaction between these components.
Figure 8. A high-level overview of the interaction between these components.
Futureinternet 16 00226 g008
Figure 9. Security Data Analytics internal workflow.
Figure 9. Security Data Analytics internal workflow.
Futureinternet 16 00226 g009
Figure 10. Security Decision internal workflow.
Figure 10. Security Decision internal workflow.
Futureinternet 16 00226 g010
Table 1. Application of AI in network security.
Table 1. Application of AI in network security.
ApplicationsDescriptionUse CasesStrengthsWeaknesses
Anomaly
Detection
Network Traffic
Analysis
User Behaviour Analysis
A decentralized one-class support vector machine
analyses virtual nodes for anomalies, using canonical correlation to measure neighbour correlations [75].
Rapid detection of abnormal
activities
Susceptible to false
positives/
negatives
Intrusion
Detection
ML-driven intrusion
detection systems
Intrusion detection systems can identify intruders in a network using neural networks and ML techniques [76].High accuracy in identifying threatsResource
intensive may impact
efficiency
Threat
Response
Rapid response to potential threatsOptimization models can mitigate DDoS attacks through slice isolation, enhanced by AI optimization techniques [77]Swift mitigation of security breachesMay require
human
oversight for
validation
Predictive AnalyticsAnticipating security breachesReinforcement Learning models can manage slicing
resources and predict threats based on past data and
network changes [78].
Proactive
identification of threats
Reliance on
historical data for predictions
Adaptive DefencesAI-driven adaptive
security measures
AI-based Expert Systems can automate defence and
mitigation decisions based on the specific threat
Ability to adapt to evolving threatsVulnerable to attacks targeting AI systems
Security OrchestrationCoordinating security measures across different network slices and
components
Creating frameworks based on ETSI ZSM principles for security management, like in the 6G-OPENSEC-SECURITY project.Effective
coordination of security measures
Complexity in integration and management
Table 2. Summary of the developed works about AI and security in network slicing.
Table 2. Summary of the developed works about AI and security in network slicing.
FrameworkUsed AlgorithmsPerformance MetricProtected
Attack
DescriptionDataset Used
Secure5G
[89]
Deep learning CNNsDetection
Accuracy
98%
DDoSPre-emptively identifies and neutralises volume-based flooding and spoofing attacks.Custom
Dataset
DeepSecure [91]Long Short-Term Memory (LSTM)Detection
Accuracy 99.97%
DDoSPredicts slices and detects attacks within 5G networks, focused on DDoS attacks.CICDDoS2019 [92]
Intelligence Slicing [93]Random Forest, Support Vector MachineDetection
Accuracy
100%
MalwareOffers 5G network management and security, with a specialised “security intelligence slice” employing ML-based anomaly detection.DS1, DS2, DS3
datasets [94]
Resource
Allocation Framework [95]
ADMM Learning-assisted algorithmSlice
performance restoration rate 98%
DoSOptimises resource allocation in network slicing for cyber–physical systems, adapting dynamically to counteract DoS attacks.N/A
FrameRTP4 [96]Random ForestTrue
Positive Rate—99.99%
Multiple attacks such as DoS and PortScansIt provides real-time detection and mitigation of attacks in 5G network slicing scenarios using ML algorithms based on Random Forests.CTU-13 [97]
5G
Prototype [98]
Lightweight, usable CNN (LUCID) [99]Detection
Accuracy
97%
DDoSTailored for detecting and mitigating DDoS attacks within Vehicle-to-Everything slices.Custom dataset
Table 3. Security Data Analytics modules and their functionalities.
Table 3. Security Data Analytics modules and their functionalities.
SubcomponentPurposeKey FeaturesInterfaces
Data Processing &
Transformation Engine (DPTE)
Prepares/reconstructs the collected data.Collection of data.Input: Data collected from Security Data Collection.
Output: Analytics-ready data.
Anomaly Detection Engine (ADE)Identifies anomalies in the data that might indicate security threats, breaches, or other significant
deviations from expected patterns.
Statistical Analysis
Machine Learning Models
Threshold Settings & Alerts
Input: Analytics-ready data.
Output: Identified anomalies,
insights, or alerts.
Real-time Analytics
& Stream Processing (RASP)
Enables real-time data analysis for immediate insights, which is crucial for detecting ongoing security threats.Stream Process Engine
Real-time Dashboards
Input: Real-time insights and
analysed streams
Output: Dashboards and processed data.
Alert Module (AM)Serves as a communication
interface with Security Decision, sending alerts for detected threats.
Real-time alert
Alert Generation
Input: Processed data.
Output: Alerts.
Reporting Module (RM)Prepares analysed data to generate reports.Report GenerationInput: Analytical results and
insights.
Output: Reports and processed data.
Feedback & Optimization Engine (FOE)Improves the analytical processes based on feedback and
continuously optimises the
algorithms.
Model Training & RetrainingInput: ML model testing
Output: Optimised models
Table 4. Security Decision subcomponents and their functionalities.
Table 4. Security Decision subcomponents and their functionalities.
SubcomponentPurposeKey FeaturesInterfaces
Threat Assessment (TA)Evaluates risks of detected anomaliesThreat Categorization
Threat/SSLA association
Input: SDA anomaly reports/flags
Output: Categorizes threats per SSLAs.
Decision Engine (DE)Determines action based on TA assessment.Action Mapping
Escalation Logic
Policy Enforcing
Input: Policies, action sets, playbooks
Output: Chosen response, escalation alerts
Communication InterfaceConnecting components within SCLA.Broker Producer/ConsumerInput: Config parameters for SCL/threat alerts/Pcap
Output: System feedback/status updates
Policy Compliance (PC)Maintaining security policies for decision-makingPolicy Storage & Retrieval
Policy Compliance Revision
Input: SSLA&P policy requirements for compliance.
Output: Delivers policies to DE, logs for audit/version.
Incident Logging & Reporting Module (ILR)Logs decisions/incidents for audit trail, generates reports for analysis/complianceMitigation Logs
Generate Logs
Input: Incident data, user feedback.
Output: Mitigation logs, reports.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Cunha, J.; Ferreira, P.; Castro, E.M.; Oliveira, P.C.; Nicolau, M.J.; Núñez, I.; Sousa, X.R.; Serôdio, C. Enhancing Network Slicing Security: Machine Learning, Software-Defined Networking, and Network Functions Virtualization-Driven Strategies. Future Internet 2024, 16, 226. https://doi.org/10.3390/fi16070226

AMA Style

Cunha J, Ferreira P, Castro EM, Oliveira PC, Nicolau MJ, Núñez I, Sousa XR, Serôdio C. Enhancing Network Slicing Security: Machine Learning, Software-Defined Networking, and Network Functions Virtualization-Driven Strategies. Future Internet. 2024; 16(7):226. https://doi.org/10.3390/fi16070226

Chicago/Turabian Style

Cunha, José, Pedro Ferreira, Eva M. Castro, Paula Cristina Oliveira, Maria João Nicolau, Iván Núñez, Xosé Ramon Sousa, and Carlos Serôdio. 2024. "Enhancing Network Slicing Security: Machine Learning, Software-Defined Networking, and Network Functions Virtualization-Driven Strategies" Future Internet 16, no. 7: 226. https://doi.org/10.3390/fi16070226

APA Style

Cunha, J., Ferreira, P., Castro, E. M., Oliveira, P. C., Nicolau, M. J., Núñez, I., Sousa, X. R., & Serôdio, C. (2024). Enhancing Network Slicing Security: Machine Learning, Software-Defined Networking, and Network Functions Virtualization-Driven Strategies. Future Internet, 16(7), 226. https://doi.org/10.3390/fi16070226

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop