Security Service Function Chain Based on Graph Neural Network
Abstract
:1. Introduction
- We propose a construction algorithm of security service function chain based on graph neural network. The algorithm uses the representation of nodes in graph neural network to construct a flexible and efficient security service function chain more comprehensively under the influence of its surrounding neighbor nodes.
- For the actual experiment, we use the Mininet network simulation tool and Floodlight software as the controller to simulate the real network.
- We test several most advanced artificial intelligence algorithms in generating the security service function chain. We evaluate our proposed model from the aspects of quality of service (end-to-end network delay and throughput) and security service chain construction time. Our proposed method has the best performance.
2. Related Work
3. Model Introduction
3.1. SDN and NFV
3.2. Graph Neural Network
3.2.1. Propagation Module
3.2.2. Output Module
3.3. Security Service Function Chain
3.4. Security Service Function Chain Based on Graph Neural Network
4. Results and Evaluation
4.1. Experimental Environment
4.2. Data Settings
4.3. Experimental Tests and Results
5. Conclusions and Future Work
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Zhao, Z.; Hailong, L.; Siqi, D.; Lei, H.; Jingren, M. SDN-based data center network flow probabilistic path selection method. Comput. Eng. 2019, 45, 36–40. [Google Scholar]
- Lu, K. Deployment and Optimization of NFV Service Function Chain Based on Artificial Intelligence; University of Electronic Science and Technology of China: Chengdu, China, 2018. (In Chinese) [Google Scholar]
- Casado, M.; Garfinkel, T.; Akella, A.; Freedman, M.J.; Dan, B.; Mckeown, N.; Shenker, S. Sane: A protection architecture for enterprise networks. In Proceedings of the 15th Conference on USENIX Security Symposium, Vancouver, BC, Canada, 31 July–4 August 2006; Volume 15. [Google Scholar]
- Open Networking Foundation. Software-Defined Networking: The New Norm for Networks [White Paper]. ONF White Paper. 2012. Available online: https://www.semanticscholar.org/paper/Software-Defined-Networking-The-New-Norm-for-Tank-Dixit/6457799bfda12f18c6f3f6cdaad1848bcc4c3aa2 (accessed on 5 October 2021).
- Karl, H.; Dräxler, S.; Peuster, M.; Galis, A.; Bredel, M.; Ramos, A.; Martrat, J.; Siddiqui, M.S.; Van Rossem, S.; Tavernier, W.; et al. DevOps for network function virtualisation: An architectural approach. Eur. Trans. Telecommun. 2016, 27, 1206–1215. [Google Scholar] [CrossRef] [Green Version]
- Xinsheng, J.; Shuiling, X.; Wenyan, L.; Qing, T.; Lingshu, L. A security-oriented dynamic heterogeneous scheduling method of virtual network functions. J. Electron. Inf. 2019, 41, 2435–2441. [Google Scholar]
- Scarselli, F.; Gori, M.; Tsoi, A.C.; Hagenbuchner, M.; Monfardini, G. The Graph Neural Network Model. IEEE Trans. Neural Netw. 2009, 20, 61–78. [Google Scholar] [CrossRef] [Green Version]
- Min, X.; Huayang, R.; Jinjin, Z.; Mengxin, C. Software-defined power communication network routing control strategy based on graph convolutional neural network. J. Electron. Inf. 2021, 43, 388–395. [Google Scholar]
- Manias, D.M. Machine Learning for Performance-Aware Virtual Network Function Placement. In Proceedings of the 2019 IEEE Global Communications Conference (GLOBECOM), Waikoloa, HA, USA, 9–13 December 2019; pp. 1–6. [Google Scholar] [CrossRef] [Green Version]
- Gang, X.; Yuxiang, H.; Tong, D.; Julong, L. A dynamic composition mechanism of software-defined network security service chain. J. Electron. Inf. 2016, 38, 1234–1241. [Google Scholar]
- Yicen, L.; Xingkai, C.; Yu, L.; Wenxin, Q. A software-defined network security service path optimization mechanism. J. Xidian Univ. 2019, 46, 158–165. [Google Scholar]
- Linjie, Z.; Qian, L.; Zhe, J.; Lihui, C. SDN/NFV-based security service chain construction technology. Radio Eng. 2018, 48, 938–943. [Google Scholar]
- Xiaohui, Y.; Qing, L.; Kunkun, S. A hybrid genetic algorithm for domain adaptation and its verification in the orchestration of security service chains. Telecommun. Sci. 2020, 36, 16–24. [Google Scholar]
- Zhang, Q. A framework for automatic orchestration and deployment of security service chains based on SDN/NFV. Comput. Syst. Appl. 2018, 27, 198–204. [Google Scholar]
- Yuwei, X.; Baokang, Z.; Xiangquan, S.; Jinshu, S. Research on low-latency optimization orchestration of containerized security service function chain. Inf. Netw. Secur. 2020, 20, 11–18. [Google Scholar]
- Mijumbi, R.; Hasija, S.; Davy, S. Topology-Aware Prediction of Virtual Network Function Resource Requirements. IEEE Trans. Netw. Serv. Manag. 2017, 14, 106–120. [Google Scholar] [CrossRef]
- Liu, Y.; Lu, Y.; Li, X.; Yao, Z.; Zhao, D. On Dynamic Service Function Chain Reconfiguration in IoT Networks. IEEE Internet Things J. 2020, 7, 10969–10984. [Google Scholar] [CrossRef]
- Xiangbei, C.; Wenqian, K.; Bin, D.; Kehan, Y.; Jian, L. A SDN routing performance prediction model based on graph neural network. Chin. J. Electron. 2021, 49, 484–491. [Google Scholar]
- Heo, D.N.; Lange, S.; Kim, H.G. Graph neural network based service function chaining for automatic network control. In Proceedings of the 21st Asia-Pacific Network Operations and Management Symposium (APNOMS), Daegu, Korea, 22–25 September 2020; pp. 7–12. [Google Scholar]
- Sun, P.; Lan, J.; Li, J. Combining Deep Reinforcement Learning With Graph Neural Networks for Optimal VNF Placement. IEEE Commun. Lett. 2020, 99, 1. [Google Scholar] [CrossRef]
- Markakis, E.; Nikoloudakis, Y.; Pallis, E.; Manso, M. Security Assessment as a Service Cross-Layered System for the Adoption of Digital, Personalised and Trusted Healthcare. In Proceedings of the 2019 IEEE 5th World Forum on Internet of Things (WF-IoT), Limerick, Ireland, 15–18 April 2019; pp. 91–94. [Google Scholar] [CrossRef]
- Yu, C. Research on Transmission Optimization and Traffic Allocation Mechanism Based on Smart SDN; Zhejiang University: Hangzhou, China, 2018. (In Chinese) [Google Scholar]
- Nikoloudakis, Y.; Kefaloukos, I.; Klados, S.; Panagiotakis, S.; Pallis, E.; Skianis, C.; Markakis, E.K. Towards a Machine Learning Based Situational Awareness Framework for Cybersecurity: An SDN Implementation. Sensors 2021, 21, 4939. [Google Scholar] [CrossRef] [PubMed]
- Liu, Y. NFV-Based Security Service System and Application Research; Beijing University of Posts and Telecommunications: Beijing, China, 2017. (In Chinese) [Google Scholar]
- Luo, C. Research on the demand scenario and key technology of NFV security assurance. Digit. Technol. Appl. 2021, 39, 25–27. [Google Scholar]
- Jinwen, W.; Xiaoli, Z.; Qi, L.; Jianping, W.; Yong, J. Research progress of network function virtualization technology. Chin. J. Comput. 2019, 42, 185–206. [Google Scholar]
- Qian, S.; Lin, T.; Yiqing, Z.; Jinglin, S. Key technologies for future access network virtualization based on NFV and SDN. Inf. Commun. Technol. 2016, 10, 57–62. (In Chinese) [Google Scholar]
- He, Z.; Yiqiang, H.; Xiaolin, G. Progress and application scenarios of NFV technology. Post Telecommun. Des. Technol. 2014, 1, 62–67. [Google Scholar]
- Ray, P.; Kumar, N. SDN/NFV architectures for edge-cloud oriented IoT: A systematic review. Comput. Commun. 2021, 169, 1. [Google Scholar] [CrossRef]
- Li, X. Traffic Flow Prediction Based on Graph Neural Network; University of Electronic Science and Technology of China: Chengdu, China, 2020. (In Chinese) [Google Scholar]
- Qiongyao, L.; Hua, Q.; Wenmao, L. Service function chain design based on software-defined security. Comput. Syst. Appl. 2018, 27, 286–291. (In Chinese) [Google Scholar]
- Yaxuan, T.; Lijuan, L. SDN-based network export solution. Comput. Knowl. Technol. 2017, 13, 22–24. [Google Scholar]
- Li, T. Design and Implementation of Multi-Domain Network Security Service Orchestration System; Beijing Jiaotong University: Beijing, China, 2018. (In Chinese) [Google Scholar]
- Halpern, J.M.; Pignataro, C. Service Function Chaining (SFC) Architecture. RFC, 2015, 7665. Available online: https://datatracker.ietf.org/doc/rfc7665/ (accessed on 5 October 2021).
- Lantz, B.; Heller, B.; McKeown, N. A Network in a Laptop: Rapid Prototyping for Software-Defined Networks. In Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Monterey, CA, USA, 20–21 October 2010. [Google Scholar]
- iPerf—The Ultimate Speed Test Tool for TCP, UDP and SCTP. Available online: https://iperf.fr/ (accessed on 5 October 2021).
Parameter | Minimum | Maximum |
---|---|---|
Number of nodes/pieces | 5 | 50 |
Number of processing functions of a single node/piece | 1 | 5 |
Single function processing time/MS | 100 | 500 |
Length of security service chain/piece | 3 | 10 |
Bandwidth required for virtual link | 5 | 10 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Li, W.; Wang, H.; Zhang, X.; Li, D.; Yan, L.; Fan, Q.; Jiang, Y.; Yao, R. Security Service Function Chain Based on Graph Neural Network. Information 2022, 13, 78. https://doi.org/10.3390/info13020078
Li W, Wang H, Zhang X, Li D, Yan L, Fan Q, Jiang Y, Yao R. Security Service Function Chain Based on Graph Neural Network. Information. 2022; 13(2):78. https://doi.org/10.3390/info13020078
Chicago/Turabian StyleLi, Wei, Haomin Wang, Xiaoliang Zhang, Dingding Li, Lijing Yan, Qi Fan, Yuan Jiang, and Ruoyu Yao. 2022. "Security Service Function Chain Based on Graph Neural Network" Information 13, no. 2: 78. https://doi.org/10.3390/info13020078
APA StyleLi, W., Wang, H., Zhang, X., Li, D., Yan, L., Fan, Q., Jiang, Y., & Yao, R. (2022). Security Service Function Chain Based on Graph Neural Network. Information, 13(2), 78. https://doi.org/10.3390/info13020078