Risk-Aware SDN Defense Framework Against Anti-Honeypot Attacks Using Safe Reinforcement Learning

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS International Journal of Network Management Pub Date : 2024-09-16 DOI:10.1002/nem.2297

Dongying Gao, Caiwei Guo, Yi Zhang, Wen Ji, Zhilei Lv, Zheng Li, Kunsan Zhang, Ruibin Lin

{"title":"Risk-Aware SDN Defense Framework Against Anti-Honeypot Attacks Using Safe Reinforcement Learning","authors":"Dongying Gao, Caiwei Guo, Yi Zhang, Wen Ji, Zhilei Lv, Zheng Li, Kunsan Zhang, Ruibin Lin","doi":"10.1002/nem.2297","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>The development of multiple attack methods by external attackers in recent years poses a huge challenge to the security and efficient operation of software-defined networks (SDN), which are the core of operational controllers and data storage. Therefore, it is critical to ensure that the normal process of network interaction between SDN servers and users is protected from external attacks. In this paper, we propose a risk-aware SDN defense framework based on safe reinforcement learning (SRL) to counter multiple attack actions. Specifically, the defender uses SRL to maximize the utility by choosing to provide a honeypot service or pseudo-honeypot service within predefined security constraints, while the external attacker maximizes the utility by choosing an anti-honeypot attack or masquerade attack. To describe the system risk in detail, we introduce the risk level function to model the simultaneous dynamic attack and defense processes. Simulation results demonstrate that our proposed risk-aware scheme improves the defense utility by 17.5% and 142.4% and reduces the system risk by 42.7% and 59.6% compared to the QLearning scheme and the Random scheme, respectively.</p>\n </div>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"34 6","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2024-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Network Management","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/nem.2297","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The development of multiple attack methods by external attackers in recent years poses a huge challenge to the security and efficient operation of software-defined networks (SDN), which are the core of operational controllers and data storage. Therefore, it is critical to ensure that the normal process of network interaction between SDN servers and users is protected from external attacks. In this paper, we propose a risk-aware SDN defense framework based on safe reinforcement learning (SRL) to counter multiple attack actions. Specifically, the defender uses SRL to maximize the utility by choosing to provide a honeypot service or pseudo-honeypot service within predefined security constraints, while the external attacker maximizes the utility by choosing an anti-honeypot attack or masquerade attack. To describe the system risk in detail, we introduce the risk level function to model the simultaneous dynamic attack and defense processes. Simulation results demonstrate that our proposed risk-aware scheme improves the defense utility by 17.5% and 142.4% and reduces the system risk by 42.7% and 59.6% compared to the QLearning scheme and the Random scheme, respectively.

Abstract Image

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

利用安全强化学习对抗反蜜罐攻击的风险意识 SDN 防御框架

近年来，外部攻击者开发出多种攻击手段，对作为运行控制器和数据存储核心的软件定义网络（SDN）的安全和高效运行提出了巨大挑战。因此，确保 SDN 服务器与用户之间正常的网络交互过程免受外部攻击至关重要。本文提出了一种基于安全强化学习（SRL）的风险感知 SDN 防御框架，以应对多种攻击行为。具体来说，防御者利用 SRL 在预定义的安全约束条件下选择提供蜜罐服务或伪蜜罐服务，从而实现效用最大化；而外部攻击者则通过选择反蜜罐攻击或伪装攻击来实现效用最大化。为了详细描述系统风险，我们引入了风险等级函数来模拟同时进行的动态攻击和防御过程。仿真结果表明，与 QLearning 方案和随机方案相比，我们提出的风险感知方案分别提高了 17.5% 和 142.4% 的防御效用，降低了 42.7% 和 59.6% 的系统风险。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

International Journal of Network Management COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS

CiteScore

5.10

自引率

6.70%

发文量

审稿时长

>12 weeks

期刊介绍： Modern computer networks and communication systems are increasing in size, scope, and heterogeneity. The promise of a single end-to-end technology has not been realized and likely never will occur. The decreasing cost of bandwidth is increasing the possible applications of computer networks and communication systems to entirely new domains. Problems in integrating heterogeneous wired and wireless technologies, ensuring security and quality of service, and reliably operating large-scale systems including the inclusion of cloud computing have all emerged as important topics. The one constant is the need for network management. Challenges in network management have never been greater than they are today. The International Journal of Network Management is the forum for researchers, developers, and practitioners in network management to present their work to an international audience. The journal is dedicated to the dissemination of information, which will enable improved management, operation, and maintenance of computer networks and communication systems. The journal is peer reviewed and publishes original papers (both theoretical and experimental) by leading researchers, practitioners, and consultants from universities, research laboratories, and companies around the world. Issues with thematic or guest-edited special topics typically occur several times per year. Topic areas for the journal are largely defined by the taxonomy for network and service management developed by IFIP WG6.6, together with IEEE-CNOM, the IRTF-NMRG and the Emanics Network of Excellence.