Pub Date : 2022-10-01DOI: 10.1109/FNWF55208.2022.00120
Caner Bektas, S. Böcker, C. Wietfeld
Increasing automation of industry verticals and frequently changing production cycles require a high level of production line modularity and are locally accompanied by frequently changing disjunctive application requirements. Thus, current and future wireless communication networks need to face the challenge of providing opportunities to rapidly adapt the network to its changing application demands in order to guarantee a resilient and interference-free communication. A possible key technology for implementing such a solution is represented by private 5G networks that are additionally equipped with network slicing in order to be able to meet the versatile requirements of novel applications. However, resilient network design as well as network slice dimensioning can only be guaranteed through detailed network planning. This requires expert knowledge, which is not yet present at most companies or institutions. Accordingly, automation of the network planning process is a possible solution. Existing coverage planning frameworks are extended by capacity planning in this work, and network slicing is introduced. It is shown on the basis of a realistic scenario that the predictability of data (e.g., traffic characteristics in low-latency slices) significantly influences capacity planning and must be taken into account in the dimensioning of 5G and beyond future mobile networks.
{"title":"The Cost of Uncertainty: Impact of Overprovisioning on the Dimensioning of Machine Learning-based Network Slicing","authors":"Caner Bektas, S. Böcker, C. Wietfeld","doi":"10.1109/FNWF55208.2022.00120","DOIUrl":"https://doi.org/10.1109/FNWF55208.2022.00120","url":null,"abstract":"Increasing automation of industry verticals and frequently changing production cycles require a high level of production line modularity and are locally accompanied by frequently changing disjunctive application requirements. Thus, current and future wireless communication networks need to face the challenge of providing opportunities to rapidly adapt the network to its changing application demands in order to guarantee a resilient and interference-free communication. A possible key technology for implementing such a solution is represented by private 5G networks that are additionally equipped with network slicing in order to be able to meet the versatile requirements of novel applications. However, resilient network design as well as network slice dimensioning can only be guaranteed through detailed network planning. This requires expert knowledge, which is not yet present at most companies or institutions. Accordingly, automation of the network planning process is a possible solution. Existing coverage planning frameworks are extended by capacity planning in this work, and network slicing is introduced. It is shown on the basis of a realistic scenario that the predictability of data (e.g., traffic characteristics in low-latency slices) significantly influences capacity planning and must be taken into account in the dimensioning of 5G and beyond future mobile networks.","PeriodicalId":300165,"journal":{"name":"2022 IEEE Future Networks World Forum (FNWF)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127002368","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/FNWF55208.2022.00029
C. Tremblay, É. Archambault, Rodney G. Wilson, Stewart Clelland, M. Furdek, L. Wosinska
The tremendous traffic growth generated by video, cloud, future 5G and beyond services is compelling network operators to re-think network architectures to ensure flexible and efficient service support. Filterless optical networking based on broadcast-and-select nodes and coherent transceivers is considered as a disruptive approach for delivering network agility in a cost-effective manner. The filterless network concept has been widely studied for terrestrial and submarine applications. In this paper, we explore the suitability of filterless architectures in metropolitan networks through a comparative performance analysis with a conventional metro network based on active switching. The results show that a filterless solution with lower, but adequate, network connectivity can achieve up to 36% lower power consumption and up to 45.4% cost reduction at the expense of a 19% higher spectrum usage, which makes the filterless architecture an attractive alternative for metro network deployments.
{"title":"Agile Metropolitan Filterless Optical Networking","authors":"C. Tremblay, É. Archambault, Rodney G. Wilson, Stewart Clelland, M. Furdek, L. Wosinska","doi":"10.1109/FNWF55208.2022.00029","DOIUrl":"https://doi.org/10.1109/FNWF55208.2022.00029","url":null,"abstract":"The tremendous traffic growth generated by video, cloud, future 5G and beyond services is compelling network operators to re-think network architectures to ensure flexible and efficient service support. Filterless optical networking based on broadcast-and-select nodes and coherent transceivers is considered as a disruptive approach for delivering network agility in a cost-effective manner. The filterless network concept has been widely studied for terrestrial and submarine applications. In this paper, we explore the suitability of filterless architectures in metropolitan networks through a comparative performance analysis with a conventional metro network based on active switching. The results show that a filterless solution with lower, but adequate, network connectivity can achieve up to 36% lower power consumption and up to 45.4% cost reduction at the expense of a 19% higher spectrum usage, which makes the filterless architecture an attractive alternative for metro network deployments.","PeriodicalId":300165,"journal":{"name":"2022 IEEE Future Networks World Forum (FNWF)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133067280","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/FNWF55208.2022.00079
Yijie Tao, Sampath Edirisinghe, Chathurika Ranaweera, C. Lim, A. Nirmalathas, L. Wosinska
While 5G infrastructure is being rapidly rolled out around the world, it is clear that a key strategy to meet the required high speed, ubiquitous connection is via small cell deployment and cell densification. This results in increased complexity in orchestrating and managing the Radio Access Network (RAN). To this end, we proposed a novel Software Defined Networking (SDN)-enabled reconfigurable crosshaul architecture for supporting heterogeneous hauling technologies and enhancing RAN flexibility and robustness. This is achieved by crosshaul control and data plane separation and a novel control plane. In particular, the link failure recovery procedure in the proposed architecture is evaluated to assess the robustness of the network. Simulation results illustrated that the fast recovery time will not interrupt the mobile users' connectivity with RAN. However, mobile users' data plane shows impacts on different RAN protocol layers due to the failure.
{"title":"Link Failure Recovery in SDN-Enabled Reconfigurable 6G Crosshaul Architecture","authors":"Yijie Tao, Sampath Edirisinghe, Chathurika Ranaweera, C. Lim, A. Nirmalathas, L. Wosinska","doi":"10.1109/FNWF55208.2022.00079","DOIUrl":"https://doi.org/10.1109/FNWF55208.2022.00079","url":null,"abstract":"While 5G infrastructure is being rapidly rolled out around the world, it is clear that a key strategy to meet the required high speed, ubiquitous connection is via small cell deployment and cell densification. This results in increased complexity in orchestrating and managing the Radio Access Network (RAN). To this end, we proposed a novel Software Defined Networking (SDN)-enabled reconfigurable crosshaul architecture for supporting heterogeneous hauling technologies and enhancing RAN flexibility and robustness. This is achieved by crosshaul control and data plane separation and a novel control plane. In particular, the link failure recovery procedure in the proposed architecture is evaluated to assess the robustness of the network. Simulation results illustrated that the fast recovery time will not interrupt the mobile users' connectivity with RAN. However, mobile users' data plane shows impacts on different RAN protocol layers due to the failure.","PeriodicalId":300165,"journal":{"name":"2022 IEEE Future Networks World Forum (FNWF)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132700695","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/FNWF55208.2022.00036
Arpit Tripathi, A. Thakur, T. B. Reddy
Private Networks (also known as Non-Public Net-works) bring significant benefits to Industry 4.0. These networks are typically deployed on-premises of the enterprises, and their isolation from the public (consumer) networks improves the crucial aspects of security and reliability. Despite the isolation, insider attacks can be mounted on these networks. This paper analyses such attacks using attack patterns from Common Attack Pattern Enumerations and Classifications (CAPEC) database. The analysis uses attack graphs, to combine individual domains, in the context of human, device, and network vulner-abilities. The attack graphs help identify paths, the cumulative impact on the system, and possible defense techniques, including security controls to mitigate the impact. Using three sample attack graphs in the context of standalone private 5G networks, this paper analyses possible security mechanisms and captures the difference among legacy enterprise networks (including WiFi for limited mobility), public networks, and private networks.
{"title":"Attack Graphs for Standalone Non-Public 5G Networks","authors":"Arpit Tripathi, A. Thakur, T. B. Reddy","doi":"10.1109/FNWF55208.2022.00036","DOIUrl":"https://doi.org/10.1109/FNWF55208.2022.00036","url":null,"abstract":"Private Networks (also known as Non-Public Net-works) bring significant benefits to Industry 4.0. These networks are typically deployed on-premises of the enterprises, and their isolation from the public (consumer) networks improves the crucial aspects of security and reliability. Despite the isolation, insider attacks can be mounted on these networks. This paper analyses such attacks using attack patterns from Common Attack Pattern Enumerations and Classifications (CAPEC) database. The analysis uses attack graphs, to combine individual domains, in the context of human, device, and network vulner-abilities. The attack graphs help identify paths, the cumulative impact on the system, and possible defense techniques, including security controls to mitigate the impact. Using three sample attack graphs in the context of standalone private 5G networks, this paper analyses possible security mechanisms and captures the difference among legacy enterprise networks (including WiFi for limited mobility), public networks, and private networks.","PeriodicalId":300165,"journal":{"name":"2022 IEEE Future Networks World Forum (FNWF)","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131561756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/FNWF55208.2022.00050
Zakaria Abou El Houda, Diala Naboulsi, Georges Kaddoum
Advances in Artificial Intelligence (AI) provide new capabilities to handle network routing problems. However, the lack of up-to-date training data, slow convergence, and low robustness due to the dynamic change of the network topology, makes these AI-based routing systems inefficient. To address this problem, Reinforcement Learning (RL) has been introduced to design more flexible and robust network routing protocols. However, the amount of data ($i$. e., state-action space) shared be- tween agents, in a Multi-Agent Reinforcement Learning (MARL) setup, can consume network bandwidth and may slow down the process of training. Moreover, the curse of dimensionality of RL encompasses the exponential growth of the discrete state-action space, thus limiting its potential benefit. In this paper, we present a novel approach combining Federated Learning (FL) with Deep Reinforcement Learning (D RL) in order to ensure an effective network routing in wireless environment. First, we formalize the problem of network routing as a problem of RL, where multiple agents that are geographically distributed train the policy model in a fully distributed manner. Thus, each agent can quickly obtain the optimal policy that maximizes the cumulative expected reward, while preserving the privacy of each agent's data. Experiments results show that our proposed Federated Reinforcement Learning (FRL) approach is robust and effective.
{"title":"Cost-efficient Federated Reinforcement Learning- Based Network Routing for Wireless Networks","authors":"Zakaria Abou El Houda, Diala Naboulsi, Georges Kaddoum","doi":"10.1109/FNWF55208.2022.00050","DOIUrl":"https://doi.org/10.1109/FNWF55208.2022.00050","url":null,"abstract":"Advances in Artificial Intelligence (AI) provide new capabilities to handle network routing problems. However, the lack of up-to-date training data, slow convergence, and low robustness due to the dynamic change of the network topology, makes these AI-based routing systems inefficient. To address this problem, Reinforcement Learning (RL) has been introduced to design more flexible and robust network routing protocols. However, the amount of data ($i$. e., state-action space) shared be- tween agents, in a Multi-Agent Reinforcement Learning (MARL) setup, can consume network bandwidth and may slow down the process of training. Moreover, the curse of dimensionality of RL encompasses the exponential growth of the discrete state-action space, thus limiting its potential benefit. In this paper, we present a novel approach combining Federated Learning (FL) with Deep Reinforcement Learning (D RL) in order to ensure an effective network routing in wireless environment. First, we formalize the problem of network routing as a problem of RL, where multiple agents that are geographically distributed train the policy model in a fully distributed manner. Thus, each agent can quickly obtain the optimal policy that maximizes the cumulative expected reward, while preserving the privacy of each agent's data. Experiments results show that our proposed Federated Reinforcement Learning (FRL) approach is robust and effective.","PeriodicalId":300165,"journal":{"name":"2022 IEEE Future Networks World Forum (FNWF)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132919105","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/FNWF55208.2022.00089
Girma M. Yilma, Nina Slamnik-Kriještorac, M. Liebsch, A. Francescon, J. Márquez-Barja
One of the major challenges in 5G-based Cooperative Connected and Automated Mobility is to ensure continuity of a service that is deployed on the network edge and used by a moving vehicle. We propose enablers for smart cellular edges, which support service continuity in cross-border scenarios by the timely preparation of a service instance in an anticipated topologically closer target edge, and by connecting the vehicle to such service instance before the cellular handover occurs. In this paper, we use the edge data centers of a German and Austrian mobile operator to showcase two main enabling pillars for edge service continuity, i.e., i) transparent edge bridging by means of a programmable data plane to serve a vehicle from the target edge before the vehicle performs handover to a different operator, and ii) smart applications, which apply data analytics to boost orchestration decisions for target edge preparation.
{"title":"No Limits – Smart Cellular Edges for Cross-Border Continuity of Automotive Services","authors":"Girma M. Yilma, Nina Slamnik-Kriještorac, M. Liebsch, A. Francescon, J. Márquez-Barja","doi":"10.1109/FNWF55208.2022.00089","DOIUrl":"https://doi.org/10.1109/FNWF55208.2022.00089","url":null,"abstract":"One of the major challenges in 5G-based Cooperative Connected and Automated Mobility is to ensure continuity of a service that is deployed on the network edge and used by a moving vehicle. We propose enablers for smart cellular edges, which support service continuity in cross-border scenarios by the timely preparation of a service instance in an anticipated topologically closer target edge, and by connecting the vehicle to such service instance before the cellular handover occurs. In this paper, we use the edge data centers of a German and Austrian mobile operator to showcase two main enabling pillars for edge service continuity, i.e., i) transparent edge bridging by means of a programmable data plane to serve a vehicle from the target edge before the vehicle performs handover to a different operator, and ii) smart applications, which apply data analytics to boost orchestration decisions for target edge preparation.","PeriodicalId":300165,"journal":{"name":"2022 IEEE Future Networks World Forum (FNWF)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128941539","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/FNWF55208.2022.00053
Taisho Sasada, Yuzo Taenaka, Y. Kadobayashi
Spatio-temporal data is useful for various applications such as urban planning, epidemiology, and natural disasters, but causes exposure of private information, such as home/workplace addresses, because it involves people's trajec-tories. Local Differential Privacy (LDP) based processing is a promising technology for removing sensitive information from spatio-temporal data. A LDP-based processing adds a certain amount of noise to make each piece of data indistinguishable while keeping its intrinsic value. However, LDP is vulnerable to data amplification. When a data store receives data from any device, the data store only appends the received data to existing data. This allows anyone to inject any amount of data into the data and manipulate the trend of the whole data. To tackle this problem, we design a data collection method enabling a data store to collect statistical trends of data from every device irrespective of the data volume. We utilize an Oblivious Transfer (OT) protocol that performs a packet sampling at the reception side, the data store. This sampling enables the collection of statistical trends but requires adjusting LDP processing because the amount of noise is determined by the assumption that the data store receives every piece of LDP-processed data. We then propose an adjustment method for LDP-based process based on the Euclidean algorithm. We conducted qualitative and experimental overhead analysis and showed that the proposed method decouples the relationship between statistical trend and data volume. We also show the processing load can be acceptable on small devices such as smartphones and loT.
{"title":"Decoupling Statistical Trends from Data Volume on LDP-Based Spatio-Temporal Data Collection","authors":"Taisho Sasada, Yuzo Taenaka, Y. Kadobayashi","doi":"10.1109/FNWF55208.2022.00053","DOIUrl":"https://doi.org/10.1109/FNWF55208.2022.00053","url":null,"abstract":"Spatio-temporal data is useful for various applications such as urban planning, epidemiology, and natural disasters, but causes exposure of private information, such as home/workplace addresses, because it involves people's trajec-tories. Local Differential Privacy (LDP) based processing is a promising technology for removing sensitive information from spatio-temporal data. A LDP-based processing adds a certain amount of noise to make each piece of data indistinguishable while keeping its intrinsic value. However, LDP is vulnerable to data amplification. When a data store receives data from any device, the data store only appends the received data to existing data. This allows anyone to inject any amount of data into the data and manipulate the trend of the whole data. To tackle this problem, we design a data collection method enabling a data store to collect statistical trends of data from every device irrespective of the data volume. We utilize an Oblivious Transfer (OT) protocol that performs a packet sampling at the reception side, the data store. This sampling enables the collection of statistical trends but requires adjusting LDP processing because the amount of noise is determined by the assumption that the data store receives every piece of LDP-processed data. We then propose an adjustment method for LDP-based process based on the Euclidean algorithm. We conducted qualitative and experimental overhead analysis and showed that the proposed method decouples the relationship between statistical trend and data volume. We also show the processing load can be acceptable on small devices such as smartphones and loT.","PeriodicalId":300165,"journal":{"name":"2022 IEEE Future Networks World Forum (FNWF)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128115396","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/FNWF55208.2022.00021
Shengli Yuan, Randy Phan-Huynh
As an emerging technology, IoT is rapidly revolutionizing the global communication network with billions of new devices deployed and connected with each other. Many of these devices collect and transfer a large amount of sensitive or mission critical data, making security a top priority. Compared to traditional Internet, IoT networks often operate in open and harsh environment, and may experience frequent delays, traffic loss and attacks; Meanwhile, IoT devices are often severally constrained in computational power, storage space, network bandwidth, and power supply, which prevent them from deploying traditional security schemes. Authentication is an important security mechanism that can be used to identify devices or users. Due to resource constrains of IoT networks, it is highly desirable for the authentication scheme to be lightweight while also being highly effective. In this paper, we developed and evaluated a hash-chain-based multi-node mutual authentication algorithm. Nodes on a network all share a common secret key and broadcast to other nodes in range. Each node may also add to the hash chain and rebroadcast, which will be used to authenticate all nodes in the network. This algorithm has a linear running time and complexity of $O(n)$, a significant improvement from the $O(n^{2})$ running time and complexity of the traditional pairwise multi-node mutual authentication.
{"title":"A Lightweight Hash-Chain-Based Multi-Node Mutual Authentication Algorithm for IoT Networks","authors":"Shengli Yuan, Randy Phan-Huynh","doi":"10.1109/FNWF55208.2022.00021","DOIUrl":"https://doi.org/10.1109/FNWF55208.2022.00021","url":null,"abstract":"As an emerging technology, IoT is rapidly revolutionizing the global communication network with billions of new devices deployed and connected with each other. Many of these devices collect and transfer a large amount of sensitive or mission critical data, making security a top priority. Compared to traditional Internet, IoT networks often operate in open and harsh environment, and may experience frequent delays, traffic loss and attacks; Meanwhile, IoT devices are often severally constrained in computational power, storage space, network bandwidth, and power supply, which prevent them from deploying traditional security schemes. Authentication is an important security mechanism that can be used to identify devices or users. Due to resource constrains of IoT networks, it is highly desirable for the authentication scheme to be lightweight while also being highly effective. In this paper, we developed and evaluated a hash-chain-based multi-node mutual authentication algorithm. Nodes on a network all share a common secret key and broadcast to other nodes in range. Each node may also add to the hash chain and rebroadcast, which will be used to authenticate all nodes in the network. This algorithm has a linear running time and complexity of $O(n)$, a significant improvement from the $O(n^{2})$ running time and complexity of the traditional pairwise multi-node mutual authentication.","PeriodicalId":300165,"journal":{"name":"2022 IEEE Future Networks World Forum (FNWF)","volume":"37 22","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120855520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/FNWF55208.2022.00046
Amine Boukhtouta, Taous Madi, M. Pourzandi, H. Alameddine
The convergence of Telecommunication and industry operational networks towards cloud native applications has enabled the idea to integrate protection layers to harden security posture and management of cloud native based deployments. In this paper, we propose a data-driven approach to support detection of anomalies in cloud native application based on a graph neural network. The essence of the profiling relies on capturing interactions between different perspectives in cloud native applications through a network dependency graph and transforming it to a computational graph neural network. The latter is used to profile different deployed assets like micro-service types, workloads' namespaces, worker machines, management and orchestration machines as well as clusters. As a first phase of the profiling, we consider a fine-grained profiling on microservice types with an emphasis on network traffic indicators. These indicators are collected on distributed Kubernetes (K8S) deployment premises. Experimental results shows good trade-off in terms of accuracy and recall with respect to micro-service types profiling (around 96%). In addition, we used predictions entropy scores to infer anomalies in testing data. These scores allow to segregate between benign and anomalous graphs, where we identified 19 out of 23 anomalies. Moreover, by using entropy scores, we can conduct a root cause analysis to infer problematic micro-services.
{"title":"Cloud Native Applications Profiling using a Graph Neural Networks Approach","authors":"Amine Boukhtouta, Taous Madi, M. Pourzandi, H. Alameddine","doi":"10.1109/FNWF55208.2022.00046","DOIUrl":"https://doi.org/10.1109/FNWF55208.2022.00046","url":null,"abstract":"The convergence of Telecommunication and industry operational networks towards cloud native applications has enabled the idea to integrate protection layers to harden security posture and management of cloud native based deployments. In this paper, we propose a data-driven approach to support detection of anomalies in cloud native application based on a graph neural network. The essence of the profiling relies on capturing interactions between different perspectives in cloud native applications through a network dependency graph and transforming it to a computational graph neural network. The latter is used to profile different deployed assets like micro-service types, workloads' namespaces, worker machines, management and orchestration machines as well as clusters. As a first phase of the profiling, we consider a fine-grained profiling on microservice types with an emphasis on network traffic indicators. These indicators are collected on distributed Kubernetes (K8S) deployment premises. Experimental results shows good trade-off in terms of accuracy and recall with respect to micro-service types profiling (around 96%). In addition, we used predictions entropy scores to infer anomalies in testing data. These scores allow to segregate between benign and anomalous graphs, where we identified 19 out of 23 anomalies. Moreover, by using entropy scores, we can conduct a root cause analysis to infer problematic micro-services.","PeriodicalId":300165,"journal":{"name":"2022 IEEE Future Networks World Forum (FNWF)","volume":"418 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123447137","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/FNWF55208.2022.00117
Md Sajid Khan, Behnam Farzaneh, Nashid Shahriar, Niloy Saha, R. Boutaba
5G Network slicing is one of the key enabling technologies that offer dedicated logical resources to different applications on the same physical network. However, a Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attack can severely damage the performance and functionality of network slices. Furthermore, recent DoS/DDoS attack detection techniques are based on the available data sets which are collected from simulated 5G networks rather than from 5G network slices. In this paper, we first show how DoS/DDoS attacks on network slices can impact slice users' performance metrics such as bandwidth and latency. Then, we present a novel DoS/DDoS attack dataset collected from a simulated 5G network slicing test bed. Finally, we showed a deep-learning-based bidirectional LSTM (Long Short Term Memory) model, namely, SliceSecure can detect DoS/DDoS attacks with an accuracy of 99.99% on the newly created data sets for 5G network slices.
{"title":"SliceSecure: Impact and Detection of DoS/DDoS Attacks on 5G Network Slices","authors":"Md Sajid Khan, Behnam Farzaneh, Nashid Shahriar, Niloy Saha, R. Boutaba","doi":"10.1109/FNWF55208.2022.00117","DOIUrl":"https://doi.org/10.1109/FNWF55208.2022.00117","url":null,"abstract":"5G Network slicing is one of the key enabling technologies that offer dedicated logical resources to different applications on the same physical network. However, a Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attack can severely damage the performance and functionality of network slices. Furthermore, recent DoS/DDoS attack detection techniques are based on the available data sets which are collected from simulated 5G networks rather than from 5G network slices. In this paper, we first show how DoS/DDoS attacks on network slices can impact slice users' performance metrics such as bandwidth and latency. Then, we present a novel DoS/DDoS attack dataset collected from a simulated 5G network slicing test bed. Finally, we showed a deep-learning-based bidirectional LSTM (Long Short Term Memory) model, namely, SliceSecure can detect DoS/DDoS attacks with an accuracy of 99.99% on the newly created data sets for 5G network slices.","PeriodicalId":300165,"journal":{"name":"2022 IEEE Future Networks World Forum (FNWF)","volume":"112 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114003888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: