An Intelligent Native Network Slicing Security Architecture Empowered by Federated Learning

Network Slicing (NS) has transformed the landscape of resource sharing in networks, offering flexibility to support services and applications with highly variable requirements in areas such as the next-generation 5G/6G mobile networks (NGMN), vehicular networks, industrial Internet of Things (IoT), and verticals. Although significant research and experimentation have driven the development of network slicing, existing architectures often fall short in intrinsic architectural intelligent security capabilities. This paper proposes an architecture-intelligent security mechanism to improve the NS solutions. We idealized a security-native architecture that deploys intelligent microservices as federated agents based on machine learning, providing intra-slice and architectural operation security for the Slicing Future Internet Infrastructures (SFI2) reference architecture. It is noteworthy that federated learning approaches match the highly distributed modern microservice-based architectures, thus providing a unifying and scalable design choice for NS platforms addressing both service and security. Using ML-Agents and Security Agents, our approach identified Distributed Denial-of-Service (DDoS) and intrusion attacks within the slice using generic and non-intrusive telemetry records, achieving an average accuracy of approximately $95.60\%$ in the network slicing architecture and $99.99\%$ for the deployed slice -- intra-slice. This result demonstrates the potential for leveraging architectural operational security and introduces a promising new research direction for network slicing architectures.

On Machine Learning DoS Attack Identification from Cloud Computing Telemetry

The detection of Denial of Service (DoS) attacks remains a challenge for the cloud environment, affecting a massive number of services and applications hosted by such virtualized infrastructures. Typically, in the literature, the detection of DoS attacks is performed solely by analyzing the traffic of packets in the network. This work advocates for the use of telemetry from the cloud to detect DoS attacks using Machine Learning algorithms. Our hypothesis is based on richness of such native data collection services, with metrics from both physical and virtual hosts. Our preliminary results demonstrate that DoS can be identified accurately with k-Nearest Neighbors (kNN) and decision tree (CART).