Abstract

Dealing with large-scale attack traffic and complex attack scenarios can be challenging for a single attack detection system in the 6G era. The ubiquitous artificial intelligence security services enabled by the AI-based Security Functions (AISF) and Service Function Chain (SFC) become strong candidate to solve this problem. However, supervised learning-based AISF requires a significant amount of manually labeled data and is unable to adapt to changing attack scenarios once it is deployed. To this end, we propose an AISF co-optimization method in the SFC. The goal is to use unlabeled network traffic samples to update the model based on pseudo-labeling and co-training. First, we model the AISF chain composed of AISFs with various detection targets and feature subspaces. We also define its detection capability evaluation metrics and final detection result. Then, we design an AISF co-optimization flow including online detection and online optimization workflows. In online optimization, we design the dynamic threshold of normalized comprehensive confidence to generate pseudo-labels for network traffic samples and combine labeled and pseudo-labeled samples to train the new models of AISFs. These models replace the previous ones and continue to detect and optimize. Experimental results in a prototype system show that compared with a single AISF, the AISF chain has higher detection capabilities that can even detect unknown attacks to a certain extent, and co-optimization can make better use of unlabeled network traffic samples than individual optimization.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.