Dealing with large-scale attack traffic and complex attack scenarios can be challenging for a single attack detection system in the 6G era. The ubiquitous artificial intelligence security services enabled by the AI-based Security Functions (AISF) and Service Function Chain (SFC) become strong candidate to solve this problem. However, supervised learning-based AISF requires a significant amount of manually labeled data and is unable to adapt to changing attack scenarios once it is deployed. To this end, we propose an AISF co-optimization method in the SFC. The goal is to use unlabeled network traffic samples to update the model based on pseudo-labeling and co-training. First, we model the AISF chain composed of AISFs with various detection targets and feature subspaces. We also define its detection capability evaluation metrics and final detection result. Then, we design an AISF co-optimization flow including online detection and online optimization workflows. In online optimization, we design the dynamic threshold of normalized comprehensive confidence to generate pseudo-labels for network traffic samples and combine labeled and pseudo-labeled samples to train the new models of AISFs. These models replace the previous ones and continue to detect and optimize. Experimental results in a prototype system show that compared with a single AISF, the AISF chain has higher detection capabilities that can even detect unknown attacks to a certain extent, and co-optimization can make better use of unlabeled network traffic samples than individual optimization.
Read full abstract