Towards Autonomous Defense of SDN Networks Using MuZero Based Intelligent Agents
Authors: Jon Gabirondo Jon Egaña Zubia José Miguel Alonso
Date: 28.07.2021
IEEE Access
Abstract
The Software Defined Networking (SDN) paradigm enables the development of systems that centrally monitor and manage network traffic, providing support for the deployment of machine learning-based systems that automatically detect and mitigate network intrusions. This paper presents an intelligent system capable of deciding which countermeasures to take in order to mitigate an intrusion in a software defined network. The interaction between the intruder and the defender is posed as a Markov game and
MuZero algorithm is used to train the model through self-play. Once trained, the model is integrated with an SDN controller, so that it is able to apply the countermeasures of the game in a real network. To measure the performance of the model, attackers and defenders with different training steps have been confronted and the scores obtained by each of them, the duration of the games and the ratio of games won have been collected. The results show that the defender is capable of deciding which measures minimize the impact of the intrusion, isolating the attacker and preventing it from compromising key machines in the network.
BIB_text
title = {Towards Autonomous Defense of SDN Networks Using MuZero Based Intelligent Agents},
journal = {IEEE Access},
pages = {107184-107199},
volume = {9},
keywds = {
Automated response, cybersecurity, intelligent agents, Markov games, MuZero, network security, OpenFlow, software defined networking.
}
abstract = {
The Software Defined Networking (SDN) paradigm enables the development of systems that centrally monitor and manage network traffic, providing support for the deployment of machine learning-based systems that automatically detect and mitigate network intrusions. This paper presents an intelligent system capable of deciding which countermeasures to take in order to mitigate an intrusion in a software defined network. The interaction between the intruder and the defender is posed as a Markov game and
MuZero algorithm is used to train the model through self-play. Once trained, the model is integrated with an SDN controller, so that it is able to apply the countermeasures of the game in a real network. To measure the performance of the model, attackers and defenders with different training steps have been confronted and the scores obtained by each of them, the duration of the games and the ratio of games won have been collected. The results show that the defender is capable of deciding which measures minimize the impact of the intrusion, isolating the attacker and preventing it from compromising key machines in the network.
}
doi = {10.1109/ACCESS.2021.3100706},
date = {2021-07-28},
}