Security SFC Path Selection Using Deep Reinforcement Learning

Deng, Shuangxing; Li, Man; Guo, Qi; Zhou, Huachun

doi:10.1007/978-981-99-4430-9_7

Shuangxing Deng ORCID: orcid.org/0000-0002-6616-939X⁸,
Man Li⁸,
Qi Guo⁸ &
…
Huachun Zhou⁸

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1644))

Included in the following conference series:

International Symposium on Mobile Internet Security

187 Accesses

Abstract

Traffic flows can be forwarded through different security service functions based on SDN/NFV technology, which constitutes security service function chaining (SFC). However, the current deployed security service function chaining cannot be dynamically adjusted according to the state of the network environment, and cannot adapt to the rapidly changing security requirements. This paper proposes a security SFC path selection scheme based on deep reinforcement learning. The optimal path of security SFC is dynamically selected in real time using the DQN algorithm, according to the features of the traffic entering the SFC and the detection results of the security service functions. The security capability of the SFC is improved and the latency of the SFC is reduced under the optimal path. We design and implemented a prototype system of this scheme, conduct experiments with DDoS detection security function, and compare the proposed DQN algorithm with Q-learning algorithm. The results show that SFC path selection by DQN algorithm can effectively improve the average DDoS attack detection rate and reduce the latency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 69.99; Price excludes VAT (USA)

Softcover Book: USD 89.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Zhang, J., Wang, Z., Ma, N., Huang, T., Liu, Y.: Enabling efficient service function chaining by integrating NFV and SDN: architecture, challenges and opportunities. IEEE Network 32(6), 152–159 (2018)
Article Google Scholar
Duan, Q., Ansari, N., Toy, M.: Software-defined network virtualization: an architectural framework for integrating SDN and NFV for service provisioning in future networks. IEEE Network 30(5), 10–16 (2016)
Article Google Scholar
Adoga, H.U., Pezaros, D.P.: Network function virtualization and service function chaining frameworks: a comprehensive review of requirements, objectives, implementations, and open research challenges. Future Internet 14(2), 59 (2022)
Article Google Scholar
Iffländer, L., Beierlieb, L., Fella, N., Kounev, S., Rawtani, N., Lange, K.D.: Implementing attack-aware security function chain reordering. In: 2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C), pp. 194–199. IEEE (2020)
Google Scholar
Li, G., Zhou, H., Feng, B., Li, G., Yu, S.: Automatic selection of security service function chaining using reinforcement learning. In: 2018 IEEE Globecom Workshops (GC Wkshps), pp. 1–6. IEEE (2018)
Google Scholar
Zolotukhin, M., Kotilainen, P., Hämäläinen, T.: Intelligent IDS chaining for network attack mitigation in SDN. In: 2021 17th International Conference on Mobility, Sensing and Networking (MSN), pp. 786–791. IEEE (2021)
Google Scholar
Feng, B., Zhou, H., Li, G., Zhang, Y., Sood, K., Yu, S.: Enabling machine learning with service function chaining for security enhancement at 5G edges. IEEE Network 35(5), 196–201 (2021)
Article Google Scholar
Li, W., et al.: Reliability assurance dynamic SSC placement using reinforcement learning. Information 13(2), 53 (2022)
Article Google Scholar
Hantouti, H., Benamar, N., Bagaa, M., Taleb, T.: Symmetry-aware SFC framework for 5G networks. IEEE Network 35(5), 234–241 (2021)
Article Google Scholar
Sutton, R.S., Barto, A.G.: Reinforcement Learning: An Introduction. MIT Press, Cambridge (2018)
MATH Google Scholar
Van Hasselt, H., Guez, A., Silver, D.: Deep reinforcement learning with double Q-learning. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 30 (2016)
Google Scholar
Li, M., Zhou, H., Qin, Y.: Two-stage intelligent model for detecting malicious DDoS behavior. Sensors 22(7), 2532 (2022)
Article Google Scholar

Download references

Acknowledgments

This paper is supported by National Key R &D Program of China under Grant No. 2018YFA0701604.

Author information

Authors and Affiliations

School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing, 100044, China
Shuangxing Deng, Man Li, Qi Guo & Huachun Zhou

Authors

Shuangxing Deng
View author publications
You can also search for this author in PubMed Google Scholar
Man Li
View author publications
You can also search for this author in PubMed Google Scholar
Qi Guo
View author publications
You can also search for this author in PubMed Google Scholar
Huachun Zhou
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Man Li .

Editor information

Editors and Affiliations

Kookmin University, Seoul, Korea (Republic of)
Ilsun You
Sangmyung University, Cheonan-si, Korea (Republic of)
Hwankuk Kim
Middle East Technical University, Ankara, Türkiye
Pelin Angin

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Deng, S., Li, M., Guo, Q., Zhou, H. (2023). Security SFC Path Selection Using Deep Reinforcement Learning. In: You, I., Kim, H., Angin, P. (eds) Mobile Internet Security. MobiSec 2022. Communications in Computer and Information Science, vol 1644. Springer, Singapore. https://doi.org/10.1007/978-981-99-4430-9_7

Download citation

DOI: https://doi.org/10.1007/978-981-99-4430-9_7
Published: 20 July 2023
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-4429-3
Online ISBN: 978-981-99-4430-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics