Abstract
Traffic flows can be forwarded through different security service functions based on SDN/NFV technology, which constitutes security service function chaining (SFC). However, the current deployed security service function chaining cannot be dynamically adjusted according to the state of the network environment, and cannot adapt to the rapidly changing security requirements. This paper proposes a security SFC path selection scheme based on deep reinforcement learning. The optimal path of security SFC is dynamically selected in real time using the DQN algorithm, according to the features of the traffic entering the SFC and the detection results of the security service functions. The security capability of the SFC is improved and the latency of the SFC is reduced under the optimal path. We design and implemented a prototype system of this scheme, conduct experiments with DDoS detection security function, and compare the proposed DQN algorithm with Q-learning algorithm. The results show that SFC path selection by DQN algorithm can effectively improve the average DDoS attack detection rate and reduce the latency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zhang, J., Wang, Z., Ma, N., Huang, T., Liu, Y.: Enabling efficient service function chaining by integrating NFV and SDN: architecture, challenges and opportunities. IEEE Network 32(6), 152–159 (2018)
Duan, Q., Ansari, N., Toy, M.: Software-defined network virtualization: an architectural framework for integrating SDN and NFV for service provisioning in future networks. IEEE Network 30(5), 10–16 (2016)
Adoga, H.U., Pezaros, D.P.: Network function virtualization and service function chaining frameworks: a comprehensive review of requirements, objectives, implementations, and open research challenges. Future Internet 14(2), 59 (2022)
Iffländer, L., Beierlieb, L., Fella, N., Kounev, S., Rawtani, N., Lange, K.D.: Implementing attack-aware security function chain reordering. In: 2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C), pp. 194–199. IEEE (2020)
Li, G., Zhou, H., Feng, B., Li, G., Yu, S.: Automatic selection of security service function chaining using reinforcement learning. In: 2018 IEEE Globecom Workshops (GC Wkshps), pp. 1–6. IEEE (2018)
Zolotukhin, M., Kotilainen, P., Hämäläinen, T.: Intelligent IDS chaining for network attack mitigation in SDN. In: 2021 17th International Conference on Mobility, Sensing and Networking (MSN), pp. 786–791. IEEE (2021)
Feng, B., Zhou, H., Li, G., Zhang, Y., Sood, K., Yu, S.: Enabling machine learning with service function chaining for security enhancement at 5G edges. IEEE Network 35(5), 196–201 (2021)
Li, W., et al.: Reliability assurance dynamic SSC placement using reinforcement learning. Information 13(2), 53 (2022)
Hantouti, H., Benamar, N., Bagaa, M., Taleb, T.: Symmetry-aware SFC framework for 5G networks. IEEE Network 35(5), 234–241 (2021)
Sutton, R.S., Barto, A.G.: Reinforcement Learning: An Introduction. MIT Press, Cambridge (2018)
Van Hasselt, H., Guez, A., Silver, D.: Deep reinforcement learning with double Q-learning. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 30 (2016)
Li, M., Zhou, H., Qin, Y.: Two-stage intelligent model for detecting malicious DDoS behavior. Sensors 22(7), 2532 (2022)
Acknowledgments
This paper is supported by National Key R &D Program of China under Grant No. 2018YFA0701604.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Deng, S., Li, M., Guo, Q., Zhou, H. (2023). Security SFC Path Selection Using Deep Reinforcement Learning. In: You, I., Kim, H., Angin, P. (eds) Mobile Internet Security. MobiSec 2022. Communications in Computer and Information Science, vol 1644. Springer, Singapore. https://doi.org/10.1007/978-981-99-4430-9_7
Download citation
DOI: https://doi.org/10.1007/978-981-99-4430-9_7
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-4429-3
Online ISBN: 978-981-99-4430-9
eBook Packages: Computer ScienceComputer Science (R0)