VeriORouting: Verification on intelligent routing outsourced to the cloud

Highlights

• The first scheme to verify deep learning-based intelligent routing outsourced to the cloud.

• A mechanism for timely network state information transmission with validation.

• A new routing table to reduce redundant executions of verification.

• Resistance to two possible attacks from a lazy cloud and advance for practical deployment.

Abstract

Current research on machine learning-based intelligent routing focuses on algorithm design and performance optimization. How to deploy it in practice remains a pressing issue. Existing deep learning-based intelligent routing algorithms suffer from a high computational cost, which is hard to be afforded by routers. Considering that the cloud can assist the routers with limited resources to handle complex computation, outsourcing deep learning-based intelligent routing computations to the cloud becomes a feasible solution to support intelligent routing. However, due to the untrustworthiness of the cloud, it is necessary for the routers to verify the truth of outsourced routing results. However, the literature has not yet explored this issue. In this paper, we proposed VeriORouting, a scheme to verify the correctness of outsourced deep learning-based intelligent routing results provided by the cloud. Facing a lazy cloud, VeriORouting allows routers to check the reliability of intelligent routing models by testing model accuracy, and to verify the routing results returned by the cloud without knowing the model by using verification functions generated with multilayer perceptron (MLP) and locality-sensitive hashing (LSH) in advance. We show the robustness of VeriORouting under two attacks raised by the cloud. We evaluate the performance of VeriORouting and compare it with a local intelligent routing scheme. The results show that VeriORouting outperforms the local scheme in terms of computational overhead and storage overhead, especially when the number of routers in the network increases. In terms of communication, VeriORouting reduces communication overhead between routers compared to the local scheme. In addition, we measure the verification performance of VeriORouting under a random attack. VeriORouting achieves a detection success rate of 73% with a false positive rate of 3%, and a detection success rate of 90% with a false positive rate of 25%.

Introduction

Routers are responsible for selecting routing paths and forwarding packets in core networks. In recent years, data traffic is growing rapidly. To adapt to the changes in network traffic, network operators need to improve the performance of the network by upgrading hardware or increasing the number of routers. However, upgrading hardware or expanding network topology consumes a lot of resources and the effectiveness of these strategies for improving network performance is limited [18]. Improving network link utilization becomes an effective solution that attracts research efforts. The state of a network is dynamic and complex, which is affected by a variety of factors. Traditional network routing algorithms inform other routers of the link state by transmitting signaling packets, thus enabling each router to calculate the next-hop routing node based on the link-state information of the network. However, when congestion occurs in the network, traditional routing algorithms have difficulties to converge quickly. In addition, the transmission of signaling packets may further worsen congestion. In addition, it is not enough to select routing paths by only considering link states [36].

To improve network link utilization, researchers have proposed using machine learning for intelligent routing, which has achieved good performance in routing decisions. The routing algorithms based on machine learning are able to consider multiple influencing factors and discover relationships among them, making routing decisions consistent with an underlying network environment. In this case, a routing decision no longer solely depends on the link-state, but can meet diverse performance requirements.

Existing machine learning-based intelligent routing schemes can be divided into reinforcement learning-based schemes and deep learning-based schemes [24]. In the reinforcement learning-based schemes, it is necessary to model a routing process in advance based on routing evaluation requirements, which are only applicable in simple and small networks. The deep learning-based schemes are able to extract high-dimensional features and thus show an advantage over the reinforcement learning-based schemes in dealing with complex network optimization problems. However, the model training and the result inference of deep learning algorithms suffer from high computational consumption. In addition, storing deep learning models introduces an extra storage overhead. Studies have shown that the computational power of existing routers cannot afford the large-scale deployment of intelligent routing algorithms [24], [26]. How to deploy intelligent routing in practice attracts special attention.

The deployment methods of intelligent routing can be divided into two categories, centralized deployment and decentralized deployment [24]. A centralized deployment approach requires a central controller in the network to collect network state information and distribute routing results to each router. With the development of the software defined network (SDN) [20], [27], the network controller is able to deal with complex computational tasks, which lays a solid foundation for the application of machine learning in the network. In terms of intelligent routing, centralized deployment of intelligent routing algorithms can be achieved by deploying the central controller in the SDN [32] for routing. However, an SDN controller could be attacked. If an attacker takes control of the SDN controller, or if the controller fails to function properly due to overload, the entire network may go down. Differently, a decentralized deployment approach does not require a central controller, in which each router has the ability to compute routing results. In fact, the current routing protocols are decentralized due to better scalability compared to the centralized deployment approaches. However, the decentralized deployment approaches of intelligent routing require the use of software-defined routers (SDR) [3], [2] with powerful computational power to perform complex deep learning tasks, including model training and routing inference. Moreover, it is also a challenge to store and access deep learning models in SDRs efficiently. Obviously, the decentralized deployment approaches heavily rely on the capability of the routers, which restricts the scale of its practical deployment.

In summary, there is an urgent need for a secure, efficient, and low-cost scheme to deploy intelligent routing in reality. To achieve this goal, making use of cloud computing seems a feasible solution due to the cloud can assist routing devices with limited computation resources to complete a large number of complex calculations. Outsourcing intelligent routing tasks to the cloud can release the workload and storage cost of the routers by making use of the sufficient resources offered by the cloud. Meanwhile, distributed and parallel computation can also be provided by the cloud, thus reducing the cost of large-scale intelligent routing deployment. In addition, outsourcing intelligent routing to the cloud can get rid of the restriction caused by different networking scenarios and provide better scalability than the centralized SDN-based deployment approach.

However, cloud security is a specific concern in outsourced intelligent routing [14], [35]. The cloud server could be intruded by external attackers or hacked by its internal users. When outsourcing intelligent routing to the cloud, the routers lose their control on routing decisions, and thus cannot fully trust the routing results returned by the cloud [8]. The cloud may use a fake learning model for routing or return random routing results to the routers to reduce its computational overhead. In this case, the routers need to verify the correctness of the routing results returned by the cloud. In addition, when outsourcing intelligent routing, traditional routing table and network state transmission methods are no longer applicable, which requests evolution.

Existing deep learning-based intelligent routing schemes [26], [37], [16] focus on principles and performance optimization. Only Mao et al. [26] proposed an intelligent routing deployment solution in a backbone network. Graphics processing unit (GPU)-equipped SDRs are used in their schemes to improve the computational efficiency of routers, which introduces a high deployment cost. In this paper, we consider outsourcing intelligent routing computation to the cloud and making routers capable of verifying routing results. This kind of verification can essentially be regarded as verifying the results of outsourced deep learning computations. Existing verification schemes on outsourced deep learning can be divided into three types: proof-based verification [17], [22], [23], algebra-based verification [30], [6], and test-based verification [19], [9]. However, existing schemes require verifiers to have the knowledge of deep learning models or inference processes, which are not suitable for intelligent routing outsource, where the learning models should be kept secret from being known by the cloud. The literature still needs an effective scheme to verify the correctness of intelligent routing outsourced to the cloud with model privacy preservation.

In this paper, we propose VeriORouting, a scheme to verify the correctness of intelligent routing outsourced to the cloud by applying multilayer perceptron (MLP) and locality-sensitive hashing (LSH). In VeriORouting, the routers can obtain the routing results by communicating with the cloud and they are able to verify the correctness of the results. Performance analysis, evaluation, and comparison with baseline schemes show VeriORouting's advantages in terms of computation, communication, and storage. Specifically, the contributions of this paper can be summarized as below:

• We propose VeriORouting, the first scheme to allow a router to verify deep learning-based intelligent routing outsourced to the cloud. The verification is achieved by determining whether network state information and routing results are mapped to similar bit strings with multilayer perceptron (MLP) and locality-sensitive hashing (LSH).

• We design a mechanism for network state information transmission in VeriORouting to enable the cloud and the routers to share the global network state information timely, where each router can verify the validity of the global network state information through timestampted signature.

• We design a new routing table by adding an attribute of version number, which can reduce redundant executions of verification. Besides, we construct a data structure pre-Path to assist the routers for efficient routing table update.

• We seriously analyze the security of VeriORouting with regard to two possible attacks raised by a lazy cloud, namely random routing result attack and network state information replay attack.

• We perform VeriORouting performance analysis and evaluation in terms of computation, communication, and storage and compare with the baseline schemes. The results show VeriORouting's advance for practical deployment.

The rest of the paper is organized as below. Section 2 reviews related works, including deep learning-based intelligent routing schemes and verification schemes on outsourced deep learning. In Section 3, the system model and security model of VeriORouting are presented with its preliminaries, followed by the detailed design of VeriORouting in Section 4. In Section 5, we analyze the security of VeriORouting under two attacks raised by the cloud. In Section 6, we analyze and evaluate the performance of VeriORouting by comparing with a couple baseline scheme. Finally, the last section concludes the whole paper with a proposal of future work.