Caught-in-Translation (CiT): Detecting Cross-Level Inconsistency Attacks in Network Functions Virtualization (NFV)
As one of the main technology pillars of 5 G networks, Network Functions Virtualization (NFV) enables agile and cost-effective deployment of network services. However, the multi-level, multi-actor design of NFV may also allow for inconsistency between the different abstraction levels to be mistakenl...
Gespeichert in:
Veröffentlicht in: | IEEE transactions on dependable and secure computing 2024-07, Vol.21 (4), p.2964-2981 |
---|---|
Hauptverfasser: | , , , , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | As one of the main technology pillars of 5 G networks, Network Functions Virtualization (NFV) enables agile and cost-effective deployment of network services. However, the multi-level, multi-actor design of NFV may also allow for inconsistency between the different abstraction levels to be mistakenly or intentionally introduced, as shown in recent studies. Serious security issues, such as man-in-the-middle, network sniffing, and DoS, may arise at one abstraction level without being noticed by the victims at another level. Most existing solutions are either limited to one abstraction level of NFV or reliant on direct access to lower-level data which could become inaccessible when managed by different providers. In this paper, by drawing an analogy between cross-level NFV event sequences and natural languages, we propose a Neural Machine Translation-based approach, namely, Caught-in-Translation (CiT) , to detect cross-level inconsistency attacks in NFV at runtime. Specifically, we first extract event sequences from different abstraction levels of an NFV stack. We then leverage Long Short-Term Memory (LSTM) to translate the event sequences from one level to another. Finally, we apply both a similarity metric and a Siamese neural network to compare the translated event sequences with the original ones to detect attacks. We integrate CiT into OpenStack/Tacker, a popular open-source NFV implementation, and evaluate its performance using both real and synthetic data. Experimental results show the benefit of leveraging NMT as CiT achieves AUC \geq ≥ 96.03%, which significantly outperforms traditional SVM-based anomaly detection. We also evaluate CiT in terms of its efficiency, scalability, and robustness for detecting inconsistency attacks in NFV platforms. |
---|---|
ISSN: | 1545-5971 1941-0018 |
DOI: | 10.1109/TDSC.2023.3320811 |