Visible to the public ATMoS: Autonomous Threat Mitigation in SDN using Reinforcement Learning

TitleATMoS: Autonomous Threat Mitigation in SDN using Reinforcement Learning
Publication TypeConference Paper
Year of Publication2020
AuthorsAkbari, I., Tahoun, E., Salahuddin, M. A., Limam, N., Boutaba, R.
Conference NameNOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium
Date Publishedapr
Keywordsactive threat mitigation, ad-hoc solutions, advanced persistent threat, APT, ATMoS, autonomous network systems, autonomous threat mitigation, computer network security, computer networks, decision making, global network view, Human Behavior, Internet of Things, learning (artificial intelligence), machine learning, Metrics, network behaviour, network security management, neural fitted Q-learning agent, pubcrawl, reinforcement learning, resilience, Resiliency, RL-based threat mitigation, Scalability, SDN, sequential decision making problems, software defined networking, software-defined networking, threat vectors
AbstractMachine Learning has revolutionized many fields of computer science. Reinforcement Learning (RL), in particular, stands out as a solution to sequential decision making problems. With the growing complexity of computer networks in the face of new emerging technologies, such as the Internet of Things and the growing complexity of threat vectors, there is a dire need for autonomous network systems. RL is a viable solution for achieving this autonomy. Software-defined Networking (SDN) provides a global network view and programmability of network behaviour, which can be employed for security management. Previous works in RL-based threat mitigation have mostly focused on very specific problems, mostly non-sequential, with ad-hoc solutions. In this paper, we propose ATMoS, a general framework designed to facilitate the rapid design of RL applications for network security management using SDN. We evaluate our framework for implementing RL applications for threat mitigation, by showcasing the use of ATMoS with a Neural Fitted Q-learning agent to mitigate an Advanced Persistent Threat. We present the RL model's convergence results showing the feasibility of our solution for active threat mitigation.
DOI10.1109/NOMS47738.2020.9110426
Citation Keyakbari_atmos_2020