IEEE Access (Jan 2024)

An Autonomous Deployment Mechanism for AI Security Services

  • Weilin Wang,
  • Huachun Zhou,
  • Man Li,
  • Jingfu Yan

DOI
https://doi.org/10.1109/ACCESS.2023.3346187
Journal volume & issue
Vol. 12
pp. 4048 – 4062

Abstract

Read online

Future network architectures are expected to be autonomous, intelligent, and service-based, posing new security challenges. To address these challenges, the Artificial Intelligence (AI) security service emerges as a promising solution. However, the complex service configurations and performance guarantees hinder the autonomous deployment of the AI security service. This paper proposes an autonomous deployment mechanism in Software-Defined Networking/Network Function Virtualization (SDN/NFV) enabled networks. First, our mechanism introduces user and decision planes on top of the control plane, enabling hierarchical intent expression and translation from user security intent to security policies. Then, we analyze the embedding problem of the AI-based Security Function Chain (AISFC) during security policy generation. We formulate the AISFC embedding problem as an Integer Linear Programming (ILP) task to minimize the total response delay. By decomposing it into AISF placement and routing, we design a heuristic algorithm with polynomial time complexity. Finally, we validate the proposed mechanism through a prototype system and numerical simulations, demonstrating its ability to autonomously translate, implement, and guarantee the user security intent. Comparative analysis shows that our approach considering the relationship between available computing resources and delay achieves smaller response delays than the baseline. Furthermore, our algorithm achieves a gap from optimality approximately 28.57% smaller than the greedy algorithm and supports networks that are 4.34 times larger in scale than the exact solution within a 2-second execution time.

Keywords