Future network architectures are expected to be autonomous, intelligent, and service-based, posing new security challenges. To address these challenges, the Artificial Intelligence (AI) security service emerges as a promising solution. However, the complex service configurations and performance guarantees hinder the autonomous deployment of the AI security service. This paper proposes an autonomous deployment mechanism in Software-Defined Networking/Network Function Virtualization (SDN/NFV) enabled networks. First, our mechanism introduces user and decision planes on top of the control plane, enabling hierarchical intent expression and translation from user security intent to security policies. Then, we analyze the embedding problem of the AI-based Security Function Chain (AISFC) during security policy generation. We formulate the AISFC embedding problem as an Integer Linear Programming (ILP) task to minimize the total response delay. By decomposing it into AISF placement and routing, we design a heuristic algorithm with polynomial time complexity. Finally, we validate the proposed mechanism through a prototype system and numerical simulations, demonstrating its ability to autonomously translate, implement, and guarantee the user security intent. Comparative analysis shows that our approach considering the relationship between available computing resources and delay achieves smaller response delays than the baseline. Furthermore, our algorithm achieves a gap from optimality approximately 28.57% smaller than the greedy algorithm and supports networks that are 4.34 times larger in scale than the exact solution within a 2-second execution time.
CITATION STYLE
Wang, W., Zhou, H., Li, M., & Yan, J. (2024). An Autonomous Deployment Mechanism for AI Security Services. IEEE Access, 12, 4048–4062. https://doi.org/10.1109/ACCESS.2023.3346187
Mendeley helps you to discover research relevant for your work.