Mudgerikar, AnandBertino, ElisaLobo, JorgeVerma, Dinesh2023-04-052023-04-052021Mudgerikar A, Bertino E, Lobo J, Verma D. A security-constrained reinforcement learning framework for software defined networks. In: IEEE International Conference on Communications (ICC 2021): proceedings; 2021 Jun 14-23; Montreal, Canada. [Piscataway]: IEEE; 2021. [7 p.]. DOI: 10.1109/ICC42927.2021.9500763978-1-7281-7122-71550-3607http://hdl.handle.net/10230/56419Comunicació presentada a IEEE International Conference on Communications (ICC 2021), celebrat del 14 al 23 de juny de 2021 de manera virtual.Reinforcement Learning (RL) is an effective technique for building ‘smart’ SDN controllers because of its model-free nature and ability to learn policies online without requiring extensive training data. However, as RL agents are geared to maximize functionality and explore the environment without constraints, security can be breached. In this paper, we propose Jarvis-SDN, a RL framework that constrains explorations by taking security into account. In Jarvis-SDN, the RL agent learns ‘intelligent policies’ which maximize functionality but not at the cost of security. Standard network flow based attack signatures obtained from intrusion detection system (IDS) datasets cannot be used as policies because they do not conform to the state model of the RL framework and thus have poor accuracy and high false positives. To address such issue, the security policies for constraining explorations in Jarvis-SDN are learnt in a semi-supervised manner in the form of ‘partial attack signatures’ from packet captures of IDS datasets that are then encoded in the objective function of the RL based optimization framework. These signatures are learnt using Deep Q-Networks (DQN). Our analysis shows that DQN based attack signatures perform better than classical machine learning techniques, like decision trees, random forests and deep neural networks (DNN), for common network attacks. We instantiate our framework for a SDN controller with the goal of intelligent rate control to further analyze the effectiveness of the attack signatures.application/pdfeng© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. http://dx.doi.org/10.1109/ICC42927.2021.9500763info:eu-repo/semantics/conferenceObjecthttp://dx.doi.org/10.1109/ICC42927.2021.9500763Security and SafetyDeep Reinforcement LearningSoftware Defined Networksinfo:eu-repo/semantics/openAccess