Root Cause Analysis for Autonomous Optical Network Security Management
Journal article, 2022

The ongoing evolution of optical networks towards autonomous systems supporting high-performance services beyond 5G requires advanced functionalities for automated security management. To cope with evolving threat landscape, security diagnostic approaches should be able to detect and identify the nature not only of existing attack techniques, but also those hitherto unknown or insufficiently represented. Machine Learning (ML)-based algorithms perform well when identifying known attack types, but cannot guarantee precise identification of unknown attacks. This makes Root Cause Analysis (RCA) crucial for enabling timely attack response when human intervention is unavoidable. We address these challenges by establishing an ML-based framework for security assessment and analyzing RCA alternatives for physical-layer attacks. We first scrutinize different Network Management System (NMS) architectures and the corresponding security assessment capabilities. We then investigate the applicability of supervised and unsupervised learning (SL and UL) approaches for RCA and propose a novel UL-based RCA algorithm called Distance-Based Root Cause Analysis (DB-RCA). The framework’s applicability and performance for autonomous optical network security management is validated on an experimental physical-layer security dataset, assessing the benefits and drawbacks of the SL-and UL-based RCA. Besides confirming that SL-based approaches can provide precise RCA output for known attack types upon training, we show that the proposed UL-based RCA approach offers meaningful insight into the anomalies caused by novel attack types, thus supporting the human security officers in advancing the physical-layer security diagnostics.

Author

Carlos Natalino Da Silva

Chalmers, Electrical Engineering, Communication, Antennas and Optical Networks

Marco Schiano

Telecom Italia S.P.A

Andrea Di Giglio

Telecom Italia S.P.A

Marija Furdek Prekratic

Chalmers, Electrical Engineering, Communication, Antennas and Optical Networks

IEEE Transactions on Network and Service Management

19324537 (eISSN)

Vol. 19 3 2702-2713

Providing Resilient & secure networks [Operating on Trusted Equipment] to CriTical infrastructures (PROTECT)

VINNOVA (2020-03506), 2021-02-01 -- 2024-01-31.

Secured autonomic traffic management for a Tera of SDN flows (TeraFlow)

European Commission (EC) (EC/H2020/101015857), 2021-01-01 -- 2023-06-30.

Safeguarding optical communication networks from cyber-security attacks

Swedish Research Council (VR) (2019-05008), 2020-01-01 -- 2023-12-31.

Areas of Advance

Information and Communication Technology

Subject Categories

Communication Systems

Embedded Systems

DOI

10.1109/TNSM.2022.3198139

More information

Latest update

3/7/2024 9