![The ZSM Reference Architecture [1].](https://www.researchgate.net/profile/Chafika-Benzaid/publication/339215859/figure/fig1/AS:859158685433856@1581850801016/The-ZSM-Reference-Architecture-1_Q320.jpg)
Content uploaded by Chafika Benzaid
Author content
All content in this area was uploaded by Chafika Benzaid on Feb 16, 2020
Content may be subject to copyright.
A preview of the PDF is not available
ZSM Security: Threat Surface and Best Practices
Abstract and Figures
The ETSI's Zero touch network and Service Management (ZSM) framework is a prominent initiative to tame the envisioned complexity in operating and managing 5G and beyond networks. To this end, the ZSM framework promotes the shift toward full Automation of Network and Service Management and Operation (ANSMO) by leveraging the flexibility of SDN/NFV technologies along with Artificial Intelligence, combined with the portability and reusability of model-driven, open interfaces. Besides its benefits, each leveraged enabler will bring its own security threats, which should be carefully tackled to make the ANSMO vision a reality. This paper introduces the ZSM's potential attack surface and recommends possible mitigation measures along with some research directions to safeguard ZSM system security.
Figures - uploaded by Chafika Benzaid
Author content
All figure content in this area was uploaded by Chafika Benzaid
Content may be subject to copyright.
... ZTNs have emerged as a revolutionary paradigm in the field of network management, providing critical automation capabilities, including self-configuration, self-optimization, selfhealing, and self-protection [19]. The ETSI ZSM framework is envisioned as a next-generation management system with the goal of fully automating all operational processes and tasks [6]. ...
... v) Learning: The system gains knowledge from the detected data patterns and stores them in databases for improving future reactions or decisions. Additionally, for ZTN security framework development, there are several essential security requirements that must be met [2] [6] [19]: i) Access Control and Authentication: The ZTN security framework aims to enhance the capabilities of authorized users and devices to access the network by employing robust authentication mechanisms. By doing so, it facilitates the automated application of suitable security policies that align with the unique security needs of various management services. ...
... To defend against AML attacks and protect AI/ML-based cybersecurity models, several defense mechanisms require further research, such as adversarial sample detection and removal, adversarial training, defense Generative Adversarial Networks (GANs), and concept drift adaptation [19]. ...
The transition from 5G to 6G networks necessitates network automation to meet the escalating demands for high data rates, ultra-low latency, and integrated technology. Recently, Zero-Touch Networks (ZTNs), leveraging AI and ML, have emerged as a promising solution for enhancing automation in 5G/6G networks but face significant challenges. Specifically, they are vulnerable to cyber-attacks, and the development of AI/ML-based cybersecurity mechanisms requires substantial specialized expertise and encounters model drift issues. Therefore, this paper proposes an automated security framework targeting Physical Layer Authentication (PLA) and Cross-Layer Intrusion Detection Systems (CLIDS) to address security concerns at multiple Internet protocol layers. The proposed framework employs drift-adaptive online learning techniques and a novel enhanced Successive Halving (SH)-based Automated ML (AutoML) method to automatically generate optimized ML models for dynamic networking environments. Experimental results illustrate that the proposed framework achieves high performance on the public ORACLE RF fingerprinting and CICIDS2017 datasets, showcasing its effectiveness in addressing PLA and CLIDS tasks within dynamic and complex networking environments. Furthermore, the paper explores open challenges and research directions in the 5G/6G cybersecurity domain. This framework represents a significant advancement towards fully autonomous and secure 6G networks, paving the way for future innovations in network automation and cybersecurity.
... Critical self-management functionalities in ZTNs include self-configuration, self-healing, self-optimization, and selfprotection [11]. Among these functionalities, both self-healing and self-protection are particularly relevant to network security concerns, making network security mechanisms critical components in ZTNs. ...
... Apart from traditional network security threats, the adoption of ZTN technologies in Beyond 5G (B5G)/6G networks is envisioned to introduce additional security challenges and increased attack surfaces. These include threats to open Application Programming Interface (API), intent, closed-loop network automation, programmable network technology, and AI/ML models [3] [11]. Among these security threats, AI/ML-based attacks, or Adversarial Machine Learning (AML) attacks, are expected to introduce critical challenges in ZTNs/6G networks. ...
... Cyber attacks targeting open APIs can be divided into four major categories: parameter attacks, identity attacks, MITM attacks, and DDoS attacks [1] [3] [11] : i) Parameter Attacks: Parameter attacks take advantage of data transmitted through the API, such as query parameters, Hypertext Transfer Protocol (HTTP) headers, Uniform Resource Locators (URLs), and post content. Examples of parameter attacks include script insertions, SQL injections, buffer overflow attacks, and injection attacks targeting the common data services component of the ZSM framework [3]. ...
The sixth generation of wireless networks (6G) will require network automation to meet the rapidly increasing demands for high data rate services, ultra-low latency, massive connectivity, and seamless integration with emerging technologies, while effectively reducing operating costs. To address these demands, the concept of Zero-Touch Networks (ZTNs) has been proposed, where Artificial Intelligence (AI) and Machine Learning (ML) play crucial roles in optimizing network performance, enabling intelligent decision-making, and ensuring efficient resource allocation. However, the implementation of ZTNs is subject to security challenges that may hinder their development and deployment. In particular, two critical challenges arise: the need for human expertise in developing AI/ML-based security mechanisms, and the threat of specific attacks targeting AI/ML models. In this survey paper, a comprehensive review of the security vulnerabilities and issues with ZTNs is conducted. Additionally, potential automated solutions to ZTN security concerns, with a specific focus on leveraging Automated ML (AutoML) technologies, are investigated. Two case studies are conducted to address security issues in ZTNs and further corroborate our findings: the development of autonomous intrusion detection systems and the creation of defense mechanisms against Adversarial ML (AML) attacks. Finally, some of the challenges and future research directions for the development of ZTN security approaches are discussed.
... Unencrypted message communication between APIs provides an opportunity for manin-the-middle attacks. Furthermore, APIs can be submerged by a large volume of requests which are categorized as DoS attacks [108], [124]. Intent-based interfaces are considered to be the mean of automation in the ZSM architecture. ...
... Intent-based interfaces are considered to be the mean of automation in the ZSM architecture. The potential security challenges associated with intent-based interfaces include abnormal behavior, undesirable configuration, and information exposure [108], [124]. Unplanned reboots or application abortion may lead to anomalies in domain orchestration services which provide a window to abnormal behavior attacks. ...
... Attack vectors, poisoning attacks, adversarial attacks, and model extraction attacks, are some of the threats associated with AI/ML. These attacks tamper with the training data, steal model parameters to modify them, and add adversarial examples [108], [124]. ...
The dawn of softwarized networks enables Network Slicing (NS) as an important technology towards allocating end-to-end logical networks to facilitate diverse requirements of emerging applications in fifth-generation (5G) mobile networks. However, the emergence of NS also exposes novel security and privacy challenges, primarily related to aspects such as NS life-cycle security, inter-slice security, intra-slice security, slice broker security, zero-touch network and management security, and blockchain security. Hence, enhancing NS security, privacy, and trust has become a key research area toward realizing the true capabilities of 5G. This paper presents a comprehensive and up-to-date survey on NS security. The paper articulates a taxonomy for NS security and privacy, laying the structure for the survey. Accordingly, the paper presents key attack scenarios specific to NS-enabled networks. Furthermore, the paper explores NS security threats, challenges, and issues while elaborating on NS security solutions available in the literature. In addition, NS trust and privacy aspects, along with possible solutions, are explained. The paper also highlights future research directions in NS security and privacy. It is envisaged that this survey will concentrate on existing research work, highlight research gaps and shed light on future research, development, and standardization work to realize secure NS in 5G and beyond mobile communication networks.
... In the fate of 5G, savvy homes and urban areas will moreover take an enormous jump ahead 40 . Edge registering will convey AI to regions it has never been, on account of more associated contraptions than any other time in recent memory 41 . 5G applications relying upon expanded organization limit will influence essentially everybody, from abodes that give custom-made energy-saving exhortation to traffic signals that shift their examples dependent on traffic stream 42 43 . ...
... By 2030 and ahead, 6G will be the essential correspondence framework to fulfill the needs of a hyper-associated human progress 121 . 6G is relied upon to make ready for the improvement of a wide scope of new advances, including savvy surfaces, zero-energy IoT gadgets, progressed AI draws near, quantum registering frameworks, AI-controlled robotized gadgets, AI-driven air interfaces, humanoid robots, and self-supporting networks 41 . Moreover, future computerized society improvements like the enormous accessibility of small information, a maturing populace, correspondence, detecting, and figuring combination, and device free correspondence will require new applications 122 . ...
As 5G networks become more widely accepted and executed all through the world, networks and academics have begun to investigate 6G interconnections.1upon to be founded on pervasive AI to give information ML arrangements in dissimilar and enormous scopes and domains. Customary AI draws near, then again, need incorporated information assembling and preparing by a server, which is turning into a boundary for enormous scope application in daily existence because of rising security concerns. As 5G networks become all the more broadly carried out all through the world, networks and scholastic have started to take a gander at 6G intersections. 6G is relied upon to be based on omnipresent AI to give information ML arrangements in heterogeneous and wider infrastructure and networks. Conventional AI draws near, then again, need concentrated information assembling and preparing by a server, which is turning into a hindrance for huge scope application in regular daily existence because of rising protection concerns. Albeit the vision and significant parts of the 6Th era (6G) biological system presently can’t seem to be totally analyzed, the vision and fundamental components of the fifth era (5G) environment have recently been examined. To assist with these endeavors and to characterize the security and protection components of 6G networks, we check out what security could mean for the imagined 6G remote frameworks, just as the issues and likely arrangements. We center around the security and protection gives that might emerge because of the 6G requirements, just as imaginative network plan, applications, and supporting innovations.
... Author(s) Threat/Vulnerability Impact [108] [109] [111] Parameter attacks Improperly validated [110] parameters may lead to injection attacks on cross-domain data services -Data injection, data manipulation and logic corruption -manipulating network topology data to insert fake links, malicious nodes. ...
... Author(s) Threat/Vulnerability Impact [108] [109] ...
Extensive research has been done on 5G and 6G security challenges. It has been shown that these challenges have the potential of affecting cross board 5G and 6G ecosystems such as technologies, services and applications. The perspective of the currently identified security challenges vary depending on the researcher's area of concern. This survey generated a consolidated source of information on the taxonomy of 5G and 6G ecosystem security challenges necessary for addressing both pre and post security issues to be encountered upon 5G and 6G implementation.
... Gradient Boost algorithms for Distributed Denial of Service (DDoS) attacks [70] Gradient Boost-based algorithm proposed to detect and mitigate DDoS attacks, which prevents devices from similar future attacks by banning and disconnecting. Various approaches including Application Programming Interfaces (API), Intent and AI/ML securities [71] The proposed approaches rely on g authentication, authorization, communication encryption and input validation. The goal is to provide the rights of access and manipulation only to authorized entities. ...
p>With the increasing connectivity of critical infrastructures through wireless technologies, the importance of edge computing is increasing many-folds. Edge computing has become an important phenomenon combining the strengths of distributed computing technologies with those of telecommunication technologies. Therefore, new technological breakthroughs are happening in the realm of edge computing for critical environments, such as the next generation underground and open-pit mining. Since the mining technologies are moving at faster pace towards digitization leveraging on connectivity technologies, edge computing plays a crucial role in bringing computing and connectivity into mines to provide latency- and security-critical services on site. In this article, we study how edge computing fulfills the needs of critical environments, focusing on mining environments, and provide important insight into future research directions.</p
... Gradient Boost algorithms for Distributed Denial of Service (DDoS) attacks [70] Gradient Boost-based algorithm proposed to detect and mitigate DDoS attacks, which prevents devices from similar future attacks by banning and disconnecting. Various approaches including Application Programming Interfaces (API), Intent and AI/ML securities [71] The proposed approaches rely on g authentication, authorization, communication encryption and input validation. The goal is to provide the rights of access and manipulation only to authorized entities. ...
p>With the increasing connectivity of critical infrastructures through wireless technologies, the importance of edge computing is increasing many-folds. Edge computing has become an important phenomenon combining the strengths of distributed computing technologies with those of telecommunication technologies. Therefore, new technological breakthroughs are happening in the realm of edge computing for critical environments, such as the next generation underground and open-pit mining. Since the mining technologies are moving at faster pace towards digitization leveraging on connectivity technologies, edge computing plays a crucial role in bringing computing and connectivity into mines to provide latency- and security-critical services on site. In this article, we study how edge computing fulfills the needs of critical environments, focusing on mining environments, and provide important insight into future research directions.</p
... In addition, while open APIs play an integral role for the realization of security management automation, they introduce notable vulnerabilities which can be exploited in vehicular API-based attacks. Although API security is a rela-: tively new concept, the associated attacks performed through the APIs are not; examples include identity, MitM, and DoS attacks [412]. Such attacks may result in information leakage/alteration, identity theft, as well as vehicular service unavailability. ...
Recent advancements in vehicle-to-everything (V2X) communication have notably improved existing transport systems by enabling increased connectivity and driving autonomy levels. The remarkable benefits of V2X connectivity come inadvertently with challenges which involve security vulnerabilities and breaches. Addressing security concerns is essential for seamless and safe operation of mission-critical V2X use cases. This paper surveys current literature on V2X security and provides a systematic and comprehensive review of the most relevant security enhancements to date. An in-depth classification of V2X attacks is first performed according to key security and privacy requirements. Our methodology resumes with a taxonomy of security mechanisms based on their proactive/reactive defensive approach, which helps identify strengths and limitations of state-of-the-art countermeasures for V2X attacks. In addition, this paper delves into the potential of emerging security approaches leveraging artificial intelligence tools to meet security objectives. Promising data-driven solutions tailored to tackle security, privacy and trust issues are thoroughly discussed along with new threat vectors introduced inevitably by these enablers. The lessons learned from the detailed review of existing works are also compiled and highlighted. We conclude this survey with a structured synthesis of open challenges and future research directions to foster contributions in this prominent field.
The foreseen complexity in operating and managing 5G and beyond networks has propelled the trend toward closed-loop automation of network and service management operations. To this end, the ETSI Zero-touch network and Service Management (ZSM) framework is envisaged as a next-generation management system that aims to have all operational processes and tasks executed automatically, ideally with 100 percent automation. Artificial Intelligence (AI) is envisioned as a key enabler of self-managing capabilities, resulting in lower operational costs, accelerated time-tovalue and reduced risk of human error. Nevertheless, the growing enthusiasm for leveraging AI in a ZSM system should not overlook the potential limitations and risks of using AI techniques. The current paper aims to introduce the ZSM concept and point out the AI-based limitations and risks that need to be addressed in order to make ZSM a reality.Abstract
The rapid uptake of mobile devices and the rising popularity of mobile applications and services pose unprecedented demands on mobile and wireless networking infrastructure. Upcoming 5G systems are evolving to support exploding mobile traffic volumes, agile management of network resource to maximize user experience, and extraction of fine-grained real-time analytics. Fulfilling these tasks is challenging, as mobile environments are increasingly complex, heterogeneous, and evolving. One potential solution is to resort to advanced machine learning techniques to help managing the rise in data volumes and algorithm-driven applications. The recent success of deep learning underpins new and powerful tools that tackle problems in this space. In this paper we bridge the gap between deep learning and mobile and wireless networking research, by presenting a comprehensive survey of the crossovers between the two areas. We first briefly introduce essential background and state-of-the-art in deep learning techniques with potential applications to networking. We then discuss several techniques and platforms that facilitate the efficient deployment of deep learning onto mobile systems. Subsequently, we provide an encyclopedic review of mobile and wireless networking research based on deep learning, which we categorize by different domains. Drawing from our experience, we discuss how to tailor deep learning to mobile environments. We complete this survey by pinpointing current challenges and open future directions for research.
This paper proposes adversarial attacks for Reinforcement Learning (RL) and then improves the robustness of Deep Reinforcement Learning algorithms (DRL) to parameter uncertainties with the help of these attacks. We show that even a naively engineered attack successfully degrades the performance of DRL algorithm. We further improve the attack using gradient information of an engineered loss function which leads to further degradation in performance. These attacks are then leveraged during training to improve the robustness of RL within robust control framework. We show that this adversarial training of DRL algorithms like Deep Double Q learning and Deep Deterministic Policy Gradients leads to significant increase in robustness to parameter variations for RL benchmarks such as Cart-pole, Mountain Car, Hopper and Half Cheetah environment.
Machine learning (ML) models may be deemed confidential due to their sensitive training data, commercial value, or use in security applications. Increasingly often, confidential ML models are being deployed with publicly accessible query interfaces. ML-as-a-service ("predictive analytics") systems are an example: Some allow users to train models on potentially sensitive data and charge others for access on a pay-per-query basis. The tension between model confidentiality and public access motivates our investigation of model extraction attacks. In such attacks, an adversary with black-box access, but no prior knowledge of an ML model's parameters or training data, aims to duplicate the functionality of (i.e., "steal") the model. Unlike in classical learning theory settings, ML-as-a-service offerings may accept partial feature vectors as inputs and include confidence values with predictions. Given these practices, we show simple, efficient attacks that extract target ML models with near-perfect fidelity for popular model classes including logistic regression, neural networks, and decision trees. We demonstrate these attacks against the online services of BigML and Amazon Machine Learning. We further show that the natural countermeasure of omitting confidence values from model outputs still admits potentially harmful model extraction attacks. Our results highlight the need for careful ML model deployment and new model extraction countermeasures.
Despite the successful application of machine learning (ML) in a wide range of domains, adaptability—the very property that makes machine learning desirable—can be exploited by adversaries to contaminate training and evade classification. In this paper, we investigate the feasibility of applying a specific class of machine learning algorithms, namely, reinforcement learning (RL) algorithms, for autonomous cyber defence in software-defined networking (SDN). In particular, we focus on how an RL agent reacts towards different forms of causative attacks that poison its training process, including indiscriminate and targeted, white-box and black-box attacks. In addition, we also study the impact of the attack timing, and explore potential countermeasures such as adversarial training.
Emerging software defined network (SDN) stacks have introduced an entirely new attack surface that is exploitable from a wide range of launch points. Through an analysis of the various attack strategies reported in prior work, and through our own efforts to enumerate new and variant attack strategies, we have gained two insights. First, we observe that different SDN controller implementations, developed independently by different groups, seem to manifest common sets of pitfalls and design weakness that enable the extensive set of attacks compiled in this paper. Second, through a principled exploration of the underlying design and implementation weaknesses that enables these attacks, we introduce a taxonomy to offer insight into the common pitfalls that enable SDN stacks to be broken or destabilized when fielded within hostile computing environments. This paper first captures our understanding of the SDN attack surface through a comprehensive survey of existing SDN attack studies, which we extend by enumerating 12 new vectors for SDN abuse. We then organize these vulnerabilities within the well-known confidentiality, integrity, and availability model, assess the severity of these attacks by replicating them in a physical SDN testbed, and evaluate them against three popular SDN controllers. We also evaluate the impact of these attacks against published SDN defense solutions. Finally, we abstract our findings to offer the research and development communities with a deeper understanding of the common design and implementation pitfalls that are enabling the abuse of SDN networks.
Machine-learning (ML) algorithms are increasingly utilized in privacy-sensitive applications such as predicting lifestyle choices, making medical diagnoses, and facial recognition. In a model inversion attack, recently introduced in a case study of linear classifiers in personalized medicine by Fredrikson et al., adversarial access to an ML model is abused to learn sensitive genomic information about individuals. Whether model inversion attacks apply to settings outside theirs, however, is unknown. We develop a new class of model inversion attack that exploits confidence values revealed along with predictions. Our new attacks are applicable in a variety of settings, and we explore two in depth: decision trees for lifestyle surveys as used on machine-learning-as-a-service systems and neural networks for facial recognition. In both cases confidence values are revealed to those with the ability to make prediction queries to models. We experimentally show attacks that are able to estimate whether a respondent in a lifestyle survey admitted to cheating on their significant other and, in the other context, show how to recover recognizable images of people's faces given only their name and access to the ML model. We also initiate experimental exploration of natural countermeasures, investigating a privacy-aware decision tree training algorithm that is a simple variant of CART learning, as well as revealing only rounded confidence values. The lesson that emerges is that one can avoid these kinds of MI attacks with negligible degradation to utility.
In security-sensitive applications, the success of machine learning depends on a thorough vetting of their resistance to adversarial data. In one pertinent, well-motivated attack scenario, an adversary may attempt to evade a deployed system at test time by carefully manipulating attack samples. In this work, we present a simple but effective gradient-based approach that can be exploited to systematically assess the security of several, widely-used classification algorithms against evasion attacks. Following a recently proposed framework for security evaluation, we simulate attack scenarios that exhibit different risk levels for the classifier by increasing the attacker’s knowledge of the system and her ability to manipulate attack samples. This gives the classifier designer a better picture of the classifier performance under evasion attacks, and allows him to perform a more informed model selection (or parameter setting). We evaluate our approach on the relevant security task of malware detection in PDF files, and show that such systems can be easily evaded. We also sketch some countermeasures suggested by our analysis.
Machine learning systems offer unparalled flexibility in dealing with evolving input in a variety of applications, such as intrusion detection systems and spam e-mail filtering. However, machine learning algorithms themselves can be a target of attack by a malicious adversary. This paper provides a framework for answering the question, "Can machine learning be secure?" Novel contributions of this paper include a taxonomy of different types of attacks on machine learning techniques! and systems, a variety of defenses against those attacks, a discussion of ideas that are important to security for machine learning, an analytical model giving a lower bound on attacker's work function, and a list of open, problems.