![A 5G network slice function within a shared, multi-vendor, and multi-access network environment, where each slice is independently managed to address specific use cases [7].](https://www.researchgate.net/publication/381791225/figure/fig1/AS:11431281431426960@1746800817700/A-5G-network-slice-function-within-a-shared-multi-vendor-and-multi-access-network_Q320.jpg)
![FAIN architecture from [102].](https://www.researchgate.net/publication/381791225/figure/fig2/AS:11431281431542571@1746800818246/FAIN-architecture-from-102_Q320.jpg)
![PbSA integrated into SDN architecture [103].](https://www.researchgate.net/publication/381791225/figure/fig3/AS:11431281431408234@1746800818980/PbSA-integrated-into-SDN-architecture-103_Q320.jpg)
![Intent-based networking deployment process [106].](https://www.researchgate.net/publication/381791225/figure/fig4/AS:11431281431571921@1746800819446/Intent-based-networking-deployment-process-106_Q320.jpg)
![IBN model for intent translation [106].](https://www.researchgate.net/publication/381791225/figure/fig5/AS:11431281431581750@1746800820223/IBN-model-for-intent-translation-106_Q320.jpg)
Access to this full-text is provided by MDPI.
Content available from Future Internet
This content is subject to copyright.
Citation: Cunha, J.; Ferreira, P.;
Castro, E.M.; Oliveira, P.C.;
Nicolau, M.J.; Núñez, I.; Sousa, X.R.;
Serôdio, C. Enhancing Network
Slicing Security: Machine Learning,
Software-Defined Networking, and
Network Functions Virtualization-
Driven Strategies. Future Internet 2024,
16, 226. https://doi.org/10.3390/
fi16070226
Academic Editor: Paolo Bellavista
Received: 7 May 2024
Revised: 14 June 2024
Accepted: 24 June 2024
Published: 27 June 2024
Copyright: © 2024 by the authors.
Licensee MDPI, Basel, Switzerland.
This article is an open access article
distributed under the terms and
conditions of the Creative Commons
Attribution (CC BY) license (https://
creativecommons.org/licenses/by/
4.0/).
future internet
Article
Enhancing Network Slicing Security: Machine Learning,
Software-Defined Networking, and Network Functions
Virtualization-Driven Strategies
JoséCunha 1, 2, * , Pedro Ferreira 1,2, Eva M. Castro 2,3,4, Paula Cristina Oliveira 1,5, Maria João Nicolau 3,4 ,
Iván Núñez 2, XoséRamon Sousa 2and Carlos Serôdio 1, 3, *
1Department of Engineering, School of Sciences and Technology, Universidade de Trás-os-Montes e Alto
Douro, 5000-801 Vila Real, Portugal; pvieira@optaresolutions.com (P.F.); pcoliveira@utad.pt (P.C.O.)
2Optare Solutions, Parque Tecnológico de Vigo, 35315 Vigo, Spain; mpires@optaresolutions.com (E.M.C.);
inunez@optaresolutions.com (I.N.); xrsousa@optaresolutions.com (X.R.S.)
3Algoritmi Center, University of Minho, 4710-057 Braga, Portugal; joao@dsi.uminho.pt
4Department of Information Systems, School of Engineering, University of Minho, Campus de Azurém,
4800-058 Guimarães, Portugal
5Centre for the Research and Technology of Agro-Environmental and Biological Sciences (CITAB),
Universidade de Trás-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal
*Correspondence: jcunha@optaresolutions.com (J.C.); cserodio@utad.pt (C.S.)
Abstract: The rapid development of 5G networks and the anticipation of 6G technologies have
ushered in an era of highly customizable network environments facilitated by the innovative concept
of network slicing. This technology allows the creation of multiple virtual networks on the same
physical infrastructure, each optimized for specific service requirements. Despite its numerous
benefits, network slicing introduces significant security vulnerabilities that must be addressed to
prevent exploitation by increasingly sophisticated cyber threats. This review explores the applica-
tion of cutting-edge technologies—Artificial Intelligence (AI), specifically Machine Learning (ML),
Software-Defined Networking (SDN), and Network Functions Virtualization (NFV)—in crafting ad-
vanced security solutions tailored for network slicing. AI’s predictive threat detection and automated
response capabilities are analysed, highlighting its role in maintaining service integrity and resilience.
Meanwhile, SDN and NFV are scrutinized for their ability to enforce flexible security policies and
manage network functionalities dynamically, thereby enhancing the adaptability of security measures
to meet evolving network demands. Thoroughly examining the current literature and industry
practices, this paper identifies critical research gaps in security frameworks and proposes innovative
solutions. We advocate for a holistic security strategy integrating ML, SDN, and NFV to enhance
data confidentiality, integrity, and availability across network slices. The paper concludes with
future research directions to develop robust, scalable, and efficient security frameworks capable of
supporting the safe deployment of network slicing in next-generation networks.
Keywords: network security; SDN; NFV; ML; network slicing
1. Introduction
The ongoing rollout of 5G networks and the anticipatory designs of 6G infrastructures
represent monumental leaps in telecommunications technology. These advances herald
a new era characterised by unprecedented data speeds, massive connectivity, and highly
customizable network environments. Central to these innovations is network slicing, a
transformative approach that allows multiple virtual networks to operate on the same
physical hardware, each tailored to meet specific service requirements.
Network operators are beginning to adopt advanced 5G technologies, including the
Stand-Alone (SA) version, which boasts enhanced features [
1
]. The SA version is a fully
independent 5G network that operates without relying on existing 4G LTE infrastructure.
Future Internet 2024,16, 226. https://doi.org/10.3390/fi16070226 https://www.mdpi.com/journal/futureinternet
Future Internet 2024,16, 226 2 of 36
It uses a new 5G core (5GC) architecture, which allows it to leverage the full capabilities of
5G technology, including lower latency, higher efficiency, and better support for advanced
applications. Unlike the Non-Standalone (NSA) version, which uses a combination of
4G and 5G infrastructure, SA 5G offers enhanced features such as improved network
performance, greater flexibility, and the ability to provide dedicated resources for specific
use cases [
2
,
3
]. Known for its faster speeds, lower latency, and increased capacity, 5G tech-
nology significantly outperforms its predecessors. A key feature of 5G is network slicing,
illustrated in Figure 1, which allows the network to be segmented into multiple virtual
networks, each customizable for different services and applications. Network slicing pro-
vides the flexibility to meet a wide range of dynamic user needs by leveraging three main
network properties that can be seen in Figure 1with the correspondent colour associated
with each type of slice: Enhanced Mobile Broadband (eMBB) the blue slice, Ultra-Reliable
Low-Latency Communication (URLLC) the green slice, and Massive Machine-Type Com-
munication (mMTC), often referred to collectively as IoT (Internet of Things) the red slice.
These prominent categories can be summarized:
•
Enhanced Mobile Broadband (eMBB): eMBB applications, such as high-definition
video streaming, virtual reality experiences, and cloud gaming, demand high data
rates and significant bandwidth to deliver a seamless user experience. There is an
increasing need for massive MIMO and millimetre wave technology integration within
cellular networks to cater to the ever-increasing data demands of eMBB users [4].
•
Ultra-Reliable Low-Latency Communication (URLLC): URLLC applications, criti-
cal for industries like autonomous vehicles, remote surgery, and industrial automa-
tion, prioritise reliability and ultra-low latency over high data rates. Some chal-
lenges are faced by traditional network architectures in meeting the stringent la-
tency requirements (less than 1 millisecond) and ultra-high reliability (packet loss
probability close to zero) demanded by URLLC applications [
5
]. These applications
have stricter Quality-of-Service (QoS) requirements compared to traditional mobile
broadband traffic.
•
Massive Machine-Type Communication (mMTC): mMTC, a core component of
the Internet of Things (IoT), encompasses a vast number of low-power, low-data-rate
devices requiring efficient communication for functionalities like sensor data collection
and remote monitoring. While data rates for individual devices are minimal, the sheer
volume of devices connected within an mMTC network can create significant network
management challenges [6].
Additionally, network slicing improves resource efficiency and offers greater flexibility,
scalability, security, and isolation [7].
Network slicing is poised to revolutionise how services are delivered across various
industries, from enabling lower latencies in telemedicine [
5
] to managing the Quality of
Experience (QoE) of the massive throughput needed for ultra-high-definition streaming
services [
8
]. However, the dynamic nature of network slicing introduces complex security
challenges, and each slice, potentially running different services with distinct performance
metrics, presents unique security needs and vulnerabilities [
9
]. In this context, the tradi-
tional one-size-fits-all security model is ineffectual, necessitating a paradigm shift towards
more flexible, adaptive security frameworks [
10
]. One innovative concept in 6G technology
is the “network of networks” (NoN) [
11
], which involves dynamically aggregating different
networks or network segments. This aggregation enables seamless communication and
resource sharing among them, thus supporting the delivery of comprehensive services [
12
].
In one possible implementation of NoN, network operators could assume the roles of
network brokers or coordinators for different segments, including their own capacity, such
as fixed access or transport connectivity, along with those provided by third parties. Client
services would then be delivered as network slices, coordinated across multiple networks.
This brings into play the concept of a multi-provider or multi-stakeholder, where these
providers contribute their network capacity for different segments and technologies to be
utilized by network operators in is integrator role. To provide secure and reliable services
Future Internet 2024,16, 226 3 of 36
across different network domains, network operators will require some mechanisms to
establish and manage end-to-end security slices. These slices will ensure the protection of
data and resources from unauthorized access and malicious attacks. Moreover, network
operators will have to guarantee some Service Level Agreements (SLA) in terms of security,
also known as Security SLAs (SSLA) which will specify the expected performance and
quality of the security capacities. The SSLA will also define the roles and responsibilities of
the different parties involved in the heterogeneous network of networks.
Future Internet 2024, 16, x FOR PEER REVIEW 3 of 38
Figure 1. A 5G network slice function within a shared, multi-vendor, and multi-access network
environment, where each slice is independently managed to address specific use cases [7].
Network slicing is poised to revolutionise how services are delivered across various
industries, from enabling lower latencies in telemedicine [5] to managing the Quality of
Experience (QoE) of the massive throughput needed for ultra-high-definition streaming
services [8]. However, the dynamic nature of network slicing introduces complex securi-
ty challenges, and each slice, potentially running different services with distinct perfor-
mance metrics, presents unique security needs and vulnerabilities [9]. In this context, the
traditional one-size-fits-all security model is ineffectual, necessitating a paradigm shift
towards more flexible, adaptive security frameworks [10]. One innovative concept in 6G
technology is the “network of networks” (NoN) [11], which involves dynamically aggre-
gating different networks or network segments. This aggregation enables seamless
communication and resource sharing among them, thus supporting the delivery of
comprehensive services [12]. In one possible implementation of NoN, network operators
could assume the roles of network brokers or coordinators for different segments, in-
cluding their own capacity, such as fixed access or transport connectivity, along with
those provided by third parties. Client services would then be delivered as network slic-
es, coordinated across multiple networks. This brings into play the concept of a multi-
provider or multi-stakeholder, where these providers contribute their network capacity
for different segments and technologies to be utilized by network operators in is integra-
tor role. To provide secure and reliable services across different network domains, net-
work operators will require some mechanisms to establish and manage end-to-end secu-
rity slices. These slices will ensure the protection of data and resources from unauthor-
ized access and malicious attacks. Moreover, network operators will have to guarantee
some Service Level Agreements (SLA) in terms of security, also known as Security SLAs
(SSLA) which will specify the expected performance and quality of the security capaci-
ties. The SSLA will also define the roles and responsibilities of the different parties in-
volved in the heterogeneous network of networks.
This review explores cutting-edge network slicing security, emphasising the inte-
gration of Artificial Intelligence (AI), namely Machine Learning (ML), Software Defined
Networking (SDN), and Network Functions Virtualization (NFV). These technologies
are not merely enhancements to existing frameworks but pivotal to developing robust,
scalable security solutions. The role of AI/ML in predictive threat detection and response
transforms security from a reactive to a proactive stance, which is crucial for maintaining
the integrity of real-time services. Meanwhile, SDN and NFV enable the agile implemen-
tation of security policies customized to the unique context of each slice, supporting dy-
Figure 1. A 5G network slice function within a shared, multi-vendor, and multi-access network
environment, where each slice is independently managed to address specific use cases [7].
This review explores cutting-edge network slicing security, emphasising the inte-
gration of Artificial Intelligence (AI), namely Machine Learning (ML), Software Defined
Networking (SDN), and Network Functions Virtualization (NFV). These technologies are
not merely enhancements to existing frameworks but pivotal to developing robust, scalable
security solutions. The role of AI/ML in predictive threat detection and response trans-
forms security from a reactive to a proactive stance, which is crucial for maintaining the
integrity of real-time services. Meanwhile, SDN and NFV enable the agile implementation
of security policies customized to the unique context of each slice, supporting dynamic
management and orchestration of network resources. This paper aims to review the current
research landscape regarding these technologies in network slicing security, assess their
effectiveness, and identify research gaps and associate the research with the current find-
ings within the 6G-OPENSEC-SECURITY (https://www.cttc.cat/project/secure-network-
slice-manager-for-open-and-disaggregated-6g-networks/ (accessed on 29 April 2024))
project. This project aims to design and develop an intelligent and autonomous Security
6G Network Slice Manager solution for the management of network slices with security
requirements in 6G multi-provider networks. Through an examination of contemporary
literature, this review aims to advance the discourse on securing next-generation network
architectures and propose directions for future research that will fortify the security frame-
works necessary for the safe deployment of network slicing. By bridging these advanced
technological solutions, the paper underscores the imperative of a unified approach to
confidentiality, integrity, and availability in increasingly complex network environments
targeted by sophisticated threats.
Section 2highlights the evolution of SDN, NFV, AI, and network slicing in telecom-
munications to the present day as well introduces the background of the technology and its
enablers and presents the challenges that security must attend to overcome the potential
threats and vulnerabilities that encompass the evolution of this technology stack. Section 3
Future Internet 2024,16, 226 4 of 36
begins the analysis of the AI strategy regarding security in network slicing, and Section 4
explores the perspective of policy-based security within SDN and NFV networks. In
Section 5, we delve into more specific details of the implementation of a Security Closed-
Loop Automation, which is the focus of the research presented in this paper and we present
the use case where the exploratory work is being conducted. Our conclusions are shown in
Section 6.
2. Exploring SDN, NFV, Policies, ML, Network Slicing and Telecom Security
The concept of network slicing has existed since the 1960s [
13
], when the concept of
network virtualization emerged. This allowed virtual entities to be created from physical
ones by virtualizing systems through network resources, computing infrastructures, and
storage devices [
14
]. Essentially, this meant running multiple virtual machines (VMs) on a
single physical machine, each VM acting as if it were a separate physical entity. During the
1970s and the beginning of the 1980s, the concept of network virtualization was commonly
implemented in data centres [
15
]. Near the end of the 1980s, surface overlay networks
were the primordial embodiment of the network slicing concept. However, they did
not have the automation and programmability needed in the network controls, which
proposal appeared and happened in the following two decades [
14
]. Over time, the idea
of network virtualization has contributed to the evolution of the definition of SDN [
14
]
and was one of its first successful use cases [
16
]. However, it was not until 2009 that SDN
first experimented to apply programmability capabilities in a network slice using open
interfaces [
14
]. Although it seems that SDN appears suddenly, it has been around for the
past 20 years, and it is revolutionising network design and management with two key
features. Firstly, it decouples the control plane, which makes traffic decisions, from the
data plane, which executes these decisions by forwarding traffic. Secondly, it centralises
the control plane, allowing a single software program to manage multiple data plane
elements [
16
]. Nowadays, it is becoming more evident that the complementary relationship
between SDN and NFV enables and leads to the softwarization of the network [13] and is
the principle of separating network functions from the hardware they run on using virtual
hardware abstraction [17].
In the following subsections, we provide a concise overview of SDN and its signif-
icance in contemporary networks, examine NFV’s pivotal role in transforming network
architecture, and discuss the critical importance of network slicing in future networks while
exploring their security dynamics, concerns and implications considering how policy-based
network security interacts with these concepts, as well as the approach related to AI/ML
associated with network security and its challenges.
2.1. Software Defining Network
SDN represents a paradigm shift in how networks are designed, operated, and man-
aged [
18
]. Unlike traditional networks, where control functions are distributed among
various devices, SDN centralises network intelligence in a software-based controller, sepa-
rating the control plane (decision-making) from the data plane (traffic handling), which
presents a different type of threat to the network [
19
]. This architecture allows for more
flexible and dynamic network management, enabling administrators to adjust behaviour
via software interfaces without modifying physical devices [
20
]. SDN simplifies network
configuration and optimization tasks, reducing the complexity and cost associated with
traditional network management [
21
]. As well, SDN facilitates a programmable network en-
vironment where changes are implemented through software controls rather than hardware
reconfigurations, promoting a more dynamic and cost-effective network infrastructure [
18
].
This evolution raises, as in the previous network generations, security concerns. The at-
tacks and threat vectors associated with SDN have been summarised by [
22
] and present
relevance to both 5G and pre-5G networks. Several aspects can be considered regarding
the vulnerabilities and defence mechanisms within different layers and interfaces of SDN
architecture, and we can delve into the insights of those key points [23]:
Future Internet 2024,16, 226 5 of 36
•
Security Challenges in Interfaces: SDN interfaces [
24
], particularly the northbound
interface (protocol to support communication between controllers and applications or
high-level control plane) and the southbound interface (OpenFlow protocol to support
communications between controllers and SDN switches), pose significant security chal-
lenges [
25
,
26
]. The southbound interface, which uses TLS (Transport Layer Security)
and DTLS (Datagram Transport Layer Security), leaves their implementation optional
due to configuration complexity, making these interfaces susceptible to attacks like
eavesdropping and attacks on the control plane [19,27].
•
Security Solutions for SDN: These outline a multidimensional approach to securing
SDN, which includes rigorously verifying SDN applications to prevent access by
malicious software and implementing security mechanisms like the SE-Floodlight
controller for the control plane [
28
,
29
], which provides privilege separation and a
secure API.
•
Control Plane Security: This area is critical due to its central role in network manage-
ment. Various security enhancements, such as the SE-Floodlight controller, extend the
capabilities of existing solutions by providing mechanisms for privilege separation
and secure northbound APIs, which act as mediators between the application and
data planes.
•
Data Plane Security: The data plane handles the actual packet forwarding and is
secured through trust methods for authentication and authorization [
30
] to manage
which applications can change flow rules in the network’s forwarding elements.
•
Security Enhancements through Network Design: The principles of SDN itself,
including centralised network control and enhanced visibility of traffic flows, are used
to bolster network security against common threats such as unauthorised access and
control plane attacks.
•
Challenges in SDN Controllers: The central role of SDN controllers makes them
prime targets for DoS and DDoS attacks, compromising network integrity.
2.2. Network Functions Virtualization
Network Functions Virtualization (NFV) revolutionizes telecommunications infras-
tructure by decoupling network functions from proprietary hardware and migrating them
to software running on general-purpose servers. NFV is seen as complementary to SDN,
and it involves implementing network functions in software that can run on a range of
industry-standard server hardware. These functions can be moved to or instantiated in
different network locations as needed, without installing new equipment [
31
]. While of-
fering agility and cost-efficiency, this shift fundamentally alters the security landscape.
NFV’s acting as a support for cloud computing, Software-Defined Networking (SDN), and
open architectures introduce new vulnerabilities absent in traditional hardware-centric
networks [
32
]. Furthermore, the increased network complexity in NFV architectures, with
dynamic interactions between VNFs, makes it challenging to enforce consistent security
policies across the entire infrastructure [
33
]. NFV is a transformative approach introduced
to enhance the agility and flexibility of network service provisioning. Initially proposed to
address the escalating complexity of traditional networks filled with proprietary hardware
appliances, NFV leverages virtualization technologies to decouple network functions from
physical hardware. This decoupling allows network services like firewalls, switches, and
routers to be hosted on standard commercial off-the-shelf (COTS) hardware. The essence
of NFV lies in its ability to instantiate these virtual network functions (VNFs) dynamically,
thus enabling on-demand deployment without additional physical equipment [
34
]. NFV
offers a wide range of benefits that promise to revolutionise the telecommunications in-
dustry associated with 5G [
35
]. For network carriers, it potentially reduces the capital and
operational expenses by consolidating network appliances into virtual functions that can
be managed and scaled as required. This transition also shortens the time-to-market for
new services and facilitates more rapid deployment of network services tailored to specific
user needs. However, the adoption of NFV is not devoid of challenges. One significant
Future Internet 2024,16, 226 6 of 36
issue is ensuring that the network performance of virtual appliances meets or exceeds
that of traditional hardware-based solutions. Furthermore, the dynamic nature of NFV
introduces complexities in managing virtual appliances, including their efficient placement,
instantiation, and migration across the network. These challenges necessitate ongoing
research and development to ensure that NFV can reliably meet the performance and
reliability expectations of modern network environments, as explored in the survey by [
13
].
Similarly to the rise of other technologies, new solutions and advances also come with
new challenges, and keeping with the theme of security, the following items showcase a
few issues found within NFV security, as well as a few possible solutions disseminated in
the literature:
•
Virtualization Layer Vulnerabilities: NFV relies heavily on virtualization technolo-
gies, exposing networks to vulnerabilities inherent in hypervisors and virtual ma-
chine managers (VMMs). These vulnerabilities can lead to escalated privileges
or escape attacks, where an attacker gains control over the host machine or other
virtual machines [36].
#
Proposed solution—Security Reference Architecture (SRA): This solution was pro-
posed in [
35
]. It includes specific security patterns and reference architectures
to mitigate identified threats based on these patterns, which can be reused for
continuous monitoring of the virtualized layer.
•
Isolation Failures: Proper isolation of network functions is crucial to prevent cross-
VM attacks. Any failure to maintain strict isolation can lead to information leakage,
unauthorised data access, or denial of service (DoS) attacks. Failures like this could
also be related to inadequate resource slicing or temporal interference, wherein co-
located services shared infrastructure may lead to performance unpredictability due
to shared contention [37].
#
Proposed solution—Hierarchical Real-Time CPU Scheduling: In the work proposed
by [
37
], this solution is introduced based on real-time CPU scheduling tech-
niques. This method, integrated within the Linux kernel itself, allows for
precise CPU resource allocation to each container (VNF), ensuring that each
service receives a defined share of CPU time regardless of the activities of
other containers.
•
Management and Orchestration (MANO) Security: The MANO layer orchestrates
NFV services and manages their lifecycle. Since it has a comprehensive view of the
network functions, it becomes a critical security concern. Compromising the MANO
layer can lead to widespread network disruption [38].
#
Proposed solution—Security Framework: The SecMANO framework proposed
by [
38
] is a security-oriented enhancement of the existing MANO framework.
It incorporates security by design from the initial stages of network service
and throughout the service lifecycle. It enables adaptive deployment and
management of security functions according to real-time demands and threats
and utilises a policy-based approach to ensure consistent and effective security
measures across all network functions.
•
Integrity of NFVs: The NFV environment presents a challenge in ensuring the integrity
and authenticity of the network functions due to its reliance on virtualization and cloud
technologies. The complexity of establishing trust in such a dynamic and distributed
environment has been emphasised in [
39
,
40
], with concerns about the integrity and
privacy of virtual instances hosted on multi-tenant platforms.
#
Proposed solution—Remote Attestation and OpenCIT: In the work of [
40
], a combi-
nation of solutions is proposed, namely the use of Remote Attestation work-
flows which are used to allow external verification of the system’s integrity.
These workflows involve the Trusted Third Party verifying the integrity mea-
sures reported by the Trusted Platform Module (TPM) against a known config-
Future Internet 2024,16, 226 7 of 36
uration. This TPM is present within OpenCIT, an Intel framework combining
hardware elements (TPM) and software elements to establish a Chain of Trust.
This approach verifies the integrity of each system component from the hard-
ware level up to the software stack.
2.3. Network Slicing
A network slice is a virtual network architecture built over a physical network, giving
the impression to the slice tenant that they are operating their exclusive physical network,
and it is a pivotal technology within 5G and future cellular networks [
41
]. Network slicing
as a service and the unification of the 5G end-to-end service platform can be enabled by
network softwarization and virtualization using SDN, NFV, and cloud computing. This
needs new designs and implementations across various 5G network segments like RAN,
transport, core, mobile-edge networks, and network clouds to meet business demands and
drive innovation [
20
]. Some of the network characteristics needed to enable and implement
this can include a high-capacity backhaul based on high-speed optical fiber and free-space
optical systems (FSO) that must enhance the backhaul connectivity. This is a challenge for
5G and beyond networks as it will not be possible to have always optical fiber connectivity
as a backhaul due to geographical constraints and complexities. FSO associated with RF
can be seen as a possibility to overcome limitations presented by the atmosphere and
overcome some of the limitations associated with the infrastructure that enables 5G and
beyond networks [
42
]. The fundamental principles that underlie network slicing and its
operations within software-based 5G networks include the following [
20
]: automation of
network operations; high reliability, scalability and isolation; programmability; hierarchical
abstraction; slice customization and network resource elasticity.
Network slicing addresses the inflexibility of traditional “one-size-fits-all” network
architectures, which struggle to accommodate the diverse performance requirements of
emerging applications. By leveraging SDN and NFV, network slicing allows operators to
partition a physical network into multiple, isolated virtual networks (slices), each optimised
for specific use cases [
43
]. Network slicing introduces several compelling benefits for
operators and industries:
•
Flexibility and Customization: Slices can be tailor-made for applications requiring
high bandwidth (e.g., video streaming), ultra-low latency (e.g., remote surgery, indus-
trial automation), or support for massive device connections (e.g., smart cities, Internet
of Things) [44].
•
Improved Resource Efficiency: Network slicing facilitates the dynamic allocation
of resources based on real-time slice demands, maximising efficiency and reducing
costs [45].
•
New Revenue Streams: Operators can offer custom slices to enterprise customers or
other service providers, unlocking new market opportunities [43].
•
Management Complexity: Orchestration of multiple slices with distinct configurations
demands sophisticated management and automation tools [45].
•
Security Concerns: Meticulous security measures are needed to ensure slice isola-
tion and prevent interference or attacks. This is critical as slices share a common
infrastructure [46].
•
Standardisation: Ongoing efforts by bodies like 3GPP focus on defining interoperabil-
ity standards, which are crucial for multi-vendor compatibility [46].
The landscape of mobile communication networks is undergoing a significant trans-
formation driven by the emergence of many diverse use cases with vastly different require-
ments. The challenges posed by these diverse use cases and how traditional, one-size-fits-
all network architectures fall short in addressing their unique needs. Those use cases are
mainly associated with the three prominent categories in network slicing seen previously:
eMBB, URLLC, and mMTC, often referred to as an important feature of the Internet of
Things (IoT) [41].
Future Internet 2024,16, 226 8 of 36
2.3.1. The Need for Network Slicing
The emergence of these diverse use cases underscores the need for a more flexible
network architecture capable of dynamically adapting to accommodate their contrasting
requirements. Network slicing, a key technology within 5G and beyond, is a potential
solution. Network slicing allows network operators to carve out virtual slices from the
shared physical infrastructure, each tailored to the specific needs of a particular use case.
This enables the concurrent support of eMBB, URLLC, and mMTC applications within a
single network, ensuring optimal performance for each category. The role of network slicing
in addressing the diverse QoS requirements of various applications, implicitly highlighting
the limitations of traditional networks in providing such differentiated services is being
discussed in several works [
27
,
47
]. The proliferation of diverse use cases with conflicting
requirements necessitates a paradigm shift in network design. Traditional one-size-fits-all
networks are ill equipped to handle the intricate demands of eMBB, URLLC, and mMTC
applications. Network slicing emerges as a promising solution, offering network operators
the flexibility to create virtualized slices tailored to each use case’s specific needs. Further
research and development efforts are crucial to fully realise the potential of network slicing
and pave the way for a future where diverse applications coexist and thrive within a single,
adaptable network infrastructure.
2.3.2. Conflicting Requirements
These diverse use cases present conflicting requirements that traditional networks
struggle to reconcile. For instance, eMBB applications require high bandwidth and data
rates, potentially congesting the network and impacting the reliability of URLLC services.
Conversely, the sheer number of devices in an mMTC network can introduce additional
latency and potentially disrupt the time-sensitive nature of URLLC applications. Works
by [
48
] support this argument, highlighting the limitations of traditional 5G networks in
addressing the needs of such diverse applications due to their inherent inflexibility and
lack of scalability.
2.3.3. Challenges in Network Slicing for Future Networks
Besides the conflicting requirements discussed, the use of network slicing in the next
generation of networks brings forth a myriad of challenges. These challenges are present
in different areas of network slicing implementation, namely resource management and
scalability, inter-slice handover, integration of AI tools, such as ML, DL, and expert systems,
and the security aspects of its implementation in such networks.
In the case of resource management and scalability, the integration of various network
segments, space, air, and ground, into a cohesive Space–Air–Ground Integrated Network
(SAGIN) requires sophisticated coordination. The dynamic nature of such segments,
especially with the mobility of satellites and unmanned aerial vehicles (UAVs), complicates
resource allocation and scalability [
49
]. Efficient management of these heterogeneous
resources is essential to meet the diverse and stringent QoS requirements of 6G applications.
Inter-slice handover is another critical aspect of 6G network slicing. As 6G networks
are envisioned to support a wide variety of applications with varying QoS requirements,
ensuring seamless handover between slices is necessary. Current methods often require re-
running the entire authentication process during a slice switch, which is resource-intensive
and time-consuming. The work in [
50
] introduces a cloud-native orchestration framework
for network slice federation, which aids in the maintenance and continuity of the service
across different network domains without significant overhead.
As will be disseminated further along in this review, the integration of AI tools in the
current and future mobile networks is a common subject of discussion, and in the case of
network slicing, it is no different. The integration of these tools into network slicing can
optimise resource allocation and predict network demands, but they also require substantial
computational resources and add complexity to network management. Ensuring real-time
processing and decision-making through these tools within the constraints of such networks
Future Internet 2024,16, 226 9 of 36
is a formidable task [
51
]. Furthermore, constructing customised network slices to support
the emerging services provided by these tools, such as DL applications, involves managing
new QoS requirements like data quality and inference accuracy.
Lastly, the security aspects of network slicing in future 6G networks are a focal point
in discussion within the current literature. The survey presented in [
52
] highlights various
security issues such as slice lifecycle security, inter-slice and intra-slice security, and the
need for robust slice isolation to prevent unauthorised access and attacks. Their survey
emphasises the importance of addressing novel security and privacy challenges, such as
impersonation attacks, DDoS attacks, and data breaches, which are critical in maintaining
the integrity and reliability of network slicing in future network environments.
2.4. Policy-Based Network Security
As has been seen in the past years, the complexity of network structures and envi-
ronments has become increasingly complex, and this is a pattern that will only increase
as the technologies evolve [
53
,
54
]. Network security policies are, therefore, one of the
methods used to streamline security in such complex environments since, unlike network
environments, which are becoming increasingly flexible and malleable in terms of structure
and functionalities, network policies and even more so in network security policies are
immutable. They are a set of invariable specifications or instructions to achieve a desired
objective, which in the context of our study is the security of deployed network slices.
2.4.1. Early Concepts of Security Policies
The concept of network security policies is not new, as seen in the work of
Schneider [
55
], where their importance is discussed, as well as one of the most impor-
tant features when it comes to their implementation, their enforceability. Security policies
(SPs) must be enforceable; otherwise, they are nothing more than guidelines for safe net-
work environments. This work can outline what enforceable and non-enforceable security
policies are; however, networks have advanced since then, and some of the limitations
imposed by the technologies at the time did not allow the enforcement of some of the
security aspects of these networks are now being surpassed as networks evolve [56].
This was described relatively shortly after in the work of [
57
], which introduced how
technological advancements allowed for more sophisticated implementations of network
policies by introducing abstraction in the language used for policy definition.
The introduction of high-level programming languages for network configurations can
be seen in the work of [
58
], which developed Frenetic, a high-level language for OpenFlow
networks. This work demonstrates how raising the level of abstraction in network program-
ming benefits the management of complex configurations and the effective enforcement
of security policies. Similarly, [
59
] introduced PonderFlow, another language designed for
higher abstraction in network configuration, specifically for OpenFlow networks. Pon-
derFlow is an extension of Ponder, a declarative, object-oriented language for specifying
management and security policies proposed by [60].
2.4.2. Implementation Challenges in PBN and IBN
Throughout this research about policy-based networking (PBN) and intent-based net-
working (IBN), some common themes were discussed regarding the limitations present in
these technologies. Namely, the process of policy refinement and translation, as discussed
in [
61
], may cause issues if no standard is defined to regulate the process and make it
universally interpreted amongst different vendors, which means a vendor-agnostic ap-
proach. Also, the scalability issues related to policy rigidity, presented in [
62
], limit most of
the policy-based networks implemented in the studied work. Intent-based networks do,
indeed, provide more flexibility, which in turn improves scalability. However, as dissemi-
nated in [
63
], the high level of abstraction inherent to intents requires very sophisticated
models that can translate them into policies that can be enforced appropriately, which may
be a source of errors and inefficiencies in larger network implementations. Nonetheless,
Future Internet 2024,16, 226 10 of 36
working on standardising these processes and coupling them with the existing base archi-
tecture for policy-based networks, as previously discussed in [
57
], may bring us closer to
practically implementing these types of networks on large-scale scenarios of heterogeneous
networks, namely in network slicing.
2.5. AI, ML and Network Security
The challenges in managing telecommunications networks have increased due to
service offerings’ growth and network settings’ escalating complexity [
52
,
64
]. AI has
emerged as a viable option to meet the demands of the new paradigm of networks, as
varied services with varying requirements must be handled efficiently [
65
]. In this context,
AI is a crucial automation tool, simplifying a range of network operations, including
design, deployment, monitoring, configuration changes, planning, problem detection, and
security enhancement [
48
]. AI can help with growth, intelligent planning and strategy,
data retrieval, and autonomous network modification [
66
]. Thus, it is expected that AI
will allow advanced security measures to be implemented, protecting sensitive data and
network integrity from constantly evolving cyberthreats.
As previously mentioned, integrating AI is a significant option in this constantly
changing environment, where a range of services need to run inside slices while maintaining
strong security measures. The dynamic and ever-changing nature of the threat landscape
highlights the importance of deploying cutting-edge systems for threat detection and
incident response [
67
]. Using AI to enhance security in network slicing is paramount due to
its multifaceted capabilities [
68
]. AI is thought to tackle several current issues, mainly when
powered by ML algorithms. It gives machines the ability to think, reason, anticipate, make
decisions, and behave intelligently—similar to human capacities [
65
]. This capability makes
real-time resource optimization and proactive problem-solving possible. AI can provide
security through several techniques, including anomaly detection, intrusion detection, and
quickly resolving possible threats [
69
]. Large volumes of data, including network traffic,
user actions, and device interactions, are analysed by these systems in real-time to spot
anomalies and possible security breaches. AI-driven intrusion detection systems can sound
alarms and launch quick reactions to efficiently neutralise threats by continually scanning
for suspicious activity and new attack patterns [
67
]. AI’s capacity to adapt and learn from
historical data, which enables it to detect known and unknown threats accurately, is one of
its main advantages in increasing security. It is effective at spotting suspicious behaviour
patterns, even when they diverge from established dangers, making the network more
flexible [
69
]. Predictive analytics powered by AI also helps operators foresee security
breaches by seeing new risks before they become serious [
70
]. The network’s adaptive
capabilities are strengthened by this proactive strategy, which enables it to keep up with
changing threats and uphold robust security protocols [
71
,
72
]. Using AI also benefits from
facing more automated and sophisticated attacks [
22
]. Overall, AI significantly enhances the
security of 5G networks by providing intelligent threat detection, adaptive defences, and
rapid response capabilities. Its ability to analyse vast amounts of data, adapt to evolving
threats, and anticipate security breaches makes it an indispensable tool for safeguarding
critical assets and ensuring the integrity of telecommunications networks in the face of
increasingly sophisticated cyber threats.
Challenges Posed by AI/ML
Despite becoming the most popular method for improving network slicing security, it
has a few drawbacks. First, to produce intelligent actions for classification or prediction,
ML algorithms rely on the collection and processing of data for training. Malicious actors,
conversely, can take advantage of security flaws by executing adversarial attacks on ML
systems, such as injecting fictitious datasets for training or altering transmitted data, leading
to incorrect results [
65
]. The nature of ML also has drawbacks, such as a high false alarm rate
(false positives) or even false negatives when the algorithm fails to identify a threat and the
need for a lot of resources to train and maintain these algorithms. Additionally, the possible
Future Internet 2024,16, 226 11 of 36
difficulties arising from the integration of ML in 5G/network slicing scenarios have been
examined in [
73
]. The study concludes, among other things, that there are more security
issues because of the dynamic nature of mobile networks, which are marked by an extensive
number of users and services with different requirements and characteristics. While ML
algorithms have proven effective in controlled settings with small amounts of data, mobile
networks’ hyper-dynamic natures expose them to new and sophisticated security threats
from expert hackers and attackers. Ensuring ML algorithm stability is crucial to prevent
performance degradation in dynamic environments like high-speed trains. Deploying
ML in SDN requires visibility and control to avoid bottlenecks and scalability issues. IoT-
triggered event spikes challenge ML system latency and capacity, highlighting the need
for interdisciplinary research on defensive solutions for 5G and beyond networks. Using
ML in these contexts is like handling a double-edged sword; tactics to counteract negative
consequences must be evaluated. Furthermore, using AI technologies in network slicing
amplifies privacy concerns. While AI can potentially safeguard the networks’ privacy, it
also introduces vulnerabilities throughout the development and training stages. Some of
the challenges presented are [66,74]:
•
Security: ML systems face security threats like poisoning, evasion, API-based attacks,
and AI framework infringements, endangering data integrity.
•
Privacy: ML’s data analysis and automation can compromise privacy. Insecure IoT
devices and model inversion attacks threaten data, making protection crucial.
•
Ethical: ML reduces human intervention, but computers lack human ethical conscious-
ness. ML systems follow training but cannot act against logic in certain circumstances.
•
Intelligent Attacks: AI can be used to identify patterns in large data volumes, poten-
tially exposing network vulnerabilities.
Without a doubt, AI, especially ML, has the potential to revolutionise the future of
networks. However, it is necessary to consider the challenges it can bring. Addressing
these security challenges is imperative to ensure the effectiveness and trustworthiness of
AI-driven security solutions in network-slicing environments.
Table 1presents an overview of the importance and role of AI in network security for
different applications, objectives, and scenarios, highlighting the strengths and weaknesses
derived from including this functionality.
Table 1. Application of AI in network security.
Applications Description Use Cases Strengths Weaknesses
Anomaly
Detection
Network Traffic
Analysis
User Behaviour Analysis
A decentralized one-class support
vector machine
analyses virtual nodes for anomalies,
using canonical correlation to
measure neighbour correlations [
75
].
Rapid detection of
abnormal
activities
Susceptible to false
positives/
negatives
Intrusion
Detection
ML-driven intrusion
detection systems
Intrusion detection systems can
identify intruders in a network using
neural networks and ML
techniques [76].
High accuracy in
identifying threats
Resource
intensive may impact
efficiency
Threat
Response Rapid response to potential threats
Optimization models can mitigate
DDoS attacks through slice isolation,
enhanced by AI optimization
techniques [77]
Swift mitigation of
security breaches
May require
human
oversight for
validation
Predictive
Analytics Anticipating security breaches
Reinforcement Learning models can
manage slicing
resources and predict threats based
on past data and
network changes [78].
Proactive
identification of
threats
Reliance on
historical data
for predictions
Future Internet 2024,16, 226 12 of 36
Table 1. Cont.
Applications Description Use Cases Strengths Weaknesses
Adaptive
Defences
AI-driven adaptive
security measures
AI-based Expert Systems can
automate defence and
mitigation decisions based on the
specific threat
Ability to adapt to
evolving threats
Vulnerable to attacks
targeting AI systems
Security
Orchestration
Coordinating security measures
across different network slices and
components
Creating frameworks based on ETSI
ZSM principles for security
management, like in the
6G-OPENSEC-SECURITY project.
Effective
coordination of
security measures
Complexity in
integration and
management
3. The ML Strategy within Network Slicing
3.1. The Role of Machine Learning
As previously noted, ML is one of the most promising security-enhancing techniques.
ML systems are trained with a set of data and learn to make decisions, after that, they
can make predictions or decisions with unknown data without explicit instructions or
human intervention [
79
]. Conducting this with the capacity to process vast volumes of
data, ML systems give valuable insights into the security situation of the network and
predict/prevent potential attacks [80].
As networks evolve in complexity, traditional security measures find it challenging
to cope. However, ML brings advanced capabilities, transcending rule-based systems,
enabling intelligent processing of vast network data, and identifying potential security
threats across various domains, including intrusion detection, privacy preservation, secure
routing, and threat intelligence [
69
,
81
]. ML’s ability to leverage past data and experiences
to detect malicious activities enables real-time threat detection. Moreover, its predictive
analytics provide lead time for mitigation against potential attacks. Additionally, its
adaptability facilitates continuous learning and model updates to address the evolving
landscape of cyber threats effectively.
There are many ML techniques that can be used to address the security challenges in
NS. Supervised learning and unsupervised learning are two widespread ML techniques.
The following will discuss these techniques and their applications in the security domain.
3.1.1. Supervised Learning
Supervised learning involves training a model with a labelled dataset, allowing it to
learn between input features and the respective outputs. After the training, the model
is tested with unlabelled data and generates output based on input–output pairings [
82
].
These algorithms rely on external guidance for the learning process.
Supervised learning, focusing on classification, finds particular efficacy in various
security applications such as intrusion detection systems (IDS), malware detection, spam
filtering, and anomaly detection [
72
]. Through labelled data, supervised learning models
can accurately categorize incoming data instances. This proficiency efficiently identifies
potential intrusions, malicious software, unsolicited emails, and abnormal patterns within
datasets. Notably, supervised learning exhibits high accuracy in detecting known threats
and can continually improve through feedback and retraining. However, it is not without
its drawbacks. Dependency on labelled datasets and susceptibility to overfitting, wherein
the model performs well on training data but struggles with unseen data, are among the
challenges associated with this technique [83].
3.1.2. Unsupervised Learning
Unsupervised learning is an ML paradigm in which the system solely receives input
data without associated target outputs. In this approach, data instances are unlabelled, and
the system endeavours to identify patterns or relationships among the variables and group
the data without external guidance. When new data are introduced, the system utilises
previously learned features to determine the data’s group [
84
]. This technique is valuable
Future Internet 2024,16, 226 13 of 36
for uncovering hidden structures, detecting patterns, and identifying relationships within
datasets [83].
Unsupervised learning is particularly advantageous in various security applications
such as network traffic analysis, and clustering for identifying similar network behaviours
and categorising threats [
71
]. Operating without the need for labelled data, unsupervised
learning algorithms excel in uncovering hidden structures and detecting abnormalities
within datasets. This capability allows for the efficient identification of unknown potential
threats, unusual user behaviours, and emerging undefined attack patterns. Because it can
deal better with unknown threats, unsupervised learning can create more robust anomaly
detection systems [
72
]. Notably, unsupervised learning offers the flexibility to adapt to
evolving threats and can uncover novel attack vectors that traditional security measures
may not capture. However, challenges such as the interpretability of results, lower accuracy,
and high computational complexity are among the considerations associated with this
approach [79].
3.2. The Role of Deep Learning
Deep learning, a subset of ML, employs artificial neural networks to tackle tasks
ranging from classification to decision-making. The standard artificial neural networks are
Convolutional Neural Networks and Recurrent Neural Networks. Deep learning mimics
how the human brain works, allowing machines to recognize patterns, classify information,
and make decisions [
85
]. Unlike traditional ML methods, deep learning algorithms learn
intricate patterns and features directly from raw data without requiring extensive human
intervention to handle undesirable outputs, fine-tune algorithms, and manual feature
extraction, deep learning operates differently. Its nested layers process data hierarchically,
independently learning intricate features and patterns [86].
Deep learning algorithms can process vast amounts of data, providing detailed insights
and precise predictions. In contrast to traditional analytics methods, which struggle with
the scale and complexity of these networks, deep learning shines in recognizing complicated
data patterns [87].
Also, DL techniques can effectively predict new attacks, often mutations of previous
ones, by learning from current instances, showcasing strong performance in identifying
cyber threats [86,88].
Thus, deep learning is a powerful tool for analysing large datasets and detecting
complex patterns, especially within network slicing and 5G, where networks’ dynamic and
heterogeneous nature demands robust security enforcement solutions.
However, despite its immense potential, deep learning poses challenges such as
computational intensity, the need for larger datasets, and the interpretability of the decision-
making process [79].
3.3. Practical Applications
Numerous instances in the literature showcase the application of AI to bolster security
within network slicing. This section aims to elucidate several examples, providing an
overview of their implementations and outcomes.
Authors of [
89
] have proposed the Secure5G framework aimed at fortifying the security
of network slicing functionalities within 5G networks. This framework adopts a network
slicing model driven by deep learning CNNs. It is strategically designed to pre-emptively
identify and neutralise potential risks posed by incoming connections before they penetrate
the core of the 5G network. The framework aims to achieve various objectives, including
detecting and mitigating Distributed Denial of Service (DDoS) attacks, analysing traffic
patterns, predicting future traffic trends, resource allocation to optimise slice performance,
and detecting unauthorised operations through User Equipment. It also keeps a detailed
database of devices and how users behave, learning from this information over time.
This includes all past and present connection requests from any device. Introducing a
new concept termed “Quarantine Slice,” the framework proposes a unique approach to
Future Internet 2024,16, 226 14 of 36
mitigate attacks by deploying a slice with minimal Quality-of-Service (QoS) parameters
and stringent requirements. Building upon the foundation laid by the DeepSlice [
90
] re-
search, Secure5G was evaluated with volume-based flooding and spoofing attack scenarios,
achieving a detection accuracy rate exceeding 98%. Future endeavours are poised to refine
the framework’s capabilities further, focusing on real-time model training.
The authors of [
91
] introduced the DeepSecure framework, leveraging Long Short-
Term Memory (LSTM) deep learning techniques to develop models for predicting slices and
detecting attacks within 5G network environments. The attack detection model, powered
by LSTM, predicts DDoS attacks originating from User Equipment network traffic, while
the slice prediction model anticipates appropriate slices for authorised User Equipment.
DeepSecure shares similarities with the previously discussed Secure5G [
89
] framework.
Evaluation of DeepSecure utilised the CICDDoS2019 [
92
] dataset, with training parameters
for attack detection and slice prediction models including learning rate, activation function,
optimizer, and epochs. The tests resulted in a 99.970% detection accuracy, surpassing the
performance of the Secure5G [89] framework.
The framework described by [
93
] introduces Intelligence Slicing, a unified AI frame-
work tailored for the software-defined virtualized 5G infrastructure, offering a holistic
approach to network management and security. The key features of this framework include
the cooperation between SDN and NFV. A notable aspect of the framework is the introduc-
tion of “intelligence slicing”, a concept allowing AI functional modules, or “intelligence
slices”, to be deployed on demand within the network. These slices are designed to execute
specific intelligent tasks and can utilise the most suitable AI algorithms optimised for the
task at hand. The framework also incorporates a specialised “security intelligence slice”
to address security challenges within industrial networks connected to the 5G infrastruc-
ture. This slice employs Machine Learning-based anomaly detection algorithms such as
Random Forest and Support Vector Machine (SVM). The efficacy of the anomaly detection
algorithms utilised within the security intelligence slice is thoroughly evaluated using
industrial network datasets; the DS1, DS2, and DS3 datasets were provided by Lemay
and Fernandez [
94
], and they are focused on detecting malware. The results show good
performance metrics, including high detection accuracy and F1-score, such as an accuracy
of 100% using the DS1 dataset and both algorithms.
Authors from [
95
] proposed a framework for managing resource allocation within
network slicing scenarios for cyber–physical systems under DDoS attacks. It consists of
two key components: the Radio Resource Hypervisor and the Computing Resource Hyper-
visor. The former optimises the allocation of virtual radio resources to physical resources
based on user channel conditions. At the same time, the latter efficiently allocates com-
puting resources to different network slices using a token-based kernel scheduler. Central
to the framework’s functionality is its alternating direction method of multipliers and a
learning-assisted algorithm, which continuously learns the performance characteristics
of network slices. When a DoS attack occurs, causing degradation in slice performance
despite consistent resource allocation, the algorithm detects this anomaly by observing
changes in resource utilisation efficiency. Subsequently, it dynamically adjusts resource allo-
cation to mitigate the attack’s impact, restoring network slice performance. The framework
demonstrates its effectiveness in maintaining network performance through experimen-
tal setups involving multiple network slices and simulated DoS attacks. The learning-
assisted algorithm successfully mitigates the impact of DoS attacks, restoring nearly 98% of
slice performance.
The FrameRTP4 framework proposed in [
96
] is designed to provide real-time detec-
tion and mitigation of attacks in 5G network scenarios. It follows the SDN architecture,
separating the solutions into data and control planes. The data plane uses a customizable
P4 program to implement a P4 table-based Access Control List for detecting and mitigating
known attacks. It also deploys a monitoring system called SFCMon, which uses probabilis-
tic data structures to track network flows and aid in attack detection. In the control plane,
FrameRTP4 uses a Python-based controller to manage the lifecycle of SFCs and wildcard
Future Internet 2024,16, 226 15 of 36
rules within the P4 table-based Access Control List. It also includes a decision-making
module that periodically collects statistical data from SFCMon and uses it as input to ML
algorithms to detect new threats automatically. When a new attack is detected, the module
triggers the creation of access control rules within the switches. The ML algorithms used in
the framework are based on the Random Forest model, which is trained using a custom
labelled dataset generated from real/controlled traffic measurements. The dataset includes
both legitimate user behaviours and real network threats, such as denial of service attacks
and port scans, but it was tested using the CTU-13 dataset [
97
]. The performance metric of
the algorithms that oversee threat detection was the True Positive Rate, and after several
tests, it could achieve a 99.99% True Positive Rate. However, the execution time is still
a limiting factor and future work aims to improve the algorithm’s performance using
metaheuristics. The study by [
98
] showcased a 5G prototype tailored for detecting and
mitigating DDoS attacks within sliced networks, focusing on the context of the European
project 5G-INSIGHT. This project aims to enhance security features in 5G and beyond,
particularly in Vehicle-to-Everything slicing, covering the spectrum from attack detection
to mitigation. Their prototype leverages a CNN-based Deep Learning model, implemented
using a lightweight, usable CNN in DDoS detection (LUCID) [
99
] model. LUCID is de-
scribed as a practical and lightweight solution for deep learning-based DDoS detection,
employing CNN features to classify traffic flows as either benign or malicious. The authors
constructed a labelled custom dataset to train, validate, and test our DL models. This
dataset encompasses synthetic DDoS attack samples alongside benign traffic samples. The
prototype employs a sinkhole-type slice strategy to mitigate attacks, isolating malicious
users within slices with limited physical resources. The authors claim that the prototype
achieves an impressive accuracy rate of nearly 97%.
Table 2summarises the described works, giving insights into the framework’s name,
the algorithm used, the performance metric used to evaluate the framework, a brief descrip-
tion, and the dataset used to test the framework. As is evident, Deep Learning emerges as
the most prevalent technique, and the frameworks demonstrate consistently strong perfor-
mance across the board. Also, it is possible to see a tendency to develop these mechanisms
to protect against DDoS/DoS attacks.
Table 2. Summary of the developed works about AI and security in network slicing.
Framework Used Algorithms Performance Metric Protected
Attack Description Dataset Used
Secure5G
[89]Deep learning CNNs
Detection
Accuracy
98%
DDoS
Pre-emptively identifies and
neutralises volume-based
flooding and spoofing attacks.
Custom
Dataset
DeepSecure [91]Long Short-Term
Memory (LSTM)
Detection
Accuracy 99.97% DDoS
Predicts slices and detects attacks
within 5G networks, focused on
DDoS attacks.
CICDDoS2019 [92]
Intelligence
Slicing [93]
Random Forest, Support
Vector Machine
Detection
Accuracy
100%
Malware
Offers 5G network management
and security, with a specialised
“security intelligence slice”
employing ML-based
anomaly detection.
DS1, DS2, DS3
datasets [94]
Resource
Allocation
Framework [95]
ADMM
Learning-assisted
algorithm
Slice
performance restoration
rate 98%
DoS
Optimises resource allocation in
network slicing for cyber–physical
systems, adapting dynamically to
counteract DoS attacks.
N/A
FrameRTP4 [96] Random Forest True
Positive Rate—99.99%
Multiple attacks
such as DoS and
PortScans
It provides real-time detection
and mitigation of attacks in 5G
network slicing scenarios using
ML algorithms based on
Random Forests.
CTU-13 [97]
5G
Prototype [98]
Lightweight, usable
CNN (LUCID) [99]
Detection
Accuracy
97%
DDoS
Tailored for detecting and
mitigating DDoS attacks within
Vehicle-to-Everything slices.
Custom dataset
Future Internet 2024,16, 226 16 of 36
4. Policy/Intent-Based Security in SDN and NFV Networks
4.1. Policy-Based Networking Development
Previously, when enhancing the security of networks using policies, all methods re-
quired manual configurations, and even though high-level policy languages have been
around for quite some time, as in the case of Ponder, which was defined in 2001, implemen-
tations that used them were scarce and very limited, since most of the process could not be
automated. The development of policy-based networking (PBN) has evolved to uphold
network security and efficient resource management, as discussed in the work of [
100
],
which focuses on designing energy-efficient networks with minimal environmental impact.
This is possible due to the research conducted into refining policies using algorithms that
adapt them based on predefined criteria such as energy efficiency. Still, in the context
of the development of this tool since its inception, [
101
] explains how the development
of technologies such as SDN further increased the integration of policies into the defini-
tion of how networks are structured and deployed. In this work, OpenFlow was used
in the automation of policy enforcement across network devices, and these policies were
translated from human-readable security policies into actionable network configurations
through the OpenSec framework explicitly developed for this work and with the intent of
making it possible to enforce these abstract security policies dynamically within SDN. For
future reference, since even though there are some discrepancies in how the policies are
applied, translated, or enforced, the process itself is usually very similar; the following are
the procedures in OpenSec for a successful security policy enforcement in networks that
are instantiated through SDN and utilise Network Function Virtualization (NFV), and the
further-discussed implementations will have many similarities:
•
Policy Definition: Network administrators define security policies using the OpenSec
language (a high-level policy language).
•
Policy Translation: The SDN controller translates these high-level policies into low-
level flow rules that can be implemented in the network hardware. This translation is
critical to enabling dynamic, automated security management.
•
Flow Processing: Based on the translated rules, network flows are directed to appro-
priate security services. For instance, if a flow is identified as needing deep packet
inspection (DPI), others need to be passed through an IDS.
•
Security Event Handling: When a security service detects a threat (such as malicious
traffic identified by an Intrusion Detection System (IDS)), it alerts the SDN controller.
The controller then takes predefined actions, including blocking the traffic, rerouting
it, or simply logging the event.
•
Policy Enforcement: The SDN controller continuously monitors compliance with secu-
rity policies and can adjust flow rules dynamically in response to network conditions
or security incidents. This continuous monitoring is what security policy enforcement
is mostly about and why the development of SDN has been so advantageous for
its implementation.
Furthermore, the process can also be found in the older literature articles that pre-
ceded the implementations that will be discussed further in this section and have defined
architectures of policy-based management for what used to be described as programmable
networks, now referred to as SDNs. One of these examples of architecture on which most
current implementations are based is present in the work of [
102
]. In their proposed archi-
tecture, it is possible to find a hierarchical structure organised into two tiers consisting of
the Network Management System (NMS) and the Element Management System (EMS);
both are still present to a point in current SDN architectures in terms of functionality, albeit
with different terminology. The policies are defined at the NMS level and translated as well
as enforced down to the EMS and network elements. Both the NMS and EMS can extend
their functionalities dynamically to support new services, and the following illustration
(Figure 2) depicts how this architecture was defined.
Future Internet 2024,16, 226 17 of 36
Future Internet 2024, 16, x FOR PEER REVIEW 17 of 38
• Policy Translation: The SDN controller translates these high-level policies into low-
level flow rules that can be implemented in the network hardware. This translation
is critical to enabling dynamic, automated security management.
• Flow Processing: Based on the translated rules, network flows are directed to ap-
propriate security services. For instance, if a flow is identified as needing deep
packet inspection (DPI), others need to be passed through an IDS.
• Security Event Handling: When a security service detects a threat (such as mali-
cious traffic identified by an Intrusion Detection System (IDS)), it alerts the SDN
controller. The controller then takes predefined actions, including blocking the traf-
fic, rerouting it, or simply logging the event.
• Policy Enforcement: The SDN controller continuously monitors compliance with
security policies and can adjust flow rules dynamically in response to network con-
ditions or security incidents. This continuous monitoring is what security policy en-
forcement is mostly about and why the development of SDN has been so advanta-
geous for its implementation.
Furthermore, the process can also be found in the older literature articles that pre-
ceded the implementations that will be discussed further in this section and have de-
fined architectures of policy-based management for what used to be described as pro-
grammable networks, now referred to as SDNs. One of these examples of architecture on
which most current implementations are based is present in the work of [102]. In their
proposed architecture, it is possible to find a hierarchical structure organised into two ti-
ers consisting of the Network Management System (NMS) and the Element Management
System (EMS); both are still present to a point in current SDN architectures in terms of
functionality, albeit with different terminology. The policies are defined at the NMS level
and translated as well as enforced down to the EMS and network elements. Both the
NMS and EMS can extend their functionalities dynamically to support new services, and
the following illustration (Figure 2) depicts how this architecture was defined.
Figure 2. FAIN architecture from [102].
Figure 2. FAIN architecture from [102].
As it is feasible to see, within the architecture, it can be found components such
as Policy Definition Points (PDPs), Policy Enforcement Points (PEPs), and Resource En-
forcement Points (REP) which are also replicated in Virtual Environments (VEs) within
the Active Network (AN) nodes. The roles of PDPs and PEPs are crucial for the policy-
based management of these networks, the PDPs are responsible for making decisions
based on management policies present within the REPs enforced by PEPs at various levels
and points within the network itself. These PEPs translate the decisions into actionable
configurations on the network elements. The architecture utilises an AN node that can
execute dynamically deployed services, enhancing the network’s flexibility and respon-
siveness. This translation process is a recurrent theme within policy-based networking,
and in the case of this precursor architecture, the NMS handles the higher-level poli-
cies, and only after a translation process can they be used by the EMS, which focuses on
element-specific configurations.
4.2. Advancements in Policy Implementation Techniques
It was mentioned how SDN has helped propel the use of policies to enforce security
in modern networks [
101
]. Indeed, this has been advantageous for disseminating security
policy enforcement in networks at large; however, the combination of SDNs with NFVs
is when security policy enforcement is truly at its best in the current state of networking.
This combination provides a flexible and dynamic environment for managing security
policies efficiently, as is described in the work of [
103
], which, similarly to the work of [
101
],
takes advantage of the centralised nature of SDN’s control mechanisms to dynamically
apply and modify security policies based on real-time network conditions and threats.
The flexibility of this policy enforcement can be enhanced using NFVs as demonstrated
in [
104
], whose work deals with embedding virtual networks that adhere to specific security
policies across multiple domains, leveraging SDN and NFV technologies to emphasise
inter-domain consistency. The study showcases how policy-based virtual network embed-
ding can significantly enhance security in a multi-tenant environment, which is precisely
Future Internet 2024,16, 226 18 of 36
what it is shifting towards, by maintaining strict adherence to security policies across the
different network domains. Another way to approach security enforcement is by using
the framework proposed in [
105
], which defines a policy scheme comprising four policy
functions: separating, chaining, merging, and reordering. Even though the name of these
functions is quite suggestive, a brief description will make it easier to understand how they
benefit the network into which they are implemented.
•
Separating: this divides the virtual services and decreases the size of the attack flows
using a load balancer.
•
Chaining: this links many VNFs to prevent various attack flows and constructs
extensive security systems.
•
Merging: this combines unnecessary VNFs to optimise the security system and the
system’s resources.
•
Reordering: this reorders current VNFs depending on the type and strength of the
current attack flows.
With these four policy functions, not only were the system’s resources applied more
effectively, but the network was also designed more efficiently, and the system’s security
was enhanced due to these dynamic intra-domain configuration and reconfiguration capa-
bilities. Besides this approach to policy-based networking, it is also possible to find in this
work, as well as in the aforementioned work of [
103
], examples of how the policy-based
network architecture has changed since its inception, as has been discussed previously
in the FAIN architecture presented. In [
103
], it is found that policy-based networking is
easily integrated into SDNs, which decouples the architecture into three different planes.
The data plane is where the physical (or virtualized) infrastructure lies and connects to the
control plane (via Southbound Interfaces), where network services are managed through
the SDN Controller. This plane is connected to the application plane (via Southbound
Interfaces) where the applications themselves are deployed as well as the Policy-based
Security Architecture (PbSA) as described in the following depiction (Figure 3).
Future Internet 2024, 16, x FOR PEER REVIEW 19 of 38
aged through the SDN Controller. This plane is connected to the application plane (via
Southbound Interfaces) where the applications themselves are deployed as well as the Pol-
icy-based Security Architecture (PbSA) as described in the following depiction (Figure 3).
Figure 3. PbSA integrated into SDN architecture [103].
Within the PbSA found two types of repositories: a Topology Repository, which
contains information on the network’s topology and is critical for routing and managing
traffic, and a Policy Repository, which holds the policy expressions that define the secu-
rity and operational guidelines for the network. Another crucial component in the PbSA
is the Policy Manager, which manages all security operations within the network, ensur-
ing policies are correctly implemented as well as updated. The Extraction Engine or
Evaluation Engine is responsible for monitoring incoming network traffic and evaluat-
ing it against the stored policies to determine if they are being compiled (notice the simi-
larity of PDPs with the functionality of this component and the Policy Manager). The
Policy Enforcer (analogous to the PEPs) is the component that applies the determined
flow rules to the network’s traffic, ensuring that only policy-compliant traffic is allowed,
lastly, the Handle Creator generates handles for packets that travel across the network,
enhancing security by ensuring packet authenticity and integrity. This decoupling of
network layers based on functionality is expected in SDNs and allows them to be flexible
and dynamic. The PbSA takes full advantage of this by being able to manage security
policies from a single point of control. This centralization simplifies the administration
of complex policy rules across various network devices, enabling consistency and fast
adjustments throughout the whole network topology. Since the SDNs allow a compre-
hensive network view, the PbSA can use this enhanced visibility to monitor all traffic
flows across the network more effectively, thus providing a more accurate and timely
detection of anomalies or policy violations.
4.3. Transition to Intent-Based Networking
After delving into the literature on the current state of networking paradigms, it
was easy to notice a shift toward what is referred to as intent-based networking. This
relatively recent concept adds another level of abstraction to what has been seen in poli-
cy-based networks, and in this new paradigm of networking, which is much more user-
Figure 3. PbSA integrated into SDN architecture [103].
Within the PbSA found two types of repositories: a Topology Repository, which
contains information on the network’s topology and is critical for routing and managing
traffic, and a Policy Repository, which holds the policy expressions that define the security
Future Internet 2024,16, 226 19 of 36
and operational guidelines for the network. Another crucial component in the PbSA is
the Policy Manager, which manages all security operations within the network, ensuring
policies are correctly implemented as well as updated. The Extraction Engine or Evaluation
Engine is responsible for monitoring incoming network traffic and evaluating it against
the stored policies to determine if they are being compiled (notice the similarity of PDPs
with the functionality of this component and the Policy Manager). The Policy Enforcer
(analogous to the PEPs) is the component that applies the determined flow rules to the
network’s traffic, ensuring that only policy-compliant traffic is allowed, lastly, the Handle
Creator generates handles for packets that travel across the network, enhancing security by
ensuring packet authenticity and integrity. This decoupling of network layers based on
functionality is expected in SDNs and allows them to be flexible and dynamic. The PbSA
takes full advantage of this by being able to manage security policies from a single point
of control. This centralization simplifies the administration of complex policy rules across
various network devices, enabling consistency and fast adjustments throughout the whole
network topology. Since the SDNs allow a comprehensive network view, the PbSA can use
this enhanced visibility to monitor all traffic flows across the network more effectively, thus
providing a more accurate and timely detection of anomalies or policy violations.
4.3. Transition to Intent-Based Networking
After delving into the literature on the current state of networking paradigms, it was
easy to notice a shift toward what is referred to as intent-based networking. This relatively
recent concept adds another level of abstraction to what has been seen in policy-based
networks, and in this new paradigm of networking, which is much more user-centric than
previous ones; the objective is to give the user the possibility of asking what it wants from
the network without worrying how this is achieved in a way that is as user-friendly as
possible. To better understand this concept, studying the works of [
106
,
107
] shows how and
why this transition from policy-based networking to intent-based networking happened.
Their works discuss the limitations of policy-based networking, which is a more rigid,
less scalable network methodology, and this causes it to struggle with the current rise
of network complexity leveraged by technologies such as cloud computing, IoT, and the
ever-present NS into which these technologies can be integrated. This means that the issue
lies in scalability and flexibility, and even though policy-based networks are considerably
more autonomous than previous network paradigms, they still require manual intervention
for changes and updates, which also introduces the possibility of human error in network
configuration. This is the gap that intent-based networking (IBN) tries to bridge; by
granting a higher level of abstraction in the network configuration, it introduces more
flexibility, which was not possible when using policy-based methods that required the
network to follow static configurations that do not easily accommodate changes in business
requirements or network conditions. This flexibility will be demonstrated further in
this section, but first, the process that is required to deploy intent-based networks must
be known, and therefore we look at some of the things that remained from policy-based
networking and what has changed in this new methodology. For that purpose, insights from
the work of [
108
] can also be drawn, which showcases how IBNs translate users’ business
intent(s) into network strategies, thereby moving beyond policy-driven approaches. This
work also demonstrates how AI, which was already discussed previously in the context
of NS, can be integrated into this paradigm for real-time network fault identification,
network optimization, and the integral process of intent translation, which is the key to
IBNs. Therefore, it is safe to say that AI will undoubtedly help propel this paradigm shift
once it has matured enough in these applications. Nonetheless, the whole process can be
illustrated as follows.
Summing up, the illustrated process (Figure 4) can be described in a few steps:
•
Intent Profiling: This first step involves defining the intent, which should be in an
easily understandable, declarative statement of what is expected from the network.
Future Internet 2024,16, 226 20 of 36
This contrasts with policy-based networking, where specific rules and configurations
are detailed.
•
Intent Translation: After being defined, the high-level intent must be translated into
actionable network policies and configurations. Unlike policy-based systems that
apply rules directly, IBN systems interpret intents and determine the best methods to
achieve the desired outcomes.
•
Intent Resolution and Activation: Before being activated, potential conflicts among
different intents must be addressed, ensuring that new intents do not disrupt existing
network functions. This dynamic adjustment capability is a significant advancement
over static policy-based systems.
•
Intent Assurance: Much like in policy-based systems, the process of continuously
monitoring network performance to ensure that it aligns with the defined policies,
and in this case, the intent, is critical to maintaining a reliable service. However, in
the case of intent-based networking, its inherent flexibility allows it to adapt faster to
changes in network conditions or business objectives over time.
Future Internet 2024, 16, x FOR PEER REVIEW 21 of 38
Figure 4. Intent-based networking deployment process [106].
This helps us understand the general process; however, there are still a lot of dis-
crepancies in the literature regarding the process of translation. For that reason, the fol-
lowing figure of an IBN model for intent translation, present in the same work as the
previous figure, can help clear up how this is handled.
Looking at the depiction (Figure 5), one might ask what would happen in the case
of conflicting policies because, as mentioned before, a conflict resolution process must be
implemented for these scenarios. In these situations, the system relies on its built-in logic
to determine which policies are essential for maintaining critical services and which can
be temporarily relaxed. This decision is based on predefined business priorities and the
potential impact of each policy on overall network performance. For instance, if an IBN
system is tasked with ensuring high-quality video conferencing (this would represent a
high-priority intent) while also managing extensive file transfers (this would represent a
lower-priority intent), the system might temporarily degrade the bandwidth available
for file transfers during crucial business hours to ensure video conferencing quality is
not compromised.
Figure 4. Intent-based networking deployment process [106].
This helps us understand the general process; however, there are still a lot of discrep-
ancies in the literature regarding the process of translation. For that reason, the following
figure of an IBN model for intent translation, present in the same work as the previous
figure, can help clear up how this is handled.
Looking at the depiction (Figure 5), one might ask what would happen in the case
of conflicting policies because, as mentioned before, a conflict resolution process must be
implemented for these scenarios. In these situations, the system relies on its built-in logic
to determine which policies are essential for maintaining critical services and which can
be temporarily relaxed. This decision is based on predefined business priorities and the
potential impact of each policy on overall network performance. For instance, if an IBN
system is tasked with ensuring high-quality video conferencing (this would represent a
high-priority intent) while also managing extensive file transfers (this would represent
a lower-priority intent), the system might temporarily degrade the bandwidth available
for file transfers during crucial business hours to ensure video conferencing quality is
not compromised.
Future Internet 2024,16, 226 21 of 36
Future Internet 2024, 16, x FOR PEER REVIEW 22 of 38
Figure 5. IBN model for intent translation [106].
4.4. Enhancing Security in SDNs and NFVs through PBN
While researching how policy-based networking can be applied to network security,
quite a few examples of proposed systems for automating policy enforcement in SDNs
and NFVs came across. One is the work proposed, implemented, and validated in the
thesis of [61] that revolves around using the VEREFOO (Verified Refinement and Opti-
mised Orchestration) framework, designed to automate security policies in an NFV en-
vironment. This framework enhances security automation by providing tools for refin-
ing policies from high-level language to medium-level and eventually into network con-
figurations like IP quintuples. The framework is leveraged to develop a module that al-
lows for consistent multi-language translation among several packet filters in the market
and focuses on the security within NFV by analysing packet filter behaviour and facili-
tating the translation process by considering the different firewall languages used in var-
ious scenarios. The implementation described in this extensive work is tailored to multi-
ple firewall platforms, including Iptables, IpFirewall, BPF-iptables (developed by the
University of Torino), Open vSwitch, and Fortinet. The network is configured in a way
Figure 5. IBN model for intent translation [106].
4.4. Enhancing Security in SDNs and NFVs through PBN
While researching how policy-based networking can be applied to network security,
quite a few examples of proposed systems for automating policy enforcement in SDNs and
NFVs came across. One is the work proposed, implemented, and validated in the thesis
of [
61
] that revolves around using the VEREFOO (Verified Refinement and Optimised
Orchestration) framework, designed to automate security policies in an NFV environment.
This framework enhances security automation by providing tools for refining policies from
high-level language to medium-level and eventually into network configurations like IP
quintuples. The framework is leveraged to develop a module that allows for consistent
multi-language translation among several packet filters in the market and focuses on the
security within NFV by analysing packet filter behaviour and facilitating the translation
process by considering the different firewall languages used in various scenarios. The
implementation described in this extensive work is tailored to multiple firewall platforms,
including Iptables, IpFirewall, BPF-iptables (developed by the University of Torino), Open
vSwitch, and Fortinet. The network is configured in a way that is enforced across all these
platforms, ensuring that the translated security policies adhere to the defined medium-
level abstraction model. In terms of testing and validation, the implemented models were
tested in various network scenarios, confirming that the policy translations act as intended
Future Internet 2024,16, 226 22 of 36
by the medium-level abstraction model. Another instance of security enhancement via
security policies in this type of network is explored in [
109
], which also uses a refinement
model that transforms high-level security requirements into specific configurations for
network security functions (NSFs). This work required two models: a capability model
that defines the NSFs and ensures they meet the specific security policy requirements and
optimization models used to select the optimal NSFs to implement the required security
measures based on performance and security criteria. In its implementation, the proposed
system extends the OpenMANO framework, incorporating a Security Awareness Manager
(SAM) to execute policy refinements. This addition allowed for real-time adaptations to
the network or policy changes, mitigating one of the usual limitations in policy-based
networking, and since it extends upon an already existing framework, implementing it
becomes easier than developing a standalone system. After implementation, the system
was validated using different network scenarios to ensure its practicality and efficiency
in real-world applications, which entailed performance testing to confirm that policy
refinement scales appropriately for current networks and for what is expected in larger-
scale virtualized networks.
For IoT systems that utilise SDN and NFV technologies, an innovative approach to
enhance the flexibility of these systems via a semantic-aware, zero-touch, policy-driven
security orchestration framework that facilitates dynamic and conflict-free security policy
enforcement and VNF, or in this case Virtual Network Security Function (VSF) orchestration,
was also found in [
110
]. Beyond the use of semantic-aware orchestration that can handle
high-level security requirements, this approach incorporates an optimised algorithm for
Service Function Chaining (SFC) that maximises QoS, security aspects, and resource usage
during the deployment and lifecycle management of VSFs. Still, in the context of IoT
networks which possess an inherent heterogeneity and constrained nature of devices,
the work of [
111
] proposes a methodology that utilises optimization theory, in this case,
the Maximum Satisfiability Modulo Theories (MaxSMT), to automatically compute and
enforce security configurations in SDN-based IoT networks. Like in previous examples of
applied policy enforcement, this enforcement is carried out dynamically by adapting to
network conditions or threat landscape changes by configuring SDN switches in response to
detected threats or policy changes. Using MaxSMT, the framework guarantees the formal
correctness of the security conditions applied, ensuring that the implemented security
measures match the specified policies without needing post-configuration verification. This
methodology also provides some advantages to previously discussed examples, since it
optimises the placement and configuration of SDN switches to minimise resource usage
while maximising security effectiveness, which includes minimising the impact of attacks
and enhancing bandwidth allocation by placing SDN switch rules as close to the traffic
source as possible.
5. Use Case of 6G-OPENSEC-Security
In the ever-evolving landscape of telecommunications, driven by the advent of 6G
and the increasing demand for ultra-fast and highly reliable connectivity, security has
emerged as a critical priority. With the proliferation of connected devices and the grow-
ing virtualization of network infrastructure, ensuring data integrity, confidentiality, and
availability has become a complex and multifaceted challenge. In this scenario, which has
already been mentioned, the traditional approach to security, based on static and reactive
measures, is no longer adequate to address today’s dynamic and sophisticated threats.
There is a need to adopt a more agile, proactive, and adaptable approach to ensure the
proper protection of network resources and sensitive user data. This section aims to explore
the use cases and applications of dynamic security service provisioning as an effective
response to emerging challenges in network-slicing environments. Through the analysis of
concrete cases and specific use scenarios, it will be examined how dynamic security service
provisioning can enhance security in network slicing, ensuring robust and adaptable pro-
tection in the face of evolving threats. In particular, the focus will be on the crucial role of
Future Internet 2024,16, 226 23 of 36
a Security Closed-Loop (SCL) as a fundamental component in dynamic security service
provisioning, highlighting its essential functionalities and its impact on ensuring security
in network slicing. One project being developed is 6G-OPENSEC. This project aims to
deliver security, trust, and quantum critical distribution solutions designed for 6G transport
networks, employing an open and adaptable architecture. This project is divided into
three projects: 6G-OPENSEC-SECURITY (https://www.cttc.cat/project/secure-network-
slice-manager-for-open-and-disaggregated-6g-networks/ (accessed on 29 April 2024)),
6G-OPENSEC-TRUST (https://www.cttc.cat/project/dlt-based-trust-management-for-
open-and-disaggregated-6g-networks/ (accessed on 29 April 2024)), and 6G-OPENSEC-
KEYS (https://www.cttc.cat/project/quantum-key-distribution-for-security-in-open-and-
disaggregated-6g-networks/ (accessed on 29 April 2024)).
Since the security aspects of these upcoming networks have been discussed, our
focus will be on 6G-OPENSEC-SECURITY. It promotes network management and security
automation by following ETSI’s standardised ZSM architecture. Also, it proposes a security
model designed in a Closed-Loop architecture, which has been showcased in the work
of [
112
], enabling not only the automation of network management in terms of resources
and deployment as well as security features that are enforced via network policies. This
automation not only reduces the complexity of management and security tasks from the
operator’s point of view but also the possibility of human error present in previously
employed architectures that did not rely as much on automating tasks.
Indeed, this automation does provide some new challenges in terms of reliability;
however, this is why a Closed-Loop architecture was chosen when applying security.
This type of architecture ensures continuous monitoring of network operations as well as
auditability for any past actions or configurations that may result in network faults, which
are used to facilitate processes of self-healing, self-optimization, and self-configuration of
the network based not only on prior knowledge to its deployment but also after the service
has been implemented.
5.1. General Architecture
The framework for the 6G-OPENSEC-SECURITY project is rooted in the ETSI GS ZSM
002 specification. ZSM aims to create a fundamental architecture (Figure 6) that allows for
completely autonomous solutions for 5G and beyond network operations, i.e., with zero
human intervention.
Future Internet 2024, 16, x FOR PEER REVIEW 25 of 38
Figure 6. ZSM reference architecture.
This way, it is possible to draw the alignment of the 6G-OPENSEC-SECURITY with
the ZSM architecture. Figure 7 illustrates this alignment with the general ZSM structure.
The framework for the 6G-OPENSEC-SECURITY project is rooted in the ETSI GS
ZSM 002 specification. Figure 7 illustrates this framework, drawing its alignment with
the general ZSM structure.
Figure 7. 6G-OPENSEC-SECURITY reference architecture.
In Figure 7, two pivotal elements emerge within this framework: the Security
Closed-Loop Governance (SCLG) and the Security Closed-Loop Automation (SCLA).
Figure 6. ZSM reference architecture.
Future Internet 2024,16, 226 24 of 36
This way, it is possible to draw the alignment of the 6G-OPENSEC-SECURITY with
the ZSM architecture. Figure 7illustrates this alignment with the general ZSM structure.
Future Internet 2024, 16, x FOR PEER REVIEW 25 of 38
Figure 6. ZSM reference architecture.
This way, it is possible to draw the alignment of the 6G-OPENSEC-SECURITY with
the ZSM architecture. Figure 7 illustrates this alignment with the general ZSM structure.
The framework for the 6G-OPENSEC-SECURITY project is rooted in the ETSI GS
ZSM 002 specification. Figure 7 illustrates this framework, drawing its alignment with
the general ZSM structure.
Figure 7. 6G-OPENSEC-SECURITY reference architecture.
In Figure 7, two pivotal elements emerge within this framework: the Security
Closed-Loop Governance (SCLG) and the Security Closed-Loop Automation (SCLA).
Figure 7. 6G-OPENSEC-SECURITY reference architecture.
The framework for the 6G-OPENSEC-SECURITY project is rooted in the ETSI GS
ZSM 002 specification. Figure 7illustrates this framework, drawing its alignment with the
general ZSM structure.
In Figure 7, two pivotal elements emerge within this framework: the Security Closed-
Loop Governance (SCLG) and the Security Closed-Loop Automation (SCLA). The SCLG
consists of two integral modules: the Closed-Loop Manager and the Closed-Loop Coordi-
nator. On the other hand, the SCLA comprises four distinct modules: Security Decision,
Security Data Analytics, Security Data Collection, and Security and Privacy data service.
The responsibilities of each one of these elements are:
•
SCLA—This component is responsible for processing the results obtained from the
monitoring process. It identifies the data samples requiring evaluation and triggers
processes to mitigate the detected security threat.
•
SCLG—This component oversees the coordination and management of all created
closed loops and their governance.
Collectively, these components form the Security Closed-Loop (SCL), working in tan-
dem to ensure robust governance and automation within the network-slicing environment.
Overall, the SCL is a mechanism that serves as the backbone for continuous monitoring
and analysis of network service performance. It helps operators take proactive measures,
anticipating potential issues before they arise while enabling prompt, reactive responses
to detected anomalies. This comprehensive approach ensures the sustained delivery of
high-quality services while maximising security within the network slice. However, in this
section, the focus will be on the SCLA component and its modules.
5.2. Security Closed-Loop Automation Architecture
At its core, the SCLA integrates monitoring, decision-making, and automated re-
sponses to ensure robustness against potential threats while maintaining adaptability and
scalability. Unlike conventional security systems that react to known threats, the SCLA
continuously monitors the environment, learns from it, and adjusts its defences in real-time
based on predictive analysis, taking advantage of technologies like AI and policy-based
networking. Its key objectives include:
Future Internet 2024,16, 226 25 of 36
•
Proactive Security: Shifting from reactive to proactive measures, the system anticipates
and mitigates threats before they manifest by continuously monitoring and adapting
its defences based on predictive analysis.
•
Real-time Threat Response: Acting swiftly and decisively in the face of security threats,
it minimises potential damage through modules like Security Decision and Security
Data Analytics, which enable real-time detection of anomalies and a response.
•
Adaptive Learning: Staying ahead of evolving threats by continuously learning from
past experiences and current data.
•
Operational Efficiency: Ensuring that security measures enhance system performance
rather than hinder it.
To fulfil these objectives, the SCLA has been proposed to contain the following software
components, which are the primary line of defence in networks that implement this kind of
security architecture:
•
Security Data Collection: The purpose of this component is to collect network data,
as it is proposed to be integrated with network probes that capture packets of network
traffic and are later retrieved by the component. Data collection can be carried out via
APIs or through data brokers, whichever best fits the network topology.
•
Security Data Analytics: This component is responsible for analysing the collected
data and detecting any possible threats or anomalies within the surveilled network
through the use of AI models. The proposed project model integrates a DDoS de-
tection model such as LUCID [
99
]; however, this component is flexible enough to
integrate other types of ML and DL models that can detect different types of attacks in
network traffic.
•
Security Decision: Since the deployed and surveilled services must comply with
specific security policies, this component was developed to ensure that appropriate
action is taken to solve the issue in case of an attack or non-compliance with the
requested policies. A knowledge base is required to ensure that each violated policy
has an appropriate corrective directive.
•
Security and Privacy data service: This is the specialised module responsible for
securely managing and storing security data within the closed loop. In other words, it
is the SCLA’s database.
In Figure 8it is possible to see how these components interact with each other in a
high-level way.
Future Internet 2024, 16, x FOR PEER REVIEW 27 of 38
action is taken to solve the issue in case of an attack or non-compliance with the re-
quested policies. A knowledge base is required to ensure that each violated policy
has an appropriate corrective directive.
• Security and Privacy data service: This is the specialised module responsible for
securely managing and storing security data within the closed loop. In other words,
it is the SCLA’s database.
In Figure 8 it is possible to see how these components interact with each other in a high-
level way.
Figure 8. A high-level overview of the interaction between these components.
5.3. Applying ML/DL and Security Policies
From what has been discussed in Sections 3 and 4, it is necessary to disseminate
where and how AI and security policies have been applied and enforced within the pro-
posed Closed-Loop architecture. All the components within the SCL are essential for the
continuous monitoring and security of deployed service-based slices; however, most of
the complexity within these processes is handled by two components, namely the Secu-
rity Data Analytics and Security Decision components, which are where Deep Learn-
ing/Machine Learning models and security policies are enforced, respectively. The use of
AI in the SCL closely resembles how it was used in the work of [89], wherein Deep
Learning was applied in the network slicing infrastructure of 5G networks to detect and
mitigate threats proactively. The way that policies were reinforced is also like how, in the
ANASTACIA (http://www.anastacia-h2020.eu/ (accessed on 29 April 2024)) Project, poli-
cy conflicts are resolved by checking already applied policies to requested policies, and
these are further enforced through the integration of security orchestrators that check
their compliance throughout the network.
However, in this project, the role of these security orchestrators is attributed to the
Security Decision to mitigate detected threats by the Security Data Analytics, which, in a
sense, showcases that the SCL combines principles from both these projects into one. The
following are details of both key components of the SCL for a better understanding of
their context within the SCL and their roles.
5.3.1. Security Data Analytics
The SDA component is the analytical powerhouse of this subdomain of components
in the closed-loop system. It processes raw security data collected by the Security Data
Collection component, turning them into meaningful insights that can be acted upon. Its
primary focus is on dissecting and understanding the vast amounts of data expected to
flow through the network and system to identify patterns, anomalies, and potential
threats. In other words, the Security Data Analytics component is responsible for making
Figure 8. A high-level overview of the interaction between these components.
5.3. Applying ML/DL and Security Policies
From what has been discussed in Sections 3and 4, it is necessary to disseminate where
and how AI and security policies have been applied and enforced within the proposed
Closed-Loop architecture. All the components within the SCL are essential for the con-
tinuous monitoring and security of deployed service-based slices; however, most of the
Future Internet 2024,16, 226 26 of 36
complexity within these processes is handled by two components, namely the Security Data
Analytics and Security Decision components, which are where Deep Learning/Machine
Learning models and security policies are enforced, respectively. The use of AI in the
SCL closely resembles how it was used in the work of [
89
], wherein Deep Learning was
applied in the network slicing infrastructure of 5G networks to detect and mitigate threats
proactively. The way that policies were reinforced is also like how, in the ANASTACIA
(http://www.anastacia-h2020.eu/ (accessed on 29 April 2024)) Project, policy conflicts are
resolved by checking already applied policies to requested policies, and these are further
enforced through the integration of security orchestrators that check their compliance
throughout the network.
However, in this project, the role of these security orchestrators is attributed to the
Security Decision to mitigate detected threats by the Security Data Analytics, which, in a
sense, showcases that the SCL combines principles from both these projects into one. The
following are details of both key components of the SCL for a better understanding of their
context within the SCL and their roles.
5.3.1. Security Data Analytics
The SDA component is the analytical powerhouse of this subdomain of components
in the closed-loop system. It processes raw security data collected by the Security Data
Collection component, turning them into meaningful insights that can be acted upon. Its
primary focus is on dissecting and understanding the vast amounts of data expected to
flow through the network and system to identify patterns, anomalies, and potential threats.
In other words, the Security Data Analytics component is responsible for making sense of
the massive amounts of security data constantly being collected and identifying critical
threats and vulnerabilities.
This component uses a variety of advanced analytics techniques, such as ML, to
identify trends and anomalies in the data. Also, it generates alerts when it detects suspicious
activity and can provide reports and recommendations on the overall security posture of
the network.
Key Features/Responsibilities:
•
Proactive Analysis: Security Data Analytics can spot possible dangers before they
result in damage by examining network data. This can be achieved by detecting
patterns and trends in the data, which can be indicators of consistent threats or
system behaviours that need to be kept in check (such as a system vulnerability). ML
algorithms can be used to help detect complex patterns.
•
Anomaly Detection: Beyond recognizing patterns, the Security Data Analytics com-
ponent is responsible for detecting anomalies—unusual behaviours or data points that
deviate from the norm and can indicate potential security threats. This may include
any actions such as unauthorised access, suspicious network traffic, malicious user
activity, and more. ML methods will be employed to find anomalies.
•
ML Models Ensemble: Security Data Analytics may also offer an ensemble approach
for detecting and predicting anomalies. This approach combines the use of multiple
ML models to enhance the system’s robustness and accuracy. An approach could
be to use anomaly detection models to separate data and then apply different types
of predictors.
•
Data Visualization: To aid operators and other system components of the system
in understanding the security landscape, Security Data Analytics might offer visual
representations of data, highlighting key insights, threats, and patterns in real time.
This would speed up any particular action that is required to be performed manually
in the system.
•
Security Report Generation: It is important to create security reports regularly, to
document, communicate, and analyse the systems’ security state. The SDA may
generate some security reports. These reports can become important documentation
Future Internet 2024,16, 226 27 of 36
for legal purposes. They can also provide detailed information about security incidents,
giving information about causes and impacts.
Table 3gives a detailed description of all the modules that constitute the Security Data
Analytics component that work together to achieve its functionality.
Table 3. Security Data Analytics modules and their functionalities.
Subcomponent Purpose Key Features Interfaces
Data Processing &
Transformation Engine (DPTE)
Prepares/reconstructs the
collected data. Collection of data.
Input: Data collected from
Security Data Collection.
Output: Analytics-ready data.
Anomaly Detection Engine (ADE)
Identifies anomalies in the data
that might indicate security
threats, breaches, or
other significant
deviations from
expected patterns.
Statistical Analysis
Machine Learning Models
Threshold Settings & Alerts
Input: Analytics-ready data.
Output: Identified anomalies,
insights, or alerts.
Real-time Analytics
& Stream Processing (RASP)
Enables real-time data analysis for
immediate insights, which is
crucial for detecting ongoing
security threats.
Stream Process Engine
Real-time Dashboards
Input: Real-time insights and
analysed streams
Output: Dashboards and
processed data.
Alert Module (AM)
Serves as a communication
interface with Security Decision,
sending alerts for detected threats.
Real-time alert
Alert Generation
Input: Processed data.
Output: Alerts.
Reporting Module (RM) Prepares analysed data to
generate reports. Report Generation
Input: Analytical results and
insights.
Output: Reports and
processed data.
Feedback & Optimization
Engine (FOE)
Improves the analytical processes
based on feedback and
continuously optimises the
algorithms.
Model Training & Retraining Input: ML model testing
Output: Optimised models
Figure 9also shows the interactions between these modules by presenting the SDA
workflow, detailing data transfer from SPDS to DPTE, processing by ADE and RASP, and
insights sent to RM for reporting and alerts managed by AM, with periodic model testing
for accuracy checks.
Future Internet 2024, 16, x FOR PEER REVIEW 29 of 38
algorithms.
Figure 9 also shows the interactions between these modules by presenting the SDA
workflow, detailing data transfer from SPDS to DPTE, processing by ADE and RASP,
and insights sent to RM for reporting and alerts managed by AM, with periodic model
testing for accuracy checks.
Figure 9. Security Data Analytics internal workflow.
5.3.2. Security Decision
This is the component with a higher degree of responsibility in the CL Automation
subdomain of the Security CL. Its focus is on evaluating specific security data insights
and determining the immediate responses required. While the CLM oversees the broad-
er strategy and direction, the Security Decision component delves deeper into the specif-
ics of immediate threat response based on real-time data.
Key Features/Responsibilities:
• Data Analysis Interpretation: The Security Decision component interprets the data
analysed by the Security Data Analytics to determine potential immediate threats or
anomalies.
• Immediate Response Determination: Based on the interpreted data, the Security
Decision component determines immediate actions, actions such as blocking a sus-
picious IP, adjusting a firewall rule, or temporarily isolating a network segment are
part of them. As described before, the focus will always be on immediate, tactical
responses to any real-time threats.
• Feedback Integration for Tactical Decisions: Like most system components, the se-
curity decision component refines its decision-making algorithms based on feed-
back from previous immediate responses, ensuring a swift and accurate reaction to
future threats.
• Severity Assessment: It evaluates the severity of detected anomalies or threats, pri-
oritising responses based on potential impact and immediacy.
• Interface with Response Mechanisms: Once an immediate action is determined,
the Security Decision component interfaces with the necessary system components
to execute it, be it network configurations, security tools, or alert systems in case of
issue escalation.
Figure 9. Security Data Analytics internal workflow.
Future Internet 2024,16, 226 28 of 36
5.3.2. Security Decision
This is the component with a higher degree of responsibility in the CL Automation
subdomain of the Security CL. Its focus is on evaluating specific security data insights
and determining the immediate responses required. While the CLM oversees the broader
strategy and direction, the Security Decision component delves deeper into the specifics of
immediate threat response based on real-time data.
Key Features/Responsibilities:
•
Data Analysis Interpretation: The Security Decision component interprets the data
analysed by the Security Data Analytics to determine potential immediate threats
or anomalies.
•
Immediate Response Determination: Based on the interpreted data, the Security De-
cision component determines immediate actions, actions such as blocking a suspicious
IP, adjusting a firewall rule, or temporarily isolating a network segment are part of
them. As described before, the focus will always be on immediate, tactical responses
to any real-time threats.
•
Feedback Integration for Tactical Decisions: Like most system components, the
security decision component refines its decision-making algorithms based on feed-
back from previous immediate responses, ensuring a swift and accurate reaction to
future threats.
•
Severity Assessment: It evaluates the severity of detected anomalies or threats, priori-
tising responses based on potential impact and immediacy.
•
Interface with Response Mechanisms: Once an immediate action is determined, the
Security Decision component interfaces with the necessary system components to
execute it, be it network configurations, security tools, or alert systems in case of
issue escalation.
Table 4shows an overview of the modules that are part of the Security Decision
component and their functionalities.
Table 4. Security Decision subcomponents and their functionalities.
Subcomponent Purpose Key Features Interfaces
Threat Assessment (TA) Evaluates risks of
detected anomalies
Threat Categorization
Threat/SSLA association
Input: SDA anomaly
reports/flags
Output: Categorizes threats
per SSLAs.
Decision Engine (DE) Determines action based on
TA assessment.
Action Mapping
Escalation Logic
Policy Enforcing
Input: Policies, action
sets, playbooks
Output: Chosen response,
escalation alerts
Communication Interface Connecting components
within SCLA. Broker Producer/Consumer
Input: Config parameters for
SCL/threat alerts/Pcap
Output: System
feedback/status updates
Policy Compliance (PC) Maintaining security policies for
decision-making
Policy Storage & Retrieval
Policy Compliance Revision
Input: SSLA&P policy
requirements for compliance.
Output: Delivers policies to DE,
logs for audit/version.
Incident Logging & Reporting
Module (ILR)
Logs decisions/incidents for audit
trail, generates reports for
analysis/compliance
Mitigation Logs
Generate Logs
Input: Incident data,
user feedback.
Output: Mitigation logs, reports.
In Figure 10, we can identify the internal interactions of the Security
Decision subcomponents.
Future Internet 2024,16, 226 29 of 36
Future Internet 2024, 16, x FOR PEER REVIEW 30 of 38
Table 4 shows an overview of the modules that are part of the Security Decision
component and their functionalities.
Table 4. Security Decision subcomponents and their functionalities.
Subcomponent Purpose Key Features Interfaces
Threat Assessment (TA) Evaluates risks of detected anomalies Threat Categorization
Threat/SSLA association
Input: SDA anomaly reports/flags
Output: Categorizes threats per SSLAs.
Decision Engine (DE) Determines action based on TA assessment.
Action Mapping
Escalation Logic
Policy Enforcing
Input: Policies, action sets, playbooks
Output: Chosen response, escalation alerts
Communication Interface Connecting components within SCLA. Broker Producer/Consumer
Input: Config parameters for SCL/threat
alerts/Pcap
Output: System feedback/status updates
Policy Compliance (PC) Maintaining security policies for decision-
making
Policy Storage & Retrieval
Policy Compliance Revision
Input: SSLA&P policy requirements for
compliance.
Output: Delivers policies to DE, logs for
audit/version.
Incident Logging & Report-
ing Module (ILR)
Logs decisions/incidents for audit trail,
generates reports for analysis/compliance
Mitigation Logs
Generate Logs
Input: Incident data, user feedback.
Output: Mitigation logs, reports.
In Figure 10, we can identify the internal interactions of the Security Decision sub-
components.
Figure 10. Security Decision internal workflow.
5.4. Expected Results
As mentioned at the beginning of this section, the proposed SCL model aims to au-
tomate the security processes within deployed services to minimise human intervention
in these procedures, having significant outcomes. However, since it belongs to a project
that is being developed towards standardising security in upcoming network environ-
ments, it is essential to note that not only is it defined with automation in mind (follow-
ing ZSM’s principles), but also flexibility and dynamism. Furthermore, there are several
expected advantages to putting the SCL into practice. First, automating security proce-
dures and reducing human error should significantly enhance the overall security pos-
ture of network settings. This strengthens resilience against new cyber threats by ena-
bling quicker reaction times to security problems. Because of its service-based security
architecture, the SCL’s flexibility makes it easy to pivot and respond to a wide range of
security breaches and attacks on different kinds of services. Additionally, the policies
Figure 10. Security Decision internal workflow.
5.4. Expected Results
As mentioned at the beginning of this section, the proposed SCL model aims to
automate the security processes within deployed services to minimise human intervention
in these procedures, having significant outcomes. However, since it belongs to a project that
is being developed towards standardising security in upcoming network environments, it
is essential to note that not only is it defined with automation in mind (following ZSM’s
principles), but also flexibility and dynamism. Furthermore, there are several expected
advantages to putting the SCL into practice. First, automating security procedures and
reducing human error should significantly enhance the overall security posture of network
settings. This strengthens resilience against new cyber threats by enabling quicker reaction
times to security problems. Because of its service-based security architecture, the SCL’s
flexibility makes it easy to pivot and respond to a wide range of security breaches and
attacks on different kinds of services. Additionally, the policies that are integrated into the
service and the overall project have two functions: they provide enforceable standards that
services must follow in addition to offering suggestions. As a result, it is intended that
the Security Closed-Loop would seamlessly integrate into the wide range of services that
the upcoming generation of mobile networks will offer. For these reasons, it’s expected a
seamless integration of the SCL in different kinds of services that this next generation of
mobile networks may require, as well as a streamlined method of securing and continuously
maintaining security from instantiation to termination of services.
5.5. Application Deployment Scenarios
This section explores potential deployment scenarios for the SCLA applications based
on the experiments conducted until now on this research and other frameworks proposed.
The potential deployment scenarios are focused on smart healthcare and vehicular commu-
nication systems slicing. We delve into the application of the SCLA in Vehicle-to-Everything
(V2x) communications [
113
], showcasing how it can enhance V2x interactions in the pro-
posed framework by providing reliable, low-latency connections and granular security
protocols, necessary for safety and efficiency in intelligent transportation systems. Addi-
tionally, the integration of SCLA in smart healthcare through the FLIPER [
114
] framework
will be discussed, highlighting its benefits and addressing critical security concerns.
Future Internet 2024,16, 226 30 of 36
5.5.1. Integrating SCLA in V2X Slicing
Vehicle-to-Everything (V2X) communication is one of the currently emerging appli-
cation scenarios for network slicing. V2X enables seamless interaction between vehicles,
infrastructure, pedestrians, and networks. Network slicing is pivotal in meeting the di-
verse and stringent Quality-of-Service (QoS) requirements of such V2X scenarios, ensuring
that safety-critical applications, traffic management, and infotainment services can coexist
efficiently without compromising performance.
The framework detailed in [
113
] proposes a three-tier architecture for implementing
network slicing in V2X communications. Leveraging SDN and NFV, the system dynamically
allocates resources, manages traffic, and maintains service quality across small base stations
(SBS), macro base stations (MBS), and the core network. The integration of Recurrent Neural
Networks (RNN) and Deep Q-Networks (DQN), forming the RDQ3N model, facilitates
intelligent slice management. This model predicts resource availability and QoS, enabling
proactive resource allocation and efficient slice instantiation.
Incorporating the SCLA into this framework would provide significant enhancements.
The SCLA continuously monitors network slices, analyses traffic patterns, and dynamically
adjusts security policies based on real-time threat assessments. Each slice monitored by the
SCLA receives tailored security measures appropriate to its specific requirements, ensuring
optimal protection and security service granularity without compromising performance.
For instance, safety-critical slices would benefit from stringent security protocols to prevent
data breaches and ensure the integrity of critical communications, while slices that are
not categorized as mission-critical would allow for more flexible security policies. This
proactive security approach helps maintain high QoS levels by preventing performance
degradation due to security incidents and ensures efficient resource allocation, as intended
by the proposed framework as well.
5.5.2. Integrating SCLA in Smart Healthcare Slicing
The integration of network slicing in smart healthcare (s-health) aims to enhance
the reliability and efficiency of healthcare applications and services, which include real-
time critical care monitoring, telemedicine, and remote surgery [
115
]. These applications
demand specific requirements such as low latency, high reliability, and security, which can
be effectively managed through network slicing.
An example is the FLIPER framework [
114
]. It leverages network slicing to provide
automation, customization, and on-demand resource allocation based on fingerprinting
analysis. Operating within a smart hospital network infrastructure, it includes devices like
wearables, video surveillance cameras, desktops, servers, and routers. These devices collect
and transmit data through a gateway to the Internet and cloud, facilitating continuous
monitoring and real-time data access for healthcare practitioners.
Key functionalities of this framework include the following:
•
Logical Isolation: Creation of multiple logical networks (slices) over a single physical
infrastructure, each customized to meet specific healthcare application requirements.
•
Service Customization: Utilizing SDN and NFV, network slicing provides tailored
properties such as low latency and high reliability, essential for applications like
telemedicine and remote surgery.
•
High Reliability: Configuring slices to ensure successful data transmission without
exceeding maximum latency, critical for extreme critical care monitoring.
•
Scalability and Density Management: Managing high density and scalability during
scenarios like natural disasters, accommodating many wearable devices.
•
Fingerprinting Techniques: Using ML algorithms for fingerprinting network traffic to
quickly customize network resources, achieving about 90% accuracy, and significantly
aiding in network resource adaptation and automation.
However, this framework, as stated by the authors, presents some security faults. The
use of the SCLA based on the ZSM architecture can enhance the security of the framework,
Future Internet 2024,16, 226 31 of 36
and consequentially of the slicing for Smart Healthcare. The benefits that the SCLA can
bring to the FLIPER framework are the following:
•
Real-Time Threat Detection and Response: it enables continuous monitoring of the
smart healthcare network. This allows for the immediate detection of security threats
such as unauthorized access, data breaches, and malware. Also, it can automatically
adapt the network configuration to mitigate the threat. For instance, it can isolate
affected network slices or reroute traffic to secure channels.
•
Automation and Efficiency: it eliminates the need for manual intervention in secu-
rity management. Automated decision-making processes ensure quick and efficient
responses to threats, reducing the window of vulnerability and minimizing the impact
on healthcare services.
•
Enhanced Reliability and Resilience: it can implement proactive security measures
by predicting potential threats based on historical data and current network behaviour.
•
Compliance and Reporting: automated compliance checks and reporting ensure that
the smart healthcare network adheres to regulatory standards and policies, such as
those mandated by healthcare authorities and data protection regulations.
Integrating an SCLA into the FLIPER framework significantly enhances the security
of smart healthcare slicing. By providing real-time, automated, and adaptive security
management, it ensures continuous protection against threats, thereby maintaining the
integrity, reliability, and efficiency of healthcare services. This integration aligns with the
growing need for resilient and secure healthcare networks in an increasingly digital and
interconnected world.
6. Conclusions
AI is crucial for achieving more robust security solutions in network slicing. Its abil-
ity to analyse vast amounts of data, detect anomalies, and adapt in real-time makes it
indispensable in the realm of cybersecurity, especially in such a dynamic environment as
network slicing. However, while AI improves security, it also exposes systems to a new
range of threats and vulnerabilities, so it is essential to be aware of the risks involved when
employing it. The scientific community should give top priority to prioritising efforts
aimed at reducing the dangers associated with using AI, which include ethical issues
and potential attacks on models. This calls for extensive research and development to
ensure AI’s ethical and secure implementation in network contexts while enhancing its
resilience. By taking pre-emptive measures to address these issues, we can fully utilise
AI while avoiding potential hazards and promoting a more secure and reliable digital
ecosystem for all parties involved. Similarly, employing network security policies also has
its advantages and disadvantages. Using network security policies simplifies deploying a
secure and user-centric network and network services while maintaining the same level of
security throughout its lifecycle due to policy enforcement methodologies, as discussed
in Section 4. Despite this, there are still some pending issues related to policy refinement
and translation since it is imperative to turn these policies into low-level network config-
urations for the devices with which to deploy said networks, and this is usually where
entropy is generated due to a lack of interoperability between devices from different ven-
dors. One project that may be used to solve some of these issues, at least in the case of
network configurations that can be employed across a heterogeneous network, is ETSI’s
TeraFlow (https://www.teraflow-h2020.eu/ (accessed on 29 April 2024)), which facilitates
this desired interoperability between network devices from different vendors. Nonetheless,
in the case of intent-based networking, the translation of intents into policies (which are
later translated into network configurations) still lacks standardisation and to fully take
advantage of this type of networking, which provides an even higher level of abstraction
for operators, would require more research into this matter.
Author Contributions: Conceptualisation, J.C. and C.S.; Methodology, J.C. and C.S.; Investigation:
J.C., P.F., E.M.C., I.N. and X.R.S.; Writing—original draft, J.C., P.F. and E.M.C.; Writing—review and
Future Internet 2024,16, 226 32 of 36
editing, J.C., P.F., E.M.C., P.C.O., M.J.N. and C.S.; Supervision, C.S.; Funding acquisition, C.S. All
authors have read and agreed to the published version of the manuscript.
Funding: This work has been partially funded by the “Ministerio de Asuntos Económicos y
Transformación Digital” and the European Union-NextGenerationEU in the frameworks of the
“Plan de Recuperación, Transformación y Resiliencia” and of the “Mecanismo de Recuperación y
Resiliencia” through UNICO-5G I+D 6G-OPENSEC project under references TSI-063000-2021-58,
TSI-063000-2021-60, TSI-063000-2021-61.
Data Availability Statement: The data presented in this study are available upon request from the
corresponding author. The data are not publicly available due to institutional indications.
Conflicts of Interest: Author JoséCunha is a full time employee with the role of Software Architect
at Company Optare Solutions. Author Miriam Castro is a full time employee with the role of
Analyst/Developer at Company Optare Solutions. Author Pedro Ferreira Castro is a full time
employee with the role of Analyst/Developer at Company Optare Solutions. Author Iván Núñez
is a full time employee with the role of Project Manager at Company Optare Solutions. Author
XoséRamón Sousa is a full time employee with the roles of R&D Director and Software Architect at
Company Optare Solutions and is a company partner of Company Optare Solutions. The authors
declare no conflict of interest. The remaining authors declare that the research was conducted in the
absence of any commercial or financial relationships that could be construed as a potential conflict
of interest.
References
1.
Liu, G.; Huang, Y.; Chen, Z.; Liu, L.; Wang, Q.; Li, N. 5G Deployment: Standalone vs. Non-Standalone from the Operator
Perspective. IEEE Commun. Mag. 2020,58, 83–89. [CrossRef]
2.
Kimura, D.; Seki, H.; Kubo, T.; Taniguchi, T. Wireless network technologies toward 5G. APSIPA Trans. Signal Inf. Process. 2015,
4, e12. [CrossRef]
3.
Dogra, A.; Jha, R.K.; Jain, S. A Survey on Beyond 5G Network With the Advent of 6G: Architecture and Emerging Technologies.
IEEE Access 2021,9, 67512–67547. [CrossRef]
4.
Polese, M.; Bonati, L.; D’Oro, S.; Basagni, S.; Melodia, T. Understanding O-RAN: Architecture, Interfaces, Algorithms, Security,
and Research Challenges. IEEE Commun. Surv. Tutor. 2023,25, 1376–1411. [CrossRef]
5.
Chen, M.; Yang, J.; Hao, Y.; Mao, S.; Hwang, K. A 5G Cognitive System for Healthcare. Big Data Cogn. Comput. 2017,1, 2.
[CrossRef]
6.
Wu, Y.-J.; Hwang, W.-S.; Shen, C.-Y.; Chen, Y.-Y. Network Slicing for mMTC and URLLC Using Software-Defined Networking
with P4 Switches. Electronics 2022,11, 2111. [CrossRef]
7.
Ordonez-Lucena, J.; Ameigeiras, P.; Lopez, D.; Ramos-Munoz, J.J.; Lorca, J.; Folgueira, J. Network Slicing for 5G with SDN/NFV:
Concepts, Architectures, and Challenges. IEEE Commun. Mag. 2017,55, 80–87. [CrossRef]
8.
Barakabitze, A.A.; Barman, N.; Ahmad, A.; Zadtootaghaj, S.; Sun, L.; Martini, M.G.; Atzori, L. QoE management of multimedia
streaming services in future networks: A tutorial and survey. IEEE Commun. Surv. Tutor. 2020,22, 526–565. [CrossRef]
9.
Moya Osorio, D.P.; Ahmad, I.; Sánchez, J.D.V.; Gurtov, A.; Scholliers, J.; Kutila, M.; Porambage, P. Towards 6G-Enabled Internet of
Vehicles: Security and Privacy. IEEE Open J. Commun. Soc. 2022,3, 82–105. [CrossRef]
10. Zhang, S. An Overview of Network Slicing for 5G. IEEE Wirel. Commun. 2019,26, 111–117. [CrossRef]
11.
Uusitalo, M.A.; Rugeland, P.; Boldi, M.R.; Strinati, E.C.; Demestichas, P.; Ericson, M.; Fettweis, G.P.; Filippou, M.C.; Gati, A.;
Hamon, M.-H.; et al. 6G Vision, Value, Use Cases and Technologies From European 6G Flagship Project Hexa-X. IEEE Access 2021,
9, 160004–160020. [CrossRef]
12. Bernardos, C.J.; Uusitalo, M.A. European Vision for the 6G Network Ecosystem; Zenodo: Geneve, Switzerland, 2021.
13.
Yi, B.; Wang, X.; Li, K.; Das, S.K.; Huang, M. A comprehensive survey of Network Function Virtualization. Comput. Netw. 2018,
133, 212–262. [CrossRef]
14.
Kreutz, D.; Ramos, F.M.V.; Esteves Verissimo, P.; Esteve Rothenberg, C.; Azodolmolky, S.; Uhlig, S. Software-Defined Networking:
A Comprehensive Survey. Proc. IEEE 2015,103, 14–76. [CrossRef]
15.
Vassilaras, S.; Gkatzikis, L.; Liakopoulos, N.; Stiakogiannakis, I.N.; Qi, M.; Shi, L.; Liu, L.; Debbah, M.; Paschos, G.S. The
Algorithmic Aspects of Network Slicing. IEEE Commun. Mag. 2017,55, 112–119. [CrossRef]
16.
Feamster, N.; Rexford, J.; Zegura, E. The Road to SDN: An intellectual history of programmable networks. Queue 2013,11, 20–40.
[CrossRef]
17. ETSI Network Functions Virtualisation (NFV); Terminology for Main Concepts in NFV 2020; ETSI: Sophia Antipolis, France, 2020.
18.
Nunes, B.A.A.; Mendonca, M.; Nguyen, X.-N.; Obraczka, K.; Turletti, T. A Survey of Software-Defined Networking: Past, Present,
and Future of Programmable Networks. IEEE Commun. Surv. Tutor. 2014,16, 1617–1634. [CrossRef]
19.
Maleh, Y.; Qasmaoui, Y.; El Gholami, K.; Sadqi, Y.; Mounir, S. A comprehensive survey on SDN security: Threats, mitigations, and
future directions. J. Reliab. Intell. Environ. 2023,9, 201–239. [CrossRef]
Future Internet 2024,16, 226 33 of 36
20.
Barakabitze, A.A.; Ahmad, A.; Mijumbi, R.; Hines, A. 5G network slicing using SDN and NFV: A survey of taxonomy, architectures
and future challenges. Comput. Netw. 2020,167, 106984. [CrossRef]
21.
Rana, D.S.; Dhondiyal, S.A.; Chamoli, S.K. Software Defined Networking (SDN) Challenges, issues and Solution. Int. J. Comput.
Sci. Eng. 2019,7, 884–889. [CrossRef]
22.
Khan, R.; Kumar, P.; Jayakody, D.N.K.; Liyanage, M. A Survey on Security and Privacy of 5G Technologies: Potential Solutions,
Recent Advancements, and Future Directions. IEEE Commun. Surv. Tutor. 2020,22, 196–248. [CrossRef]
23.
Ahmad, I.; Shahabuddin, S.; Kumar, T.; Okwuibe, J.; Gurtov, A.; Ylianttila, M. Security for 5G and Beyond. IEEE Commun. Surv.
Tutor. 2019,21, 3682–3722. [CrossRef]
24.
Rafique, W.; Qi, L.; Yaqoob, I.; Imran, M.; Rasool, R.U.; Dou, W. Complementing IoT Services Through Software Defined
Networking and Edge Computing: A Comprehensive Survey. IEEE Commun. Surv. Tutor. 2020,22, 1761–1804. [CrossRef]
25.
Macedo, D.F.; Guedes, D.; Vieira, L.F.M.; Vieira, M.A.M.; Nogueira, M. Programmable Networks—From Software-Defined Radio
to Software-Defined Networking. IEEE Commun. Surv. Tutor. 2015,17, 1102–1125. [CrossRef]
26.
Ahmad, S.; Mir, A.H. SDN Interfaces: Protocols, Taxonomy and Challenges. Int. J. Wirel. Microw. Technol. 2022,12, 11–32.
[CrossRef]
27.
Singh, P.K.; Brahma, M.; Nath, P.; Ghosh, U. A Study on Secure Network Slicing in 5G. In Proceedings of the 2023 IEEE/ACM 23rd
International Symposium on Cluster, Cloud and Internet Computing Workshops (CCGridW); IEEE: Bangalore, India, 2023; pp. 52–61.
28.
Al-Alaj, A.; Sandhu, R.; Krishnan, R. A Formal Access Control Model for SE-Floodlight Controller. In Proceedings of the ACM
International Workshop on Security in Software Defined Networks & Network Function Virtualization; ACM: Richardson, TX, USA, 2019;
pp. 1–6.
29.
Porras, P.; Cheung, S.; Fong, M.; Skinner, K.; Yegneswaran, V. Securing the Software Defined Network Control Layer. In
Proceedings of the 2015 Network and Distributed System Security Symposium; Internet Society: San Diego, CA, USA, 2015.
30.
Correa Chica, J.C.; Imbachi, J.C.; Botero Vega, J.F. Security in SDN: A comprehensive survey. J. Netw. Comput. Appl. 2020,
159, 102595. [CrossRef]
31.
Chiosi, M.; Clarke, D.; Willis, P.; Reid, A.; Feger, J.; Bugenhagen, M.; Khan, W.; Fargano, M.; Cui, C.; Deng, H.; et al. Network
Functions Virtualisation: An Introduction, Benefits, Enablers, Challenges & Call for Action. Available online: https://portal.etsi.
org/NFV/NFV_White_Paper.pdf (accessed on 6 May 2024).
32.
European Union Agency for Cybersecurity. NFV Security in 5G: Challenges and Best Practices; Publications Office: Luxembourg,
2022.
33.
Yang, W.; Fung, C. A survey on security in network functions virtualization. In Proceedings of the 2016 IEEE NetSoft Conference
and Workshops (NetSoft), Seoul, Republic of Korea, 6–10 June 2016; pp. 15–19.
34.
Han, B.; Gopalakrishnan, V.; Ji, L.; Lee, S. Network function virtualization: Challenges and opportunities for innovations. IEEE
Commun. Mag. 2015,53, 90–97. [CrossRef]
35.
Abdelwahab, S.; Hamdaoui, B.; Guizani, M.; Znati, T. Network function virtualization in 5G. IEEE Commun. Mag. 2016,54, 84–91.
[CrossRef]
36.
Alnaim, A.K.; Alwakeel, A.M.; Fernandez, E.B. Towards a Security Reference Architecture for NFV. Sensors 2022,22, 3750.
[CrossRef] [PubMed]
37.
Cucinotta, T.; Abeni, L.; Marinoni, M.; Mancini, R.; Vitucci, C. Strong Temporal Isolation Among Containers in OpenStack for
NFV Services. IEEE Trans. Cloud Comput. 2023,11, 763–778. [CrossRef]
38.
Pattaranantakul, M.; He, R.; Meddahi, A.; Zhang, Z. SecMANO: Towards Network Functions Virtualization (NFV) Based Security
MANagement and Orchestration. In Proceedings of the 2016 IEEE Trustcom/BigDataSE/ISPA, Tianjin, China, 23–26 August
2016; pp. 598–605.
39.
Abdulqadder, I.H.; Zhou, S.; Zou, D.; Aziz, I.T.; Akber, S.M.A. Bloc-Sec: Blockchain-Based Lightweight Security Architecture for
5G/B5G Enabled SDN/NFV Cloud of IoT. In Proceedings of the 2020 IEEE 20th International Conference on Communication
Technology (ICCT), Nanning, China, 28–31 October 2020; pp. 499–507.
40.
De Benedictis, M.; Lioy, A. On the establishment of trust in the cloud-based ETSI NFV framework. In Proceedings of the 2017 IEEE
Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Berlin, Germany, 6–8 November
2017; pp. 280–285.
41.
Afolabi, I.; Taleb, T.; Samdanis, K.; Ksentini, A.; Flinck, H. Network Slicing and Softwarization: A Survey on Principles, Enabling
Technologies, and Solutions. IEEE Commun. Surv. Tutor. 2018,20, 2429–2453. [CrossRef]
42.
Chowdhury, M.Z.; Shahjalal, M.; Ahmed, S.; Jang, Y.M. 6G Wireless Communication Systems: Applications, Requirements,
Technologies, Challenges, and Research Directions. IEEE Open J. Commun. Soc. 2020,1, 957–975. [CrossRef]
43.
Dang, X.-T.; Sivrikaya, F. A Lightweight Policy-aware Broker for Multi-domain Network Slice Composition. In Proceedings of the
2020 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), Paris, France, 24–27 February
2020; IEEE: Paris, France, 2020; pp. 123–130.
44.
Li, X.; He, M.; Ni, J. Secure and Privacy-preserving Network Slicing in 3GPP 5G System Architecture. In Proceedings of the 2023
IEEE/CIC International Conference on Communications in China (ICCC), Dalian, China, IEEE: Dalian, China, 10–12 August
2023; pp. 1–6.
45.
Karunarathna, S.; Wijethilaka, S.; Ranaweera, P.; Hemachandra, K.T.; Samarasinghe, T.; Liyanage, M. The Role of Network Slicing
and Edge Computing in the Metaverse Realization. IEEE Access 2023,11, 25502–25530. [CrossRef]
Future Internet 2024,16, 226 34 of 36
46.
Li, Y.; Zhang, J.; Xue, H.; Ma, J.; Wu, J.; Zhao, M.; Han, C.; Dang, X. 5G Core Network Slices Embedding and Deploying Based on Greedy
Algorithm in Smart Grids; IEEE: Piscataway, NJ, USA, 2022; pp. 31–35.
47.
Bao, S.; Liang, Y.; Xu, H. Blockchain for Network Slicing in 5G and Beyond: Survey and Challenges. J. Commun. Inf. Netw. 2022,7,
349–359. [CrossRef]
48.
Dangi, R.; Jadhav, A.; Choudhary, G.; Dragoni, N.; Mishra, M.K.; Lalwani, P. ML-Based 5G Network Slicing Security:
A Comprehensive Survey. Future Internet 2022,14, 116. [CrossRef]
49.
Khan, L.U.; Yaqoob, I.; Tran, N.H.; Han, Z.; Hong, C.S. Network Slicing: Recent Advances, Taxonomy, Requirements, and Open
Research Challenges. IEEE Access 2020,8, 36009–36028. [CrossRef]
50.
Dalgitsis, M.; Cadenelli, N.; Serrano, M.A.; Bartzoudis, N.; Alonso, L.; Antonopoulos, A. NSFaaS: Network Slice Federation as a
Service in Cloud-Native 5G and Beyond Mobile Networks. In Proceedings of the 2023 IEEE Conference on Network Function
Virtualization and Software Defined Networks (NFV-SDN), Dresden, Germany, 7–9 November 2023; IEEE: Dresden, Germany,
2023; pp. 59–64.
51.
Wu, W.; Zhou, C.; Li, M.; Wu, H.; Zhou, H.; Zhang, N.; Shen, X.S.; Zhuang, W. AI-Native Network Slicing for 6G Networks. IEEE
Wirel. Commun. 2022,29, 96–103. [CrossRef]
52.
De Alwis, C.; Porambage, P.; Dev, K.; Gadekallu, T.R.; Liyanage, M. A Survey on Network Slicing Security: Attacks, Challenges,
Solutions and Research Directions. IEEE Commun. Surv. Tutor. 2024,26, 534–570. [CrossRef]
53.
Burns, J.; Cheng, A.; Gurung, P.; Rajagopalan, S.; Rao, P.; Rosenbluth, D.; Surendran, A.V.; Martin, D.M. Automatic management
of network security policy. In Proceedings of the Proceedings DARPA Information Survivability Conference and Exposition II.
DISCEX’01, Anaheim, CA, USA, 12–14 June 2001; IEEE Computer Society: Anaheim, CA, USA, 2001; Volume 2, pp. 12–26.
54.
Rycroft, R.W.; Kash, D.E. Self-organizing innovation networks: Implications for globalization. Technovation 2004,24, 187–197.
[CrossRef]
55. Schneider, F.B. Enforceable security policies. ACM Trans. Inf. Syst. Secur. 2000,3, 30–50. [CrossRef]
56.
Scheid, E.J.; Machado, C.C.; Franco, M.F.; Dos Santos, R.L.; Pfitscher, R.P.; Schaeffer-Filho, A.E.; Granville, L.Z. INSpIRE:
Integrated NFV-based Intent Refinement Environment. In Proceedings of the 2017 IFIP/IEEE Symposium on Integrated Network
and Service Management (IM), Lisbon, Portugal, 8–12 May 2017; IEEE: Lisbon, Portugal, 2017; pp. 186–194.
57. Chadha, R.; Lapiotis, G.; Wright, S. Guest editorial—Policy-based networking. IEEE Netw. 2002,16, 8–9. [CrossRef]
58.
Foster, N.; Freedman, M.J.; Harrison, R.; Rexford, J.; Meola, M.L.; Walker, D. Frenetic: A high-level language for OpenFlow
networks. In Proceedings of the Workshop on Programmable Routers for Extensible Services of Tomorrow, Philadelphia, PA,
USA, 30 November 2010; ACM: Philadelphia, PA, USA, 2010; pp. 1–6.
59.
Batista, B.; Fernandez, M. PonderFlow: A New Policy Specification Language to SDN OpenFlow-based Networks. Int. J. Adv.
Netw. Serv. 2014,7, 163–172.
60.
Damianou, N.; Dulay, N.; Lupu, E.; Sloman, M. Ponder: A Language for Specifying Security and Management Policies for Distributed
Systems; Imperial College London: London, UK, 2000.
61.
Amoroso, A. Automated Policy Enforcement in Software Defined Networking and Network Function Virtualization Environment.
Master’s Thesis, Politecnico di Torino, Turin, Italy, 2020.
62.
Giotis, K.; Kryftis, Y.; Maglaris, V. Policy-based orchestration of NFV services in Software-Defined Networks. In Proceedings of
the 2015 1st IEEE Conference on Network Softwarization (NetSoft), London, UK, 13–17 April 2015; IEEE: London, UK, 2015;
pp. 1–5.
63.
Abbas, K.; Afaq, M.; Khan, T.A.; Mehmood, A.; Song, W.-C. IBNSlicing: Intent-Based Network Slicing Framework for 5G
Networks using Deep Learning. In Proceedings of the 2020 21st Asia-Pacific Network Operations and Management Symposium
(APNOMS), Daegu, Republic of Korea, 23–25 September 2020; IEEE: Daegu, Republic of Korea, 2020; pp. 19–24.
64.
Martins, J.S.B.; Carvalho, T.C.; Moreira, R.; Both, C.B.; Donatti, A.; Correa, J.H.; Suruagy, J.A.; Correa, S.L.; Abelem, A.J.G.; Ribeiro,
M.R.N.; et al. Enhancing Network Slicing Architectures With Machine Learning, Security, Sustainability and Experimental
Networks Integration. IEEE Access 2023,11, 69144–69163. [CrossRef]
65.
Salahdine, F.; Han, T.; Zhang, N. 5G, 6G, and Beyond: Recent advances and future challenges. Ann. Telecommun. Telecommun.
2023,78, 525–549. [CrossRef]
66.
Dangi, R.; Choudhary, G.; Dragoni, N.; Lalwani, P.; Khare, U.; Kundu, S. 6G Mobile Networks: Key Technologies, Directions, and
Advances. Telecom 2023,4, 836–876. [CrossRef]
67. Alanazi, M.N. 5G Security Threat Landscape, AI and Blockchain. Wirel. Pers. Commun. 2023,133, 1467–1482. [CrossRef]
68.
Kaloxylos, A.; Gavras, A.; Camps Mur, D.; Ghoraishi, M.; Hrasnica, H. AI and ML—Enablers for Beyond 5G Networks; 5G PPP:
Heidelberg, Germany, 2020. [CrossRef]
69.
Fakhouri, H.N.; Alawadi, S.; Awaysheh, F.M.; Hani, I.B.; Alkhalaileh, M.; Hamad, F. A Comprehensive Study on the Role of
Machine Learning in 5G Security: Challenges, Technologies, and Solutions. Electronics 2023,12, 4604. [CrossRef]
70.
Meduri, K.; Nadella, G.S.; Gonaygunta, H. Enhancing Cybersecurity with Artificial Intelligence: Predictive Techniques and
Challenges in the Age of IoT. Int. J. Sci. Eng. Appl. 2024,13, 30–33. [CrossRef]
71.
Haider, N.; Baig, M.Z.; Imran, M. Artificial Intelligence and Machine Learning in 5G Network Security: Opportunities, advantages,
and future research trends 2020. arXiv 2020, arXiv:2007.04490.
72.
Afaq, A.; Haider, N.; Baig, M.Z.; Khan, K.S.; Imran, M.; Razzak, I. Machine learning for 5G security: Architecture, recent advances,
and challenges. Ad Hoc Netw. 2021,123, 102667. [CrossRef]
Future Internet 2024,16, 226 35 of 36
73.
Suomalainen, J.; Juhola, A.; Shahabuddin, S.; Mammela, A.; Ahmad, I. Machine Learning Threatens 5G Security. IEEE Access 2020,
8, 190822–190842. [CrossRef]
74.
Siriwardhana, Y.; Porambage, P.; Liyanage, M.; Ylianttila, M. AI and 6G Security: Opportunities and Challenges. In Proceedings
of the 2021 Joint European Conference on Networks and Communications & 6G Summit (EuCNC/6G Summit), Porto, Portugal,
8–11 June 2011; IEEE: Porto, Portugal, 2021; pp. 616–621.
75.
Wang, W.; Liang, C.; Chen, Q.; Tang, L.; Yanikomeroglu, H.; Liu, T. Distributed Online Anomaly Detection for Virtualized
Network Slicing Environment. IEEE Trans. Veh. Technol. 2022,71, 12235–12249. [CrossRef]
76.
Jain, A.; Singh, T.; Sharma, S.K. Security as a solution: An intrusion detection system using a neural network for IoT enabled
healthcare ecosystem. Interdiscip. J. Inf. Knowl. Manag. 2021,16, 331–369. [CrossRef] [PubMed]
77.
Sattar, D.; Matrawy, A. Towards Secure Slicing: Using Slice Isolation to Mitigate DDoS Attacks on 5G Core Network Slices. In
Proceedings of the 2019 IEEE Conference on Communications and Network Security (CNS), Washington, DC, USA, 10–12 June
2019; pp. 82–90.
78.
Tonini, F.; Natalino, C.; Furdek, M.; Raffaelli, C.; Monti, P. Network Slicing Automation: Challenges and Benefits. In Proceedings
of the 2020 International Conference on Optical Network Design and Modeling (ONDM), Barcelona, Spain, 18–21 May 2020;
pp. 1–6.
79.
Kaur, J.; Khan, M.A.; Iftikhar, M.; Imran, M.; Emad Ul Haq, Q. Machine Learning Techniques for 5G and Beyond. IEEE Access
2021,9, 23472–23488. [CrossRef]
80.
Fourati, H.; Maaloul, R.; Chaari, L. A survey of 5G network systems: Challenges and machine learning approaches. Int. J. Mach.
Learn. Cybern. 2021,12, 385–431. [CrossRef]
81.
Asghar, M.Z.; Abbas, M.; Zeeshan, K.; Kotilainen, P.; Hämäläinen, T. Assessment of Deep Learning Methodology for Self-
Organizing 5G Networks. Appl. Sci. 2019,9, 2975. [CrossRef]
82. Mahesh, B. Machine Learning Algorithms—A Review. Int. J. Sci. Res. IJSR 2020,9, 381–386.
83.
Morocho-Cayamcela, M.E.; Lee, H.; Lim, W. Machine Learning for 5G/B5G Mobile and Wireless Communications: Potential,
Limitations, and Future Directions. IEEE Access 2019,7, 137184–137206. [CrossRef]
84.
Ghahramani, Z. Unsupervised Learning. In Advanced Lectures on Machine Learning; Bousquet, O., Von Luxburg, U., Rätsch,
G., Eds.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2004; Volume 3176, pp. 72–112,
ISBN 978-3-540-23122-6.
85.
Sharma, V.; Rai, S.; Dev, A. A Comprehensive Study of Artificial Neural Networks. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 2012,
2, 278–284.
86.
Ly, A.; Yao, Y.-D. A Review of Deep Learning in 5G Research: Channel Coding, Massive MIMO, Multiple Access, Resource
Allocation, and Network Security. IEEE Open J. Commun. Soc. 2021,2, 396–408. [CrossRef]
87.
Doan, M.; Zhang, Z. Deep Learning in 5G Wireless Networks—Anomaly Detections. In Proceedings of the 2020 29th Wireless
and Optical Communications Conference (WOCC), Newark, NJ, USA, 1–2 May 2020; IEEE: Newark, NJ, USA, 2020; pp. 1–6.
88.
Sharma, H.; Kumar, N. Deep learning based physical layer security for terrestrial communications in 5G and beyond networks:
A survey. Phys. Commun. 2023,57, 102002. [CrossRef]
89.
Thantharate, A.; Paropkari, R.; Walunj, V.; Beard, C.; Kankariya, P. Secure5G: A Deep Learning Framework Towards a Secure
Network Slicing in 5G and Beyond. In Proceedings of the 2020 10th Annual Computing and Communication Workshop and Conference
(CCWC); IEEE: Las Vegas, NV, USA, 2020; pp. 0852–0857.
90.
Thantharate, A.; Paropkari, R.; Walunj, V.; Beard, C. DeepSlice: A Deep Learning Approach towards an Efficient and Reliable
Network Slicing in 5G Networks. In Proceedings of the 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile
Communication Conference (UEMCON), New York City, NY, USA, 10–12 October 2019; IEEE: New York City, NY, USA, 2019;
pp. 0762–0767.
91.
Kuadey, N.A.E.; Maale, G.T.; Kwantwi, T.; Sun, G.; Liu, G. DeepSecure: Detection of Distributed Denial of Service Attacks on 5G
Network Slicing—Deep Learning Approach. IEEE Wirel. Commun. Lett. 2022,11, 488–492. [CrossRef]
92.
Sharafaldin, I.; Lashkari, A.H.; Hakak, S.; Ghorbani, A.A. Developing Realistic Distributed Denial of Service (DDoS) Attack
Dataset and Taxonomy. In Proceedings of the 2019 International Carnahan Conference on Security Technology (ICCST), Chennai,
India, 1–3 October 2019; IEEE: Chennai, India, 2019; pp. 1–8.
93.
Jiang, W.; Anton, S.D.; Dieter Schotten, H. Intelligence Slicing: A Unified Framework to Integrate Artificial Intelligence into
5G Networks. In Proceedings of the 2019 12th IFIP Wireless and Mobile Networking Conference (WMNC), Paris, France,
11–13 Septemeber 2019; IEEE: Paris, France, 2019; pp. 227–232.
94.
Lemay, A. Fernandez Providing SCADA network data sets for intrusion detection research. In Proceedings of the 9th USENIX
Conference on Cyber Security Experimentation and Test, Austin, TX, USA, 8 August 2016; USENIX Association: Austin, TX, USA,
2016; p. 6.
95.
Liu, Q.; Han, T.; Ansari, N. Learning-Assisted Secure End-to-End Network Slicing for Cyber-Physical Systems. IEEE Netw. 2020,
34, 37–43. [CrossRef]
96.
Bonfim, M.; Santos, M.; Dias, K.; Fernandes, S. A real-time attack defense framework for 5G network slicing. Softw. Pract. Exp.
2020,50, 1228–1257. [CrossRef]
97.
García, S.; Grill, M.; Stiborek, J.; Zunino, A. An empirical comparison of botnet detection methods. Comput. Secur. 2014,45,
100–123. [CrossRef]
Future Internet 2024,16, 226 36 of 36
98.
Bousalem, B.; Silva, V.F.; Langar, R.; Cherrier, S. DDoS Attacks Detection and Mitigation in 5G and Beyond Networks: A
Deep Learning-based Approach. In Proceedings of the GLOBECOM 2022—2022 IEEE Global Communications Conference,
Rio de Janeiro, Brazil, 4–8 December 2022; IEEE: Rio de Janeiro, Brazil, 2022; pp. 1259–1264.
99.
Doriguzzi-Corin, R.; Millar, S.; Scott-Hayward, S.; Martinez-del-Rincon, J.; Siracusa, D. Lucid: A Practical, Lightweight Deep
Learning Solution for DDoS Attack Detection. IEEE Trans. Netw. Serv. Manag. 2020,17, 876–889. [CrossRef]
100.
Riekstin, A.C.; Januario, G.C.; Rodrigues, B.B.; Nascimento, V.T.; Carvalho, T.C.M.D.B.; Meirosu, C. A Survey of Policy Refinement
Methods as a Support for Sustainable Networks. IEEE Commun. Surv. Tutor. 2016,18, 222–235. [CrossRef]
101.
Lara, A.; Ramamurthy, B. OpenSec: Policy-Based Security Using Software-Defined Networking. IEEE Trans. Netw. Serv. Manag.
2016,13, 30–42. [CrossRef]
102.
Tsorouchis, C.; Denazis, S.; Kitchara, C.; Vivero, J.; Salamanca, E.; Magana, E.; Galis, A.; Manas, J.L.; Corlinet, Y.; Mathieu, B.; et al.
A policy-based management architecture for active and programmable networks. IEEE Netw. 2003,17, 22–28. [CrossRef]
103.
Varadharajan, V.; Karmakar, K.K.; Tupakula, U.; Hitchens, M. Toward a Trust Aware Network Slice-Based Service Provision in
Virtualized Infrastructures. IEEE Trans. Netw. Serv. Manag. 2022,19, 1065–1082. [CrossRef]
104.
Samuel, F.; Chowdhury, M.; Boutaba, R. PolyViNE: Policy-based virtual network embedding across multiple domains. J. Internet
Serv. Appl. 2013,4, 6. [CrossRef]
105.
Lee, W.; Kim, N. Security Policy Scheme for an Efficient Security Architecture in Software-Defined Networking. Information 2017,
8, 65. [CrossRef]
106. Leivadeas, A.; Falkner, M. A Survey on Intent-Based Networking. IEEE Commun. Surv. Tutor. 2023,25, 625–655. [CrossRef]
107.
Falkner, M.; Apostolopoulos, J. Intent-based networking for the enterprise: A modern network architecture. Commun. ACM 2022,
65, 108–117. [CrossRef]
108.
Wei, Y.; Peng, M.; Liu, Y. Intent-based networks for 6G: Insights and challenges. Digit. Commun. Netw. 2020,6, 270–280. [CrossRef]
109.
Basile, C.; Valenza, F.; Lioy, A.; Lopez, D.R.; Pastor Perales, A. Adding Support for Automatic Enforcement of Security Policies in
NFV Networks. IEEEACM Trans. Netw. 2019,27, 707–720. [CrossRef]
110.
Molina Zarca, A.; Bagaa, M.; Bernal Bernabe, J.; Taleb, T.; Skarmeta, A.F. Semantic-Aware Security Orchestration in SDN/NFV-
Enabled IoT Systems. Sensors 2020,20, 3622. [CrossRef] [PubMed]
111.
Bringhenti, D.; Yusupov, J.; Zarca, A.M.; Valenza, F.; Sisto, R.; Bernabe, J.B.; Skarmeta, A. Automatic, verifiable and optimized
policy-based security enforcement for SDN-aware IoT networks. Comput. Netw. 2022,213, 109123. [CrossRef]
112.
Sousa, N.F.S.D.; Rothenberg, C.E. CLARA: Closed Loop-based Zero-touch Network Management Framework. In Proceedings of
the 2021 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Heraklion, Greece,
9–11 November 2021; IEEE: Heraklion, Greece, 2021; pp. 110–115.
113.
Tam, P.; Ros, S.; Song, I.; Kim, S. QoS-Driven Slicing Management for Vehicular Communications. Electronics 2024,13, 314.
[CrossRef]
114.
Vergutz, A.; Noubir, G.; Nogueira, M. Reliability for Smart Healthcare: A Network Slicing Perspective. IEEE Netw. 2020,34, 91–97.
[CrossRef]
115.
Abdellatif, A.A.; Mohamed, A.; Chiasserini, C.F.; Tlili, M.; Erbad, A. Edge Computing for Smart Health: Context-Aware
Approaches, Opportunities, and Challenges. IEEE Netw. 2019,33, 196–203. [CrossRef]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual
author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to
people or property resulting from any ideas, methods, instructions or products referred to in the content.
Available via license: CC BY 4.0
Content may be subject to copyright.
