Cognitive and programmable security for resilient next-generation networks – GRIFIN

The Internet of Things (IoT) is already ubiquitous and is increasingly connected as 5G networks are being deployed, further extending the cyberspace into the physical world.
This also means that incidents happening in the future networks may have dire, even lethal consequences.
In particular, people could get tracked by sensors in smart buildings, or worse, get trapped in smart elevators, while patients may see they health data file leaked or their life support get disconnected.
IoT devices, as user or mobile equipments in 5G networks, are thus identified as entry points, which vulnerabilities could be exploited for data leakage, malware propagation or mass-scale attacks against the Internet.
It is therefore essential to secure them, to prevent mass casualties.
While attempting to secure all devices from all vendors is infeasible, the assocation of AI and SDN techniques is emerging as an approach to realise AI-driven network programmability that will improve the resilience of IoT networks.
GRIFIN proposes to explore recent advances in AI techniques to enhance the security of an SDN-based IoT network in various use cases ranging from smart buildings to smart healthcare.
In particular, GRIFIN proposes to equip IoT gateways with AI capabilities in order to timely detect, analyse and react to internal threats.
When IoT devices get compromised, the sensing component will detect behavioural discrepancies indicative of hijack, prompting an analysis of the state of the network.
Upon raising an alert, the reasoning component will select a course of actions from a set of countermeasures that will be adapted to the current network state. The course of actions will then be decomposed by the actuating component to be distributed to the data plane in a verifiable manner.
GRIFIN deals with advancing the state of the art of anomaly detection to provide adaptive and faster monitoring, leveraging deep learning to break away from human-resource intensive feature engineering, and transfer learning to reduce uncertainty in learning legitimate traffic models in (unsafe) production environments.
It also proposes a set of metrics and a methodology to assess intrusion detection systems beyond the detection performance, to encourage the adoption of ML-based techniques.
GRIFIN introduces reasoning upon the network state which is seldom addressed in the state of the art.
It allows to optimally design responses that minimizes collateral damage, among other objectives, and adapts the monitoring behaviour, in a moving defense fashion.
Finally, GRIFIN tackles the difficult problem of pipelining a high-level policy onto a forwarding infrastructure.
A rewriting approach is considered to express language-level compositions of the course of actions while providing verifiable semantics for the data plane.
The outcomes of the project should address a number of questions with respect to 1) deep learning: the usage of feature learning should enable to break away from human-intensive feature selection while providing better detection for less frequent behaviour classes; 2) transfer learning: models learnt at the vendor premises should be readily deployable for immediate intrusion detection at the user premises; or 3) reinforcement learning: taking into account the impacts on the network state should make the network more resilient, with smoother recovery. Other proposed innovations include the adaptation of the monitoring settings, the assessment methodology of intrusion detection systems, impact quantification and policy verification.