COGNITIVE SECURITY: SECURITY ANALYTICS AND AUTONOMICS FOR VIRTUALIZED NETWORKS

Virtualized networks offer the potential to dynamically reconfigure themselves in real-time. Coupled with automated real-time analytics, these capabilities can be leveraged to enable such networks to automatically detect security threats in real-time, dynamically reconfigure themselves to protect against these threats, and automatically immunize themselves against evolving threats. We present an approach that combines real-time analytics with autonomics -- using anomaly detection to identify potential security threats, in combination with autonomics to enable dynamic network reconfigurations to mitigate against these threats. A key challenge is to distinguish "good anomalies arising from legitimate increases in network traffic, for example due to natural disasters, flash mobs, or other unexpected events, from "bad anomalies" arising from potential security attacks, as the autonomic actions may widely vary: e.g., dynamic increase of network resources for increases in legitimate traffic, instantiation of virtual security functions in the face of security attacks. We present a combination of machine learning based detection with temporal logic based analysis that provides a foundation for distinguishing these anomalies and enabling dynamic network autonomics in response. We illustrate our approach through a case study on distributed denial of service attacks on SIP-based virtualized networks.