Abstract
Many of today’s smart devices are rushed to market with little consideration for basic security and privacy protection, making them easy targets for various attacks. Therefore, IoT will benefit from adapting a zero-trust networking model which requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are located within or outside of the network perimeter. Implementing such model can, however, become challenging, as the access policies have to be updated dynamically in the context of constantly changing network environment. In this research project, we are aiming to implement a prototype of intelligent defense framework relying on advanced technologies that have recently emerged in the area of software-defined networking and network function virtualization. The intelligent core of the system proposed is planned to employ several reinforcement machine learning agents which process current network state and mitigate both external attacker intrusions and stealthy advanced persistent threats acting from inside of the network environment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alhanahnah M, Lin Q, Yan Q, Zhang N, Chen Z (2018) Efficient signature generation for classifying cross-architecture IoT malware. In: 2018 IEEE conference on communications and network security (CNS), pp 1–9
Arjovsky M, Chintala S, Bottou L (2017) Wasserstein generative adversarial networks. In: ICML’17: Proceedings of the 34th International conference on machine learning, vol 70, pp 214–223
Brockman G, Cheung V, Pettersson L, Schneider J, Schulman J, Tang J, Zaremba W (2016) OpenAI Gym. arXiv:1606.01540
Dhariwal P, Hesse C, Klimov O, Nichol A, Plappert M, Radford A, Schulman J, Sidor S, Wu Y, Zhokhov P (2017) OpenAI baselines. GitHub repository. https://github.com/openai/baselines
GitHub (2018) GitHub—linux-rdma/qperf. Retrieved 1 Dec 2020, from https://github.com/linux-rdma/qperf
Goodfellow IJ, Pouget-Abadie J, Mirza M, Xu B, Warde-Farley D, Ozair S, Courville A, Bengio Y (2014) Generative adversarial nets. In: NIPS’14: Proceedings of the 27th International conference on neural information processing systems, vol 2, pp 2672–2680
He K, Zhang X, Ren S, Sun J (2016) Deep residual learning for image recognition. In: 2016 IEEE conference on computer vision and pattern recognition (CVPR), pp 770–778
Kindervag J (2010) No more chewy centers: introducing the zero trust model of information security. Forrester Research. https://media.paloaltonetworks.com/documents/Forrester-No-More-Chewy-Centers.pdf
Medved J, Varga R, Tkacik A, Gray K (2014) OpenDaylight: towards a model-driven SDN controller architecture. In: Proceeding of IEEE international symposium on a world of wireless, mobile and multimedia networks 2014, pp 1–6
Mirza M, Osindero S (2014) Conditional generative adversarial nets. arXiv:1411.1784
Mnih V, Badia AP, Mirza M, Graves A, Lillicrap TP, Harley T, Silver D, Kavukcuoglu K (2016) Asynchronous methods for deep reinforcement learning. arXiv:1602.01783
Netfilter (2020) The netfilter.org “libnetfilter_queue” project. Retrieved 1 Dec 2020, from https://www.netfilter.org/projects/libnetfilter_queue/index.html
PyPI (2017) NetfilterQueue—PyPI. Retrieved 1 Dec 2020, from https://pypi.org/project/NetfilterQueue/
Salman O, Elhajj IH, Kayssi A, Chehab A (2016) SDN controllers: a comparative study. In: Proceedings of the 18th Mediterranean electrotechnical conference (MELECON 2016), pp 1–6
Schulman J, Levine S, Moritz P, Jordan MI, Abbeel P (2015) Trust region policy optimization. arXiv:1502.05477
Schulman J, Wolski F, Dhariwal P, Radford A, Klimov O (2017) Proximal policy optimization algorithms. arXiv:1707.06347
Sharafaldin I, Lashkari A, Ghorbani A (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International conference on information systems security and privacy (ICISSP 2018), pp 108–116
Vagrant (2020) Vagrant by HashiCorp. Retrieved 19 Nov 2020, from https://www.vagrantup.com
Vaswani A, Shazeer N, Parmar N, Uszkoreit J, Jones L, Gomez AN, Kaiser Ł, Polosukhin I (2017) Attention is all you need. In: NIPS’17: Proceedings of the 31st International conference on neural information processing systems, pp 6000–6010
Wu Y, Mansimov E, Liao S, Grosse R, Ba J (2017) Scalable trust-region method for deep reinforcement learning using Kronecker-factored approximation. arXiv:1708.05144
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Zolotukhin, M., Hämäläinen, T., Kotilainen, P. (2022). Intelligent Solutions for Attack Mitigation in Zero-Trust Environments. In: Lehto, M., Neittaanmäki, P. (eds) Cyber Security. Computational Methods in Applied Sciences, vol 56. Springer, Cham. https://doi.org/10.1007/978-3-030-91293-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-91293-2_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91292-5
Online ISBN: 978-3-030-91293-2
eBook Packages: Computer ScienceComputer Science (R0)