计算机科学

计算机科学 ›› 2026, Vol. 53 ›› Issue (1): 371-381.doi: 10.11896/jsjkx.250300076

• 信息安全 • 上一篇    下一篇

攻击图辅助下基于深度强化学习的服务功能链攻击恢复方法

周德强1, 季新生1,2, 游伟1, 邱航1, 杨杰1   

  1. 1 信息工程大学信息技术研究所 郑州 450002;
    2 紫金山实验室 南京 210000
  • 收稿日期:2025-03-14 修回日期:2025-05-22 发布日期:2026-01-08
  • 通讯作者: 季新生(ndscjxs@126.com)
  • 作者简介:(zhoudeqiang0518@163.com)
  • 基金资助:
    国家重点研发计划(2022YFB2902204);河南省重点研发专项项目(231111211000);河南省顶尖人才项目(244500510012)

Attack Graph-assisted Deep Reinforcement Learning-based Service Function Chain AttackRecovery Method

ZHOU Deqiang1, JI Xinsheng1,2, YOU Wei1, QIU Hang1 , YANG Jie1   

  1. 1 Institute of Information Technology, Information Engineering University, Zhengzhou 450002, China;
    2 Purple Mountain Laboratories, Nanjing 210000, China
  • Received:2025-03-14 Revised:2025-05-22 Online:2026-01-08
  • About author:ZHOU Deqiang,born in 1998,postgra-duate.His main research interests include 5G/6G network,network slicing and cyberspace security.
    JI Xinsheng,born in 1968,Ph.D,professor.His main research interests include next-generation mobile communication,network architecture and cyberspace security.
  • Supported by:
    National Key Research and Development Program of China(2022YFB2902204), Key Research and Development Project of Henan Province(231111211000) and Top Talent Training Project of Henan Province(244500510012).

PDF (PC)

3

摘要: 服务功能链(SFC)凭借按需编排、灵活组网等优势为6G六大场景提供定制化服务,6G网络则对服务功能链性能提出更高要求。弹性首次在6G网络中受到关注,要求服务功能链具备确保基本功能持续稳定的能力,其中弹性恢复是关键阶段。现有恢复方法往往基于备份机制,导致资源浪费,同时忽略了攻击路径对恢复的影响,导致恢复效果难以保证。因此,充分考虑网络攻击特征,利用服务功能链攻击图确定服务功能链,定制化攻击恢复方案,包括VNF恢复范围及攻击恢复等级需求。为进一步求解符合定制化攻击恢复方案的放置方案,提出了一种基于深度强化学习的服务功能链攻击恢复算法DRL-SFCAR。仿真结果表明,与现有方法相比,DRL-SFCAR在保证恢复成功率的同时,在时延和恢复成本方面表现优异,能够保证攻击恢复效果,同时最小化长期恢复成本,为网络攻击场景下的SFC恢复提供可行方案。

关键词: 服务功能链, 弹性恢复, 攻击图, 深度强化学习, 成本

Abstract: SFC can provide customized services for the six scenarios of 6G with the advantages of on-demand orchestration,flexible networking,and other benefits,and 6G networks also put forward higher requirements for SFC.Resilience is receiving attention for the first time in 6G networks,requiring SFC to ensure stable and continuous service provision of fundamental function,with resilience recovery being a key stage.Existing recovery methods are often based on backup mechanisms leading to resource wastage,while ignoring the impact of network attack characteristics on recovery leading to difficulty in guaranteeing the recovery effect.Considering the characteristics of network attacks,this paper uses SFC attack graph to determine the customized attack recovery scheme for SFC,including the VNF recovery range and the demand of attack recovery level.To solve the placement scheme that conforms to the customized attack recovery scheme,a deep reinforcement learning-based SFC attack recovery method(DRL-SFCAR) is proposed.Extensive simulation results show that DRL-SFCAR performs better in terms of delay and recovery cost than the three comparison methods while ensuring recovery success rate.DRL-SFCAR can meet the attack recovery level requirement and minimize the long-term recovery cost,which achieves the customized recovery for SFC in network attack scenarios.

Key words: Service function chain, Resilience recovery, Attack graph, Deep reinforcing learning, Cost

中图分类号: 

  • TN915
[1]NA M,LEE J,CHOI G,et al.Operator’s Perspective on 6G:6G Services,Vision,and Spectrum[J].IEEE Communications Ma-gazine,2024,62(8):178-184.
[2]ITU.Framework and overall objectives of the future development of IMT for 2030 and beyond[EB/OL].https://www.itu.int/md/R19-WP5D/new/en.
[3]HERRERA J G,BOTERO J F.Resource allocation in NFV:A comprehensive survey[J].IEEE Transactions on Network and Service Management,2016,13(3):518-532.
[4]HALEPLIDIS E,PENTIKOUSIS K,DENAZIS S,et al.Soft-ware-defined networking(SDN):Layers and architecture terminology[R].2015.
[5]QUINN P,NADEAU T.Problem statement for service function chaining[R].2015.
[6]MOGYOROSI F,BABARCZI P,ZERWAS J,et al.Resilientcontrol plane design for virtualized 6g core networks[J].IEEE Transactions on Network and Service Management,2022,19(3):2453-2467.
[7]SARKAR S,VITTAL S.Locomotive 5g core for 6g ready resilient and highly available network slices and sfcs[C]//2022 18th International Conference on Network and Service Management(CNSM).IEEE,2022:367-373.
[8]HE G,LIAO X,LIU C.A security survey of NFV:from causes to practices[C]//2023 3rd International Conference on Consu-mer Electronics and Computer Engineering(ICCECE).IEEE,2023:624-628.
[9]MALEH Y,QASMAOUI Y,El GHOLAMI K,et al.A compre-hensive survey on SDN security:threats,mitigations,and future directions[J].Journal of Reliable Intelligent Environments,2023,9(2):201-239.
[10]PATTARANTAKUL M,VORAKULPIPAT C,TAKAHASHI T.Service Function Chaining security survey:Addressing security challenges and threats[J].Computer Networks,2023,221:109484.
[11]WANG M,CHENG B,WANG S,et al.Availability-and traffic-aware placement of parallelized SFC in data center networks[J].IEEE Transactions on Network and Service Management,2021,18(1):182-194.
[12]QU L,ASSI C,SHABAN K,et al.A reliability-aware network service chain provisioning with delay guarantees in NFV-enabled enterprise datacenter networks[J].IEEE Transactions on Network and Service Management,2017,14(3):554-568.
[13]ZHAO J H,MA J,LI Q W,et al.Service Function Chain Deployment Method Based on VNF Divided Backup Mechanisms[J].Computer Science,2025,52(7):287-294.
[14]ALOMARI Z,ZHANI M F,ALOQAILY M,et al.On ensuring full yet cost-efficient survivability of service function chains in NFV environments[J].Journal of Network and Systems Management,2023,31(3):45.
[15]PENG C,ZHENG D,PHILIP S,et al.Latency-bounded off-site virtual node protection in NFV[J].IEEE Transactions on Network and Service Management,2021,18(3):2545-2556.
[16]TANG H B,QIU H,YOU W,et al.A Reliability-guaranteeMethod for Service Function Chain Deployment Based on Joint Backup[J].Journal of Electronics & Information Technology,2019,41(12):3006-3013.
[17]HU Y,GUO Y.Survivable service function chain mapping inNFV-enabled 5G networks[C]//2021 IEEE 7th International Conference on Network Softwarization(NetSoft).IEEE,2021:375-380.
[18]SOUALAH O,MECHTRI M,GHRIBI C,et al.A link failure recovery algorithm for virtual network function chaining[C]//2017 IFIP/IEEE Symposium on Integrated Network and Service Management(IM).IEEE,2017:213-221.
[19]CAO H,JINDAL A,HU H,et al.Secure and intelligent service function chain for sustainable services in healthcare cyber physical systems[J].IEEE Transactions on Network Science and Engineering,2022,10(5):2674-2684.
[20]ZHOU D Q,JI X S,YOU W,et al.DDQN-SFCAG:A service function chain recovery method against network attacks in 6G networks[J].Computer Networks,2024,254:110748.
[21]HUANG Z,HUANG H.Proactive failure recovery for stateful NFV[C]//2020 IEEE 26th International Conference on Parallel and Distributed Systems(ICPADS).IEEE,2020:536-543.
[22]ZHANG P,SHU S,ZHOU M C.Adaptive and dynamic adjustment of fault detection cycles in cloud computing[J].IEEE Transactions on Industrial Informatics,2019,17(1):20-30.
[23]DONG S,XIA Y,PENG T.Network abnormal traffic detection model based on semi-supervised deep reinforcement learning[J].IEEE Transactions on Network and Service Management,2021,18(4):4197-4212.
[24]DONG S,XIA Y,WANG T.Network abnormal traffic detection framework based on deep reinforcement learning[J].IEEE Wireless Communications,2024,31(3):9.
[25]FEI X,LIU F,XU H,et al.Adaptive VNF scaling and flow routing with proactive demand prediction[C]//IEEE INFOCOM 2018-IEEE Conference on Computer Communications.IEEE,2018:486-494.
[26]ERAMO V,MIUCCI E,AMMAR M,et al.An approach forservice function chain routing and virtual function network instance migration in network function virtualization architectures[J].IEEE/ACM Transactions on Networking,2017,25(4):2008-2025.
[27]KIKUCHI H,TAKAHASHI K.Zipf distribution model forquantifying risk of re-identification from trajectory data[J].Journal of Information Processing,2016,24(5):816-823.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市两江新区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发