Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Distributing Intelligence in 6G Programmable Data Planes for Effective In-Network Intrusion Prevention

Mattia G. Spina, Floriano De Rango, Edoardo Scalzo, Francesca Guerriero, Antonio Iera

TL;DR

This work addresses the rising attack surface of 5G/6G networks by proposing a distributed, in-network intrusion prevention paradigm that leverages programmable data planes. It decomposes a strong ML model into multiple Weak Learners deployed as WL-VNFs across PDP devices and coordinates them via a custom per-flow header and majority voting, optimized with BRKGA deployment. The approach aims to preserve network throughput and QoS under high traffic while reducing per-device computational burden, as demonstrated by a proof-of-concept showing high accuracy (≈94.5%), reasonable precision/recall, and significantly better scalability than a monolithic model. The proposed architecture and findings suggest a viable path toward scalable, autonomous, in-network defense for future 6G networks, with clear directions for dynamic deployment, hardware/language support, and lightweight models to achieve near-zero-latency detection.

Abstract

The problem of attacks on new generation network infrastructures is becoming increasingly relevant, given the widening of the attack surface of these networks resulting from the greater number of devices that will access them in the future (sensors, actuators, vehicles, household appliances, etc.). Approaches to the design of intrusion detection systems must evolve and go beyond the traditional concept of perimeter control to build on new paradigms that exploit the typical characteristics of future 5G and 6G networks, such as in-network computing and intelligent programmable data planes. The aim of this research is to propose a disruptive paradigm in which devices in a typical data plane of a future programmable network have anomaly detection capabilities and cooperate in a fully distributed fashion to act as an ML-enabled Intrusion Prevention System ``embedded" into the network. The reported proof-of-concept experiments demonstrate that the proposed paradigm allows working effectively and with a good level of precision while occupying overall less CPU and RAM resources of the devices involved.

Distributing Intelligence in 6G Programmable Data Planes for Effective In-Network Intrusion Prevention

TL;DR

This work addresses the rising attack surface of 5G/6G networks by proposing a distributed, in-network intrusion prevention paradigm that leverages programmable data planes. It decomposes a strong ML model into multiple Weak Learners deployed as WL-VNFs across PDP devices and coordinates them via a custom per-flow header and majority voting, optimized with BRKGA deployment. The approach aims to preserve network throughput and QoS under high traffic while reducing per-device computational burden, as demonstrated by a proof-of-concept showing high accuracy (≈94.5%), reasonable precision/recall, and significantly better scalability than a monolithic model. The proposed architecture and findings suggest a viable path toward scalable, autonomous, in-network defense for future 6G networks, with clear directions for dynamic deployment, hardware/language support, and lightweight models to achieve near-zero-latency detection.

Abstract

The problem of attacks on new generation network infrastructures is becoming increasingly relevant, given the widening of the attack surface of these networks resulting from the greater number of devices that will access them in the future (sensors, actuators, vehicles, household appliances, etc.). Approaches to the design of intrusion detection systems must evolve and go beyond the traditional concept of perimeter control to build on new paradigms that exploit the typical characteristics of future 5G and 6G networks, such as in-network computing and intelligent programmable data planes. The aim of this research is to propose a disruptive paradigm in which devices in a typical data plane of a future programmable network have anomaly detection capabilities and cooperate in a fully distributed fashion to act as an ML-enabled Intrusion Prevention System ``embedded" into the network. The reported proof-of-concept experiments demonstrate that the proposed paradigm allows working effectively and with a good level of precision while occupying overall less CPU and RAM resources of the devices involved.

Paper Structure

This paper contains 8 sections, 6 figures.

Table of Contents

  1. Introduction
  2. Related Works
  3. Proposed Framework
  4. Performance Evaluation
  5. Experimental Setup
  6. Performance Evaluation Results
  7. Distributed In-network Defense: Future Research Directions
  8. Conclusion

Figures (6)

  • Figure 1: Logical Architecture of the Proposed In-Network Computing based Active Intrusion Prevention System
  • Figure 2: Considered topology and WL-VNF deployment strategy.
  • Figure 3: Considered topology and SL-VNF deployment strategy.
  • Figure 4: Average Network Throughput: SL-VNFs vs. WL-VNFs Deployment.
  • Figure 5: Average PDPs' CPU Utilization: SL-VNFs vs. WL-VNFs Deployment.
  • ...and 1 more figures