Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Secured Intent-Based Networking (sIBN) with Data-Driven Time-Aware Intrusion Detection

Urslla Uchechi Izuazu, Mounir Bensalem, Admela Jukan

TL;DR

This work targets the security gap in Intent-Based Networking (IBN) by addressing the risk that adversaries can tamper with user intents during ingestion, enabling malicious configurations via MitM attacks. It introduces a secured IBN (sIBN) framework with a data-driven Intent Intrusion Detection System (IIDS) that analyzes temporal network behavioral features to detect tampered intents before enactment, using Randomized Search Cross-Validation (RSCV) for hyperparameter tuning. The approach is validated on the BINS dataset with simulated attack scenarios, where an XGBoost-based model delivers high performance in both binary and multiclass classification (e.g., up to 99.71% accuracy in binary and 99.98% in multiclass, with low MSE). The results demonstrate a practical pathway to reinforce trust and reliability in large-scale, automated network management, while highlighting room for broader validation and integration of explainable AI techniques to enhance transparency.

Abstract

While Intent-Based Networking (IBN) promises operational efficiency through autonomous and abstraction-driven network management, a critical unaddressed issue lies in IBN's implicit trust in the integrity of intent ingested by the network. This inherent assumption of data reliability creates a blind spot exploitable by Man-in-the-Middle (MitM) attacks, where an adversary intercepts and alters intent before it is enacted, compelling the network to orchestrate malicious configurations. This study proposes a secured IBN (sIBN) system with data driven intrusion detection method designed to secure legitimate user intent from adversarial tampering. The proposed intent intrusion detection system uses a ML model applied for network behavioral anomaly detection to reveal temporal patterns of intent tampering. This is achieved by leveraging a set of original behavioral metrics and newly engineered time-aware features, with the model's hyperparameters fine-tuned through the randomized search cross-validation (RSCV) technique. Numerical results based on real-world data sets, show the effectiveness of sIBN, achieving the best performance across standard evaluation metrics, in both binary and multi classification tasks, while maintaining low error rates.

A Secured Intent-Based Networking (sIBN) with Data-Driven Time-Aware Intrusion Detection

TL;DR

This work targets the security gap in Intent-Based Networking (IBN) by addressing the risk that adversaries can tamper with user intents during ingestion, enabling malicious configurations via MitM attacks. It introduces a secured IBN (sIBN) framework with a data-driven Intent Intrusion Detection System (IIDS) that analyzes temporal network behavioral features to detect tampered intents before enactment, using Randomized Search Cross-Validation (RSCV) for hyperparameter tuning. The approach is validated on the BINS dataset with simulated attack scenarios, where an XGBoost-based model delivers high performance in both binary and multiclass classification (e.g., up to 99.71% accuracy in binary and 99.98% in multiclass, with low MSE). The results demonstrate a practical pathway to reinforce trust and reliability in large-scale, automated network management, while highlighting room for broader validation and integration of explainable AI techniques to enhance transparency.

Abstract

While Intent-Based Networking (IBN) promises operational efficiency through autonomous and abstraction-driven network management, a critical unaddressed issue lies in IBN's implicit trust in the integrity of intent ingested by the network. This inherent assumption of data reliability creates a blind spot exploitable by Man-in-the-Middle (MitM) attacks, where an adversary intercepts and alters intent before it is enacted, compelling the network to orchestrate malicious configurations. This study proposes a secured IBN (sIBN) system with data driven intrusion detection method designed to secure legitimate user intent from adversarial tampering. The proposed intent intrusion detection system uses a ML model applied for network behavioral anomaly detection to reveal temporal patterns of intent tampering. This is achieved by leveraging a set of original behavioral metrics and newly engineered time-aware features, with the model's hyperparameters fine-tuned through the randomized search cross-validation (RSCV) technique. Numerical results based on real-world data sets, show the effectiveness of sIBN, achieving the best performance across standard evaluation metrics, in both binary and multi classification tasks, while maintaining low error rates.

Paper Structure

This paper contains 11 sections, 3 equations, 5 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. System Model
  4. Threat Model
  5. Intent Intrusion Detection System (IIDS)
  6. Data and Feature Engineering
  7. Performance Evaluation
  8. Data Preparation
  9. Metrics
  10. Results Discussions
  11. Conclusion

Figures (5)

  • Figure 1: Proposed Architecture for a secured Intent-based Networking (sIBN)
  • Figure 2: Flowchart of the proposed Intent Intrusion Detection System (IIDS)
  • Figure 3: Example of JSON representation for a Cloud Computing Service event.
  • Figure 4: Confusion Matrix based on for Binary and Multi-class Task
  • Figure 5: Confusion Matrix based on Multi-class Task