Vítor Cunha, a PhD Computer Engineering student at DETI-UA, submitted his doctoral thesis to the Altice International Innovation Award (AIIA), and scooped last year’s prize in the Academy category with his Dynamic Defense for Softwarized and Virtualized Networks project. We caught up with the researcher from the Telecommunications Institute of Aveiro so that he could tell us about his innovation and the importance of winning this AIIA category. Recognition from beyond academic peers, and practical validation from a multinational jury panel from multiple sectors of society.
How did you come up with the concept for the Dynamic Defense for Softwarized and Virtualized Networks project?
The idea came to me in embryonic form before I enrolled on a PhD, while I was still working on developing network functions in offloading for edge computing and thereby freeing up resources in the operator’s core network. These functions demand a great deal of flexibility in selecting active flows on the network and then high performance in moving the selected flows to other points of presence. As is normal procedure in any doctoral program, I conducted an exhaustive analysis of the state of the art that described existing defense solutions within the scope of the pre-thesis component, which is developed during the first year of the PhD and which aims to set a plan for the upcoming work, and I identified gaps which were still impeding the transposition of similar approaches from the academic world for use in more realistic environments. That was where my experience in developing traffic offloading functions came to the fore, and the original idea began to take shape, leading to the “Dynamic Defense for Softwarized and Virtualized Networks”. It’s called “Dynamic Defense” because this solution enables the use of different techniques which can be altered as needed.
How did you test the applicability of the Dynamic Defense for Softwarized and Virtualized Networks?
In the proof of concept we considered techniques such as Moving Target Defense (MTD) and security containment networks – or honeynets. These defenses can be introduced at any time, even if the function to be protected has not previously been defended in this way, hence the dynamic aspect. The part that relates to “Softwarized and Virtualized” networks, on the other hand, came about partly as a technical necessity for some of the defense strategies, but it’s mainly so as to not prescribe any network or manufacturer in particular and to allow for it to be an option for the long-term future, which will enable adoption beyond today’s technologies (the 5G core is already softwarized and virtualized, but the innovation will outlive 5G).
This scientific project is now being continued within the remit of another European project dedicated to privacy and cybersecurity, in which we have already addressed other security solutions, Moving Target Defense (MTD) and its integration with artificial intelligence within the context of future 6G networks.
What are the main challenges faced in implementing a dynamic defense for software-defined and virtualized networks?
There are several significant challenges to be considered. Firstly, legitimate users mustn’t be deprived of access to protected services, and nor should their user experience be impaired. This is particularly challenging because if access to services moves quickly throughout an exploration space – which, incidentally, is the basic principle of MTD and which hinders successful attacks – legitimate users must continue to hit the target, in other words, reach the service, steadily and accurately. This requires the user and service to be highly synchronised in order to allow the target to be hit, but introducing a network protocol to ensure such synchronisation would itself contribute towards overloading the system and by itself create another attack surface. On the other hand, despite all the vulnerability caused by the movement, the system must remain auditable in the event of a failure, and its maintenance must be easily managed. To sum up, the major challenge is that we want to thwart attackers’ potentially sophisticated efforts, without disturbing systems managers, much less legitimate users.
What results have you achieved with the project?
The results showed that the system was, by itself, quite effective in detecting adversarial actions in the scenarios considered (a detection rate of over 99.9%) without greatly reducing the parameters which affected functionality (latency and bandwidth). Nevertheless, the scenarios considered were on private networks where the authorised users were known in advance and the cost of setting up the system was not a problem, given the critical nature of the functions protected. Traditional solutions would also have impressive success rates against known attacks (probably even with more nines after the decimal point), but the advantage of our approach is to maintain efficacy even against unknown attacks (zero-days).
What lessons did you learn during the process?
The main lessons learnt relate to the need to process alarms properly in order to avoid false positives (normal events classified as attacks). However, whenever we try to eliminate false positives, we run the risk of creating false negatives, in other words, letting attacks pass for normal events. What our solution does is, when there’s a false negative, it blocks traffic the same, but doesn’t identify it as an attack. When many false positives are detected, events are created which signal the need to check synchronisation with the client and/or network quality. Despite the impressive numbers, the approach is by no means infallible, and we recommend it should always be used in conjunction with traditional defenses, never forgetting good security practices and system design.
How did you decide to apply for the Altice Innovation Award’s Academy prize?
I have to say that above all, I was encouraged by my professors, João Paulo Barraca and Daniel Corujo. At the time I was preparing to defend my thesis and within that context it made perfect sense to apply to the Academy section of the Altice Innovation Award. Obviously, I would like to thank Professor Daniel Corujo for his support in this, as well as my colleagues at the Telecommunications Institute (Mário Antunes, who was one of the finalists at a previous edition of the Altice International Innovation Award, and José Quevedo) for their help and insight throughout this process.
How important is it to be recognised with this award?
Just being selected to go through to the final stage of an international innovation competition as popular and competitive as the AIIA was already an excellent validation, from beyond academia, of the work done throughout my PhD, and of its potential contribution to society. This is key and extremely important to any academic – recognition from beyond academic peers, for theory put into practice and validated by a multinational jury panel drawn from multiple sectors of society.
Why should PhD students apply for the Academy category of the AIIA?
Definitely for the recognition from beyond academic peers, for the contribution and impact outside of the four walls of our labs, assessed by a panel of judges from a cross-section of society (which has increasingly included ANI, Portugal’s main agency of innovation). On top of this, students will have the opportunity to discuss new and revolutionary ideas with finalists and guests at the ceremony. With Altice being a group of recognised international reach in the fields of innovation, but with a strong link to Portugal, this international award provides the best of both worlds; being able to take part in an international competition, but without having to leave Portugal. Furthermore, applications can be submitted free of charge, which means there are no monetary barriers standing in the way of having our work recognised.
Do you have any advice for other entrants to this year’s Academy award?
Focus on what’s essential, what impacts the most on society and has the most solid base to be transformed into a business model. Describe in detail how this business model would work. Above all, be honest about what your work does (or doesn’t do) and, although the competition is outside the world of academia, that’s no excuse to forget the good scientific practices of providing evidence to support all claims.