Safeguard: Security Controls at the Software Defined Network Layer
- URL: http://arxiv.org/abs/2601.17355v1
- Date: Sat, 24 Jan 2026 07:59:25 GMT
- Title: Safeguard: Security Controls at the Software Defined Network Layer
- Authors: Yi Lyu, Shichun Yu, Joe Catudal,
- Abstract summary: We present Safeguard, a rule-based policy that overlaps a data-driven policy to prevent unintended responses for edge cases in network traffic.<n>We show how additional rulesets to allow known-good traffic are essential in utilizing a data-driven network policy.
- Score: 0.3823356975862005
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Improvements in software defined networking allow for policy to be informed and modified by data-driven applications that can adjust policy to accommodate fluctuating requirements at line speed. However, there is some concern that over-correction can occur and cause unintended consequences depending on the data received. This is particularly problematic for network security features, such as machine-learning intrusion detection systems. We present Safeguard, a rule-based policy that overlaps a data-driven policy to prevent unintended responses for edge cases in network traffic. We develop a reference implementation of a network traffic classifier that enforces firewall rules for malicious traffic, and show how additional rulesets to allow known-good traffic are essential in utilizing a data-driven network policy.
Related papers
- DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents [52.92354372596197]
Large Language Models (LLMs) are increasingly central to agentic systems due to their strong reasoning and planning capabilities.<n>This interaction also introduces the risk of prompt injection attacks, where malicious inputs from external sources can mislead the agent's behavior.<n>We propose a Dynamic Rule-based Isolation Framework for Trustworthy agentic systems, which enforces both control and data-level constraints.
arXiv Detail & Related papers (2025-06-13T05:01:09Z) - NetFlowGen: Leveraging Generative Pre-training for Network Traffic Dynamics [72.95483148058378]
We propose to pre-train a general-purpose machine learning model to capture traffic dynamics with only traffic data from NetFlow records.<n>We address challenges such as unifying network feature representations, learning from large unlabeled traffic data volume, and testing on real downstream tasks in DDoS attack detection.
arXiv Detail & Related papers (2024-12-30T00:47:49Z) - MIETT: Multi-Instance Encrypted Traffic Transformer for Encrypted Traffic Classification [59.96233305733875]
Classifying traffic is essential for detecting security threats and optimizing network management.<n>We propose a Multi-Instance Encrypted Traffic Transformer (MIETT) to capture both token-level and packet-level relationships.<n>MIETT achieves results across five datasets, demonstrating its effectiveness in classifying encrypted traffic and understanding complex network behaviors.
arXiv Detail & Related papers (2024-12-19T12:52:53Z) - SecureNT: Smart Topology Obfuscation for Privacy-Aware Network Monitoring [1.5205805949009716]
Network tomography plays a crucial role in network monitoring and management.<n>Topology information can be inferred through end-to-end measurements.<n>Existing protection methods attempt to secure topology information by modifying end-to-end measurements.<n>This paper presents a novel privacy-preserving framework that addresses these limitations.
arXiv Detail & Related papers (2024-12-11T08:07:40Z) - Differentiated Security Architecture for Secure and Efficient Infotainment Data Communication in IoV Networks [55.340315838742015]
Negligence on the security of infotainment data communication in IoV networks can unintentionally open an easy access point for social engineering attacks.
In particular, we first classify data communication in the IoV network, examine the security focus of each data communication, and then develop a differentiated security architecture to provide security protection on a file-to-file basis.
arXiv Detail & Related papers (2024-03-29T12:01:31Z) - Multi-Agent Reinforcement Learning for Assessing False-Data Injection
Attacks on Transportation Networks [27.89472896063777]
We introduce a computational framework to find worst-case data-injection attacks against transportation networks.
First, we devise an adversarial model with a threat actor who can manipulate drivers by increasing the travel times that they perceive on certain roads.
Then, we employ hierarchical multi-agent reinforcement learning to find an approximate adversarial strategy for data manipulation.
arXiv Detail & Related papers (2023-12-22T11:48:13Z) - OblivIO: Securing reactive programs by oblivious execution with bounded traffic overheads [0.0]
Traffic analysis attacks remain a significant problem for online security.<n>Despite online services increasingly using encrypted traffic, the shape of the traffic is not hidden.<n>We present OblivIO, a secure language for writing reactive programs driven by network events.
arXiv Detail & Related papers (2023-01-19T15:59:33Z) - Mutual Information Regularized Offline Reinforcement Learning [76.05299071490913]
We propose a novel MISA framework to approach offline RL from the perspective of Mutual Information between States and Actions in the dataset.
We show that optimizing this lower bound is equivalent to maximizing the likelihood of a one-step improved policy on the offline dataset.
We introduce 3 different variants of MISA, and empirically demonstrate that tighter mutual information lower bound gives better offline RL performance.
arXiv Detail & Related papers (2022-10-14T03:22:43Z) - Offline Contextual Bandits for Wireless Network Optimization [107.24086150482843]
In this paper, we investigate how to learn policies that can automatically adjust the configuration parameters of every cell in the network in response to the changes in the user demand.
Our solution combines existent methods for offline learning and adapts them in a principled way to overcome crucial challenges arising in this context.
arXiv Detail & Related papers (2021-11-11T11:31:20Z) - Towards formalization and monitoring of microscopic traffic parameters
using temporal logic [1.3706331473063877]
We develop specification-based monitoring for the analysis of traffic networks using the formal language Signal Temporal Logic.
We develop monitors that identify safety-related behavior such as conforming to speed limits and maintaining appropriate headway.
This work can be utilized by traffic management centers to study the traffic stream properties, identify possible hazards, and provide valuable feedback for automating the traffic monitoring systems.
arXiv Detail & Related papers (2021-10-12T17:59:26Z) - Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications.
We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology.
We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
arXiv Detail & Related papers (2021-06-03T16:45:40Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.