Open Access iconOpen Access



Dynamic Security SFC Branching Path Selection Using Deep Reinforcement Learning

Shuangxing Deng, Man Li*, Huachun Zhou

School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing, 100044, China

* Corresponding Author: Man Li. Email: email

(This article belongs to the Special Issue: Advanced Achievements of Intelligent and Secure Systems for the Next Generation Computing)

Intelligent Automation & Soft Computing 2023, 37(3), 2919-2939.


Security service function chaining (SFC) based on software-defined networking (SDN) and network function virtualization (NFV) technology allows traffic to be forwarded sequentially among different security service functions to achieve a combination of security functions. Security SFC can be deployed according to requirements, but the current SFC is not flexible enough and lacks an effective feedback mechanism. The SFC is not traffic aware and the changes of traffic may cause the previously deployed security SFC to be invalid. How to establish a closed-loop mechanism to enhance the adaptive capability of the security SFC to malicious traffic has become an important issue. Our contribution is threefold. First, we propose a secure SFC path selection framework. The framework can accept the feedback results of traffic and security service functions in SFC, and dynamically select the optimal path for SFC based on the feedback results. It also realizes the automatic deployment of paths, forming a complete closed loop. Second, we expand the protocol of SFC to realize the security SFC with branching path, which improve flexibility of security SFC. Third, we propose a deep reinforcement learning-based dynamic path selection method for security SFC. It infers the optimal branching path by analyzing feedback from the security SFC. We have experimented with Distributed Denial of Service (DDoS) attack detection modules as security service functions. Experimental results show that our proposed method can dynamically select the optimal branching path for a security SFC based on traffic features and the state of the SFC. And it improves the accuracy of the overall malicious traffic detection of the security SFC and significantly reduces the latency and overall load of the SFC.


Cite This Article

APA Style
Deng, S., Li, M., Zhou, H. (2023). Dynamic security SFC branching path selection using deep reinforcement learning. Intelligent Automation & Soft Computing, 37(3), 2919-2939.
Vancouver Style
Deng S, Li M, Zhou H. Dynamic security SFC branching path selection using deep reinforcement learning. Intell Automat Soft Comput . 2023;37(3):2919-2939
IEEE Style
S. Deng, M. Li, and H. Zhou "Dynamic Security SFC Branching Path Selection Using Deep Reinforcement Learning," Intell. Automat. Soft Comput. , vol. 37, no. 3, pp. 2919-2939. 2023.

cc This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 582


  • 211


  • 0


Share Link