Network digital twinning solutions to increase the security of multi-domain optical transport networks

Abstract

Autonomous networking relies on technologies such as network digital twins (NDTs), which might apply machine learning (ML) techniques to reduce the computational complexity of analytical models. Centralized NDTs are typically fed with telemetry collected from the data plane to implement observe-analyze-act control loops for intelligent network diagnosis and decision-making. NDTs can estimate the performance of optical connections, which have multiple operational applications, from provisioning to failure management. However, the resulting ML pipelines require special attention not only in terms of efficiency and scalability but also in terms of security, since the attack surface increases in distributed systems. In consequence, autonomous operation requires security mechanisms. This fact is more evident in the case of multi-domain networks. Specifically, because envisioned end-to-end (e2e) 6G networks expand through multiple administrative and technological domains, security and privacy issues need to be considered in the autonomous multi-domain optical layer operation. In this paper, we concentrate on multi-domain optical transport networks operated autonomously with the support of ML-based NDTs modeling the optical layer. We propose NDT-based solutions to detect combined attacks of data tampering and model evasion that compromise the security of the optical network. To that end, e2e multi-domain models are required, which can be created as a concatenation of intra-domain NDT models modeling each domain. We aim to provide solutions to preserve the privacy of the domains. Simulation results demonstrate the efficiency of the proposed solutions in terms of relevant security-related metrics, such as combined attack detection accuracy and privacy-preserving scoring.

This work has received funding from the European Union’s HORIZONEurope research and innovation program under grant agreement no. 101092766 (ALLEGRO Project); project PID2024-157824OB-I00 funded by MICIU/AEI/10.13039/501100011033/FEDER, UE; and the ICREA Institution.

Peer Reviewed

Postprint (author's final draft)