TY - GEN
T1 - Coordinated Multi-Agent Moving Target Defense Against Cross-Slice Lateral Movement in Virtualized SDN Clouds
AU - Andreas, Andreou
AU - Mavromoustakis, Constandinos X.
AU - Aslam, Nauman
AU - Markakis, Evangelos
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Cross-slice lateral movement attacks pose a critical security threat to NFV/SDN-based 6G networks, where adversaries exploit compromised Virtual Network Functions (VNFs) to infiltrate other slices. While prior works have employed Deep QLearning (DQL) for Moving Target Defense (MTD), these single-agent solutions lack coordination and scalability across network slices. To overcome these limitations, this paper proposes a MultiAgent Deep Deterministic Policy Gradient (MADDPG) framework for orchestrating Software-Defined Networking (SDN)-based path randomization in service-oriented cloud networks based on NFV and SDN principles. The architecture leverages centralized training with decentralized execution, enabling collaborative decision-making among agents assigned to individual slices. Evaluated in a realistic OpenStack testbed with Tacker integration, the proposed method achieves over 60% reduction in attack success rate and a 2.5× improvement in Mean Time-To-Compromise (MTTC) compared to random path-hopping, all while maintaining low latency (<50ms) and minimal control overhead (<20 flow modifications per minute). These results validate the effectiveness and deployability of the proposed multi-agent MTD approach in real-world 6G cloud infrastructures.
AB - Cross-slice lateral movement attacks pose a critical security threat to NFV/SDN-based 6G networks, where adversaries exploit compromised Virtual Network Functions (VNFs) to infiltrate other slices. While prior works have employed Deep QLearning (DQL) for Moving Target Defense (MTD), these single-agent solutions lack coordination and scalability across network slices. To overcome these limitations, this paper proposes a MultiAgent Deep Deterministic Policy Gradient (MADDPG) framework for orchestrating Software-Defined Networking (SDN)-based path randomization in service-oriented cloud networks based on NFV and SDN principles. The architecture leverages centralized training with decentralized execution, enabling collaborative decision-making among agents assigned to individual slices. Evaluated in a realistic OpenStack testbed with Tacker integration, the proposed method achieves over 60% reduction in attack success rate and a 2.5× improvement in Mean Time-To-Compromise (MTTC) compared to random path-hopping, all while maintaining low latency (<50ms) and minimal control overhead (<20 flow modifications per minute). These results validate the effectiveness and deployability of the proposed multi-agent MTD approach in real-world 6G cloud infrastructures.
KW - Cross-Slice Security
KW - MAD-DPG
KW - Moving Target Defense (MTD)
KW - Multi-Agent Reinforcement Learning
KW - Network Function Virtualization (NFV)
KW - Software-Defined Networking (SDN)
UR - https://www.scopus.com/pages/publications/105033344257
U2 - 10.1109/NFV-SDN66355.2025.11349606
DO - 10.1109/NFV-SDN66355.2025.11349606
M3 - Conference contribution
AN - SCOPUS:105033344257
T3 - 2025 IEEE Conference on Network Function Virtualization and Software-Defined Networking, NFV-SDN 2025
BT - 2025 IEEE Conference on Network Function Virtualization and Software-Defined Networking, NFV-SDN 2025
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2025 IEEE Conference on Network Function Virtualization and Software-Defined Networking, NFV-SDN 2025
Y2 - 10 November 2025 through 12 November 2025
ER -