Enhancing B5G Firewall Optimisation

Using Automated Machine Learning (AutoML) and Explainable AI (XAI) to create a robust, transparent, and adaptive security framework for next-generation networks.

The Challenge: Static Rules in a Dynamic World

The initial research addressed a critical issue in B5G network security: firewall rules were often static and not optimized for real-time network conditions. This led to suboptimal performance and potential security gaps. The original ML-based solution was a major step forward, but had room for significant improvement.

Original Approach Limitations

  • Limited Model Scope: Relied on a single Random Forest model, which might not capture all complex data patterns.
  • Partial Dataset: Trained on only 10% of the available IW-IB-5GNET dataset, leading to potential bias.
  • "Black Box" Decisions: Lacked a clear explanation of *why* the model made a specific choice, hindering trust and debuggability.
  • Basic Features: Did not incorporate dynamic time-based features or resource (CPU/Memory) consumption.

Original Best Model F1-Score

0.9083

A strong start, but the goal for a truly robust system was an F1-score >0.93.

The Enhanced Solution: An Intelligent, Adaptive Framework

To overcome the limitations, the framework was rebuilt with advanced techniques focusing on performance, transparency, and adaptability.

Upgraded System Architecture

The new architecture integrates real-time prediction services and deploys models on edge nodes. This reduces latency and allows for instantaneous firewall adjustments. It also extends support to modern technologies like `nftables` for greater flexibility.

  • Real-time Prediction: Uses FastAPI or Streamlit for immediate rule optimization.
  • Edge Deployment: Moves AI models closer to the data source for ultra-low latency decisions.
  • Reinforcement Learning: Explores continuous, autonomous optimization through an RL agent that learns from the live network environment.
Conceptual Flow
1
Network Sensors & Metrics
2
Cognitive Layer (ML Classifier) at the Edge
3
Explainable AI (SHAP/LIME) Insights
4
Optimized Rule Deployed via Actuators

Performance Deep Dive: A Clear Winner

The new methods delivered a significant boost in performance, surpassing the target F1-score and establishing a new benchmark for accuracy and reliability.

Model Performance Comparison (F1-Score)

Dataset Enhancement: From Imbalanced to Augmented

The original dataset was heavily imbalanced. Using synthetic data generation (CopulaGAN), the dataset was augmented to provide a balanced view, drastically improving the model's ability to learn from minority classes.

Key Feature Importance (Ensemble Model)

This chart shows which data points had the most influence on the best model's decisions. Network metrics related to traffic volume and specific technology activation are top contributors.

Opening the Black Box with Explainable AI (XAI)

A high-performing model isn't enough if you can't trust it. XAI techniques like SHAP and LIME were integrated to make the AI's decision-making process transparent and understandable.

Why is XAI Crucial?

  • Builds Trust: Administrators can see the 'why' behind a recommendation, increasing confidence in the system.
  • Facilitates Debugging: If the model makes an unexpected decision, XAI helps pinpoint the cause quickly.
  • Ensures Accountability: Provides a clear audit trail for all automated changes, which is vital for security and compliance.
How XAI Provides Clarity
AI Model Decision ("Black Box")
🔮 + XAI

Transparent Insight

"Chose 'iptables' because 'Rule Burst Time' was high and 'CPU Usage' was low."

Conclusion & Future Directions

This enhanced framework establishes a new standard for intelligent firewall optimization. It is more accurate, transparent, and adaptive than its predecessor. Future work will focus on deploying it in real-world testbeds and exploring even more advanced concepts.

Multi-Agent RL

Using multiple, coordinated AI agents to manage security across vast, decentralized networks.

Adversarial Training

Making the model more robust by training it to recognize and resist attempts by attackers to deceive it.

Real-World Deployment

The ultimate test: moving from simulation to a live B5G network to validate performance and utility under operational conditions.