Abstract: Systems and methods include receiving a request for a path in a network including a plurality of network elements interconnected to one another via links, wherein the request includes values for a plurality of criteria, wherein the plurality of criteria include one or more of trust, privacy, and secrecy; utilizing a multi-criteria path selection process to determine the path through the plurality of network elements over the links based on the plurality of criteria and the associated values; and providing a display of the determined path in a network map. The trust quantifies trustworthiness of each link in the network and the values of trust are any of a rating and a selection for inclusion or exclusion, the privacy quantifies a number of the links the network path is routed over for network obfuscation, and the secrecy quantifies a level of encryption utilized on the links.

Abstract: Systems and methods for mitigating network attacks include, responsive to detection of malicious traffic in a network, causing creation of an isolated network slice in the network where the isolated network slice is a set of connection resources that are allocated to a flow of traffic and that spans a plurality of network devices in the network; and causing rerouting of the malicious traffic from a source node of the malicious traffic to a deceptive network resource along the isolated network slice.

Abstract: Systems and methods for monitoring a network slice are provided. A method, according to one implementation, include extracting information from network traffic received from one or more User Plane Function (UPF) components of a network slice; examining the extracted information using Machine Learning (ML), and, in response to detecting of one or more malicious threats based on the examined extracted information by the ML, causing one or more actions to isolate the network traffic to protect at least the network slice from the one or more malicious threats.

Abstract: Systems, methods, and computer-readable media are provided for protecting a network from network discovery by an unknown or unauthenticated device. A network element, according to one implementation, is arranged in a communication network and includes an interface device configured to enable communication with an unknown network device. The network element also includes a memory system configured to store first and second sets of network information. The first set of network information includes fake information about the network and is configured to deceive the unknown network device before a procedure is performed for analyzing the authentication of the unknown network device. The second set of network information includes real information about the network. In some cases, the first set of network information may be provided to the unknown network device via the interface device before performing the procedure for analyzing the authentication of the unknown network device.

Abstract: Systems and methods include receiving a request for a path in a network including a plurality of network elements interconnected to one another via links, wherein the request includes values for a plurality of criteria, wherein the plurality of criteria include one or more of trust, privacy, and secrecy; utilizing a multi-criteria path selection process to determine the path through the plurality of network elements over the links based on the plurality of criteria and the associated values; and providing a display of the determined path in a network map. The trust quantifies trustworthiness of each link in the network and the values of trust are any of a rating and a selection for inclusion or exclusion, the privacy quantifies a number of the links the network path is routed over for network obfuscation, and the secrecy quantifies a level of encryption utilized on the links.

Abstract: Systems and methods of service enhancement in a Software Defined Networking (SDN) network include performing an evaluation of one or more services in the SDN network for service enhancements; performing a scoring of the service enhancements of the one or more services; and causing implementation of at least one of the service enhancements in the SDN network. The evaluation can be based on temporarily implementing the service enhancements and measuring a benefit thereof. The evaluation can also be based on estimating the service enhancements based on historical measurements from the SDN network.

Abstract: System and methods for autonomous resource partitioning in a network include a resource controller configured to provision resources which are any of virtual resources and physical resources in one or more layers in the network and monitor availability of the resources in the network; a resource manager configured to determine the any of virtual resources and physical resources as required for Quality of Service (QoS) in the network; a resource broker configured to advertise and assign resource requests to corresponding resources; and a partition manager configured to track the utilization of the resources provided by the one or more layers and to adjust resource usage of the resources in negotiation with the resource broker to minimize a cost of implementation.

Abstract: Systems and methods for mitigating network attacks include, responsive to detection of malicious traffic in a network, causing creation of an isolated network slice in the network where the isolated network slice is a set of connection resources that are allocated to a flow of traffic and that spans a plurality of network devices in the network; and causing rerouting of the malicious traffic from a source node of the malicious traffic to a deceptive network resource along the isolated network slice.

Abstract: A method for mitigating network attacks includes receiving traffic status information from sentries distributed in a network, and analyzing the traffic status information to detect an attack on the network. In response to the attack, an isolated network slice is created. For the isolated network slice, a deceptive network resource is created in isolated network slice. The method further includes transmitting instructions to route malicious traffic to the deceptive network resource.

Abstract: System and methods for autonomous resource partitioning in a network include a resource controller configured to provision resources which are any of virtual resources and physical resources in one or more layers in the network and monitor availability of the resources in the network; a resource manager configured to determine the any of virtual resources and physical resources as required for Quality of Service (QoS) in the network; a resource broker configured to advertise and assign resource requests to corresponding resources; and a partition manager configured to track the utilization of the resources provided by the one or more layers and to adjust resource usage of the resources in negotiation with the resource broker to minimize a cost of implementation.

Abstract: Systems and methods of service enhancement in a Software Defined Networking (SDN) network include performing an evaluation of one or more services in the SDN network for service enhancements; performing a scoring of the service enhancements of the one or more services; and causing implementation of at least one of the service enhancements in the SDN network. The evaluation can be based on temporarily implementing the service enhancements and measuring a benefit thereof. The evaluation can also be based on estimating the service enhancements based on historical measurements from the SDN network.

Abstract: A method for mitigating network attacks includes receiving traffic status information from sentries distributed in a network, and analyzing the traffic status information to detect an attack on the network. In response to the attack, an isolated network slice is created. For the isolated network slice, a deceptive network resource is created in isolated network slice. The method further includes transmitting instructions to route malicious traffic to the deceptive network resource.

Abstract: Systems and methods for service enhancement discovery in a Software Defined Networking (SDN) network include obtaining network measurements for one or more candidate services in the network; utilizing the network measurements to determine one or more service enhancements for the one or more candidate services; determining a cost and a benefit for each of the service enhancements for the one or more candidate services; and providing the service enhancements for the one or more candidate services based on associated cost and associated benefit of each of the service enhancements.

Abstract: A network element, configured to operate in a network to provide various network functions therein, includes a main processor communicatively coupled to a main memory, wherein the main processor is configured to perform Operations, Administration, Maintenance, and Provisioning (OAM&P) associated with the network element, wherein the main processor is accessible through one or more access techniques; and a supervisory plane comprising a secure processor and a secure memory communicatively coupled thereto, wherein the supervisory plane is separate from and communicatively coupled to the main processor and the main memory, the supervisory plane is configured to allow secure, direct access to the main processor and the main memory.

Abstract: Systems and methods for service enhancement discovery in a Software Defined Networking (SDN) network include obtaining network measurements for one or more candidate services in the network; utilizing the network measurements to determine one or more service enhancements for the one or more candidate services; determining a cost and a benefit for each of the service enhancements for the one or more candidate services; and providing the service enhancements for the one or more candidate services based on associated cost and associated benefit of each of the service enhancements.

Abstract: A network element, configured to operate in a network to provide various network functions therein, includes a main processor communicatively coupled to a main memory, wherein the main processor is configured to perform Operations, Administration, Maintenance, and Provisioning (OAM&P) associated with the network element, wherein the main processor is accessible through one or more access techniques; and a supervisory plane comprising a secure processor and a secure memory communicatively coupled thereto, wherein the supervisory plane is separate from and communicatively coupled to the main processor and the main memory, the supervisory plane is configured to allow secure, direct access to the main processor and the main memory.