김봄, 이승수,

Vol. 34, No. 6, pp. 1335-1344, 12월. 2024
10.13089/JKIISC.2024.34.6.1335, Full Text:
Keywords: Cloud-native Architecture, Container Network, Intent-based Network Policy, LLM-based Policy Generation
Abstract

Containers have become the standard for delivering cloud-native services, leveraging their scalability, portability, and resource efficiency. Simultaneously, they have become targets for various security attacks exploiting misconfigurations and vulnerabilities, particularly in network policies. In complex cloud-native environments, manual policy management is prone to errors, and existing research on policy generation automation has limitations in accuracy. This paper presents Kunerva+, a highly automated intelligent network policy generation framework. It operates through an enhanced intent-based approach using natural language processing and fine-tuned large language models, generating network policies without the need to understand complex configurations. We have also devised a multi-stage validation process to fundamentally prevent misconfigurations in network policy enforcement. The evaluation results show that the most improved fine-tuned LLM achieved a 360% increase in BLEU score and 233% in ROUGE-2 score compared to the baseline model, demonstrating the potential and effectiveness of intent-based generation.

Statistics
Cite this article