Shuangxing Deng,Man Li,Huachun Zhou

DOI: https://doi.org/10.32604/iasc.2023.039985

2023-01-01

Intelligent Automation & Soft Computing

Abstract:Security service function chaining (SFC) based on software-defined networking (SDN) and network function virtualization (NFV) technology allows traffic to be forwarded sequentially among different security service functions to achieve a combination of security functions. Security SFC can be deployed according to requirements, but the current SFC is not flexible enough and lacks an effective feedback mechanism. The SFC is not traffic aware and the changes of traffic may cause the previously deployed security SFC to be invalid. How to establish a closed-loop mechanism to enhance the adaptive capability of the security SFC to malicious traffic has become an important issue. Our contribution is threefold. First, we propose a secure SFC path selection framework. The framework can accept the feedback results of traffic and security service functions in SFC, and dynamically select the optimal path for SFC based on the feedback results. It also realizes the automatic deployment of paths, forming a complete closed loop. Second, we expand the protocol of SFC to realize the security SFC with branching path, which improve flexibility of security SFC. Third, we propose a deep reinforcement learning-based dynamic path selection method for security SFC. It infers the optimal branching path by analyzing feedback from the security SFC. We have experimented with Distributed Denial of Service (DDoS) attack detection modules as security service functions. Experimental results show that our proposed method can dynamically select the optimal branching path for a security SFC based on traffic features and the state of the SFC. And it improves the accuracy of the overall malicious traffic detection of the security SFC and significantly reduces the latency and overall load of the SFC.

Man Li,Shuangxing Deng,Huachun Zhou,Yajuan Qin

DOI: https://doi.org/10.1016/j.comnet.2023.110034

IF: 5.493

2023-01-01

Computer Networks

Abstract:The SDN/NFV network is prone to different types of attacks. The Distributed Denial of Service (DDoS) attack has the most severe impact as it can overwhelm the critical components of SDN/NFV to degrade its performance. We propose a closed-loop security architecture (SFCSA) and virtualize detection methods as network service functions in this article. Combining the detection methods forms detection paths, in which different detection paths affect security performance differently. Further, we model the path selection problem as a Markov Decision Process, where the reward balances the malicious traffic detection capability and end-to-end latency. Then, an integrated deep reinforcement learning and convolution neural network path selection algorithm (CNNQ) is proposed. Furthermore, we define a total path malicious traffic detection capability metric. The defined metrics and common metrics are applied to evaluate the building prototype, with the corresponding experimental results demonstrating that the detection performance when combining multiple detection modules outperforms a single detection-based module. Besides, we verify the effectiveness of the CNNQ method under various DDoS attacks scenarios and present the fine-grained classification results of the selected detection modules.

Man Li,Huachun Zhou,Yajuan Qin

DOI: https://doi.org/10.1145/3592307.3592327

2023-01-01

Abstract:5G suffers from new security and privacy issues. More specifically, distributed denial-of-service (DDoS) is one of the most common and destructive attack types. The traditional network does not perform well, because they do not quickly support the deployment of new service function as well as provide network security service on demand. Recently, with the rise of Reinforcement Learning (RL), Software Defined Network (SDN)/Network Functions Virtualization (NFV), and Interface to Network Security Functions (I2NSF) techniques, they play a significant role in security enhancement. Hence, we propose a framework to integrate RL with SDN/NFV and I2NSF architecture (RL-SDNV), in which the RL agent can intelligently select suitable security function chain (SFC) under attack scenarios. Then, we model the DDoS detection problem as a Markov Decision Process (MDP), and a QLearning detection algorithm (QLSFC) is proposed, in which the designed reward includes the processing time and the malicious traffic reduction rate. Finally, we build a corresponding prototype system and verify the feasibility and effectiveness of the proposed algorithm through compared experiments with other RL algorithms.

Man Li,Huachun Zhou,Yajuan Qin

DOI: https://doi.org/10.1145/3592307.3592327

2023-01-01

Abstract:5G suffers from new security and privacy issues. More specifically, distributed denial-of-service (DDoS) is one of the most common and destructive attack types. The traditional network does not perform well, because they do not quickly support the deployment of new service function as well as provide network security service on demand. Recently, with the rise of Reinforcement Learning (RL), Software Defined Network (SDN)/Network Functions Virtualization (NFV), and Interface to Network Security Functions (I2NSF) techniques, they play a significant role in security enhancement. Hence, we propose a framework to integrate RL with SDN/NFV and I2NSF architecture (RL-SDNV), in which the RL agent can intelligently select suitable security function chain (SFC) under attack scenarios. Then, we model the DDoS detection problem as a Markov Decision Process (MDP), and a QLearning detection algorithm (QLSFC) is proposed, in which the designed reward includes the processing time and the malicious traffic reduction rate. Finally, we build a corresponding prototype system and verify the feasibility and effectiveness of the proposed algorithm through compared experiments with other RL algorithms.

Guanglei Li,Huachun Zhou,Bohao Feng,Guanwen Li,Shui Yu

DOI: https://doi.org/10.1109/GLOCOMW.2018.8644122

2018-01-01

Abstract:When selecting security Service Function Chaining (SFC) for network defense, operators usually take security performance, service quality, deployment cost, and network function diversity into consideration, formulating as a multi-objective optimization problem. However, as applications, users, and data volumes grow massively in networks, traditional mathematical approaches cannot be applied to online security SFC selections due to high execution time and uncertainty of network conditions. Thus, in this paper, we utilize reinforcement learning, specifically, the Q-learning algorithm to automatically choose proper security SFC for various requirements. Particularly, we design a reward function to make a tradeoff among different objectives and modify the standard ∊-greedy based exploration to pick out multiple ranked actions for diversified network defense. We compare the Q-learning with mathematical optimization-based approaches, which are assumed to know network state changes in advance. The training and testing results show that the Q-learning based approach can capture changes of network conditions and make a tradeoff among different objectives.

Shuhan Chen,Congqi Shen,Chunming Wu,Yi Shen

DOI: https://doi.org/10.1109/ipccc55026.2022.9894298

2022-01-01

Abstract:The router throttling mechanism provides us a chance to prevent DDoS attack proactively through rate-limiting suspicious traffic before effective detection mechanism. The existing search-based and learning-based studies are highly customized to server load and can hardly cope with the constantly changing server load and unseen scenarios. To address the problem above, we design a self-evolutionary DDoS defense system, DeepThrottle, based on deep reinforcement learning (DRL) and router throttling mechanism in software defined network (SDN). The experimental results demonstrate that the DeepThrottle improves the passing ratio of normal traffic to the victim server, and reduces the server load under unseen attack scenarios compared with the state-of-the-art RL-based method.

Jing Ran,Wenkai Wang,Hefei Hu

DOI: https://doi.org/10.3390/s23063054

IF: 3.9

2023-01-01

Sensors

Abstract:With the advent of Software Defined Network (SDN) and Network Functions Virtualization (NFV), network operators can offer Service Function Chain (SFC) flexibly to accommodate the diverse network function (NF) requirements of their users. However, deploying SFCs efficiently on the underlying network in response to dynamic SFC requests poses significant challenges and complexities. This paper proposes a dynamic SFC deployment and readjustment method based on deep Q network (DQN) and M Shortest Path Algorithm (MQDR) to address this problem. We develop a model of the dynamic deployment and readjustment of the SFC problem on the basis of the NFV/SFC network to maximize the request acceptance rate. We transform the problem into a Markov Decision Process (MDP) and further apply Reinforcement Learning (RL) to achieve this goal. In our proposed method (MQDR), we employ two agents that dynamically deploy and readjust SFCs collaboratively to enhance the service request acceptance rate. We reduce the action space for dynamic deployment by applying the M Shortest Path Algorithm (MSPA) and decrease the action space for readjustment from two dimensions to one. By reducing the action space, we decrease the training difficulty and improve the actual training effect of our proposed algorithm. The simulation experiments show that MDQR improves the request acceptance rate by approximately 25% compared with the original DQN algorithm and 9.3% compared with the Load Balancing Shortest Path (LBSP) algorithm.

Jiuyun Xu,Xuemei Cao,Qiang Duan,Shibao Li

DOI: https://doi.org/10.1109/jiot.2023.3306737

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:With the rapid development of software-defined networking/network function virtualization (NFV) technologies, service function chaining (SFC) has become a key enabler for end-to-end service provisioning in future networks. In the Internet of Things (IoT), the highly dynamic nature of the network environment demands flexible and adaptive mechanisms for dynamic SFC deployment to fully utilize network resources while meeting the service requirements. Although reinforcement learning (RL) techniques offer a promising approach to dynamic SFC deployment, the learning delay of RL may limit its prompt response to sudden changes in network state and/or service demand. To address this challenge in this article, we propose to employ a deep Q -learning network (DQN) method for dynamic SFC deployment combined with a tidal virtual machine (TVM) control mechanism for adaptive virtual machine (VM) auto-scaling. We present a tidal DQN framework (TDQNF) that integrates the DQN method and TVM control in the ETSI NFV architecture and develop the algorithms for implementing DQN-based decisions for SFC deployment and TVM control for VM scaling. The performance of the TDQNF framework with the proposed algorithms has been evaluated through extensive simulation experiments. The obtained experimental results verify the effectiveness of the proposed scheme and indicate better performance in terms of system delay, packet loss, and load balancing in large-scale networks compared to existing methods.

Yanming Liu,Chuangchuang Zhang,Hongyong Yang,Shuning Zhang,Xingwei Wang,Fuliang Li

DOI: https://doi.org/10.1109/iccsn57992.2023.10297346

2023-01-01

Abstract:The emergence of virtualization technologies such as Software Defined Networking (SDN) and Network Function Virtualization (NFV) has enabled efficient service delivery by Service Function Chains (SFCs) deployment. SFCs deployment involves the optimal placement of Virtual Network Functions (VNFs) to satisfy service requirements and minimize deployment cost. Deep Reinforcement Learning (DRL) method could learn optimal decision-making policies in dynamic and uncertain environments. Therefore, we propose a DRL approach to solve the adaptive SFC deployment problem (DRL-SFCD) in multi-domain networks. First, the adaptive SFC deployment problem in multi-domain networks is formulated as a multi-objective optimization model with the aim of maximizing Service Deployment Successful Ratio (SDSR) and minimizing SFC Deployment Rescource Cost (SDRC). Then, a DRL algorithm is constructed based on Markov Decision Process (MDP) model to select the optimal servers and map virtual links cost-efficiently. Finally, we evaluate our approach and the results demonstrate that our approach out-performs comparison algorithms in terms of SDSR and SDRC.

Tianfu Wang,Qilin Fan,Xiuhua Li,Xu Zhang,Qingyu Xiong,Shu Fu,Min Gao

DOI: https://doi.org/10.1109/icc42927.2021.9500964

2021-01-01

Abstract:Network function virtualization (NFV) is a promising paradigm that network functions can be deployed on commodity servers instead of dedicated servers to enhance the resource utilization and reduce the management difficulty. Based on the NFV technology, a complex network service can be composed of a series of ordered virtual network functions, known as service function chain (SFC). In this context, how to efficiently place SFCs in acceptable running time to improve resource utilization and service quality while meeting the constraints of the physical network is a critical issue for infrastructure providers. In this paper, we propose a deep reinforcement learning-based approach called DRL-SFCP for adaptive SFC placement. DRL-SFCP maximizes the long-term average revenue by combining both the graph convolution network which extracts the features of the physical network and sequence-to-sequence model which captures the ordered information of the SFC request to generate placement strategies. It learns to make SFC placement decisions via observations of the corresponding performance of past decisions rather than a hypothetical environment. Extensive experimental results show that our DRL-SFCP can achieve 11.6% and 9.6% improvement in terms of the acceptance ratio and the long-term average revenue, compared with existing benchmarks.

Boya Liu,Guoai Xu,Guosheng Xu,Chenyu Wang,Peiliang Zuo

DOI: https://doi.org/10.3390/s23031204

IF: 3.9

2023-01-21

Sensors

Abstract:The vehicular ad hoc network (VANET) constitutes a key technology for realizing intelligent transportation services. However, VANET is characterized by diverse message types, complex security attributes of communication nodes, and rapid network topology changes. In this case, how to ensure safe, efficient, convenient, and comfortable message services for users has become a challenge that should not be ignored. To improve the flexibility of routing matching multiple message types in VANET, this paper proposes a secure intelligent message forwarding strategy based on deep reinforcement learning (DRL). The key supporting elements of the model in the strategy are reasonably designed in combination with the scenario, and sufficient training of the model is carried out by deep Q networks (DQN). In the strategy, the state space is composed of the distance between candidate and destination nodes, the security attribute of candidate nodes and the type of message to be sent. The node can adaptively select the routing scheme according to the complex state space. Simulation and analysis show that the proposed strategy has the advantages of fast convergence, well generalization ability, high transmission security, and low network delay. The strategy has flexible and rich service patterns and provides flexible security for VANET message services.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Aleteng Tian,Bohao Feng,Yunxue Huang,Huachun Zhou,Shui Yu,Hongke Zhang

DOI: https://doi.org/10.1109/infocomwkshps61880.2024.10620745

2024-01-01

Abstract:With the continuous emergence of latency-sensitive services, such as IoT applications and augmented reality services, the delay constraint has increasingly become a crucial factor influencing the Quality of Service (QoS) in Service Function Chaining (SFC) provision. However, ensuring the acceptance ratio of SFC requests within deadline still faces several challenges, including path planning with sufficient resources and low latency, as well as sequentially deploying Virtual Network Functions (VNFs) on paths with varying resources. In this paper, we propose a Deep Reinforcement Learning (DRL)-based Two-Stage SFC deployment algorithm (DTS-SFC) to enhance the acceptance ratio of SFCs while meeting the deadlines. Specially, a Graph-based Resource Aggregation Routing method (GRAR) is proposed in the first stage, which jointly considers the computational and bandwidth resources to obtain candidate paths within delay constraints. Then, we propose a DRL-based algorithm that takes SFC demands and path resources into account to determine the placement of each VNF. In particular, the VNF movements are utilized as actions to fix the varying dimensions of the action space and enable DRL agent to output effective decisions. Comparative analysis with several DRL-based algorithms and greedy policies demonstrates that the DTS-SFC algorithm outperforms in SFC acceptance ratio, average node utilization, and achieves lower average edge utilization.

Xuecai Feng,Jikai Han,Rui Zhang,Shuo Xu,Hui Xia

DOI: https://doi.org/10.1016/j.hcc.2023.100167

2024-01-01

High-Confidence Computing

Abstract:Currently, important privacy data of the Internet of Things (IoT) face extremely high risks of leakage. Attackers persistently engage in continuous attacks on terminal devices to obtain private data of crucial importance. Although significant progress has been made in recent years in deep reinforcement learning defense strategies, most defense methods still face problems such as low defense resource allocation efficiency and insufficient defense coordination capabilities. To solve the above problems, this paper constructs a novel adversarial security scenario and proposes a security game model that integrates defense resource allocation and patrol inspection. Regarding the above game model, this paper designs a deep reinforcement learning algorithm named SDSA to calculate its security defense strategy. SDSA calculates the allocation strategy of the best patrolling strategy that is most suitable for the defender by searching the policy on a multi-dimensional discrete action space, and enables multiple defense agents to cooperate efficiently by training a multi-intelligent Dueling Double Deep Q-Network (D3QN) with prioritized experience replay. Finally, the experimental results show that the SDSA-learned security defense strategy can provide a feasible and effective security protection strategy for defenders against attacks compared to the MADDPG and OptGradFP methods.

Yuxi Lu,Chunxiao Jiang,Lizhuang Tan,Jianyong Zhang,Peiying Zhang,Chunming Rong

DOI: https://doi.org/10.1109/jiot.2024.3450886

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The efficient and secure management of resources within Flying Ad-Hoc Networks (FANETs) poses formidable challenges. FANETs constitute a pivotal element of the Space-Air-Ground-Integrated Network (SAGIN), employing Network Virtualization (NV) technology in tandem with Service Function Chain (SFC) to facilitate end-to-end network services, akin to terrestrial networks. Nonetheless, the transient, dynamic nature of FANETs coupled with their susceptibility to network attacks engenders considerable complexity in the placement of SFCs within these networks. To address the rationality and security of resource allocation for SFC placement, this paper proposes a reinforcement learning algorithm that sets strict security level restrictions on the placement process and fully extracts the key features in FANETs. Additionally, a multi-layer policy network is devised to dynamically perceive alterations in the FANET environment and compute an optimal SFC placement strategy. The proposed algorithm exhibits real-time adaptability to the dynamic environment, quantifies influential factors during placement, and achieves dynamic SFC placement. To assess the efficacy of the algorithm, three evaluation metrics—namely, SFC placement success rate, long-term average revenue, and long-term revenue cost ratio—are formulated and extensively evaluated through a plethora of experiments. Comparative analysis against alternative algorithms demonstrates enhancements of 20.6%, 15.3% and 12.1% in the aforementioned metrics, respectively. The experimental findings substantiate both the convergence and efficiency of the proposed algorithm.

Qilin Fan,Pan,Xiuhua Li,Sen Wang,Jian Li,Junhao Wen

DOI: https://doi.org/10.1109/tnsm.2022.3181517

2022-01-01

Abstract:Network function virtualization (NFV) is a promising paradigm where network functions are migrated from dedicated hardware appliances onto software middleboxes to promote service agility and reduce management costs. Benefiting from the NFV, the service function chain (SFC) has emerged as a popular network service form. It allows network traffic to pass through a series of virtual network functions in a specific order required by the business logic to arrange a complex service. However, SFC deployment is facing new challenges in seeking a trade-off between pursuing the objective of high long-term average revenue and making decisions in an online manner. In this paper, we propose DRL-D, a deep reinforcement learning-based approach for the online SFC deployment problem to satisfy different demands of SFC requests within resource constraints of the underlying infrastructure. DRL-D aims to maximize the long-term average revenue by combining the strengths of the graph convolutional network in learning a comprehensive representation of network state and the temporal-difference learning in generating deployment solutions for the SFC requests on the fly. Then a heuristic algorithm and a new prioritized experience replay technique are integrated to optimize the DRL framework and reduce the time complexity. Experimental results demonstrate the superiority of our DRL-D approach when compared with other benchmarks in terms of the long-term average revenue, acceptance ratio, and revenue-to-cost ratio. Performance evaluation shows that DRL-D possesses good robustness under different scales of physical networks and achieves excellent deployment performance within acceptable runtime.

Jian Sun,Guanhua Huang,Gang Sun,Hongfang Yu,Arun Kumar Sangaiah,Victor Chang

DOI: https://doi.org/10.3390/sym10110646

2018-01-01

Abstract:As the size and service requirements of today's networks gradually increase, large numbers of proprietary devices are deployed, which leads to network complexity, information security crises and makes network service and service provider management increasingly difficult. Network function virtualization (NFV) technology is one solution to this problem. NFV separates network functions from hardware and deploys them as software on a common server. NFV can be used to improve service flexibility and isolate the services provided for each user, thus guaranteeing the security of user data. Therefore, the use of NFV technology includes many problems worth studying. For example, when there is a free choice of network path, one problem is how to choose a service function chain (SFC) that both meets the requirements and offers the service provider maximum profit. Most existing solutions are heuristic algorithms with high time efficiency, or integer linear programming (ILP) algorithms with high accuracy. It's necessary to design an algorithm that symmetrically considers both time efficiency and accuracy. In this paper, we propose the Q-learning Framework Hybrid Module algorithm (QLFHM), which includes reinforcement learning to solve this SFC deployment problem in dynamic networks. The reinforcement learning module in QLFHM is responsible for the output of alternative paths, while the load balancing module in QLFHM is responsible for picking the optimal solution from them. The results of a comparison simulation experiment on a dynamic network topology show that the proposed algorithm can output the approximate optimal solution in a relatively short time while also considering the network load balance. Thus, it achieves the goal of maximizing the benefit to the service provider.

Junyan Chen,Cenhuishan Liao,Yong Wang,Lei Jin,Xiaoye Lu,Xiaolan Xie,Rui Yao

DOI: https://doi.org/10.3390/s23010429

2022-12-30

Abstract:Software-defined networking (SDN) has become one of the critical technologies for data center networks, as it can improve network performance from a global perspective using artificial intelligence algorithms. Due to the strong decision-making and generalization ability, deep reinforcement learning (DRL) has been used in SDN intelligent routing and scheduling mechanisms. However, traditional deep reinforcement learning algorithms present the problems of slow convergence rate and instability, resulting in poor network quality of service (QoS) for an extended period before convergence. Aiming at the above problems, we propose an automatic QoS architecture based on multistep DRL (AQMDRL) to optimize the QoS performance of SDN. AQMDRL uses a multistep approach to solve the overestimation and underestimation problems of the deep deterministic policy gradient (DDPG) algorithm. The multistep approach uses the maximum value of the n-step action currently estimated by the neural network instead of the one-step Q-value function, as it reduces the possibility of positive error generated by the Q-value function and can effectively improve convergence stability. In addition, we adapt a prioritized experience sampling based on SumTree binary trees to improve the convergence rate of the multistep DDPG algorithm. Our experiments show that the AQMDRL we proposed significantly improves the convergence performance and effectively reduces the network transmission delay of SDN over existing DRL algorithms.

Ziheng Wang,Songtao Guo,Guiyan Liu

DOI: https://doi.org/10.1109/icpads56603.2022.00099

2023-01-01

Abstract:Network function virtualization (NFV) is able to reduce the delay and improve the flexibility of network services in mobile edge computing (MEC) networks via deploying the service function chain (SFC) that consists of a sequence of ordered virtual network functions. However, it is still challenging to deploy SFC with delay guarantees and resource efficiency while taking into account the real-time network variations and dispersed edge server nodes in NFV/MEC-enabled networks. To address the issue, this paper proposes a self-attention mechanism-based double deep Q-network algorithm (SA-DDQN) for SFC deployment to jointly minimize the resource consumption on servers and bandwidth consumption on links within delay limits in dynamic NFV/MEC-enabled networks. In particular, we introduce the self-attention mechanism in the deep neural network structure, which enables the agent to pay its attention on more valuable physical nodes when making decisions, thus improving the efficiency of SFC deployment. Additionally, we utilize the Markov decision process (MDP) model to solve the problem of real-time network state variations. Finally, extensive simulation results show that our proposed SA-DDQN SFC deployment algorithm can reduce resource consumption by 25% and delay by 18.4% compared with the state-of-the-art algorithm.

Man Li,Huachun Zhou,Shuangxing Deng

DOI: https://doi.org/10.1109/fnwf58287.2023.10520365

2024-01-01

Abstract:Software-Defined Networks (SDN) and Network Function Virtualization (NFV) provide network functions virtually, resources, and controls in the fixth-generation (5G). However, SDN/NFV technology poses new security risks. Distributed Denial of Service (DDoS) attacks have emerged as one of the biggest security threats due to their simplicity, effectiveness, and low attack costs. Therefore, this article proposes a parallel path selection method to detect various types of DDoS attacks in SDN/NFV networks. Firstly, the AI models are virtualized as virtual network functions (VNF), which can provide security capabilities for the network. Different AI models are combined to form multiple sequential paths. Secondly, we design a heuristic algorithm based on sequential paths (HASP). This algorithm compares the VNFs' names and IDs of sequential paths, parallelizes the VNFs in the sequential paths, and constructs a set of parallel paths. Then, a Q-learning-based parallel path selection mechanism is designed (QPPS). This method can select the optimal parallel path with maximize path detection rate and minimize delay. Finally, the proposed QPPS method is validated in a prototype system. The experimental results demonstrate that the QPPS method provides optimal paths for different attack scenarios.

Tao Tang,Binwei Wu,Guangmin Hu

DOI: https://doi.org/10.1109/access.2020.3024135

IF: 3.9

2020-01-01

IEEE Access

Abstract:Service function chaining (SFC) focuses mainly on deploying various network functions in geographically distributed data centers and providing interconnect routing among them. Traditional (convex optimization-based) SFC algorithms exhibit some disadvantages on the scalability and accuracy. Recently, researches have shown the effectiveness of deep reinforcement learning (DRL) in the field of SFC. However, current DRL-based algorithms possess an extremely large action space, which leads to slow convergence and poor scalability. Some researchers relieve this issue by reformulating the SFC problem, which usually results in low utilization and high cost. To address this issue, we develop a hybrid DRL-based framework which decouples the VNF deployment and flow routing into different modules. In the proposed framework, a DRL agent is only responsible for learning the policy of VNF deployment. We customize the structure of the agent base on deep deterministic policy gradient (DDPG) and adopt several techniques to improve the learning efficiency, such as adaptive parameter noise, wolpertinger policy, and prioritized experience replay. The flow routing is conducted in a game-based module (GBM). We design a decentralized routing algorithm for the GBM to address the scalability. The end-to-end latency of flows is minimized while the resource capacity and location constraints are satisfied. During the learning process of the proposed framework, the DRL agent improves its deployment policy with the reward from the GBM (the value of reward depends on flow routing). Thus, the VNF deployment and flow routing are still jointly optimized. Compared to existing DRL-learning algorithms, the proposed hybrid DRL framework can achieve a lower cost since 1) the action space is significantly reduced due to flow routing decoupling; 2) the flow routing procedure is more efficient (the GBM adopts model-based information, e.g., the gradient). Through trace-driven simulations, we show the efficiency of our algorithm compared to existing DRL-based algorithms.