Choreography-defined networks: Concepts and a case study on AI-based attack detection

Saverio Giallorenzo, Jacopo Mauro, Andrea Melis 0001, Fabrizio Montesi, Marco Peressotti, Marco Prandini [2026].
In Inf. Softw. Technol. 197.

Abstract
Modern network infrastructures increasingly rely on Software-Defined Networking (SDN) and Network Function Virtualisation (NFV) to achieve flexibility, scalability, and efficiency. While these paradigms facilitate the deployment of Cloud-native Network Functions (CNF), they lack tools for high-level programming and guarantees on correct multi-component compositions. We introduce Choreography-Defined Networking (CDN), a methodology that applies choreographic programming to the specification and implementation of SDN compositions. In CDN, developers write a single global choreography that describes interactions among CNFs and a compiler generates endpoint code that coordinate them as specified in the choreography. CDN delivers correctness-by-construction guarantees – including deadlock freedom and communication-type safety – while eliminating the need for a centralised orchestrator, replaced by direct, parallel communication among CNFs. To evaluate our methodology, we use CDN to design and implement a case study on a distributed, AI-enhanced SDN composition for volumetric attack detection and mitigation, in which four CNFs collaboratively analyse traffic using volumetric anomaly inspection, machine-learning classification, and signature matching. We compare this CDN implementation against two SDN baselines: a classical controller-driven chain and a hybrid solution that repurposes network traffic as a management channel. Experiments across four representative attack scenarios show that the CDN approach reduces mean decision latency by approximately 15% over both baselines, while generating up to 80% less management traffic. These results confirm that CDN allows to raise the abstraction level at which one writes distributed SDN compositions without compromising – actually improving – runtime performance in real-world network deployments.
Links
doi.org
Additional notes
None
Cite (BibTeX)
Click to expand
@article{DBLP:journals/infsof/GiallorenzoMMMPP26,
  author       = {Saverio Giallorenzo and
                  Jacopo Mauro and
                  Andrea Melis and
                  Fabrizio Montesi and
                  Marco Peressotti and
                  Marco Prandini},
  title        = {Choreography-defined networks: Concepts and a case study on AI-based
                  attack detection},
  journal      = {Inf. Softw. Technol.},
  volume       = {197},
  pages        = {108180},
  year         = {2026},
  url          = {https://doi.org/10.1016/j.infsof.2026.108180},
  doi          = {10.1016/J.INFSOF.2026.108180},
  timestamp    = {Thu, 25 Jun 2026 10:33:06 +0200},
  biburl       = {https://dblp.org/rec/journals/infsof/GiallorenzoMMMPP26.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}

A PDF is available (possibly a preprint):

Download PDF