self-aware networks: qos & performance summary in e. gelenbe, communications of the acm, july...
TRANSCRIPT
Self-Aware Networks: QoS & Performance Self-Aware Networks: QoS & Performance http://san.ee.ic.ac.uk http://san.ee.ic.ac.uk
Summary in E. Gelenbe, Summary in E. Gelenbe, Communications of the ACMCommunications of the ACM, July 2009, July 2009Introduction in S. Dobson et al. “Autonomic Communications”, Introduction in S. Dobson et al. “Autonomic Communications”,
ACM Trans. Adapt. Aut. Systems,ACM Trans. Adapt. Aut. Systems, 2006 2006
Erol GelenbeProfessor in the Dennis Gabor Chair
Imperial College www.ee.ic.ac.uk/gelenbe
[email protected] of Academy of Sciences of Turkey www.tuba.gov.tr
Academy of Sciences of Hungary www.mta.huAcademie des Technologies (France) www.academie-technologies.fr
Extension: Gene Regulatory Networks
Self Awareness and Adaptation in Networked Natural Systems is our Speculative Topic of Investigation: Spiking Neurons, Gene Regulatory Networks, Chemistry, Digital Economy
Computer-Communication Networks are Robust Control Systems
A Communication Network such as the Internet is a Control System whose function is to Adaptively and Robustly vehicule Information between Users and offer Services to Users
Old Goals include Quality of Service (Loss, Delay, Jitter, Low Overhead)
New Goals include Security, Privacy, Low Energy Consumption, Resilience to Attacks
Computer-Communication Networks Self-Aware Systems
Network Control cannot be based on “set point” approaches because such simple points do not exist
Models are routinely used for Preliminary Design of Topologies and Capacity Optimisation
The use of Models for Network Control is limited because of dimensionality, model accuracy, parameter identification, control computation and control delays
Self-Awareness in this Area can be based on On-line Measurement and Continuous, Distributed Adaptation
Co-Networks Self-Aware Systems
Self-Awareness must Address Network Security via Detection of Attacks and Adaptive Countermeasures
Energy Consumption by Networks and ITC represents 2% of worldwide consumption Self-Aware Control needs to address this issue to limit any further increase while ITC pervasively extends
smart homes, smart vehicles, smart grid, e-learningNetwork Self-Awareness must incorporate the
application: digital economy, smart grid Co-Networks
[Comms+Application] On-line Measurement and Continuous,
Distributed Adaptation
IP Core Technology also supports MobilityIP Core Technology also supports MobilityHot Stuff happens at the periphery: parasitic Hot Stuff happens at the periphery: parasitic
and symbiotic relationshipsand symbiotic relationships
Fixed and Mobile ConvergenceFixed and Mobile ConvergenceIP is obviously – for the time being – the universal solution provider for
Communications
Applications as Networks: The Family’s Private Network
The FPN is a Network User, and its is a Service for the Family
Private to the family and specific services: Home Security, Housekeeper, Parents
Fully known to itself (self-aware, self-monitoring) cheap, secure, private and
dependable
Must dynamically and economically use all available communication modalities:
Sensor Networks, IP etc., public fixed and mobile telephony, WiFi, .. You guess it ..
- Children and Parents have PDAs and Lap-Tops
- Children use home “learning center” based on multiple external services
- Parents’ cars are connected
- Infants, grand parents, teen-agers are being monitored
- House security system, Home temperature, sound sensors & actuators are on-line
- Home appliances, security, entertainment, heating, lighting are monitored and controlled
- Autonomic Self-Aware Management of Connections, U[grades, Costs, QoS, Policies,
Virtual Services, Network Resources, Monitoring …
The Internet Architecture: A Historical The Internet Architecture: A Historical PerspectivePerspective
- It was Invented “Against” the Telecoms Industry because of - It was Invented “Against” the Telecoms Industry because of DoD’s Dissatisfaction with Telephony for Dependable DoD’s Dissatisfaction with Telephony for Dependable
CommunicationsCommunications
- The Initial System was Built on top of Analog Telephony- The Initial System was Built on top of Analog Telephony
- The Telecoms Industry Fought it for Many Years and Created - The Telecoms Industry Fought it for Many Years and Created Competing Services (e.g. Minitel, Teletext) .. and so did some of Competing Services (e.g. Minitel, Teletext) .. and so did some of
the Computer Industry (IBM’s EARN, Frame Relay, Transpac)the Computer Industry (IBM’s EARN, Frame Relay, Transpac)
- The First Major Application was File Transfer .. Then E-mail ran - The First Major Application was File Transfer .. Then E-mail ran under FTPunder FTP
- The Internet grew in a Time of Deregulation based on Loose - The Internet grew in a Time of Deregulation based on Loose Standardization (e.g. IETF)Standardization (e.g. IETF)
Historical Internet Protocols: OSI LayersHistorical Internet Protocols: OSI Layers
TCP/IP is a layered protocol stackApplication handles particular
applications, Presentation handles compression and encryption of data, Session controls establishment, management, termination of sessions
Transport provides flow of dataNetwork handles the transmission of
packets in the networkData-link is responsible for the
interaction of the device driver in the operating system and the network card in the machine
Physical defines electrical and mechanical specifications
Applica tion
T ransport
N etwork
D ata L ink
Physica l
P resenta tion
Session
IP Architecture in Reality:IP Architecture in Reality:An Assembly of Inter-dependent ProtocolsAn Assembly of Inter-dependent Protocols
- - The Web is a “Standard User Interface”The Web is a “Standard User Interface”- TCP the Transmission Control Protocol: Controls Packet Flow for a - TCP the Transmission Control Protocol: Controls Packet Flow for a
Connection as a Function of Correctly Received or Lost Packets (TCP Connection as a Function of Correctly Received or Lost Packets (TCP Reno, Vegas, etc.) & Retransmits Lost PacketsReno, Vegas, etc.) & Retransmits Lost Packets
- BGP: Determines Paths between Clouds of Routers - BGP: Determines Paths between Clouds of Routers belonging to belonging to Autonomous Systems (AS)Autonomous Systems (AS)
- MPLS: Carries out fast Packet Switching based on Pre-determined - MPLS: Carries out fast Packet Switching based on Pre-determined
Paths within ASs using Labels, Implements Traffic Engineering within Paths within ASs using Labels, Implements Traffic Engineering within ASs ASs
- IP Implements Shortest Path Routing within ASs. Variants of IP - IP Implements Shortest Path Routing within ASs. Variants of IP Address QoS (e.g. DiuffServ, IPV6), Weighted Fair Queueing, Address QoS (e.g. DiuffServ, IPV6), Weighted Fair Queueing,
Congestion Control through Packet Drop …Congestion Control through Packet Drop …
IP Architecture: IP Architecture: A Distributed System which has Evolved A Distributed System which has Evolved
through Usage and Practicethrough Usage and Practice
- - It grew in a Time of DeregulationIt grew in a Time of Deregulation- The Web was developed to store technical papers- The Web was developed to store technical papers
- TCP is a Rudimentary Congestion Control Mechanism- TCP is a Rudimentary Congestion Control Mechanism- BGP Allows Different ISPs to Exchange Traffic- BGP Allows Different ISPs to Exchange Traffic
- MPLS Exploits ATM-like Fixed Path Routing and - MPLS Exploits ATM-like Fixed Path Routing and Reduces the Overhead of Packet SwitchingReduces the Overhead of Packet Switching
- The IP (Internet Protocol) provides Router Based - The IP (Internet Protocol) provides Router Based Staged Decisions & Shortest Paths to Staged Decisions & Shortest Paths to Minimize Minimize
Overhead Overhead
Critique from the Founding Funders (DARPA) Critique from the Founding Funders (DARPA)
in August 2004 in August 2004
- “Flaws in the basic building blocks of networking and computer - “Flaws in the basic building blocks of networking and computer science are hampering reliability, limiting flexibility and creating science are hampering reliability, limiting flexibility and creating
security vulnerabilities” security vulnerabilities” (Note that DARPA paid for most of these developments !!)(Note that DARPA paid for most of these developments !!)
- DARPA wants to see the IP and the OSI protocol stack - DARPA wants to see the IP and the OSI protocol stack revampedrevamped
- “The packet network paradigm … needs to change … we must - “The packet network paradigm … needs to change … we must … have some mechanism for … have some mechanism for assigning capabilities to different assigning capabilities to different
usersusers … today’s networks are stationary and have a static … today’s networks are stationary and have a static infrastructure … infrastructure … (mobile) nodes should be able to automatically (mobile) nodes should be able to automatically
sign on to networks in their vicinitysign on to networks in their vicinity … …
The “Historical” Need for QoSThe “Historical” Need for QoS
- - Exploit different technologies dynamically, for the Exploit different technologies dynamically, for the users’ benefitusers’ benefit
- Identify and eliminate undesirable traffic flows, e.g. - Identify and eliminate undesirable traffic flows, e.g. SPAMSPAM
- Protect from Malicious Attacks: Viruses and Worms, - Protect from Malicious Attacks: Viruses and Worms, Denial of Service AttacksDenial of Service Attacks
- Identify services and charge for them- Identify services and charge for them- Provide security to connections- Provide security to connections
- Demonstrable service levels and monitored - Demonstrable service levels and monitored agreementsagreements
- Wireless makes it all the more urgent- Wireless makes it all the more urgent
The Means for Quality of ServiceThe Means for Quality of Service
- Effective user interfaces & Access Control- Effective user interfaces & Access Control- Pro-active monitoring of users- Pro-active monitoring of users
- On-line monitoring of flows- On-line monitoring of flows- Pro-active measurement - Pro-active measurement
- Monitoring of QoS/QoE and Service Level - Monitoring of QoS/QoE and Service Level AgreementsAgreements
- Technical approach that Crosses Protocol - Technical approach that Crosses Protocol LayersLayers
Coordinated Measurement Based Dynamic Coordinated Measurement Based Dynamic AdaptationAdaptation
In Theory, QoS Optimisation Problems can be In Theory, QoS Optimisation Problems can be defined and Solveddefined and Solved
In Practice Optimisation is ImpossibleIn Practice Optimisation is ImpossibleThe network is very large – for specific users,
optimization is relevant for a subset of routes at a timeThe system is large .. information delay, control delay
and combinatorial explosion: global algorithms can be very slow and come too late
The system is highly dynamic – traffic varies significantly over short periods of time
There are large quantities of traffic in the pipes – congestion can occur suddenly, reaction and detours must be very rapid
Measurements are local to subset of users, and adaptivity is needed which is relevant to the users most concerned by the measurements
On-Line Measurement and Adaptation On-Line Measurement and Adaptation “Self-Aware Networks”“Self-Aware Networks”
- Many applications have implicit or explicit QoS requirements
• Voice, Video conferencing, Network games and simulation, Commerce , Banking
– QoS techniques based on “parameter setting” such as IntServ, DiffServ and IPv6 have been unsuccessful
Our proposal:
Users and Services formulate their Needs and QoS Goals The Network Service adaptively offers Services to Users
and the Resources to Users and ServicesThe Network Service Monitors the outcome and Adaptively
re-allocates Services and Resources as neededThe Approach is that of Adaptive Control in a Random
Environment
How about theory?How about theory?
Sensible Routing Theorem [Gelenbe, Computational Management Science ‘03]
Consider any decision point x at with n choicesLet q(x,i) be a r.v. representing the QoS that results
from choice i, and lrt W(x,i) = E[u(q(x,i))] be the expected outcome of choice i
Theorem If p(k)(x,i) = [W(x,i)]-k/ nm=1 [W(x,m)]-k
and W(k)(x) = n
m=1 W(x,m) p(k)(x,i),
thenW(k+1)(x) < W(k)(x)
Simulation of Routing with Perfect IgnoranceSimulation of Routing with Perfect IgnoranceAverage Travel Time E[T] vs Average Time-Out 1/r Average Travel Time E[T] vs Average Time-Out 1/r
for a regular 8 neighbour grid with d=1 and D=10 (b=0, for a regular 8 neighbour grid with d=1 and D=10 (b=0, c=1.5)c=1.5)
19/04/23 23
General ContextGeneral Context
Packets go from some source S to a Destination (that may move) that is initially at distance d
The wireless range is << d, there are no collisions Packets can be lost in [t,t+t] with probability t anywhere
on the path There is a time-out R (in time or number of hops), or timed-
out in [t,t+t] with probability rt with a subsequent retransmission delay M
Packets may or not know the direction they need to go – we do not nail down the routing scheme with any specific assumptions
We avoid assumptions about the geography of nodes (in some m-dimensions) but assume temporal and spatial homogeneity and temporal and spatial independence along the distance to the destination – each physical setting will have a different distance ..
19/04/23 24
Simulation examples in an infinite grid: Simulation examples in an infinite grid: =1 =1 (D=6) or (D=6) or =sqrt(2) (D=4)=sqrt(2) (D=4)
Destination
Source
19/04/23 25
Simulations of Average Travel Time Simulations of Average Travel Time vs Constant Time-Out vs Constant Time-Out
=1, D=10, M=20, No Loss=1, D=10, M=20, No LossPerfect Ignorance: b=0, c=1Perfect Ignorance: b=0, c=1
Brownian Motion ModelBrownian Motion Model
Assumes homogeneity with respect to distance to the destinationAssumes homogeneity with respect to distance to the destinationAfter each Loss or Time-Out, the Source waits M time units and then After each Loss or Time-Out, the Source waits M time units and then
retransmits the packet under identical statistical conditionsretransmits the packet under identical statistical conditions
1
1
M after timecopy new aout send it will
out;- timeaafter state wait in the is Sy that probabilit theis W(t)-
R valueaverage
ofout - timeaafter out"-time" willS lost. ispacket
ransmittedrecently tmost y that theprobabilit theis L(t) -
unit timeafter
tedretransmit be lpacket wil new a that andn destinatio
thereached haspacket ay that probabilit theis P(t) -
at timen destinatio thefrom
distanceat ispacket y that theprobabilit theis ),(
r
Δt[[t,tdxxXx
dxdttxf
t
19/04/23 27
solution stationary thefrom obtained 1P E[T]
.0lim ; 1)()()(
)()()(
)()(
]2
1[lim)(
)(
)()]()([2
1
1][ where at times dtransmitte
ispacket new a and renewed is process the, at timesn destinatior reach thei Packets
1-
00
0
0
0
2
2
ii
ffdxtWtLtP
tWtrLfdxrdt
tdW
trLfdxdt
tdLx
fcbftP
dt
tdP
DxtPtWx
fc
x
fb
t
f
sEsT
T
x
x
i
i
19/04/23 28
Theoretical Result: Time to Travel Theoretical Result: Time to Travel to a Destination at Distance Dto a Destination at Distance DAverage Time E[T]Drift b < 0 or b>0, 2nd Moment Param. c>0Average Time-Out 1/r , M=1/, then
)(2
12][
2 rcbb
rr
DTE
19/04/23 29
Theory: Average Travel Time for D=10, b=0, 4-Theory: Average Travel Time for D=10, b=0, 4-Neighbours and M=50 with LossesNeighbours and M=50 with Losses
19/04/23 30
Theory: what happens when loss rate increasesTheory: what happens when loss rate increases
19/04/23 31
What happens if we send multiple copies of What happens if we send multiple copies of each packet and accept the each packet and accept the firstfirst one that one that arrives ?arrives ?
19/04/23 32
What happens if we send multiple copies of each packet What happens if we send multiple copies of each packet and accept the and accept the firstfirst one that arrives ? one that arrives ?
19/04/23 33
Send N copies of each packet and accept the Send N copies of each packet and accept the firstfirst that arrives .. that arrives ..
19/04/23 34
SummarySummary Mathematical model assumes exponentially distributed loss
time, time-out and re-start time after time-out It assumes temporal and spatial homogeneity It allows for generally distributed times between hops Closed form expressions are obtained for E[T] from the
diffusion model with jumps for al values of D, b, c, r, If b<0 (good) the average total travel time E[T] is finite If b>0 (bad), E[T] is finite provided that time-outs (hara-
kiri) exist and c>0 There is a single minimum of E[T] as a function of r Additional results: Multiple Copies of Each Packet – You can
actually save on energy and improve timeliness Sufficient conditions under which the packet gets to the destination when the destination moves
QoS Routing Pragmatics :QoS Routing Pragmatics :The Cognitive Packet Network The Cognitive Packet Network ApproachApproach
Let the Measurements and On-Line Adaptation be under “user” or meta-user control
Let the user make his/her own QoS and economic decisions
Remain compatible with the core IP protocol .. i.e. be able to run CPN and IP simultaneously and tunnel IP packets through CPN sub networks
OSI Layers & CPNOSI Layers & CPNTCP/IP is a layered protocol stackApplication handles particular
applications, Presentation handles compression and encryption of data, Session controls establishment, management, termination of sessions
Transport provides flow of dataNetwork handles the transmission of
packets in the networkData-link is responsible for the
interaction of the device driver in the operating system and the network card in the machine
Physical defines electrical and mechanical specifications
Applica tion
T ransport
N etwork
D ata L ink
Physica l
P resenta tion
Session
CPN PrinciplesCPN Principles
CPN operates seamlessly with IP and creates a self-aware network environment
Users select QoS goalsThe User’s Packets collectively learn to
achieve the goalsLearning is performed by sharing
information between packetsUser Packets sharing the same goals can
be grouped into classesNodes (Cognitive Routers) are storage
centers, mailboxes and processing units
CPN and Smart PacketsCPN and Smart Packets
Smart Packets route themselves based on QoS Goals, e.g.,
Minimise Delay or Loss or CombinationMinimise Jitter (for Voice)Maximise Dispersion (for security)Minimise CostOptimise Cost/Benefit
Smart Packets make observations & take decisions
ACK Packets bring back observed data and trace activity
Dumb Packets execute instructions, carry payload and also may make observations
Cognitive Adaptive RoutingCognitive Adaptive RoutingQoS Goals are obtained from Path
Measurements: Traffic, Delay, Loss, Cost, Power, Security Information – this is the “Sufficient Level of Information” for Self-Aware Networking
Smart packets collect path information and datesACK packets return Path, Delay & Loss
Information and deposit W(K,c,n,D), L(K,c,n,D) at Node c on the return path, entering from Node n in Class K
Smart packets use W(K,c,n,D) and L(K,c,n,D) for decision making using Reinforcement Learning
Decision System: a “neural” network of networks (neural networks embedded in each router)
Internal State of Neuron i, is an Integer xi > 0
Network State at time t is a Vector x(t) = (x1(t), … , xi(t), … , xk(t), … , xn(t))
Is the Internal Potential of Neuron I
If xi(t)> 0, we say that Neuron i is excited and it may fire at t+ in which case it will send out a spikeIf xi(t)=0, the Neuron cannot fire at t+
When Neuron i fires: :It sends a spike to some Neuron k, w.p. pik
Its internal state changes xi(t+) = xi(t) - 1
Rates and Weights
If xi(t)> 0, then Neuron i will fire with probability rit in the interval [t,t+t] , and as a result:
From Neuron i to Neuron m - Excitatory Weight or Rate is wim
+ = ri pim+
- Inhibitory Weight or Rate is wim- = ri pim
- - Total Firing Rate is ri = n
m=1 wim+ + wim
–
To Neuron i, from Outside the Network- External Excitatory Spikes arrive at rate i - External Inhibitory Spikes arrive at rate i
State EquationsState Equations
whereqqkpformproductthehasitthen
solutionstationaryahaveequationsKCtheIf
txqandktxkp
Let
tkrtkp
tktkpdrtkpprtkptkprtkptkpdt
d
ekkekk
eekkeekk
}{x(t):tktxtkp
iki
it
it
iii
ii
iiiiii
iiijiijjijiji
ij
iiii
jiijjiij
i ,)1()(""
,
]0)(Pr[lim],)(Pr[lim)(
:
]]0)([1)[(),(
]]0)([1),())(,([]),(]0)([1),([),(
Equations Kolmogorov -The
:,
,and
process, Markov space-state discrete a is 0 where])(Pr[),(
n
1i
,
Theorem
Chapman
10
j jijjii
j jijji
i prqr
prqq
ji
ji
Firing Rate ofNeuron i
External ArrivalRate of ExcitatorySpikes
External ArrivalRate of InhibitorySpikes
Probability thatNeuron I is excited
Goal Based Reinforcement Goal Based Reinforcement Learning in CPNLearning in CPN
The Goal Function to be minimized is selected by the user, for instance G = [1-L]W + L[T+W]
On-line measurements and probing are used to measure L and W, and this information is brought back to the decision points
The value of G is estimated at each decision node
and used to compute the estimated reward R = 1/G
The RNN weights are updated using R stores G(u,v) indirectly in the RNN which makes a myopic (one step) decision
Routing with Reinforcement Routing with Reinforcement Learning using the RNNLearning using the RNN
Each “neuron” corresponds to the choice of an output link in the node
Fully Recurrent Random Neural Network with Excitatory and Inhibitory Weights
Weights are updated with RL Existence and Uniqueness of
solution is guaranteed Decision is made by
selecting the outgoing link which corresponds to the neuron whose excitation probability is largest
Reinforcement Learning in CPNReinforcement Learning in CPNThe decision threshold is the Most Recent
Historical Value of the Reward
Recent Reward Rl If
then
else
11 ,)1(
GRRaaTT lll
jkn
Rkiwkiw
Rjiwjiw
l
l
,2
),(),(
),(),(ll RT 1
l
l
Rjiwjiw
jkn
Rkiwkiw
),(),(
,2
),(),(
Re-normalize all weights
Compute q = (q1, … , qn) from the fixed-pointSelect Decision k such that qk > qi , i=1, …, n
n
i miwmiwr1
* )],(),([
*
*
),(),(
),(),(
i
i
i
i
r
rjiwjiw
r
rjiwjiw
QoS vs Route SwitchingQoS vs Route Switching
Average delay of each user is computed individually, and the median is plotted in the graph: Error bars indicate the 1st and 3rd quartile
Undesirable Effect of Route Switching:Undesirable Effect of Route Switching:Packet Loss due to De-sequencingPacket Loss due to De-sequencing
The rate at which packets are dropped at the reordering (resequencing) buffer increases with the switching probability
Experimental Results Voice over CPN
Fig. 6 : Average round trip delay (left) and jitter (right) for user payload when only DPs are allowed to carry user payload
Experimental Results: Voice over CPNPacket desequencing Probability at Receiver vs Packet Rate
Fig. 7. Probability of packet desequencing perceived by the receiver side
Other experimentsOther experiments
CPN routing algorithm is used to conduct experiments using different QoS goals:◦Delay [Algorithm-D]◦Hop count [Algorithm-H]◦Combination of delay and hop [Algorithm-HD]
Average path length for each algorithmThe route usage under different traffic
rates◦Low Traffic Rate (LTR)
100 packets/second◦Medium Traffic Rate (MTR)
500 packets/second◦High Traffic Rate (HTR)
1000 packets/secondThe forward delay of each algorithm with
different background traffic is also reported
Average path length with different Average path length with different levels of background trafficlevels of background traffic
H-Algorithm Route usage with Low TRH-Algorithm Route usage with Low TR
25 routes are discovered and one of them is the shortest path
Above 90% of DPs use this shortest path
H-Algorithm Route usage: Medium TRH-Algorithm Route usage: Medium TR
20 routes are discovered and 4 of them are the shortest path
Above 85% of DPs use these 4 shortest paths
H-Algorithm Route usage: High TRH-Algorithm Route usage: High TR
12 routes are discovered and 4 of them are the shortest path
Only about 51% of DPs use these 4 shortest paths
Delay with different background traffic levelsDelay with different background traffic levels
High background traffic
Medium
None
Another extension:Another extension:Genetic Algorithms for CPNGenetic Algorithms for CPN
Exploit an analogy between “genotypes” and network paths
The fitness of the individual is the QoS of the path
Selection function chooses paths for reproduction based on the QoS of paths
The genetic operation used to create new individuals is crossover
Denial of Service Protection using CPNDenial of Service Protection using CPN
• 1996. Panix
• 1998. “Analyzer” attacks the Pentagon
• 2000. “Mafiaboy” attacks Amazon, Yahoo etc.
• 2001. Port of Houston
• 2002. 13 Root Servers
• 2003. American hackers attack Al Jazeera
• 2007 Attacks on Estonia’s e-Government and Financial Sector
What is a DoS AttackWhat is a DoS Attack
An attack with the purpose of preventing legitimate users from using a specific network resource
Is it a new threat?Is it a new threat?1985, R.T. Morris writes:“The weakness in the Internet Protocol is that the source host itself fills in the IP source host id, and there is no provision in TCP/IP to discover the true origin of a packet” .. IP SpoofingSYN Flood Attack
Issues that we have adressedIssues that we have adressed
Detection◦Pattern detection◦Anomaly detection◦Hybrid detection◦Third-party detection
Response◦Agent identification◦Rate-limiting◦Filtering◦Reconfiguration
CPN DDoS Defence SchemeCPN DDoS Defence Scheme
The CPN architecture traces flows using smart and ACK packets
A DoS produces QoS degradationThe user(s) and victim(s) detect the attack and
inform nodes upstream from the victim(s) using ACK packets
These nodes drop possible DoS packetsThe detection scheme is never perfect (false
alarms & detection failures)
Mathematical modelMathematical model (1)(1)
Analyses the impact of DDoS protection on overall network performance
Measures traffic rates in relation to service rates and detection probabilities
Mathematical modelMathematical model
1
1,,,
1
1,,,
))1)(1((
))1)(1((
j
ldd
dd
dd
j
lnn
nn
nn
lljj
lljj
dLI
fLI
ddd
nnn
))1()1(( ,,,, d
ddn
nn idii
niii dIfIs
i
BiB
ii
i
iL
1
1 1
ExperimentExperiment
2.4GHz P4 PCs, Linux kernel 2.4.26, CPN
Different QoS protocols for normal and attack traffic
Delay-based FIFO queuing60 sec
Averaged Likelihood
Feedforward RNN
Recurrent RNN
False Alarms: 2.8 %Correct Detections: 88 %
False Alarms: 11 %Correct Detections: 96 %
False Alarms: 11 %Correct Detections: 96 %
Trace1 --- Attack Traffic
Averaged Likelihood
Feedforward RNN
Recurrent RNN
False Alarms: 0 %Correct Detections: 76 %
False Alarms: 8.3 %Correct Detections: 84 %
False Alarms: 2.8 %Correct Detections: 80 %
Trace2 --- Attack Traffic
Stable Networks in the Presence of Failures: Initial Results
• A node failure is emulated by disabling some or all of the Ethernet interfaces of a node (so that no traffic will be able to go through that node, just like in a real breakdown of a machine) and is restored by re-enabling all the interfaces.
• Failures are considered to be similar to worm attacks and their spread is modelled according to the AAWP (Analytical Active Worm Propagation) model. This is a discrete-time and continuous state deterministic approximation model, proposed by Chen et al. [1] to model the spread of active worms that employ random scanning.
• The AAWP is a discrete time model which is more realistic, since a node must be completely infected before it starts infecting other node, so that the speed of the spread is connected to the number of nodes that can be infected.
• AAWP uses the random scanning mechanism in which it is assumed that every nodes is just as likely to infect or be infected by others. Other scanning mechanisms can be used, such as local subnet, permutation and topological scanning.
Math. Analysis, Simulation and ExperimentMath. Analysis, Simulation and ExperimentComparisonComparison