automatic inference of high level network intents by
play

Automatic Inference of High-Level Network Intents by Mining - PowerPoint PPT Presentation

Jan 06, 2024 •406 likes •667 views

Automatic Inference of High-Level Network Intents by Mining Forwarding Patterns Ali Kheradmand University of Illinois at Urbana-Champaign 1 SOSR, March 2020 Typical network configuration procedure Mostly manual in todays networks

  1. Automatic Inference of High-Level Network Intents by Mining Forwarding Patterns Ali Kheradmand University of Illinois at Urbana-Champaign 1 SOSR, March 2020

  2. Typical network configuration procedure • Mostly manual in today’s networks • Alas, the semantic gap! ??? Operator Network High-level Intents Configurations (informal) 2

  3. 3

  4. How to bridge the gap? Operator Network High-level Intents Configurations (informal) 4

  5. Current approaches Model of Configured network Verification system S Verifier Does S satisfy Ψ? High-level intents Property Ψ Formal specification Synthesis/Compilation High-level intents Compiler Configurations Network Formal specification 5

  6. Reality • Formal specifications not existing / maybe not even known • Operator is given an informal description of networking objectives • Intents are implicit • Operators inherit legacy networks • Asked to maintain it • 82% concerned that changes would cause problems with existing functionality [Kim et al, NSDI’15] 6

  7. A new approach • Idea: automatically infer high-level intents by looking at the low-level network forwarding behavior How about going this way? High-level Intents Operator Network Configurations 7

  8. Automatic Network Intent Miner (Anime) Inferred intents Observed behavior Anime (high-level) (low-level) Data plane/control plane/configuration analysis Live traffic monitoring … Inferred Possible Observed 8

  9. Applications • Streamline “Intent Based Networking” • Verification/Synthesis • Automatic migration from legacy networks to cloud, SDN, … • Transparent optimizations, automatic repair, etc. • Network behavior summarization • Debugging and management • Anomaly analysis • Misconfiguration detection 9

  10. Example Observed low-level behavior Inferred high-level intent dstIP: 10.0.1.2, start: U1, waypoint: F1, end: S1 User U 1 U 2 U 3 dstIP: 10.0.1.2, start: U2, waypoint: F1, end: S1 dstIP: 10.0.1.2, start: User, waypoint: Firewall, end: S1 dstIP: 10.0.1.2, start: U3, waypoint: F2, end: S1 Firewall FW 1 FW 2 dstIP: 10.0.1.3, start: U1, waypoint: F1, end: S2 Server S 1 S 2 dstIP: 10.0.1.3, start: U2, waypoint: F2, end: S2 dstIP: 10.0.1.3, start: User, waypoint: Firewall, end: S2 10.0.1.2 10.0.1.3 dstIP: 10.0.1.3, start: U3, waypoint: F2, end: S2 dstIP: 10.0.1.2/31, start: User, waypoint: Firewall, end: Server Inferred higher-level intent 10

  11. Expressing behavior and intents • Using features • Each corresponding to one aspect of an observed behavior • Devices: e.g. start, waypoint, end, entire forwarding path • Header information: e.g. source/destination address or port • Conditions/state, e.g. temporal (snapshot timestamp), topological (link failures). device (connection state) • Each has a set of labels associated with it: • Device: U1, U2, U3, S1, S2, FW1, FW2, User, Firewall, Server, Any • IP: 10.0.1.2, 10.0.1.2/31, 10.0.0.0/8, ... dstIP : 10.0.1.2, start : U1, waypoint : F1, end : S1 11

  12. Insight • Networks are hierarchical • E.g. IP hierarchy (CIDR), device role hierarchy • Idea: use hierarchical labels IP Device coverage 0 . 0 . 0 . 0 / 0 : 2 32 Any:7 ... User:3 Firewall:2 Server:2 10 . 0 . 1 . 2 / 31 : 2 U 1 :1 U 2 :1 U 3 :1 F 1 :1 F 2 :1 S 1 :1 S 2 :1 10 . 0 . 1 . 2 / 32 : 1 10 . 0 . 1 . 3 / 32 : 1 specifity 12

  13. Library of feature templates 0 . 0 . 0 . 0 / 0 : 2 32 Any:7 [0 , 255] : 256 Any:n ... User:3 Firewall:2 Server:2 [0 , 1] : 2 [100 , 255] : 156 ... L 1 :1 L 2 :1 ... L n :1 10 . 0 . 1 . 2 / 31 : 2 U 1 :1 U 2 :1 U 3 :1 F 1 :1 F 2 :1 S 1 :1 S 2 :1 0 : 1 1 : 1 100 : 1 255 : 1 ... 10 . 0 . 1 . 2 / 32 : 1 10 . 0 . 1 . 3 / 32 : 1 DAG <V,E> Flat<{L 1 ,L 2 ,…,L n }> Range IP Prefix Any:n AS1.R1.Internal+.R5.AS2 xx : 4 { L 1 , ..., L b } : b { L n − b +1 , ..., L n } : b ... … AS1.R1.Internal.R5.AS2 AS1.R1.Internal.Internal.R5.AS2 ... ... 0 x : 2 1 x : 2 ... { L 1 , L 2 } : 2 { L n − 1 , L n } : 2 AS1.R1.R2.R5.AS2 AS1.R1.R3.R4.R5.AS2 00 : 1 01 : 1 10 : 1 11 : 1 L 1 :1 L 2 :1 L n − 1 :1 L n :1 Set<{L 1 ,L 2 ,…,L n }, b> TBV<n> Hierarchical Reduced Regex (HRE) 13

  14. Expressing behavior and intents • Combine multiple features (Tuple<F 1 ,...,F n >) to express behavior and intents • E.g. Tuple<dstIP, start, waypoint, end> 0.0.0.0/0,Any,Any,Any … Potential high-level intents 10.0.1.2/31,User,Firewall,Server cost 10.0.1.3,User,Firewall,S2 10.0.1.2,User,Firewall,S1 … 10.0.1.3,User,F2,S2 10.0.1.2,User,F1,S1 … … … … … … … … … 10.0.1.2,U1,F1,S1 10.0.1.2,U2,F1,S1 10.0.1.2, U3,F2,S1 10.0.1.3,U1,F1,S2 10.0.1.2,U2,F2,S2 10.0.1.3,U3,F2,S2 … Expressible low-level behavior 14

  15. Problem definition • Given • A set of observed behavior ! = {$ % , … , $ ( } • Limit * on the number of inferred intents cost • Find , < • Intents + = , % , … , , - . (* 0 ≤ *) , -0 • Such that , % • Each behavior in ! is represented by at least one intent from + $ % $ ( $ ; • Minimizes ∑ 4567(,) 8∈: NP-Hard 15

  16. Heuristic solution Least cost common ancestor =5,> ? : Single best intent representing all behavior in g Efficient ? 1 ? 3 =5,> ? 1 {$ % ,…,$ ( } =5,> ? 2 $ 8 =5,> ? 3 … Clustering methods $ ; ? 2 cost(=5,>(p 1 ,p 2 ) ) Insight: cost of =5,> ? inversely related to similarity of behavior in ? Any:7 =5,> I1, I2 = I6KL (cost: 3) User:3 Firewall:2 Server:2 =5,> I1, MN1 = O>P (cost: 7) U 1 :1 U 2 :1 U 3 :1 F 1 :1 F 2 :1 S 1 :1 S 2 :1

  17. Evaluation Quality of inferred intents Performance Refer to the paper 17

  18. Evaluation (objective quality metrics) Inferred Possible Predicted N P [\ Precision: � Specificity TP FN [\]^\ P (exclusion of impossible behavior) Actual [\ Recall: � Coverage N FP TN [\]^_ (inclusion of possible behavior) 18 Whitelist assumption: any behavior not explicitly allowed by any intent in a set of intents is disallowed by that set

  19. Evaluation (comparison with Net2Text) • Re-implemented Compass algorithm from Net2Text [Birkner et al, NSDI18] 1 . 0 • Summarize forwarding traffic Net2Text, Recall: 0.26 Anime, Recall: 1 • “as much as possible” 0 . 8 • No use of hierarchy • Net2Text dataset Precision 0 . 6 • Simplified ISP , Real-world topologies, IPv4 RIB, and AS-to-organization information 0 . 4 • No hierarchy (to be fair) • AT&T topology, 25 nodes, 5 egresses, 100 0 . 2 prefixes, 2500 paths • Perfect observation (possible = observed) 0 . 0 0 500 1000 1500 2000 2500 • Goal: summarization Limit on length of description (k) 19

  20. Evaluation (effect of hierarchical values) • Multiple groups of servers • Synthetic access control policies • “group/server A can communicate 1 . 0 with group/server B” • 100 nodes, 5 groups of size bw 5- 0 . 8 30, 10 intents, 435 paths Precision 0 . 6 Anime w/o hierarchy, Recall: 1 • Perfect observation (possible = observed) Anime with hierarchy, Recall: 1 0 . 4 • Goal: summarization 0 . 2 0 . 0 0 100 200 300 400 Limit on length of description (k) 20

  21. Evaluation (partial observation) “train” on observed (60% of possible), evaluate on possible Near perfect F-score (1 FN, 0 FP) 9/10 actual intents correctly inferred 1 . 0 1 . 0 1 . 0 <\`abac8d(×fabghh \`abac8d(]fabghh 0 . 8 0 . 8 0 . 8 Recall 0 . 6 F-score 0 . 6 Recall 0 . 6 0 . 4 0 . 4 0 . 4 F-score = 0 . 2 Compass 0 . 2 Net2Text Anime w/o hierarchy 0 . 2 Anime Anime Anime with hierarchy 0 . 0 0 . 0 0 . 0 0 . 2 0 . 4 0 . 6 0 . 8 1 . 0 0 . 0 0 . 2 0 . 4 0 . 6 0 . 8 1 . 0 0 100 200 300 400 Precision Precision Limit on length of description (k) Net2Text dataset Access control dataset 21

  22. Concluding remarks • A new approach towards bridging the semantic gap • Anime, a framework to express network behavior and infer intents • Fits the hierarchical nature of networks • Enables application of ML-toolbox to network intent inference • Prototype produces (objectively) high-quality results • Acceptable performance • Future • Incorporating user feedback • Automatic anomaly detection • User study with real-world network operators • Interested? • Let’s get in touch kheradm2@illinois.edu 22

  23. Backup slides 23

  24. Related work • Network behavior summarization Anime: • Net2Text [Birkner et al, NSDI18] snapshot: 1, path: X.A.Y • Network invariant inference snapshot: Any, path: X.{A,B}.Y snapshot: 2, path: X.B.Y • Network analysis [US patent 15/860,558] • Config2Spec [Birkner et al, NSDI20] A A A X Y X Y X Y ∩ = B B B 24

  25. Example 2 AS 1 AS 2 time: morning, failed links: 0, dstIP: 128.174.0.0/16, path: AS1.R1.R2.R5.AS2 time: evening, failed links 1, dstIP: 128.174.0.0/16, path: AS1.R1.R3.R4.R5.AS2 R 2 R 1 R 5 time: Any , failed links: [0-1] , dstIP: 128.174.0.0/16, path: AS1.R1. Internal+ .R5.AS2 R 3 R 4 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Refining Network Intents for Self-Driving Networks Arthur Selle Jacobs Ricardo Jos

Refining Network Intents for Self-Driving Networks Arthur Selle Jacobs Ricardo Jos

Refining Network Intents for Self-Driving Networks Arthur Selle Jacobs Ricardo Jos Pfitscher, Ronaldo Alves Ferreira, Lisandro Zambenedetti Granville UFRGS UFMS Budapest, Hungary August 24, 2018 Self-Driving Networks High-level

874 views • 31 slides
Scalable Inference and Learning for High-Level Probabilistic Models Guy Van den Broeck KU Leuven

Scalable Inference and Learning for High-Level Probabilistic Models Guy Van den Broeck KU Leuven

Scalable Inference and Learning for High-Level Probabilistic Models Guy Van den Broeck KU Leuven Outline Motivation Why high-level representations? Why high-level reasoning? Intuition: Inference rules Liftability theory:

1.96k views • 152 slides
INTENTS Intents (concept) Intents are like messages that activate software components

INTENTS Intents (concept) Intents are like messages that activate software components

INTENTS Intents (concept) Intents are like messages that activate software components (activities,servicies,broadcast receivers) An Intent may be explicit when it has exactly one target or implicit otherwise: it just specifies the

1.05k views • 41 slides
CS 528 Mobile and Ubiquitous Computing Lecture 3b: Intents &amp; Fragments Emmanuel Agu Intents

CS 528 Mobile and Ubiquitous Computing Lecture 3b: Intents &amp; Fragments Emmanuel Agu Intents

CS 528 Mobile and Ubiquitous Computing Lecture 3b: Intents &amp; Fragments Emmanuel Agu Intents Intent Intent: a messaging object used by a component to request action from another app or component 3 main use cases for Intents Case

890 views • 43 slides
Hindley-Milner Type Checking Automatic Type Inference What can be inferred about type of f or x

Hindley-Milner Type Checking Automatic Type Inference What can be inferred about type of f or x

CSE340 Principles of Programming Languages Hindley-Milner Type Checking Automatic Type Inference What can be inferred about type of f or x from this definition? f(x) = x Automatic Type Inference f(x) = x f is a function that takes a single

1.31k views • 73 slides
S9422: AN AUTO-BATCHING API FOR HIGH-PERFORMANCE RNN INFERENCE Murat Efe Guney Developer

S9422: AN AUTO-BATCHING API FOR HIGH-PERFORMANCE RNN INFERENCE Murat Efe Guney Developer

S9422: AN AUTO-BATCHING API FOR HIGH-PERFORMANCE RNN INFERENCE Murat Efe Guney Developer Technology Engineer, NVIDIA March 20, 2019 REAL-TIME INFERENCE Sequence Models Based on RNNs Sequence models for automatic speech recognition (ASR),

655 views • 30 slides
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang

Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang

Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray, Sven Krasser Motivation Spam: More than Just a Nuisance Spam: Ham: unsolicited bulk

523 views • 28 slides
GPU INFERENCE ENGINE Michael Andersch, 7 th April 2016 WHAT IS INFERENCE, ANYWAYS? Building a

GPU INFERENCE ENGINE Michael Andersch, 7 th April 2016 WHAT IS INFERENCE, ANYWAYS? Building a

April 4-7, 2016 | Silicon Valley NVIDIA GIE: HIGH-PERFORMANCE GPU INFERENCE ENGINE Michael Andersch, 7 th April 2016 WHAT IS INFERENCE, ANYWAYS? Building a deep neural network based application Step 1: Use data to train the neural network -

1.02k views • 17 slides
CS378 - Mobile Computing Intents Intents Allow us to use applications and components that

CS378 - Mobile Computing Intents Intents Allow us to use applications and components that

CS378 - Mobile Computing Intents Intents Allow us to use applications and components that are part of Android System and allow other applications to use the components of the applications we create Examples of Google applications:

473 views • 31 slides
Bridging the gap between low level vision and high level tasks

Bridging the gap between low level vision and high level tasks

Bridging the gap between low level vision and high level tasks VALSE 2019-09-18 1 Outline Gated fusion network for single image dehazing , CVPR18 Benchmarks: RESIDE (dehazing), MPID

1k views • 45 slides
Introducing: Intents Introducing: Intents Jerome Leclanche LXQt, XDG FOSDEM 2014 What is

Introducing: Intents Introducing: Intents Jerome Leclanche LXQt, XDG FOSDEM 2014 What is

Introducing: Intents Introducing: Intents Jerome Leclanche LXQt, XDG FOSDEM 2014 What is XDG? What is XDG? Three specs Three specs desktop-entry: Describe applications shared-mime-info: Describe file types mime-actions:

380 views • 18 slides
High-Throughput Multi-Threaded Sum-Product Network Inference in the Reconfigurable Cloud Micha

High-Throughput Multi-Threaded Sum-Product Network Inference in the Reconfigurable Cloud Micha

High-Throughput Multi-Threaded Sum-Product Network Inference in the Reconfigurable Cloud Micha Ober, Jaco A. Hofmann, Lukas Sommer, Lukas Weber, Andreas Koch Embedded Systems and Applications Group, TU Darmstadt 20.11.2019 | TU Darmstadt |

623 views • 36 slides
Procera: A Language for High-Level Reactive Network Control Andreas Voellmy Hyojoon Kim Nick

Procera: A Language for High-Level Reactive Network Control Andreas Voellmy Hyojoon Kim Nick

Procera: A Language for High-Level Reactive Network Control Andreas Voellmy Hyojoon Kim Nick Feamster Yale University, Georgia Tech, University of Maryland August 13, 2012 Static &amp; Dynamic Network Policies Network operators want to

416 views • 20 slides
Towards High- -performance performance Towards High Flow- -level Packet Processing level

Towards High- -performance performance Towards High Flow- -level Packet Processing level

Towards High- -performance performance Towards High Flow- -level Packet Processing level Packet Processing Flow on Multi- -core Network Processors core Network Processors on Multi Yaxuan Qi (presenter), Bo Xu, Fei He, Baohua Yang,

568 views • 27 slides
Towards Automatic Inference of Task Hierarchies in Complex Systems Haohui Mai Chongnan Gao

Towards Automatic Inference of Task Hierarchies in Complex Systems Haohui Mai Chongnan Gao

Overview Design &amp; Implementation Case Study Conclusion Acknowledgment References Towards Automatic Inference of Task Hierarchies in Complex Systems Haohui Mai Chongnan Gao Xuezheng Liu Xi Wang Geoffrey M. Voelker

566 views • 22 slides
? Due? Dialogs are branching conversation flows that define how your application responds when it

? Due? Dialogs are branching conversation flows that define how your application responds when it

Entities are terms or objects that Intents are purpose of a user's input, are relevant to your intents and and that provide a specific context such as a question about for an intent . business locations or a bill payment. Rent ? Due?

61 views • 3 slides
Timing Behavior Anomaly Detection for Automatic Failure Detection and Diagnosis Research visit at

Timing Behavior Anomaly Detection for Automatic Failure Detection and Diagnosis Research visit at

Timing Behavior Anomaly Detection for Automatic Failure Detection and Diagnosis Research visit at Charles Univerity Prague Matthias Rohr matthias.rohr@informatik.uni-oldenburg.de Graduate School TrustSoft, Software Engineering Group Department

969 views • 82 slides
3. Behavioral Perspective of Learning Behavior: Big Questions Is learning just a change of

3. Behavioral Perspective of Learning Behavior: Big Questions Is learning just a change of

3. Behavioral Perspective of Learning Behavior: Big Questions Is learning just a change of behavior? Can learning happen without intent? Can new behavior be shaped by manipulating the environment? 3.1 Classical

848 views • 37 slides
Auto ma tic a lly Cha ra c te rizing L a rg e Sc a le Pro g ra m Be ha vio r Timothy Sherwood

Auto ma tic a lly Cha ra c te rizing L a rg e Sc a le Pro g ra m Be ha vio r Timothy Sherwood

Auto ma tic a lly Cha ra c te rizing L a rg e Sc a le Pro g ra m Be ha vio r Timothy Sherwood Erez Perelman Greg Hamerly Brad Calder T itle Ideal : To understand the effects of cycle-level events on full program execution

465 views • 29 slides
behavior Timothy R. Vollmer University of Florida Overview A bit about my background and

behavior Timothy R. Vollmer University of Florida Overview A bit about my background and

automatically reinforced behavior Timothy R. Vollmer University of Florida Overview A bit about my background and research interests Overview of the functions of severe problem behavior Typical treatment logic and why it does not

529 views • 23 slides
Automatic Generation of Oracles for Exceptional Behaviors a c f i t t r A * o m C p

Automatic Generation of Oracles for Exceptional Behaviors a c f i t t r A * o m C p

Automatic Generation of Oracles for Exceptional Behaviors a c f i t t r A * o m C p * l e t n t e A e * t s * E i W s n e C o A l l C D T * o * S c e u s S u m E e e I R n * o t e v t

1.12k views • 80 slides
Automatic Virtual Machine Clustering based on Bhattacharyya Distance for Multi-Cloud Systems C.

Automatic Virtual Machine Clustering based on Bhattacharyya Distance for Multi-Cloud Systems C.

Automatic Virtual Machine Clustering based on Bhattacharyya Distance for Multi-Cloud Systems C. Canali R. Lancellotti University of Modena and Reggio Emilia MultiCloud - 22 april 2013 - Prague 1 Cloud computing challenges Large data

295 views • 16 slides
Semi-automatic Assessment of I/O Behavior An Explorative Study on 10 6 Jobs SC19-PDSW November

Semi-automatic Assessment of I/O Behavior An Explorative Study on 10 6 Jobs SC19-PDSW November

Research Group German Climate Computing Center Semi-automatic Assessment of I/O Behavior An Explorative Study on 10 6 Jobs SC19-PDSW November 18, 2019 Eugen Betke, Julian Kunkel Motivation Goals: Finding jobs with high I/O load, but

127 views • 8 slides
so social cial-cogn cognitiv itive e pr proc ocesses esses Presentation by Harmanjit

so social cial-cogn cognitiv itive e pr proc ocesses esses Presentation by Harmanjit

Au Auto tomatici maticity ty i in n so social cial-cogn cognitiv itive e pr proc ocesses esses Presentation by Harmanjit Singh John A. Bargh , Kay L. Schwader , Sarah E. Hailey, Rebecca L. Dyer, and Erica J. Boothby

493 views • 17 slides

More recommend