Cognitive Packet Networks: Improving QoS and Security, and Reduce - - PowerPoint PPT Presentation
Cognitive Packet Networks: Improving QoS and Security, and Reduce Energy Consumption Erol Gelenbe FIEEE FACM FRSS FIET Fellow of the National Academy of Technologies of France, Science Academies of Belgium, Hungary, Poland and Turkey
Cognitive Packet Networks: Improving QoS and Security, and Reduce Energy Consumption
Erol Gelenbe
FIEEE FACM FRSS FIET Fellow of the National Academy of Technologies of France, Science Academies of Belgium, Hungary, Poland and Turkey
Institute of Theoretical & Applied Informatics Polish Academy of Sciences ACOSIS 2019, Marrakech November 20, 2019
The Internet is Infinite, Pervasive and Unknown Basic Technology is Faster and Being Automated Demand is Ever Growing through Mobile Access and the IoT The Periphery of the Internet: Barbarians and Rome As More Things get Connected, the Less we Know ICT use of Electrical Energy is Growing by ~ 5-7% per Year
Smart “Cognitive Network”
Wide Variety of Terminals and Things Wide Variety of User Applications Diverse Users with Varying Demands Unknown and Varying Infrastructure Recognition of the User’s Context /Service Adaptation Dependable, Safe and Adaptive Network On & Off-Line Analytics & SDN for Distributed Adaptive Control
for a subset of users and routes at a time
control delay and combinatorial explosion: global algorithms are very slow and come too late
significantly over short periods of time
can occur suddenly, reaction and detours must be very rapid
Operators and Users based on On-line Measurement
Cognitive Packet Network (CPN) Principles
Quantities (loss, delay, security, throughput, energy … )
Goal = a QoS + b E .. Typically b= 1-a G = a[(1-L)D + L(D+G)] +b [(1-L)E + L(E+G)] = (aD + bE) /[1-(a+b)L] Observe different paths’ through on-line measurement, Operator may Inform the User + Dynamically & On-Line Selects paths or Sub-Networks based on the Measured G that can include Price, Security, QoS … Ongoing NOT one shot .. Everything may constantly change
achieve the goals – Everything Changes with Time
grouped into classes
mailboxes and processing units
and select the “top” N paths – Changing with Time
Smart Packets route themselves based on QoS Goals, e.g.,
Minimise Delay or Loss or Combination Minimise Jitter (for Voice) Maximise Dispersion (for security) Minimise Cost Optimise Cost/Benefit
Smart Packets make observations & take own decisions ACK Packets bring back observed data and trace activity and update a priority list of paths Users and Operators route Dumb Packets by selecting paths based on the “priority list” of paths
Decision System: a “neural” network (Neural Network embedded in Routers or SDN Servers) Internal State of Neuron i, is an Integer xi > 0 Network State at time t is a Vector x(t) = (x1(t), … , xi(t), … , xk(t), … , xn(t)) Is the Internal Potential of Neuron I If xi(t)> 0, we say that Neuron i is excited and it may fire at t+ in which case it will send out a spike If xi(t)=0, the Neuron cannot fire at t+ When Neuron i fires: :
State of Network x(t) = (x1(t), … , xi(t), … , xl(t), … , xn(t)), xi(t)>0 If xi > 0, we say that Neuron i is excited If xi(t)> 0, then Neuron i will fire with probability ri∆t in the interval [t,t+∆t] , and as a result:
The arriving spike at Neuron m is an
+
+ + pim
m=1 pim < 1 for all i=1,..,n
+ = ri pim +
m=1 wim
+ + wim –
− + j ji j j i i j ji j j i i
ji −
Firing Rate of Neuron i External Arrival Rate of Excitatory Spikes External Arrival Rate of Inhibitory Spikes
Probability that Neuron I is excited
instance G = [1-L]D + L[T+D+G]; T is some penalty
information is brought back to the decision points
compute the estimated reward R = 1/G
makes a myopic (one step) decision
Operator) to maintain a Prriority List of Paths
the choice of an output link in the node
Network with Excitatory and Inhibitory Weights
solution is guaranteed
the outgoing link which corresponds to the neuron whose excitation probability is largest
Historical Value of the Reward
If then else
1 1
− −
l l l
j k n R k i w k i w R j i w j i w
l l
≠ − + ← + ←
− − + +
, 2 ) , ( ) , ( ) , ( ) , (
l l
R T ≤
− 1 l l
R j i w j i w j k n R k i w k i w + ← ≠ − + ←
− − + +
) , ( ) , ( , 2 ) , ( ) , (
− +
+ =
n i
m i w m i w r
1 *
)] , ( ) , ( [
* *
) , ( ) , ( ) , ( ) , (
i i i i
r r j i w j i w r r j i w j i w
− − + +
← ←
Route Adaptation without Obstructing Traffic
Packet Round-Trip Delay with Saturating Obstructing Traffic at Count 30
Route Adaptation with Saturating Obstructing Traffic at Count 30
Packet Round-Trip Delay with Link Failure at Count 40
Path Tags with Link Failure at Count 40
SP DP All Average Round-Trip Packet Delay VS Percentage of Smart Packets
allowed to carry user payload
10.0.10.0 10.0.11.0
eth0 eth010.0.16.0 1 . . 1 5 .
1 . . 1 3 .
. . 1 2 .
eth1 e t h 1
t h 1
t h 1
10.0.17.0
eth0 CPN-NODE a100 IP HTTP - SERVER HTTP Client eth0:X.X.X.X eth1:10.0.17.7 Router_Wan=ISP 2 4 6 8 1 2 3 4 5 6 7 8 9 10 11 rate (Mbps) path length (hops) without background traffic delay hops hops+Delay 2 4 6 8 1 2 3 4 5 6 7 8 9 10 11 rate (Mbps) path length (hops) 1.6Mbps background traffic delay hops hops+Delay 2 4 6 8 1 2 3 4 5 6 7 8 9 10 11 rate (Mbps) path length (hops) 3.2Mbps background traffic delay hops hops+Delay 2 4 6 8 1 2 3 4 5 6 7 8 9 10 11 rate (Mbps) path length (hops) 6.4Mbps background traffic delay hops hops+Delay
200 400 600 800 1000 1200 1400 1600 1800 2000 5 10 15 Packet Number Route Length 1 2 3 4 5 6 7 8 9 10 11 12 5 10 15 20 25 30 Route No. Percentage used (%)
1 2 3 4 5 6 7 8 10
1
10
2
rate (Mbps) dumb packet delay (ms) without background traffic delay hops hops+Delay
1 2 3 4 5 6 7 8 10 1 10 2 rate (Mbps) dumb packet delay (ms) 3.2Mbps background traffic delay hops hops+Delay 1 2 3 4 5 6 7 8 10 1 10 2 rate (Mbps) dumb packet delay (ms) 6.4Mbps background traffic delay hops hops+DelayNo background traffic
Medium High
S f x y D S z a y D b c S z x y D e S a b c f y D e
100 200 300 400 500 600 700 800 10 10
110
2Packets Input Rate Forward Delay (ms) Without background traffic GA−disabled GA−enabled 100 200 300 400 500 600 700 800 10 20 30 40 50 60 70 80 90 100 Packets Input Rate Loss Rate (%) Without background traffic GA−disabled GA−enabled 100 200 300 400 500 600 700 800 10 10
110
2Packets Input Rate Forward Delay (ms) About 1.6Mbps background traffic GA−disabled GA−enabled 100 200 300 400 500 600 700 800 10 20 30 40 50 60 70 80 90 100 Packets Input Rate Loss Rate (%) About 1.6Mbps background traffic GA−disabled GA−enabled
No background traffic 2.4Mb background traffic
Delay Loss
4 Mb background traffic 5.6Mb background traffic
Delay Loss
100 200 300 400 500 600 700 800 10 10
110
2Packets Input Rate Forward Delay (ms) About 4Mbps background traffic GA−disabled GA−enabled 100 200 300 400 500 600 700 800 10 20 30 40 50 60 70 80 90 100 Packets Input Rate Loss Rate (%) About 4Mbps background traffic GA−disabled GA−enabled 100 200 300 400 500 600 700 800 10 10
110
2Packets Input Rate Forward Delay (ms) About 5.6Mbps background traffic GA−disabled GA−enabled 100 200 300 400 500 600 700 800 10 20 30 40 50 60 70 80 90 100 Packets Input Rate Loss Rate (%) About 5.6Mbps background traffic GA−disabled GA−enabled
100 200 300 400 500 600 700 800 10 10
1
10
2
Packets Input Rate Forward Delay (ms) About 8Mbps background traffic GA−disabled GA−enabled 100 200 300 400 500 600 700 800 10 20 30 40 50 60 70 80 90 100 Packets Input Rate Loss Rate (%) About 8Mbps background traffic GA−disabled GA−enabled
Measurements on Feasibility Using our 46-node Laboratory Packet Network Test-Bed:
Verlag, 2009.
Experiments with a Self-Aware Approach Minimise Power subject to End-to-End Delay (80ms) Constraint
[10] E. Gelenbe, ``Steps Toward Self-Aware Networks,'‘ Comm. ACM, 52 (7), pp. 66-75, July 2009. [15] E. Gelenbe and T. Mahmoodi “Energy aware routing in the Cognitive Packet Network”, presented at NGI/Co July 2010, submited for publication.
Measuring Avg Power Over All Routers Vs Average Traffic per Router
192.168.2.1 Network Address Translation 192.168.2.102 192.168.2.103 192.168.2.101 C
p u t e r
i e n c e
e t w
k
1 3 2 . 1 7 . 1 8 . X ) Internet
C I S C O S Y S TE M S192.168.2.20 192.168.2.30 192.168.2.40
Wireless Power-Aware Adhoc CPN Test-Bed
51
∗ Agent-based monitoring solution, consisting
∗ monitoring managers (MMs), and ∗ monitoring agents (MAs).
∗ Monitoring agent
∗ Software agent collecting local monitoring metrics ∗ Resides on nodes (hosts and VMs) ∗ Interfaces with the monitoring manager ∗ Uses collectd and RRDtool
∗ Monitoring manager
∗ Controls and configures monitoring via the agents ∗ Provides an interface to the monitoring system
52
probing of local resources by the collectd daemon.
collectd as necessary.
process and automatically restarts it if it fails.
are written to a local DB via RRDtool.
the local DB via RRDtool to perform computations and make them available for reporting, acting as a mailbox.
– CPU, memory, disk, network, load, processes
– SQL databases, Apache server, memcached
– Latency, jitter, loss
53
CPU Apache (bytes/sec)
multiple metrics to a local repository.
smart reports (SRs), dumb reports (DRs) and acknowledgements (ACKs)
– Smart reports are sent periodically by the MM, and collect the monitoring data from each hop (MA) they visit (via the corresponding ACK). – Smart reports are routed probabilistically based on the random neural network[2] at each MM and MA, therefore prioritizing parts of the cloud from which to collect data. – The ACK sent by the last MA in the chain carries the monitoring data back to the MM and updates the RNNs.
54
[2] E. Gelenbe. Random neural networks with negative and positive signals and product form
related to the given requirements for monitoring.
goals, such as
– system-related goals (e.g. free memory must be > 20%
– network-related goals (e.g. loss rate between VM1 and VM2 must be < 0.1%), – application-related goals (e.g. memory and CPU used by the Apache server must be < 80% of total system resources), and – monitoring-related goals (e.g. monitoring data from a host must be not be older than 10 minutes)
resource (MA) connected to the MM or MA
which parts of the cloud are prioritized for monitoring.
– Smart reports are sent probabilistically based on the weights of the neurons.
55
Proxy 1. It monitors the quality of the Internet paths by sending probe packets to other proxies, 2. It routes each incoming packet sent by a local application to its destination. Transmission/Reception Agents 1. TA intercepts the packets of the application and forwards them to the local Proxy. 2. RA receives packets from the Proxy and delivers them to the local application.
56
57
(RNN)
which have been observed to be of good quality, exploring also at random other paths whose quality might have improved recently
asymptotically the same average (per round) end-to-end latency as the best path
58
Experiment with 20 nodes
IP route SMART Melbourne/Gibraltar 390.0 274.6 Narita/Santiago 406.7 253.8 Moscow/Dublin 179.9 81.7 Honk Kong/Calgary 267.1 130.7 Singapore/Paris 322.3 154.1 Tokyo/Haifa 322.6 180.8
Average RTT (ms) for some pathological OD pairs
RTT Japan/Chile over 5 days RTT Japan/Chile (zoom)
Experiment with Amazon EC2
IP route SMART Dublin/Sydney 11.5 37.5 Singapore/Sao Paulo 12.8 42.0 Sydney/Virginia 8.5 52.3 Virginia/Singapore 7.4 33.8 Virginia/Sydney 6.9 35.0 Virginia/Tokyo 10.3 39.7
Average Throughput (Mbps) for some pathological OD pairs
Throughput from Virginia to Sydney
Throughput from Virginia to Sydney (zoom)
emulation)
performances,
the SMART system.
performance,
63
Hypervisor which is a GUI for the SMART system.
each time instant
– Routing decisions, – And the metric evolution for each
– In real-time, displaying the current health status of an application overlay – Or to replay the evolution of key metrics within a specific time-frame, based on historical data.
64
campaigns, each lasting 24H
– The results presented are a zoom over 3H periods, – Tests used either delay or bandwidth probes
performances
– SMART achieves
– On the IP path : 1m52s (737.4 Kb/s) – Over SMART Paths : 33s (2.42 Mb/s) – A 70.5% improvement
65
72
RN N
Heavy load Medium load Light load
– Performs autonomous task-to-resource allocations based on given QoS goals for the tasks – Uses concepts similar to those presented for the pervasive monitoring system and SMART, i.e. learning using online measurements and random neural networks – Aims to optimize the performance related to the QoS requirements requested by end users, e.g. job response time , economic cost, etc.
– Do online measurements related to the given QoS goal(s) of tasks that need to be allocated to nodes (hosts, VMs) on the cloud – Adaptively learn the “best nodes” to which tasks should be allocated, depending on their QoS goals – Allocate incoming tasks to nodes based on the learned information, and continue to learn from the allocation decisions by monitoring the QoS received by the tasks
73
Metric Category Metric Relevance: web servers, Search engines Relevance: batch jobs, MapReduce jobs Application level Response time High Low Throughput High High System level CPU utilization Low High Memory utilization Low High Other Economic cost Medium to High Medium to High Energy consumption Medium to High Medium to High
74
– Each RNN corresponds to a job class with a specified QoS goal – Each neuron corresponds to the choice of a host in a cluster. – Smart reports are sent to the most excited neuron. – Jobs are dispatched to the most excited neuron, resulting in the minimizing of the QoS goal.
– Smart reports are sent probabilistically based on the history of measurements. – No RNN. History is kept as an exponentially weighted moving average (EWMA) per QoS goal. – Jobs are dispatched probabilistically using the EWMA metric for their QoS goals.
75
[3] E. Gelenbe, K.-F. Hussain. Learning in the multiple class random neural network. IEEE Trans. Neural Networks, 13(6): 1257-1267, Nov. 2002. [4] E. Gelenbe. Sensible decisions based on QoS. Computational Management Science, 1(1): 1-14, Dec. 2003.
76
∗ One job controller ∗ Three hosts
∗ have different processing speed and I/O capacity.
∗ Software components:
∗ Job generator (clients) ∗ Job dispatcher (controller) ∗ Job executor (hosts)
77
Detail from figure on right
Scenario: Hosts with distinct processing speeds RNN vs. Sensible Allocation vs. Round Robin
78
∗ Scenario:
∗ Different service (job) classes in terms of resource requirement
∗ CPU intensive services and I/O bound services
∗ Different background load on hosts, stressing CPU and I/O differently
79
50 100 150 200 250 300 2000 4000 6000 8000 10000
Job execution time (second) Penalty (for Job1)
500 1000 1500 2000 2500 3000 2000 4000 6000 8000 10000
Job execution time (second) Penalty (for Job2)
80
Scenario:
81
Measured Job Dispatching Probabilities to minimise the Energy-QoS goal function for different relative importance attributed to response time (a) and energy consumption (b) versus Load in Jobs/sec
Measured energy consumption per job (in Joules) and job response time at the hosts (in seconds) averaged over the three hosts as a function of job arrival rate λ
82
83
∗ A TAP deployed in each Cloud ∗ The routing overlay, “SMART”, which includes a set of proxies installed at different cloud servers, or in
area networks. ∗ Allocating the incoming jobs to the local or remote clouds depends on ∗ Cloud processing delay ∗ Network delay for job transfer
84
Weighted average network delay over time on the connections to the three remote clouds Derived from measurement of the round-trip delay and loss via pinging The network performance is
routing overlay, “SMART” over clouds
85
The measured response time for each web request as time elapses; the different colours represent the different clouds where the requests are allocated and processed. As long as the local cloud’s response time is low, tasks are processed
sent to the remote cloud, and then when things improve at the local cloud, they are again executed locally.
– Pattern detection – Anomaly detection – Hybrid detection – Third-party detection
– Agent identification – Rate-limiting – Filtering – Reconfiguration
ACK packets
nodes upstream from the victim(s) using ACK packets
detection failures)
− = − =
− − = − − =
1 1 , , , 1 1 , , ,
)) 1 )( 1 (( )) 1 )( 1 ((
j l d d d d d d j l n n n n n n
l l j j l l j j
d L I f L I
d d d n n n
λ λ
) ) 1 ( ) 1 ( (
, , , ,
− + − =
d d d n n n i d i i n i i i
d I f I s ρ
i B i B i i
i i
L ρ ρ ρ − − ⋅ =
+
1 1
1
Illustration on an Experimental CPN Test-Bed
Averaged Likelihood Feedforward RNN Recurrent RNN False Alarms: 2.8 % Correct Detections: 88 % False Alarms: 11 % Correct Detections: 96 % False Alarms: 11 % Correct Detections: 96 %
Trace1 --- Attack Traffic
Averaged Likelihood Feedforward RNN Recurrent RNN False Alarms: 0 % Correct Detections: 76 % False Alarms: 8.3 % Correct Detections: 84 % False Alarms: 2.8 % Correct Detections: 80 %
Trace2 --- Attack Traffic
Stable Networks in the Presence of Failures
node (so that no traffic will be able to go through that node, just like in a real breakdown
according to the AAWP (Analytical Active Worm Propagation) model. This is a discrete- time and continuous state deterministic approximation model, proposed by Chen et al. [1] to model the spread of active worms that employ random scanning.
completely infected before it starts infecting other node, so that the speed of the spread is connected to the number of nodes that can be infected.
is just as likely to infect or be infected by others. Other scanning mechanisms can be used, such as local subnet, permutation and topological scanning.
Experiments
Joint Work with BT Exact Combining Network and Physical Security UK Technology Strategy Board SATURN, Imperial, Oxford, BT Exact, Northrup-Grumman Other Projects Minimizing Energy Consumption in Wired Networks and Clouds EU FP7 Fit4Green Project Imperial, Several European Universities, HP Mobile Security FP7 NEMESYS Project with Telecom Italia & Deutsche Telekom Cloud Computing FP7 PANACEA Project with ATOS & IBM Security of Health Systems & the IOT H2020 Projects KONFIDO & GHOST
and Cybernetics B, 36 (6): 1247-1254, 2006.
51 (5): 1299-1314, 2007.
1045-1051.
Computer Journal 54 (6): 850-859, 2011.
IEEE Trans. on Industrial Informatics, 10 (3): 1717 - 1725, 2014.
Computing, Volume: PP, Issue: 99, Date of Publication: 28 August 2015.
Selected Topics in Communications, 34 (3): 575-583 (2016) CoRR abs/1512.08314.
Storms in 3G Networks”, IEEE Trans. Emerging Topics Computing 4(1): 113-127 (2016).