Pub Date : 2020-06-01DOI: 10.1109/NetSoft48620.2020.9165434
Daniele Bringhenti, G. Marchetto, R. Sisto, Fulvio Valenza, Jalolliddin Yusupov
The rise of new forms of cyber-threats is mostly due to the extensive use of virtualization paradigms and the increasing adoption of automation in the software life-cycle. To address these challenges we propose an innovative framework that leverages the intrinsic programmability of the cloud and software-defined infrastructures to improve the effectiveness and efficiency of reaction mechanisms. In this paper, we present our contributions with a demonstrative use case in the context of Kubernetes. By means of this framework, developers of cybersecurity appliances will not have any more to care about how to react to events or to struggle to define any possible security tasks at design time. In addition, automatic firewall ruleset generation provided by our framework will mostly avoid human intervention, hence decreasing the time to carry out them and the likelihood of errors. We focus our discussions on technical challenges: definition of common actions at the policy level and their translation into configurations for the heterogeneous set of security functions by means of a use case.
{"title":"Introducing programmability and automation in the synthesis of virtual firewall rules","authors":"Daniele Bringhenti, G. Marchetto, R. Sisto, Fulvio Valenza, Jalolliddin Yusupov","doi":"10.1109/NetSoft48620.2020.9165434","DOIUrl":"https://doi.org/10.1109/NetSoft48620.2020.9165434","url":null,"abstract":"The rise of new forms of cyber-threats is mostly due to the extensive use of virtualization paradigms and the increasing adoption of automation in the software life-cycle. To address these challenges we propose an innovative framework that leverages the intrinsic programmability of the cloud and software-defined infrastructures to improve the effectiveness and efficiency of reaction mechanisms. In this paper, we present our contributions with a demonstrative use case in the context of Kubernetes. By means of this framework, developers of cybersecurity appliances will not have any more to care about how to react to events or to struggle to define any possible security tasks at design time. In addition, automatic firewall ruleset generation provided by our framework will mostly avoid human intervention, hence decreasing the time to carry out them and the likelihood of errors. We focus our discussions on technical challenges: definition of common actions at the policy level and their translation into configurations for the heterogeneous set of security functions by means of a use case.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127867370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-06-01DOI: 10.1109/netsoft48620.2020.9165462
M. U. Masood, I. Khan, Arsalan Ahmad, Muhammad Imran, V. Curri
Prior provisioning of optical source technologies have techno-economic importance for the operator during the design and planning of optical network architectonics. Advancement towards the latest technology paradigm such as Elastic Optical Networks (EONs) and Software Defined Networking (SDN) open a gateway for a flexible and re-configurable optical network architecture. In order to achieve the required degree of flexibility, a flexible and dynamic behaviour is required both at the control and data plane. In this regards, SDN-enabled flexible optical transceivers are proposed to provide the required degree of flexibility. Sliceable Bandwidth Variable Transponders (SBVTs) is one of the recent type of flexible optical transceivers. Based on the type/technology of optical carrier source, the SBVTs are categorized into two types; Multi-Laser SBVT (ML-SBVT) and Multi-wavelength SBVT (MW-SBVT). Both architectures have their own pros and cons when it comes to accommodate traffic request. In this paper, we propose a selection model for the SBVTs before its actual deployment in the network. The selection model consider various design and planning phase network characteristics. In addition to this selection model, the comparison of centralized Flex-OCSM architecture is also presented with the already discussed SBVT types. The analysis in this work is performed on random network (20 nodes) and the German Network (17 nodes).
在光网络架构的设计和规划过程中,预先提供光源技术对运营商具有重要的技术经济意义。弹性光网络(Elastic Optical network, EONs)和软件定义网络(Software Defined Networking, SDN)等最新技术范式的发展,为灵活、可重构的光网络架构打开了大门。为了达到所需的灵活性程度,在控制平面和数据平面都需要灵活和动态的行为。在这方面,提出了支持sdn的柔性光收发器,以提供所需的灵活性。可切片带宽可变转发器(sbvt)是一种最新的柔性光收发器。根据光载波源的类型/技术,sbvt分为两种类型;多激光SBVT (ML-SBVT)和多波长SBVT (MW-SBVT)。在适应流量请求时,这两种架构都有各自的优缺点。在本文中,我们提出了一种sbvt在实际部署之前的选择模型。选择模型考虑了网络在设计和规划阶段的各种特性。除了该选择模型外,还将集中式Flex-OCSM体系结构与已经讨论过的SBVT类型进行了比较。本文的分析是在随机网络(20个节点)和德国网络(17个节点)上进行的。
{"title":"Smart Provisioning of Sliceable Bandwidth Variable Transponders in Elastic Optical Networks","authors":"M. U. Masood, I. Khan, Arsalan Ahmad, Muhammad Imran, V. Curri","doi":"10.1109/netsoft48620.2020.9165462","DOIUrl":"https://doi.org/10.1109/netsoft48620.2020.9165462","url":null,"abstract":"Prior provisioning of optical source technologies have techno-economic importance for the operator during the design and planning of optical network architectonics. Advancement towards the latest technology paradigm such as Elastic Optical Networks (EONs) and Software Defined Networking (SDN) open a gateway for a flexible and re-configurable optical network architecture. In order to achieve the required degree of flexibility, a flexible and dynamic behaviour is required both at the control and data plane. In this regards, SDN-enabled flexible optical transceivers are proposed to provide the required degree of flexibility. Sliceable Bandwidth Variable Transponders (SBVTs) is one of the recent type of flexible optical transceivers. Based on the type/technology of optical carrier source, the SBVTs are categorized into two types; Multi-Laser SBVT (ML-SBVT) and Multi-wavelength SBVT (MW-SBVT). Both architectures have their own pros and cons when it comes to accommodate traffic request. In this paper, we propose a selection model for the SBVTs before its actual deployment in the network. The selection model consider various design and planning phase network characteristics. In addition to this selection model, the comparison of centralized Flex-OCSM architecture is also presented with the already discussed SBVT types. The analysis in this work is performed on random network (20 nodes) and the German Network (17 nodes).","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116890728","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-06-01DOI: 10.1109/netsoft48620.2020.9165454
Nikos Kostopoulos, D. Kalogeras, B. Maglaris
In this paper we utilize XDP for DNS Deep Packet Inspection (DPI) in order to mitigate Water Torture attacks at the NIC driver level of Authoritative DNS Servers. Our approach may benefit DNS Administrators who wish to filter attack traffic within their DNS infrastructure and avoid the latency overhead and additional costs imposed by external cloud scrubbing services. Our schema does not depend on specialized hardware and does not blacklist entire domain name suffices, hence does not block legitimate requests. Packets are intercepted by XDP that identifies messages of DNS requests for further processing. Requested names are extracted from the message payload and categorized based on their validity. Valid names are forwarded to the user space to be resolved, whilst invalid ones are dropped within the Linux kernel at an early stage without downgrading the DNS service. Names are classified using Bloom Filters that map DNS zone contents in a memory efficient manner. These probabilistic data structures are free of false negatives and therefore valid DNS requests are never dropped. We provide a proof of concept setup to test our schema under a DDoS attack scenario and assess how mitigation performance is affected by DPI on DNS requests. Our experiments verify that using XDP significantly increases the throughput of valid DNS responses compared to user space alternatives. In conclusion, XDP emerges as a promising solution for the mitigation of Water Torture attacks against DNS servers.
{"title":"Leveraging on the XDP Framework for the Efficient Mitigation of Water Torture Attacks within Authoritative DNS Servers","authors":"Nikos Kostopoulos, D. Kalogeras, B. Maglaris","doi":"10.1109/netsoft48620.2020.9165454","DOIUrl":"https://doi.org/10.1109/netsoft48620.2020.9165454","url":null,"abstract":"In this paper we utilize XDP for DNS Deep Packet Inspection (DPI) in order to mitigate Water Torture attacks at the NIC driver level of Authoritative DNS Servers. Our approach may benefit DNS Administrators who wish to filter attack traffic within their DNS infrastructure and avoid the latency overhead and additional costs imposed by external cloud scrubbing services. Our schema does not depend on specialized hardware and does not blacklist entire domain name suffices, hence does not block legitimate requests. Packets are intercepted by XDP that identifies messages of DNS requests for further processing. Requested names are extracted from the message payload and categorized based on their validity. Valid names are forwarded to the user space to be resolved, whilst invalid ones are dropped within the Linux kernel at an early stage without downgrading the DNS service. Names are classified using Bloom Filters that map DNS zone contents in a memory efficient manner. These probabilistic data structures are free of false negatives and therefore valid DNS requests are never dropped. We provide a proof of concept setup to test our schema under a DDoS attack scenario and assess how mitigation performance is affected by DPI on DNS requests. Our experiments verify that using XDP significantly increases the throughput of valid DNS responses compared to user space alternatives. In conclusion, XDP emerges as a promising solution for the mitigation of Water Torture attacks against DNS servers.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128174325","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-06-01DOI: 10.1109/NetSoft48620.2020.9165379
Selim Ickin, K. Vandikas, Farnaz Moradi, Jalil Taghia, Wenfeng Hu
Quality of Experience (QoE) models need good generalization that necessitates sufficient amount of user-labeled datasets associated with measurements related to underlying QoE factors. However, obtaining QoE datasets is often costly, since they are preferably collected from many subjects with diverse background, and eventually dataset sizes and representations are limited. Models can be improved by sharing and merging those collected local datasets, however regulations such as GDPR make data sharing difficult, as those local user datasets might contain sensitive information about the subjects. A privacy-preserving machine learning approach such as Federated Learning (FL) is a potential candidate that enables sharing of QoE data models between collaborators without exposing ground truth, but only by means of sharing the securely aggregated form of extracted model parameters. While FL can enable a seamless QoE model management, if collaborators do not have the same level of data quality, more iterations of information sharing over a communication channel might be necessary for models to reach an acceptable accuracy. In this paper, we present an ensemble based Bayesian synthetic data generation method for FL, LOO (Leave-One-Out), which reduces the training time by 30% and the network footprint in the communication channel by 60%.
体验质量(QoE)模型需要良好的泛化,这需要足够数量的用户标记数据集,这些数据集与与潜在QoE因素相关的测量相关联。然而,获得QoE数据集通常是昂贵的,因为它们最好是从具有不同背景的许多主题中收集的,并且最终数据集的大小和表示是有限的。可以通过共享和合并这些收集的本地数据集来改进模型,但是GDPR等法规使数据共享变得困难,因为这些本地用户数据集可能包含有关主题的敏感信息。联邦学习(FL)等保护隐私的机器学习方法是一种潜在的候选方法,它可以在协作者之间共享QoE数据模型,而不会暴露基本事实,但只能通过共享提取的模型参数的安全聚合形式来实现。虽然FL可以实现无缝的QoE模型管理,但如果协作者没有相同级别的数据质量,则可能需要通过通信通道进行更多的信息共享迭代,以使模型达到可接受的准确性。在本文中,我们提出了一种基于集成的FL, LOO (Leave-One-Out)贝叶斯合成数据生成方法,该方法将训练时间减少了30%,并将通信信道中的网络占用减少了60%。
{"title":"Ensemble-based Synthetic Data Synthesis for Federated QoE Modeling","authors":"Selim Ickin, K. Vandikas, Farnaz Moradi, Jalil Taghia, Wenfeng Hu","doi":"10.1109/NetSoft48620.2020.9165379","DOIUrl":"https://doi.org/10.1109/NetSoft48620.2020.9165379","url":null,"abstract":"Quality of Experience (QoE) models need good generalization that necessitates sufficient amount of user-labeled datasets associated with measurements related to underlying QoE factors. However, obtaining QoE datasets is often costly, since they are preferably collected from many subjects with diverse background, and eventually dataset sizes and representations are limited. Models can be improved by sharing and merging those collected local datasets, however regulations such as GDPR make data sharing difficult, as those local user datasets might contain sensitive information about the subjects. A privacy-preserving machine learning approach such as Federated Learning (FL) is a potential candidate that enables sharing of QoE data models between collaborators without exposing ground truth, but only by means of sharing the securely aggregated form of extracted model parameters. While FL can enable a seamless QoE model management, if collaborators do not have the same level of data quality, more iterations of information sharing over a communication channel might be necessary for models to reach an acceptable accuracy. In this paper, we present an ensemble based Bayesian synthetic data generation method for FL, LOO (Leave-One-Out), which reduces the training time by 30% and the network footprint in the communication channel by 60%.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"22 6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124492518","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-06-01DOI: 10.1109/NetSoft48620.2020.9165488
Xin Zhe Khooi, Levente Csikor, D. Divakaran, M. Kang
With each new DDoS attack potentially becoming a higher intensity attack than the previous ones, current ISP measures of over-provisioning or employing a scrubbing service are becoming ineffective and inefficient. We argue that we need an in-network solution (i.e., entirely in the data plane), to detect DDoS attacks, identify the corresponding traffic and mitigate promptly. In this paper, we propose the first distributed in-network defense architecture, DIDA, to cope with the sophisticated amplified reflection DDoS (AR-DDoS) attacks. We leverage programmable stateful data planes and efficient data structures and show that it is possible to keep track of per-user connections in an automated and distributed manner without overwhelming the network controller. Building on top of this data, DIDA can easily detect if unsolicited attack packets are sent towards a victim within an ISP network. Once an attack is detected, the routers at the network edge automatically block the malicious sources. We prototype DIDA in P4. Our preliminary experiments show that DIDA can detect and mitigate 99.8% of amplification attacks containing 7, 000 different sources while requiring less than 1% of the memory of current programmable switches.
{"title":"DIDA: Distributed In-Network Defense Architecture Against Amplified Reflection DDoS Attacks","authors":"Xin Zhe Khooi, Levente Csikor, D. Divakaran, M. Kang","doi":"10.1109/NetSoft48620.2020.9165488","DOIUrl":"https://doi.org/10.1109/NetSoft48620.2020.9165488","url":null,"abstract":"With each new DDoS attack potentially becoming a higher intensity attack than the previous ones, current ISP measures of over-provisioning or employing a scrubbing service are becoming ineffective and inefficient. We argue that we need an in-network solution (i.e., entirely in the data plane), to detect DDoS attacks, identify the corresponding traffic and mitigate promptly. In this paper, we propose the first distributed in-network defense architecture, DIDA, to cope with the sophisticated amplified reflection DDoS (AR-DDoS) attacks. We leverage programmable stateful data planes and efficient data structures and show that it is possible to keep track of per-user connections in an automated and distributed manner without overwhelming the network controller. Building on top of this data, DIDA can easily detect if unsolicited attack packets are sent towards a victim within an ISP network. Once an attack is detected, the routers at the network edge automatically block the malicious sources. We prototype DIDA in P4. Our preliminary experiments show that DIDA can detect and mitigate 99.8% of amplification attacks containing 7, 000 different sources while requiring less than 1% of the memory of current programmable switches.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122752401","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-06-01DOI: 10.1109/NetSoft48620.2020.9165420
Panagiotis I. Radoglou-Grammatikis, P. Sarigiannidis, Eider Iturbe, Erkuden Rios, Antonios Sarigiannidis, Odysseas Nikolis, D. Ioannidis, Vasileios Machamint, Michalis Tzifas, Alkiviadis Giannakoulias, M. Angelopoulos, A. Papadopoulos, Francisco Ramos
Information and Communication Technology (ICT) is an integral part of Critical Infrastructures (CIs), bringing both significant pros and cons. Focusing our attention on the energy sector, ICT converts the conventional electrical grid into a new paradigm called Smart Grid (SG), providing crucial benefits such as pervasive control, better utilisation of the existing resources, self-healing, etc. However, in parallel, ICT increases the attack surface of this domain, generating new potential cyberthreats. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) architecture which constitutes an overall solution aiming at protecting SG, by enhancing situational awareness, detecting timely cyberattacks, collecting appropriate forensic evidence and providing an anonymous cybersecurity information-sharing mechanism. Operational characteristics and technical specifications details are analysed for each component, while also the communication interfaces among them are described in detail.
{"title":"Secure and Private Smart Grid: The SPEAR Architecture","authors":"Panagiotis I. Radoglou-Grammatikis, P. Sarigiannidis, Eider Iturbe, Erkuden Rios, Antonios Sarigiannidis, Odysseas Nikolis, D. Ioannidis, Vasileios Machamint, Michalis Tzifas, Alkiviadis Giannakoulias, M. Angelopoulos, A. Papadopoulos, Francisco Ramos","doi":"10.1109/NetSoft48620.2020.9165420","DOIUrl":"https://doi.org/10.1109/NetSoft48620.2020.9165420","url":null,"abstract":"Information and Communication Technology (ICT) is an integral part of Critical Infrastructures (CIs), bringing both significant pros and cons. Focusing our attention on the energy sector, ICT converts the conventional electrical grid into a new paradigm called Smart Grid (SG), providing crucial benefits such as pervasive control, better utilisation of the existing resources, self-healing, etc. However, in parallel, ICT increases the attack surface of this domain, generating new potential cyberthreats. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) architecture which constitutes an overall solution aiming at protecting SG, by enhancing situational awareness, detecting timely cyberattacks, collecting appropriate forensic evidence and providing an anonymous cybersecurity information-sharing mechanism. Operational characteristics and technical specifications details are analysed for each component, while also the communication interfaces among them are described in detail.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124976262","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-06-01DOI: 10.1109/NetSoft48620.2020.9165537
A. Carrega, L. Caviglione, M. Repetto, M. Zuppelli
The “arm race” against malware developers requires to collect a wide variety of performance measurements, for instance to face threats leveraging information hiding and steganography. Unfortunately, this process could be time-consuming, lack of scalability and cause performance degradations within computing and network nodes. Moreover, since the detection of steganographic threats is poorly generalizable, being able to collect attack-independent indicators is of prime importance. To this aim, the paper proposes to take advantage of the extended Berkeley Packet Filter to gather data for detecting stegomalware. To prove the effectiveness of the approach, it also reports some preliminary experimental results obtained as the joint outcome of two H2020 Projects, namely ASTRID and SIMARGL.
{"title":"Programmable Data Gathering for Detecting Stegomalware","authors":"A. Carrega, L. Caviglione, M. Repetto, M. Zuppelli","doi":"10.1109/NetSoft48620.2020.9165537","DOIUrl":"https://doi.org/10.1109/NetSoft48620.2020.9165537","url":null,"abstract":"The “arm race” against malware developers requires to collect a wide variety of performance measurements, for instance to face threats leveraging information hiding and steganography. Unfortunately, this process could be time-consuming, lack of scalability and cause performance degradations within computing and network nodes. Moreover, since the detection of steganographic threats is poorly generalizable, being able to collect attack-independent indicators is of prime importance. To this aim, the paper proposes to take advantage of the extended Berkeley Packet Filter to gather data for detecting stegomalware. To prove the effectiveness of the approach, it also reports some preliminary experimental results obtained as the joint outcome of two H2020 Projects, namely ASTRID and SIMARGL.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114896051","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-06-01DOI: 10.1109/NetSoft48620.2020.9165348
Stefan Schneider, Narayanan Puthenpurayil Satheeschandran, Manuel Peuster, H. Karl
Network function virtualization (NFV) proposes to replace physical middleboxes with more flexible virtual network functions (VNFs). To dynamically adjust to ever-changing traffic demands, VNFs have to be instantiated and their allocated resources have to be adjusted on demand. Deciding the amount of allocated resources is non-trivial. Existing optimization approaches often assume fixed resource requirements for each VNF instance. However, this can easily lead to either waste of resources or bad service quality if too many or too few resources are allocated. To solve this problem, we train machine learning models on real VNF data, containing measurements of performance and resource requirements. For each VNF, the trained models can then accurately predict the required resources to handle a certain traffic load. We integrate these machine learning models into an algorithm for joint VNF scaling and placement and evaluate their impact on resulting VNF placements. Our evaluation based on real-world data shows that using suitable machine learning models effectively avoids over- and under-allocation of resources, leading to up to 12 times lower resource consumption and better service quality with up to 4.5 times lower total delay than using standard fixed resource allocation.
网络功能虚拟化(Network function virtualization, NFV)是一种以更灵活的虚拟网络功能(virtual Network functions, VNFs)取代物理中间体的技术。为了动态调整以适应不断变化的流量需求,必须实例化VNFs,并且必须根据需求调整其分配的资源。决定分配资源的数量是非常重要的。现有的优化方法通常假设每个VNF实例的资源需求是固定的。然而,如果分配的资源过多或过少,这很容易导致资源浪费或服务质量下降。为了解决这个问题,我们在真实的VNF数据上训练机器学习模型,其中包含性能和资源需求的测量。对于每个VNF,经过训练的模型可以准确地预测处理特定流量负载所需的资源。我们将这些机器学习模型集成到联合VNF缩放和放置的算法中,并评估它们对最终VNF放置的影响。我们基于真实世界数据的评估表明,使用合适的机器学习模型有效地避免了资源的过度分配和不足分配,与使用标准固定资源分配相比,资源消耗降低了12倍,服务质量提高了4.5倍,总延迟降低了4.5倍。
{"title":"Machine Learning for Dynamic Resource Allocation in Network Function Virtualization","authors":"Stefan Schneider, Narayanan Puthenpurayil Satheeschandran, Manuel Peuster, H. Karl","doi":"10.1109/NetSoft48620.2020.9165348","DOIUrl":"https://doi.org/10.1109/NetSoft48620.2020.9165348","url":null,"abstract":"Network function virtualization (NFV) proposes to replace physical middleboxes with more flexible virtual network functions (VNFs). To dynamically adjust to ever-changing traffic demands, VNFs have to be instantiated and their allocated resources have to be adjusted on demand. Deciding the amount of allocated resources is non-trivial. Existing optimization approaches often assume fixed resource requirements for each VNF instance. However, this can easily lead to either waste of resources or bad service quality if too many or too few resources are allocated. To solve this problem, we train machine learning models on real VNF data, containing measurements of performance and resource requirements. For each VNF, the trained models can then accurately predict the required resources to handle a certain traffic load. We integrate these machine learning models into an algorithm for joint VNF scaling and placement and evaluate their impact on resulting VNF placements. Our evaluation based on real-world data shows that using suitable machine learning models effectively avoids over- and under-allocation of resources, leading to up to 12 times lower resource consumption and better service quality with up to 4.5 times lower total delay than using standard fixed resource allocation.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121214850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-06-01DOI: 10.1109/NetSoft48620.2020.9165325
Daniel Spiekermann, J. Keller
The enormous number of network packets transferred in modern networks together with the high-speed transmissions hamper the implementation of successful IT security mechanisms. In addition to this, virtual networks create highly dynamic and flexible environments, which differ widely from well-known infrastructures of the past decade. Network forensic investigation aiming at the detection of covert channels, malware usage or anomaly detection is faced with new problems and gets a time-consuming, error-prone and complex process. Machine learning provides advanced techniques to perform this work faster with a lower error rate. Depending on the learning technique, algorithms work nearly without any necessary interaction to detect relevant events in the transferred network packets. Occurring changes are noticed and additional processes might be started. Current algorithms work well in static environments, but the highly-dynamic environments of virtual networks create additional events, which might irritate the anomaly detection algorithms. This paper analyses virtual network protocols like VXLAN, GRE and GENVE and their impact of the detection rate of anomalies in the environment. Our research shows the need for adapted pre-processing of the network data, in the worst case on demand if changes are detected.
{"title":"Impact of Virtual Networks on Anomaly Detection with Machine Learning","authors":"Daniel Spiekermann, J. Keller","doi":"10.1109/NetSoft48620.2020.9165325","DOIUrl":"https://doi.org/10.1109/NetSoft48620.2020.9165325","url":null,"abstract":"The enormous number of network packets transferred in modern networks together with the high-speed transmissions hamper the implementation of successful IT security mechanisms. In addition to this, virtual networks create highly dynamic and flexible environments, which differ widely from well-known infrastructures of the past decade. Network forensic investigation aiming at the detection of covert channels, malware usage or anomaly detection is faced with new problems and gets a time-consuming, error-prone and complex process. Machine learning provides advanced techniques to perform this work faster with a lower error rate. Depending on the learning technique, algorithms work nearly without any necessary interaction to detect relevant events in the transferred network packets. Occurring changes are noticed and additional processes might be started. Current algorithms work well in static environments, but the highly-dynamic environments of virtual networks create additional events, which might irritate the anomaly detection algorithms. This paper analyses virtual network protocols like VXLAN, GRE and GENVE and their impact of the detection rate of anomalies in the environment. Our research shows the need for adapted pre-processing of the network data, in the worst case on demand if changes are detected.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126680251","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: