The Challenges in SDN/ML Based Network Security : A Survey

Machine Learning is gaining popularity in the network security domain as many more network-enabled devices get connected, as malicious activities become stealthier, and as new technologies like Software Defined Networking (SDN) emerge. Sitting at the application layer and communicating with the control layer, machine learning based SDN security models exercise a huge influence on the routing/switching of the entire SDN. Compromising the models is consequently a very desirable goal. Previous surveys have been done on either adversarial machine learning or the general vulnerabilities of SDNs but not both. Through examination of the latest ML-based SDN security applications and a good look at ML/SDN specific vulnerabilities accompanied by common attack methods on ML, this paper serves as a unique survey, making a case for more secure development processes of ML-based SDN security applications.Comment: 8 pages. arXiv admin note: substantial text overlap with arXiv:1705.0056

Modelling and managing service-level agreements in the context of 5G neutral hosting platforms

This project has received funding from the European Union’s Horizon 2020 research andinnovation programme under grant agreement No 761508 (5GCity project) and theSpanish national project 5GCity (TEC2016-76795-C6-1-R)This document contains the study and development of Service-Level Agreement (SLA) management mechanisms in the context of a 5G neutral host platform. The infrastructure involved in a neutral host platform is evaluated by an SLA Manager that handles the database of agreements for all the users, and verifies if the monitored data complies with the thresholds stated in the Service-Level Objectives (SLO) agreed in the SLAs. Neutral host is a platform that has different levels of virtualization over a 5G infrastructure. It starts from a sliced network infrastructure for logic separation between tenants, which in the next level of virtualization, can host 5G services with Network Functions Virtualization (NFV) techniques. This virtual platform runs on top of a physical infrastructure that not only covers data centres like in cloud platforms, but also includes access networks, edge computing and distributed cloud elements. Evaluating through all this infrastructure adds new levels of complexity for monitoring and obtaining an accurate value for any Key Performance Indicator, or high-level parameters for Quality of Service. This challenge is faced with a software module, called SLA Manager, which identifies the different involved infrastructure elements and creates monitoring jobs according to highlevel requirements described in each SLO to obtain low-level infrastructure data. This data is then computed to obtain a high-level value to compare latter with an SLO threshold and verify if there is a violation. Availability is the main KPI on which this study focuses. A generic SLA template body is presented for being stored in a NoSQL database solution, able to adapt to any new service deployed over new technologies that may be deployed by the neutral host, and to add flexibility and scalability to the solution. Results show that the accuracy and reliability of the high-level objectives stated in the SLOs obey the standards required for 5G applications. The system quickly detects any outage and gives feedback to the platform to recover and avoid any violation. Delay times for detection are observed in order to provide exact measurements for availability levels. The report ends with conclusions and future development lines, as well as ethical and sustainability considerations the study involves

Towards Service Level Agreement Quantification on Service-Based Computing

A service Level Agreement is an agreement between service providers and consumers that contains the rights and obligations of both parties, particularly in terms of the delivery of services provided during the subscription period on service-based computing. Once approved, normally, the Service Level Agreement will not change until the end of the subscription period. SLA violations are often positioned between yes and no. As a result, service providers must deal with severe penalties or compensation. In this paper, the use of weightage for each SLA parameter is introduced in this paper. Such quantification using weightage is the main contribution. SLA violation detection cases in service-based computing are used to demonstrate how SLA quantification works. In the simulation scenario of SLA quantification, the presence of weightage and its aggregates along with the upper and lower bound is able to help the SLA violation detection process more appropriate. Violations are no longer seen between Yes and No, but the severity of the violation can also be determined. The number of violated parameters is not very influential in determining the level because the main determinant is the weightage. At the same time, the upper and lower limits are also very helpful in determining the level of violation. It is believed that SLA quantification is the way forward for better SLA management

Mecanismos para controlo e gestão de redes 5G: redes de operador

In 5G networks, time-series data will be omnipresent for the monitoring of network metrics. With the increase in the number of Internet of Things (IoT) devices in the next years, it is expected that the number of real-time time-series data streams increases at a fast pace. To be able to monitor those streams, test and correlate different algorithms and metrics simultaneously and in a seamless way, time-series forecasting is becoming essential for the pro-active successful management of the network. The objective of this dissertation is to design, implement and test a prediction system in a communication network, that allows integrating various networks, such as a vehicular network and a 4G operator network, to improve the network reliability and Quality-of-Service (QoS). To do that, the dissertation has three main goals: (1) the analysis of different network datasets and implementation of different approaches to forecast network metrics, to test different techniques; (2) the design and implementation of a real-time distributed time-series forecasting architecture, to enable the network operator to make predictions about the network metrics; and lastly, (3) to use the forecasting models made previously and apply them to improve the network performance using resource management policies. The tests done with two different datasets, addressing the use cases of congestion management and resource splitting in a network with a limited number of resources, show that the network performance can be improved with proactive management made by a real-time system able to predict the network metrics and act on the network accordingly. It is also done a study about what network metrics can cause reduced accessibility in 4G networks, for the network operator to act more efficiently and pro-actively to avoid such eventsEm redes 5G, séries temporais serão omnipresentes para a monitorização de métricas de rede. Com o aumento do número de dispositivos da Internet das Coisas (IoT) nos próximos anos, é esperado que o número de fluxos de séries temporais em tempo real cresça a um ritmo elevado. Para monitorizar esses fluxos, testar e correlacionar diferentes algoritmos e métricas simultaneamente e de maneira integrada, a previsão de séries temporais está a tornar-se essencial para a gestão preventiva bem sucedida da rede. O objetivo desta dissertação é desenhar, implementar e testar um sistema de previsão numa rede de comunicações, que permite integrar várias redes diferentes, como por exemplo uma rede veicular e uma rede 4G de operador, para melhorar a fiabilidade e a qualidade de serviço (QoS). Para isso, a dissertação tem três objetivos principais: (1) a análise de diferentes datasets de rede e subsequente implementação de diferentes abordagens para previsão de métricas de rede, para testar diferentes técnicas; (2) o desenho e implementação de uma arquitetura distribuída de previsão de séries temporais em tempo real, para permitir ao operador de rede efetuar previsões sobre as métricas de rede; e finalmente, (3) o uso de modelos de previsão criados anteriormente e sua aplicação para melhorar o desempenho da rede utilizando políticas de gestão de recursos. Os testes efetuados com dois datasets diferentes, endereçando os casos de uso de gestão de congestionamento e divisão de recursos numa rede com recursos limitados, mostram que o desempenho da rede pode ser melhorado com gestão preventiva da rede efetuada por um sistema em tempo real capaz de prever métricas de rede e atuar em conformidade na rede. Também é efetuado um estudo sobre que métricas de rede podem causar reduzida acessibilidade em redes 4G, para o operador de rede atuar mais eficazmente e proativamente para evitar tais acontecimentos.Mestrado em Engenharia de Computadores e Telemátic

QoE on media deliveriy in 5G environments

231 p.5G expandirá las redes móviles con un mayor ancho de banda, menor latencia y la capacidad de proveer conectividad de forma masiva y sin fallos. Los usuarios de servicios multimedia esperan una experiencia de reproducción multimedia fluida que se adapte de forma dinámica a los intereses del usuario y a su contexto de movilidad. Sin embargo, la red, adoptando una posición neutral, no ayuda a fortalecer los parámetros que inciden en la calidad de experiencia. En consecuencia, las soluciones diseñadas para realizar un envío de tráfico multimedia de forma dinámica y eficiente cobran un especial interés. Para mejorar la calidad de la experiencia de servicios multimedia en entornos 5G la investigación llevada a cabo en esta tesis ha diseñado un sistema múltiple, basado en cuatro contribuciones.El primer mecanismo, SaW, crea una granja elástica de recursos de computación que ejecutan tareas de análisis multimedia. Los resultados confirman la competitividad de este enfoque respecto a granjas de servidores. El segundo mecanismo, LAMB-DASH, elige la calidad en el reproductor multimedia con un diseño que requiere una baja complejidad de procesamiento. Las pruebas concluyen su habilidad para mejorar la estabilidad, consistencia y uniformidad de la calidad de experiencia entre los clientes que comparten una celda de red. El tercer mecanismo, MEC4FAIR, explota las capacidades 5G de analizar métricas del envío de los diferentes flujos. Los resultados muestran cómo habilita al servicio a coordinar a los diferentes clientes en la celda para mejorar la calidad del servicio. El cuarto mecanismo, CogNet, sirve para provisionar recursos de red y configurar una topología capaz de conmutar una demanda estimada y garantizar unas cotas de calidad del servicio. En este caso, los resultados arrojan una mayor precisión cuando la demanda de un servicio es mayor

QoE on media deliveriy in 5G environments

231 p.5G expandirá las redes móviles con un mayor ancho de banda, menor latencia y la capacidad de proveer conectividad de forma masiva y sin fallos. Los usuarios de servicios multimedia esperan una experiencia de reproducción multimedia fluida que se adapte de forma dinámica a los intereses del usuario y a su contexto de movilidad. Sin embargo, la red, adoptando una posición neutral, no ayuda a fortalecer los parámetros que inciden en la calidad de experiencia. En consecuencia, las soluciones diseñadas para realizar un envío de tráfico multimedia de forma dinámica y eficiente cobran un especial interés. Para mejorar la calidad de la experiencia de servicios multimedia en entornos 5G la investigación llevada a cabo en esta tesis ha diseñado un sistema múltiple, basado en cuatro contribuciones.El primer mecanismo, SaW, crea una granja elástica de recursos de computación que ejecutan tareas de análisis multimedia. Los resultados confirman la competitividad de este enfoque respecto a granjas de servidores. El segundo mecanismo, LAMB-DASH, elige la calidad en el reproductor multimedia con un diseño que requiere una baja complejidad de procesamiento. Las pruebas concluyen su habilidad para mejorar la estabilidad, consistencia y uniformidad de la calidad de experiencia entre los clientes que comparten una celda de red. El tercer mecanismo, MEC4FAIR, explota las capacidades 5G de analizar métricas del envío de los diferentes flujos. Los resultados muestran cómo habilita al servicio a coordinar a los diferentes clientes en la celda para mejorar la calidad del servicio. El cuarto mecanismo, CogNet, sirve para provisionar recursos de red y configurar una topología capaz de conmutar una demanda estimada y garantizar unas cotas de calidad del servicio. En este caso, los resultados arrojan una mayor precisión cuando la demanda de un servicio es mayor

Design rules and guidelines for generic condition-based maintenance software's Graphic User Interface

The task of selecting and developing a method of Human Computer Interaction (HCI) for a Condition Based Maintenance (CBM) system, is investigated in this thesis. Efficiently and accurately communicating machinery health information extracted from Condition Monitoring (CM) equipment, to aid and assist plant and machinery maintenance decisions, is the crux of the problem being researched. Challenges facing this research include: the multitude of different CM techniques, developed for measuring different component and machinery condition parameters; the multitude of different methods of HCI; and the multitude of different ways of communicating machinery health conditions to CBM practitioners. Each challenge will be considered whilst pursuing the objective of identifying a generic set of design and development principles, applicable to the design and development of a CBM system's Human Machine Interface (HMI). [Continues.

Forecasting and anticipating SLO breaches in programmable networks

International audienceSoftware Networks built by combining Software Defined Networks (SDN), Network Function Virtualization (NFV) and Cloud principles call for agile and dynamic automation of management operations to ensure continuous provisioning and deployment of networked resources and services. In this context, efficient Service Level Agreements (SLA) management and anticipation of Service Level Objectives (SLO) breaches become essential to fulfill established service contracts with clients. In this paper, we design and specify a framework for cognitive SLA enforcement (using Artificial Neural Network learning) for networking services involving VNFs (Virtualized Network Functions) and SDN controllers. A proof of concept, a testbed description and an extensive evaluation assess the performance of the proposed framewor