Consistent SDNs through Network State Fuzzing

The conventional wisdom is that a software-defined network (SDN) operates under the premise that the logically centralized control plane has an accurate representation of the actual data plane state. Nevertheless, bugs, misconfigurations, faults or attacks can introduce inconsistencies that undermine correct operation. Previous work in this area, however, lacks a holistic methodology to tackle this problem and thus, addresses only certain parts of the problem. Yet, the consistency of the overall system is only as good as its least consistent part. Motivated by an analogy of network consistency checking with program testing, we propose to add active probe-based network state fuzzing to our consistency check repertoire. Hereby, our system, PAZZ, combines production traffic with active probes to continuously test if the actual forwarding path and decision elements (on the data plane) correspond to the expected ones (on the control plane). Our insight is that active traffic covers the inconsistency cases beyond the ones identified by passive traffic. PAZZ prototype was built and evaluated on topologies of varying scale and complexity. Our results show that PAZZ requires minimal network resources to detect persistent data plane faults through fuzzing and localize them quickly

On the Cost of Measuring Traffic in a Virtualized Environment

International audienceThe current trend in application development and deployment is to package applications and services within containers or virtual machines. This results in a blend of virtual and physical resources with complex network interconnection schemas mixing virtual and physical switches along with specific protocols to build virtual networks spanning over several servers. While the complexity of this setup is hidden by private/public cloud management solutions, e.g. OpenStack, this new environment constitutes a challenge when it comes to monitor and debug performance related issues. In this paper, we introduce the problem of measuring traffic in a virtualized environment and focus on one typical scenario, namely virtual machines interconnected with a virtual switch. For this scenario, we assess the cost of continuously measuring the network traffic activity of the machines. Specifically, we seek to estimate the competition that exists to access the physical resources (e.g., CPU) of the physical server between the measurement task and the legacy application activity

LogSnap: Creating snapshots of OpenFlow Data Centre Networks for offline querying

Software-Defined Networking (SDN) has enabled automated modification of the behavior of network devices to match changes in network policy. This facility has driven adoption of SDN in Data Centre Networks (DCNs), particularly multi-tenant DCNs, where network policies are used extensively and can change rapidly as tenants arrive, leave, and modify their resource usage. It is useful for a DCN operator to have a way to query the past state of a network, e.g. for debugging or verification. In a multi-tenant DCN whose behaviour changes frequently under the programmatic control of SDN, this is an important but complex function to provide. While SDN makes the problem more challenging, it also helps to provide the solution - changes in network policy are communicated in packets sent from an SDN controller to the network devices, and those packets are amenable to capture and analysis to reveal the state of the network. Our solution, LogSnap, records messages exchanged over time between an SDN controller and switches in a network, and can quickly recreate the network in an emulated environment for any point in the recorded history. We have evaluated the system for its accuracy, the speed with which it can recreate the network, and quantified the storage implications of speeding up network reproduction

Threat expert system technology advisor

A prototype expert system was developed to determine the feasibility of using expert system technology to enhance the performance and survivability of helicopter pilots in a combat threat environment while flying NOE (Nap of the Earth) missions. The basis for the concept is the potential of using an Expert System Advisor to reduce the extreme overloading of the pilot who flies NOE mission below treetop level at approximately 40 knots while performing several other functions. The ultimate goal is to develop a Threat Expert System Advisor which provides threat information and advice that are better than even a highly experienced copilot. The results clearly show that the NOE pilot needs all the help in decision aiding and threat situation awareness that he can get. It clearly shows that heuristics are important and that an expert system for combat NOE helicopter missions can be of great help to the pilot in complex threat situations and in making decisions

THE EFFECTIVENESS OF PRIVATELY MANAGED MARINE RESERVES IN SUSTAINING NEARSHORE FISHERIES IN THE TROPICAL COASTAL ZONE

There is an emergent need to increase protection of nearshore resources from a growing human population, which is deteriorating coral reef ecosystems through coastal development, overfishing and destructive fishing practices. A possible solution involves increasing the number of smaller Marine Protected Areas (MPAs), creating a network of reserves with greater fisheries potential, while locally remaining small enough not to overly impinge on fishers available fishing grounds. Coral reefs are often found in developing countries, where governments financially struggle to establish successfully managed MPAs. A growing number of Hotel Managed Marine Reserves (HMMRs) have partly therefore, recently been established. Hotels arguably often have adequate funding, resources, and incentive to protect adjacent coastal areas - an HMMR could allow hotels to establish a market niche for a growing environmentally aware tourist. The principals of an Ecosystem-based Management (EBM) approach was adopted to test protection potential of an HMMR in Vietnam (Whale Island Resort: WIR) from a biological and socioeconomic point of view. Biannual visual fish census surveys (October 2005-April 2007) were conducted at the two marine reserves adjacent to WIR. The 6-year protected Whale Island Bay Reserve (WIB: 11 ha) showed significantly higher fish densities, richness, average size and number of fish >15 cm compared with two unprotected control sites. Fish stocks at the second, newer reserve, Whale Island Bay Peninsula Reserve (WIBP: 5 ha), quickly increased following protection. Fish assemblages at the 5 Artificial Reefs (ARs), made from clay pots (AR areas: 4.2-14.9 m^) in WIB, were greater than adjacent area-equivalent Natural Reefs (NRs) (11.15 greater biomass). showing larger fish assemblages with increasing AR size, adding to local fish stocks enhancement. Surveys were conducted with local fishermen to gauge socioeconomic impacts and management performance of the HMMRs. Fishermen mainly dependent on beach seining mostly opposed the HMMRs, while fishermen using other fishing techniques were generally in favour of the HMMRs, welcoming more protection and confirming spillover of fish, including large food fishes. In a Willingness to Pay (WTP) survey (n=211). 97.5 % of tourists at WIR supported HMMRs and 86.3 % were willing to pay an extra 10 % of the average room rate to stay at such hotels. In a worldwide survey of existing HMMRs, protecting areas from 1-700 ha (average 110 ha +/-13.22 SE), the average management rating attained was high (Good - HMMR is enforced). The accumulated findings from WIR and HMMRs globally, support the great potential of HMMRs as an added tool to protecting a part of our nearshore natural resources

Development of unsupervised learning methods with applications to life sciences data

Machine Learning makes computers capable of performing tasks typically requiring human intelligence. A domain where it is having a considerable impact is the life sciences, allowing to devise new biological analysis protocols, develop patients’ treatments efficiently and faster, and reduce healthcare costs. This Thesis work presents new Machine Learning methods and pipelines for the life sciences focusing on the unsupervised field. At a methodological level, two methods are presented. The first is an “Ab Initio Local Principal Path” and it is a revised and improved version of a pre-existing algorithm in the manifold learning realm. The second contribution is an improvement over the Import Vector Domain Description (one-class learning) through the Kullback-Leibler divergence. It hybridizes kernel methods to Deep Learning obtaining a scalable solution, an improved probabilistic model, and state-of-the-art performances. Both methods are tested through several experiments, with a central focus on their relevance in life sciences. Results show that they improve the performances achieved by their previous versions. At the applicative level, two pipelines are presented. The first one is for the analysis of RNA-Seq datasets, both transcriptomic and single-cell data, and is aimed at identifying genes that may be involved in biological processes (e.g., the transition of tissues from normal to cancer). In this project, an R package is released on CRAN to make the pipeline accessible to the bioinformatic Community through high-level APIs. The second pipeline is in the drug discovery domain and is useful for identifying druggable pockets, namely regions of a protein with a high probability of accepting a small molecule (a drug). Both these pipelines achieve remarkable results. Lastly, a detour application is developed to identify the strengths/limitations of the “Principal Path” algorithm by analyzing Convolutional Neural Networks induced vector spaces. This application is conducted in the music and visual arts domains