Anomaly Detection and Localization in NFV Systems: an Unsupervised Learning Approach

Due to the scarcity of labeled faulty data, Unsupervised Learning (UL) methods have gained great traction for anomaly detection and localization in Network Functions Virtualization (NFV) systems. In a UL approach, training is performed on only normal data for learning normal data patterns, and deviation from the norm is considered as an anomaly. However, it has been shown that even small percentages of anomalous samples in the training data (referred to as contamination) can significantly degrade the performance of UL methods. To address this issue, we propose an anomaly-detection approach based on the Noisy-Student technique, which was originally introduced for leveraging unlabeled datasets in computer-vision classification problems. Our approach not only provides robustness against training-data contamination, but also can leverage this contamination to improve anomaly-detection accuracy. Moreover, after an anomaly is detected, localization of the anomalous virtualized network functions in an unsupervised manner is a challenging task in the absence of labeled data. For anomaly localization in NFV systems, we propose to exploit existing local AI-explainability methods to achieve a high localization performance and propose our own novel AI-explainability method, specifically designed for the anomaly-localization problem in NFV, to improve the performance further. We perform a comprehensive experimental analysis on two datasets collected on different NFV testbeds and show that our proposed solutions outperform the existing methods by up to 22% in anomaly detection and up to 19% in anomaly localization in terms of F1-score

Message from the IWCMC 2012 chairs

[No abstract available]Scopus2-s2.0-8486918560

Service Dependencies-Aware Policy Enforcement Framework Based on Hierarchical Colored Petri Net

Abstract. As computer and network security threats become more sophisticated and the number of service dependencies is increasing, optimal response decision is becoming a challenging task for security administrators. They should deploy and implement proper network security policy enforcement mechanisms in order to apply the appropriate countermeasures and defense strategy. In this paper, we propose a novel modeling framework which considers the service dependencies while identifying and selecting the appropriate Policy Enforcement Points during an intrusion response process. First, we present the security implications of the service dependencies that have been developed in the literature. Second, we give an overview of Colored Petri Nets (CPN) and Hierarchical CPN (HCPN) and its application on network security. Third, we specify our Service Dependencies-aware Policy Enforcement Framework which is based on the application of HCPN. Finally and to illustrate the advantage of our approach, we present a webmail application use case with the integration of different Policy Enforcement Points.

A comprehensive survey on machine learning for networking: evolution, applications and research opportunities

Abstract Machine Learning (ML) has been enjoying an unprecedented surge in applications that solve problems and enable automation in diverse domains. Primarily, this is due to the explosion in the availability of data, significant improvements in ML techniques, and advancement in computing capabilities. Undoubtedly, ML has been applied to various mundane and complex problems arising in network operation and management. There are various surveys on ML for specific areas in networking or for specific network technologies. This survey is original, since it jointly presents the application of diverse ML techniques in various key areas of networking across different network technologies. In this way, readers will benefit from a comprehensive discussion on the different learning paradigms and ML techniques applied to fundamental problems in networking, including traffic prediction, routing and classification, congestion control, resource and fault management, QoS and QoE management, and network security. Furthermore, this survey delineates the limitations, give insights, research challenges and future opportunities to advance ML in networking. Therefore, this is a timely contribution of the implications of ML for networking, that is pushing the barriers of autonomic network operation and management