30 research outputs found
Requirements-driven self-optimization of composite services using feedback control
In an uncertain and changing environment, a composite service needs to continuously optimize its business process and service selection through runtime adaptation. To achieve the overall satisfaction of stakeholder requirements, quality tradeoffs are needed to adapt the composite service in response to the changing environments. Existing approaches on service selection and composition, however, are mostly based on quality preferences and business processes decisions made statically at the design time.
In this paper, we propose a requirements-driven self-optimization approach for composite services. It measures the quality of services (QoS), estimates the earned business value, and tunes the preference ranks through a feedback loop. The detection of unexpected earned business value triggers the proposed self-optimization process systematically. At the process level, a preference-based reasoner configures a requirements goal model according to the tuned preference ranks of QoS requirements, reconfiguring the business process according to its mappings from the goal configurations. At the service level, selection decisions are optimized by utilizing the tuned weights of QoS criteria.
We used an experimental study to evaluate the proposed approach. Results indicate that the new approach outperforms both fixed-weighted and floating-weighted service selection approaches with respect to earned business value and adaptation flexibility
Malicious Package Detection in NPM and PyPI using a Single Model of Malicious Behavior Sequence
Open-source software (OSS) supply chain enlarges the attack surface, which
makes package registries attractive targets for attacks. Recently, package
registries NPM and PyPI have been flooded with malicious packages. The
effectiveness of existing malicious NPM and PyPI package detection approaches
is hindered by two challenges. The first challenge is how to leverage the
knowledge of malicious packages from different ecosystems in a unified way such
that multi-lingual malicious package detection can be feasible. The second
challenge is how to model malicious behavior in a sequential way such that
maliciousness can be precisely captured. To address the two challenges, we
propose and implement Cerebro to detect malicious packages in NPM and PyPI. We
curate a feature set based on a high-level abstraction of malicious behavior to
enable multi-lingual knowledge fusing. We organize extracted features into a
behavior sequence to model sequential malicious behavior. We fine-tune the BERT
model to understand the semantics of malicious behavior. Extensive evaluation
has demonstrated the effectiveness of Cerebro over the state-of-the-art as well
as the practically acceptable efficiency. Cerebro has successfully detected 306
and 196 new malicious packages in PyPI and NPM, and received 385 thank letters
from the official PyPI and NPM teams
Self-adaptation through incremental generative model transformations at runtime
A self-adaptive system uses runtime models to adapt its architecture to the changing requirements and contexts. However, there is no one-to-one mapping between the requirements in the problem space and the architectural elements in the solution space. Instead, one refined requirement may crosscut multiple architectural elements, and its realization involves complex behavioral or structural interactions manifested as architectural design decisions. In this paper we propose to combine two kinds of self-adaptations: requirements-driven self-adaptation, which captures requirements as goal models to reason about the best plan within the problem space, and architecture-based self-adaptation, which captures architectural design decisions as decision trees to search for the best design for the desired requirements within the contextualized solution space. Following these adaptations, component-based architecture models are reconfigured using incremental and generative model transformations. Compared with requirements-driven or architecture-based approaches, the case study using an online shopping benchmark shows promise that our approach can further improve the effectiveness of adaptation (e.g. system throughput in this case study) and offer more adaptation flexibility
Demystifying Dependency Bugs in Deep Learning Stack
Deep learning (DL) applications, built upon a heterogeneous and complex DL
stack (e.g., Nvidia GPU, Linux, CUDA driver, Python runtime, and TensorFlow),
are subject to software and hardware dependencies across the DL stack. One
challenge in dependency management across the entire engineering lifecycle is
posed by the asynchronous and radical evolution and the complex version
constraints among dependencies. Developers may introduce dependency bugs (DBs)
in selecting, using and maintaining dependencies. However, the characteristics
of DBs in DL stack is still under-investigated, hindering practical solutions
to dependency management in DL stack. To bridge this gap, this paper presents
the first comprehensive study to characterize symptoms, root causes and fix
patterns of DBs across the whole DL stack with 446 DBs collected from
StackOverflow posts and GitHub issues. For each DB, we first investigate the
symptom as well as the lifecycle stage and dependency where the symptom is
exposed. Then, we analyze the root cause as well as the lifecycle stage and
dependency where the root cause is introduced. Finally, we explore the fix
pattern and the knowledge sources that are used to fix it. Our findings from
this study shed light on practical implications on dependency management
Guardauto: A Decentralized Runtime Protection System for Autonomous Driving
Due to the broad attack surface and the lack of runtime protection, potential
safety and security threats hinder the real-life adoption of autonomous
vehicles. Although efforts have been made to mitigate some specific attacks,
there are few works on the protection of the self-driving system. This paper
presents a decentralized self-protection framework called Guardauto to protect
the self-driving system against runtime threats. First, Guardauto proposes an
isolation model to decouple the self-driving system and isolate its components
with a set of partitions. Second, Guardauto provides self-protection mechanisms
for each target component, which combines different methods to monitor the
target execution and plan adaption actions accordingly. Third, Guardauto
provides cooperation among local self-protection mechanisms to identify the
root-cause component in the case of cascading failures affecting multiple
components. A prototype has been implemented and evaluated on the open-source
autonomous driving system Autoware. Results show that Guardauto could
effectively mitigate runtime failures and attacks, and protect the control
system with acceptable performance overhead
Uncertainty handling in goal-driven self-optimization – limiting the negative effect on adaptation
Goal-driven self-optimization through feedback loops has shown effectiveness in reducing oscillating utilities due to a large number of uncertain factors in the runtime environments. However, such self-optimization is less satisfactory when there contains uncertainty in the predefined requirements goal models, such as imprecise contributions and unknown quality preferences, or during the switches of goal solutions, such as lack of understanding about the time for the adaptation actions to take effect. In this paper, we propose to handle such uncertainty in goal-driven self-optimization without interrupting the services. Taking the monitored quality values as the feedback, and the estimated earned value as the global indicator of self-optimization, our approach dynamically updates the quantitative contributions from alternative functionalities to quality requirements, tunes the preferences of relevant quality requirements, and determines a proper timing delay for the last adaptation action to take effect. After applying these runtime measures to limit the negative effect of the uncertainty in goal models and their suggested switches, an experimental study on a real-life online shopping system shows the improvements over goal-driven self-optimization approaches without uncertainty handling
Recommended from our members
Are your sites down? Requirements-driven self-tuning for the survivability of web systems
Running in a highly uncertain and greatly complex environment, Web systems cannot always provide full set of services with optimal quality, especially when work loads are high or subsystem failures are frequent. Hence, it is significant to continuously maintain a high satisfaction level of survivability, hereafter survivability assurance, while relaxing or sacrificing certain quality or functional requirements that are not crucial to the survival of the entire system. After giving a value-based interpretation to survivability assurance to facilitate a quantitative analysis, we propose a requirements-driven self-tuning method for the survivability assurance of Web systems. Maintaining an enriched and live goal model, our method adapts to runtime tradeoff decisions made by our PID (propor-tional-integral-derivative) controller and goal-oriented reasoner for both quality and functional requirements. The goal-based configuration plans produced by the reasoner is carried out on the live goal model, and then mapped into system architectural configurations. Experiments on an online shopping system are conducted to validate the effectiveness of the proposed method