automatic inference of high level network intents by
play

Automatic Inference of High-Level Network Intents by Mining - PowerPoint PPT Presentation

Jan 06, 2024 •406 likes •667 views

Automatic Inference of High-Level Network Intents by Mining Forwarding Patterns Ali Kheradmand University of Illinois at Urbana-Champaign 1 SOSR, March 2020 Typical network configuration procedure Mostly manual in todays networks

  1. Automatic Inference of High-Level Network Intents by Mining Forwarding Patterns Ali Kheradmand University of Illinois at Urbana-Champaign 1 SOSR, March 2020

  2. Typical network configuration procedure • Mostly manual in today’s networks • Alas, the semantic gap! ??? Operator Network High-level Intents Configurations (informal) 2

  3. 3

  4. How to bridge the gap? Operator Network High-level Intents Configurations (informal) 4

  5. Current approaches Model of Configured network Verification system S Verifier Does S satisfy Ψ? High-level intents Property Ψ Formal specification Synthesis/Compilation High-level intents Compiler Configurations Network Formal specification 5

  6. Reality • Formal specifications not existing / maybe not even known • Operator is given an informal description of networking objectives • Intents are implicit • Operators inherit legacy networks • Asked to maintain it • 82% concerned that changes would cause problems with existing functionality [Kim et al, NSDI’15] 6

  7. A new approach • Idea: automatically infer high-level intents by looking at the low-level network forwarding behavior How about going this way? High-level Intents Operator Network Configurations 7

  8. Automatic Network Intent Miner (Anime) Inferred intents Observed behavior Anime (high-level) (low-level) Data plane/control plane/configuration analysis Live traffic monitoring … Inferred Possible Observed 8

  9. Applications • Streamline “Intent Based Networking” • Verification/Synthesis • Automatic migration from legacy networks to cloud, SDN, … • Transparent optimizations, automatic repair, etc. • Network behavior summarization • Debugging and management • Anomaly analysis • Misconfiguration detection 9

  10. Example Observed low-level behavior Inferred high-level intent dstIP: 10.0.1.2, start: U1, waypoint: F1, end: S1 User U 1 U 2 U 3 dstIP: 10.0.1.2, start: U2, waypoint: F1, end: S1 dstIP: 10.0.1.2, start: User, waypoint: Firewall, end: S1 dstIP: 10.0.1.2, start: U3, waypoint: F2, end: S1 Firewall FW 1 FW 2 dstIP: 10.0.1.3, start: U1, waypoint: F1, end: S2 Server S 1 S 2 dstIP: 10.0.1.3, start: U2, waypoint: F2, end: S2 dstIP: 10.0.1.3, start: User, waypoint: Firewall, end: S2 10.0.1.2 10.0.1.3 dstIP: 10.0.1.3, start: U3, waypoint: F2, end: S2 dstIP: 10.0.1.2/31, start: User, waypoint: Firewall, end: Server Inferred higher-level intent 10

  11. Expressing behavior and intents • Using features • Each corresponding to one aspect of an observed behavior • Devices: e.g. start, waypoint, end, entire forwarding path • Header information: e.g. source/destination address or port • Conditions/state, e.g. temporal (snapshot timestamp), topological (link failures). device (connection state) • Each has a set of labels associated with it: • Device: U1, U2, U3, S1, S2, FW1, FW2, User, Firewall, Server, Any • IP: 10.0.1.2, 10.0.1.2/31, 10.0.0.0/8, ... dstIP : 10.0.1.2, start : U1, waypoint : F1, end : S1 11

  12. Insight • Networks are hierarchical • E.g. IP hierarchy (CIDR), device role hierarchy • Idea: use hierarchical labels IP Device coverage 0 . 0 . 0 . 0 / 0 : 2 32 Any:7 ... User:3 Firewall:2 Server:2 10 . 0 . 1 . 2 / 31 : 2 U 1 :1 U 2 :1 U 3 :1 F 1 :1 F 2 :1 S 1 :1 S 2 :1 10 . 0 . 1 . 2 / 32 : 1 10 . 0 . 1 . 3 / 32 : 1 specifity 12

  13. Library of feature templates 0 . 0 . 0 . 0 / 0 : 2 32 Any:7 [0 , 255] : 256 Any:n ... User:3 Firewall:2 Server:2 [0 , 1] : 2 [100 , 255] : 156 ... L 1 :1 L 2 :1 ... L n :1 10 . 0 . 1 . 2 / 31 : 2 U 1 :1 U 2 :1 U 3 :1 F 1 :1 F 2 :1 S 1 :1 S 2 :1 0 : 1 1 : 1 100 : 1 255 : 1 ... 10 . 0 . 1 . 2 / 32 : 1 10 . 0 . 1 . 3 / 32 : 1 DAG <V,E> Flat<{L 1 ,L 2 ,…,L n }> Range IP Prefix Any:n AS1.R1.Internal+.R5.AS2 xx : 4 { L 1 , ..., L b } : b { L n − b +1 , ..., L n } : b ... … AS1.R1.Internal.R5.AS2 AS1.R1.Internal.Internal.R5.AS2 ... ... 0 x : 2 1 x : 2 ... { L 1 , L 2 } : 2 { L n − 1 , L n } : 2 AS1.R1.R2.R5.AS2 AS1.R1.R3.R4.R5.AS2 00 : 1 01 : 1 10 : 1 11 : 1 L 1 :1 L 2 :1 L n − 1 :1 L n :1 Set<{L 1 ,L 2 ,…,L n }, b> TBV<n> Hierarchical Reduced Regex (HRE) 13

  14. Expressing behavior and intents • Combine multiple features (Tuple<F 1 ,...,F n >) to express behavior and intents • E.g. Tuple<dstIP, start, waypoint, end> 0.0.0.0/0,Any,Any,Any … Potential high-level intents 10.0.1.2/31,User,Firewall,Server cost 10.0.1.3,User,Firewall,S2 10.0.1.2,User,Firewall,S1 … 10.0.1.3,User,F2,S2 10.0.1.2,User,F1,S1 … … … … … … … … … 10.0.1.2,U1,F1,S1 10.0.1.2,U2,F1,S1 10.0.1.2, U3,F2,S1 10.0.1.3,U1,F1,S2 10.0.1.2,U2,F2,S2 10.0.1.3,U3,F2,S2 … Expressible low-level behavior 14

  15. Problem definition • Given • A set of observed behavior ! = {$ % , … , $ ( } • Limit * on the number of inferred intents cost • Find , < • Intents + = , % , … , , - . (* 0 ≤ *) , -0 • Such that , % • Each behavior in ! is represented by at least one intent from + $ % $ ( $ ; • Minimizes ∑ 4567(,) 8∈: NP-Hard 15

  16. Heuristic solution Least cost common ancestor =5,> ? : Single best intent representing all behavior in g Efficient ? 1 ? 3 =5,> ? 1 {$ % ,…,$ ( } =5,> ? 2 $ 8 =5,> ? 3 … Clustering methods $ ; ? 2 cost(=5,>(p 1 ,p 2 ) ) Insight: cost of =5,> ? inversely related to similarity of behavior in ? Any:7 =5,> I1, I2 = I6KL (cost: 3) User:3 Firewall:2 Server:2 =5,> I1, MN1 = O>P (cost: 7) U 1 :1 U 2 :1 U 3 :1 F 1 :1 F 2 :1 S 1 :1 S 2 :1

  17. Evaluation Quality of inferred intents Performance Refer to the paper 17

  18. Evaluation (objective quality metrics) Inferred Possible Predicted N P [\ Precision: � Specificity TP FN [\]^\ P (exclusion of impossible behavior) Actual [\ Recall: � Coverage N FP TN [\]^_ (inclusion of possible behavior) 18 Whitelist assumption: any behavior not explicitly allowed by any intent in a set of intents is disallowed by that set

  19. Evaluation (comparison with Net2Text) • Re-implemented Compass algorithm from Net2Text [Birkner et al, NSDI18] 1 . 0 • Summarize forwarding traffic Net2Text, Recall: 0.26 Anime, Recall: 1 • “as much as possible” 0 . 8 • No use of hierarchy • Net2Text dataset Precision 0 . 6 • Simplified ISP , Real-world topologies, IPv4 RIB, and AS-to-organization information 0 . 4 • No hierarchy (to be fair) • AT&T topology, 25 nodes, 5 egresses, 100 0 . 2 prefixes, 2500 paths • Perfect observation (possible = observed) 0 . 0 0 500 1000 1500 2000 2500 • Goal: summarization Limit on length of description (k) 19

  20. Evaluation (effect of hierarchical values) • Multiple groups of servers • Synthetic access control policies • “group/server A can communicate 1 . 0 with group/server B” • 100 nodes, 5 groups of size bw 5- 0 . 8 30, 10 intents, 435 paths Precision 0 . 6 Anime w/o hierarchy, Recall: 1 • Perfect observation (possible = observed) Anime with hierarchy, Recall: 1 0 . 4 • Goal: summarization 0 . 2 0 . 0 0 100 200 300 400 Limit on length of description (k) 20

  21. Evaluation (partial observation) “train” on observed (60% of possible), evaluate on possible Near perfect F-score (1 FN, 0 FP) 9/10 actual intents correctly inferred 1 . 0 1 . 0 1 . 0 <\`abac8d(×fabghh \`abac8d(]fabghh 0 . 8 0 . 8 0 . 8 Recall 0 . 6 F-score 0 . 6 Recall 0 . 6 0 . 4 0 . 4 0 . 4 F-score = 0 . 2 Compass 0 . 2 Net2Text Anime w/o hierarchy 0 . 2 Anime Anime Anime with hierarchy 0 . 0 0 . 0 0 . 0 0 . 2 0 . 4 0 . 6 0 . 8 1 . 0 0 . 0 0 . 2 0 . 4 0 . 6 0 . 8 1 . 0 0 100 200 300 400 Precision Precision Limit on length of description (k) Net2Text dataset Access control dataset 21

  22. Concluding remarks • A new approach towards bridging the semantic gap • Anime, a framework to express network behavior and infer intents • Fits the hierarchical nature of networks • Enables application of ML-toolbox to network intent inference • Prototype produces (objectively) high-quality results • Acceptable performance • Future • Incorporating user feedback • Automatic anomaly detection • User study with real-world network operators • Interested? • Let’s get in touch kheradm2@illinois.edu 22

  23. Backup slides 23

  24. Related work • Network behavior summarization Anime: • Net2Text [Birkner et al, NSDI18] snapshot: 1, path: X.A.Y • Network invariant inference snapshot: Any, path: X.{A,B}.Y snapshot: 2, path: X.B.Y • Network analysis [US patent 15/860,558] • Config2Spec [Birkner et al, NSDI20] A A A X Y X Y X Y ∩ = B B B 24

  25. Example 2 AS 1 AS 2 time: morning, failed links: 0, dstIP: 128.174.0.0/16, path: AS1.R1.R2.R5.AS2 time: evening, failed links 1, dstIP: 128.174.0.0/16, path: AS1.R1.R3.R4.R5.AS2 R 2 R 1 R 5 time: Any , failed links: [0-1] , dstIP: 128.174.0.0/16, path: AS1.R1. Internal+ .R5.AS2 R 3 R 4 25

Recommend

Refining Network Intents for Self-Driving Networks Arthur Selle Jacobs Ricardo Jos

Refining Network Intents for Self-Driving Networks Arthur Selle Jacobs Ricardo Jos

Refining Network Intents for Self-Driving Networks Arthur Selle Jacobs Ricardo Jos Pfitscher, Ronaldo Alves Ferreira, Lisandro Zambenedetti Granville UFRGS UFMS Budapest, Hungary August 24, 2018 Self-Driving Networks High-level

874 views • 31 slides
Scalable Inference and Learning for High-Level Probabilistic Models Guy Van den Broeck KU Leuven

Scalable Inference and Learning for High-Level Probabilistic Models Guy Van den Broeck KU Leuven

Scalable Inference and Learning for High-Level Probabilistic Models Guy Van den Broeck KU Leuven Outline Motivation Why high-level representations? Why high-level reasoning? Intuition: Inference rules Liftability theory:

1.96k views • 152 slides
INTENTS Intents (concept) Intents are like messages that activate software components

INTENTS Intents (concept) Intents are like messages that activate software components

INTENTS Intents (concept) Intents are like messages that activate software components (activities,servicies,broadcast receivers) An Intent may be explicit when it has exactly one target or implicit otherwise: it just specifies the

1.05k views • 41 slides
CS 528 Mobile and Ubiquitous Computing Lecture 3b: Intents &amp; Fragments Emmanuel Agu Intents

CS 528 Mobile and Ubiquitous Computing Lecture 3b: Intents &amp; Fragments Emmanuel Agu Intents

CS 528 Mobile and Ubiquitous Computing Lecture 3b: Intents &amp; Fragments Emmanuel Agu Intents Intent Intent: a messaging object used by a component to request action from another app or component 3 main use cases for Intents Case

890 views • 43 slides
Hindley-Milner Type Checking Automatic Type Inference What can be inferred about type of f or x

Hindley-Milner Type Checking Automatic Type Inference What can be inferred about type of f or x

CSE340 Principles of Programming Languages Hindley-Milner Type Checking Automatic Type Inference What can be inferred about type of f or x from this definition? f(x) = x Automatic Type Inference f(x) = x f is a function that takes a single

1.31k views • 73 slides
S9422: AN AUTO-BATCHING API FOR HIGH-PERFORMANCE RNN INFERENCE Murat Efe Guney Developer

S9422: AN AUTO-BATCHING API FOR HIGH-PERFORMANCE RNN INFERENCE Murat Efe Guney Developer

S9422: AN AUTO-BATCHING API FOR HIGH-PERFORMANCE RNN INFERENCE Murat Efe Guney Developer Technology Engineer, NVIDIA March 20, 2019 REAL-TIME INFERENCE Sequence Models Based on RNNs Sequence models for automatic speech recognition (ASR),

655 views • 30 slides
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang

Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang

Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray, Sven Krasser Motivation Spam: More than Just a Nuisance Spam: Ham: unsolicited bulk

523 views • 28 slides
GPU INFERENCE ENGINE Michael Andersch, 7 th April 2016 WHAT IS INFERENCE, ANYWAYS? Building a

GPU INFERENCE ENGINE Michael Andersch, 7 th April 2016 WHAT IS INFERENCE, ANYWAYS? Building a

April 4-7, 2016 | Silicon Valley NVIDIA GIE: HIGH-PERFORMANCE GPU INFERENCE ENGINE Michael Andersch, 7 th April 2016 WHAT IS INFERENCE, ANYWAYS? Building a deep neural network based application Step 1: Use data to train the neural network -

1.02k views • 17 slides
CS378 - Mobile Computing Intents Intents Allow us to use applications and components that

CS378 - Mobile Computing Intents Intents Allow us to use applications and components that

CS378 - Mobile Computing Intents Intents Allow us to use applications and components that are part of Android System and allow other applications to use the components of the applications we create Examples of Google applications:

473 views • 31 slides
Bridging the gap between low level vision and high level tasks

Bridging the gap between low level vision and high level tasks

Bridging the gap between low level vision and high level tasks VALSE 2019-09-18 1 Outline Gated fusion network for single image dehazing , CVPR18 Benchmarks: RESIDE (dehazing), MPID

1k views • 45 slides
Introducing: Intents Introducing: Intents Jerome Leclanche LXQt, XDG FOSDEM 2014 What is

Introducing: Intents Introducing: Intents Jerome Leclanche LXQt, XDG FOSDEM 2014 What is

Introducing: Intents Introducing: Intents Jerome Leclanche LXQt, XDG FOSDEM 2014 What is XDG? What is XDG? Three specs Three specs desktop-entry: Describe applications shared-mime-info: Describe file types mime-actions:

380 views • 18 slides
High-Throughput Multi-Threaded Sum-Product Network Inference in the Reconfigurable Cloud Micha

High-Throughput Multi-Threaded Sum-Product Network Inference in the Reconfigurable Cloud Micha

High-Throughput Multi-Threaded Sum-Product Network Inference in the Reconfigurable Cloud Micha Ober, Jaco A. Hofmann, Lukas Sommer, Lukas Weber, Andreas Koch Embedded Systems and Applications Group, TU Darmstadt 20.11.2019 | TU Darmstadt |

623 views • 36 slides
Procera: A Language for High-Level Reactive Network Control Andreas Voellmy Hyojoon Kim Nick

Procera: A Language for High-Level Reactive Network Control Andreas Voellmy Hyojoon Kim Nick

Procera: A Language for High-Level Reactive Network Control Andreas Voellmy Hyojoon Kim Nick Feamster Yale University, Georgia Tech, University of Maryland August 13, 2012 Static &amp; Dynamic Network Policies Network operators want to

416 views • 20 slides
Towards High- -performance performance Towards High Flow- -level Packet Processing level

Towards High- -performance performance Towards High Flow- -level Packet Processing level

Towards High- -performance performance Towards High Flow- -level Packet Processing level Packet Processing Flow on Multi- -core Network Processors core Network Processors on Multi Yaxuan Qi (presenter), Bo Xu, Fei He, Baohua Yang,

568 views • 27 slides
Towards Automatic Inference of Task Hierarchies in Complex Systems Haohui Mai Chongnan Gao

Towards Automatic Inference of Task Hierarchies in Complex Systems Haohui Mai Chongnan Gao

Overview Design &amp; Implementation Case Study Conclusion Acknowledgment References Towards Automatic Inference of Task Hierarchies in Complex Systems Haohui Mai Chongnan Gao Xuezheng Liu Xi Wang Geoffrey M. Voelker

566 views • 22 slides
? Due? Dialogs are branching conversation flows that define how your application responds when it

? Due? Dialogs are branching conversation flows that define how your application responds when it

Entities are terms or objects that Intents are purpose of a user's input, are relevant to your intents and and that provide a specific context such as a question about for an intent . business locations or a bill payment. Rent ? Due?

61 views • 3 slides
Automatic Inference of Structural Changes for Matching Across Program Versions Miryung Kim,

Automatic Inference of Structural Changes for Matching Across Program Versions Miryung Kim,

Automatic Inference of Structural Changes for Matching Across Program Versions Miryung Kim, David Notkin, Dan Grossman Computer Science &amp; Engineering University of Washington Foo.mA(float) Foo.mA() Foo.mB(float) Foo.mB() Foo.mC()

730 views • 52 slides
Automatic Network Protection Scenarios Using NetFlow Vojt ch Krm ek, Jan Vykopal

Automatic Network Protection Scenarios Using NetFlow Vojt ch Krm ek, Jan Vykopal

Automatic Network Protection Scenarios Using NetFlow Vojt ch Krm ek, Jan Vykopal {krmicek|vykopal}@ics.muni.cz FloCon 2012 January 9-12, Austin, Texas Part I Flow-based Network Protection Krmicek et al. Automatic Network Protection

478 views • 23 slides
Automatic Posterior Transformation for Likelihood-free Inference David S Greenberg Marcel

Automatic Posterior Transformation for Likelihood-free Inference David S Greenberg Marcel

Automatic Posterior Transformation for Likelihood-free Inference David S Greenberg Marcel Nonnenmacher Jakob H Macke Technical University of Munich Computational Neuroengineering Department of Electrical and Computer Engineering For many

270 views • 8 slides
High-level languages High-level languages are not immune to these problems. Actually, the

High-level languages High-level languages are not immune to these problems. Actually, the

High-level languages High-level languages are not immune to these problems. Actually, the situation is even worse: the compiler might reorder/remove/add memory accesses; and then the hardware will do some relaxed execution. p. 1 Constant

512 views • 26 slides
Towards Automatic Inference of Inductive Invariants Haojun Ma , Aman Goel, Jean-Baptiste Jeannin

Towards Automatic Inference of Inductive Invariants Haojun Ma , Aman Goel, Jean-Baptiste Jeannin

Towards Automatic Inference of Inductive Invariants Haojun Ma , Aman Goel, Jean-Baptiste Jeannin Manos Kapritsos, Baris Kasikci, Karem A. Sakallah University of Michigan Distributed systems are subtle 1 The alternative: formal verification

390 views • 19 slides
Towards Automatic Inference of Kernel Object Semantics from Binary Code Junyuan Zeng, and Zhiqiang

Towards Automatic Inference of Kernel Object Semantics from Binary Code Junyuan Zeng, and Zhiqiang

Introduction A RGOS Design Experimental Results Discussions &amp; Related Work Summary &amp; References Towards Automatic Inference of Kernel Object Semantics from Binary Code Junyuan Zeng, and Zhiqiang Lin Department of Computer Science

738 views • 53 slides
CS 528 Mobile and Ubiquitous Computing Lecture 3b: Intents, Fragments, Database and Camera

CS 528 Mobile and Ubiquitous Computing Lecture 3b: Intents, Fragments, Database and Camera

CS 528 Mobile and Ubiquitous Computing Lecture 3b: Intents, Fragments, Database and Camera Emmanuel Agu Intents Intent Intent: a messaging object used by a component to request action from another app or component 3 main use cases for

1.21k views • 97 slides
High-level programming on the GPU with Julia Tim Besard (@maleadt) Yet another high-level

High-level programming on the GPU with Julia Tim Besard (@maleadt) Yet another high-level

Just compile it: High-level programming on the GPU with Julia Tim Besard (@maleadt) Yet another high-level language? julia&gt; function mandel(z) c = z Dynamically typed, high-level syntax maxiter = 80 for n = 1:maxiter if abs(z) &gt; 2

953 views • 44 slides

More recommend