Download Committee: Prof. Anura Jayasumana Prof. Ali Pezeshki Prof. Louis Scharf

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
Document related concepts

Deep packet inspection wikipedia , lookup

Net bias wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Peering wikipedia , lookup

IEEE 1355 wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Airborne Networking wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Network tap wikipedia , lookup

Transcript 
Vidarshana Bandara
Ph.D. Final Exam – Spring 2015
Committee: Prof. Anura Jayasumana
Prof. Ali Pezeshki
Prof. Louis Scharf
Prof. Rockey Luo
Prof. Indrajit Ray
This work is supported in part by NSF grants CNS-0720889, CCF-0916314, CCF-1018472, ERC program with award number
0313747, JDSU Advanced Technology Program, and Air Force Offce of Scientifc Research under STTR contract FA9550-10-C-0090.
The Internet is a vast collection of
Autonomous Systems managed
by a large number of ISPs.

Administrative limitations
◦ Access
◦ Load
◦ Traffic control

Network limitations
◦ Paths
◦ Protocols

Design robust networks

Monitor and mitigate issues
Autonomous Systems visualization of the Internet. Bell labs, 2005.
2
Given a (large) network, how do we efficiently retrieve information for:

Monitoring

Designing/maintaining
under practical constraints.
We exploit the features of network data such as:

Sparseness

Low-rank-ness

Repetitiveness

Boundedness
Tasks involved:

Retrieve interesting information

Reconstruct overall picture

Extract features

Model behaviors
3

Data retrieval
◦ Adaptive network fault localization
◦ TCP/IP filter for network attack detection

Reconstruction of overall state
◦ Compressive Sensing based recovery for phenomena awareness
◦ Wavelet based plume tracking in sensor networks

Feature extraction
◦ Empirical recovery regions of Robust PCA
◦ Modeling and extracting network traffic baselines
◦ Subtle pattern detection algorithm for hardware trojan detection

Behavior modeling
◦ Spatiotemporal anomaly model
◦ Spatiotemporal baseline model
4
Contribution 1
Instrumented egress node
3
4
1
10
15
11
25
21
22
16
Base Station
30
35
26
12
6
7
45
18
41
32
Instrumented ingress node
33
19
23
37 38
28
44
42
8
9
34
29
24
14
3
0
43
27
13
2
2
0
40
31
17
5
1
0
36
39
Test packets
Packet
Injector
20
… 14 15 16 … 21 22 22 …
0 1 0
0 1 0
A
x
b
=
5
Contribution 1
START
hold = h
h = supp(x)
A : monitoring matrix
mn
p : path measurements m1
h == hold ?
a = supp(p)
solve for y
minimize ||y||0 ; s.t. Aasy = pa
t=0
NO
END
append r to A
append q to p


T
J   j j  hc , Ι  Aah Aah
Aah


1

T
Aah
a j  ε 

YES
t=t+1
NO
s : active columns of Aa
x = 0n1
assign xs = y
t < tmax
OR
rank(Aah) < min(|h|,|a|)
OR
|J| > 0
YES
h' : a random subset of h
f = h'  j
[r,q] : source routing path
measurement covering f
6
Contribution 1
A
x
b
=
1. Stability
 Solution invariant over iterations
2. Minimality
 Solution cannot be further reduced
 Solution forms a full rank sub measurement matrix
3. Uniqueness
 No alternative solutions
 No inactive column lie on the subspace spanned by active columns of measurement
matrix
◦ Alternate criteria for stability under little noise – back projection error
 Pruned solution closely explains faults
7
Contribution 1

Networks simulated with IGen

Data models
◦
◦
◦
◦
Binary
Simple random model
Gilbert-Elliott loss model
Heavy tailed delay model

Cost

Accuracy

Scalability with size

Scalability with number of faults
8
Contribution 1
Localizing loss faults
Localizing delay faults
9
Contribution 2

Difficult to describe network traffic anomaly
traces with a single random processes

Model different aspects of anomalies
individually

Outcomes:
◦ Captures statistical behaviors
◦ Concise description of anomalies

Applications:
◦ Simulators
◦ Robust network design
10
Contribution 2
11
Contribution 2
(a) Propagating anomalies
(d) Interface model
(b) Responding anomalies
(c) Generating anomalies
12
Contribution 2
Volume filter:
Example:
Duration filter:
Splitting ratio
13
Contribution 2
14
Contribution 2
15
Contribution 2
16

Additively separates a matrix into
◦ A low-rank component, and
◦ A sparse component
M

L
+
S
Low-rank component
◦ Common prominent behaviors
◦ Baseline features

Sparse component
◦ Scattered deviations
◦ Anomalous features
17
Contribution 3
min. ||L||* + ||S||1
s.t. L+S = M

Sufficient conditions are too restrictive
B+AML+S

Empirical observation of broader recovery regions
◦ Size
◦ Rank
◦ Sparsity

Effects of matrix type on recovery

Recovery characteristics
◦ Demarcation of recovery regions
◦ Input/output mapping

Error in recovery
18
Contribution 3
• Boundaries of the 100% recoverable regions of different matrix sizes
• Low-rank component: Wishart matrices
• Sparse matrices: Support scattered uniformly at random and magnitudes are distributed
uniformly over [-1, 1]
19
Contribution 3
Boundaries of the 100% recoverable regions of different
matrix types of sizes 100100
Recovery error of sparse matrices with varying sparsity
for 100100 matrices
20
Contribution 3
Recovery percentile contours on fractional-rank—fractionalsparsity plane
Input and output
combinations
fractional-rank—fractional-sparsity
21
Contribution 3
Recovery error of the low-rank component
against fractional-rank
Recovery error of the sparse component
against fractional-sparsity
22
Contribution 3
Comparison of recoverability of real-world matrices and the recovery boundary
estimated using synthetic matrices
23
Contribution 4
Temporal analysis on Seattle to Denver link
(showing 5 weeks)
24
Say signal y has a sparse representation in basis 

y
b
=
Let us select samples of y at ti, i = 1…m according some
sampling measure.
This builds a measurement matrix A, where Ai,k= k(ti)
25
Contribution 5

t1
t2
A
AsHAs is identity when ti’s are selected at some orthogonality
measure.

Previous work considered when sampling measure is an
orthogonality measure

We consider the case when there is a mismatch
26
Contribution 5

Non-uniform recovery
◦ Given each fixed s-sparse support, recovery of the signal from a
random realization of sample points
◦ Minimum number of samples
◦ Impact point

Uniform recovery
◦ Given a fixed realization of sample points, recovery of any s-sparse
signal
◦ Minimum number of samples
◦ Impact point
27
Contribution 5
Normal
Gamma
Uniform
Recovery
Non-uniform
Recovery
Exponential
28
Contribution 5
• Achieve Phenomena Awareness at sensor nodes
– Individual sensor nodes aware of the phenomena the
entire network observe

Importance:
◦ Smarter and adaptive
sensing strategies
◦ Localized decision
making
◦ Faults/anomaly
detection
29
Contribution 5
30
Contribution 5
A carrier collects samples and report to a Base-station

Non-uniform samples
[ID20,T20], [ID19,T19]
[ID20,T20]
[ID20,T20], … , [ID34,T34]
31
Contribution 5
actual
~ 0.2%
a typical
reconstruction
32
Contribution 5
33
Contribution 5
1000 samples bring
error below 2%
Number of samples at the node
actual
a typical reconstruction
34
Contribution 6
(a) Measurements with a full grid
(b) Approximation using
wavelet coefficients with
25% samples
(c) Approximation using
Matrix Completion and
Compressive sensing
with 5% samples
35
Contribution 7

A hardware trojan causes a slight
change in impedance

Let B denote reference set of
boards/chips, z the test board/chip

If z has a similar impedance
pattern
z = vB

Maximize on the point-wise
mismatches to find faults
min. || z – vB ||1
36
Contribution 8
IP
protocol
ACK
Time Average
SYN
Time Average
-
Neptune
TCP
type
ICMP
ECHO-REQ
Time Average
Smurf
dest IP
Collect
packet length
IP sweep
PoD
Port sweep
port range
Time Average
37

Robust PCA Recoverability Experiments

GUI for Robust Principal Component Analysis

Random Matrix Generator

Toolkit for Network Traffic Anomaly Analysis

Available via:
http://www.cnrl.colostate.edu/Projects/NetworkDataAnalysis/
http://www.engr.colostate.edu/~vwb/anom/

Released under Apache-2.0 license
38

Evaluate sufficient conditions for recovery over a selected ranges of
rank, sparsity, size, low-rank and sparse matrix types.

Recoverable region for a selected range fractional rank and sparsity,
size, low-rank and sparse matrix types.

Input - output mapping between fractional-ranks fractional-sparsities.

Recovery error of the low-rank component.

Recovery error of the sparse component.
39
40

Synthesized low-rank and sparse matrix additions.

Data from external experiments.
41
Low Rank Matrices

First order Gaussian

Second order Gaussian

Wishart

First order Vandermonde

Second order Vandermonde
Sparse Matrices

Support distributed uniformly at
random

Magnitudes distributed:
◦ Fixed
◦ Uniform
◦ Gaussian
42

De-trending and thresholding for anomaly detection

Graph wavelet based summarizing and anomaly tracing

Distribution fitting to spatial and temporal parameters

Simulator/Emulator to regenerate statistically similar
anomalies
43
44

Adaptive fault localization
◦ Predict required additional measurements

Anomaly model
◦ Relationship between nodal model and subnet model

Robust PCA
◦ Theoretical justification for the empirical recovery boundary

Phenomena awareness
◦ Characterize measurement matrices of random walk sampling

Plume tracking
◦ Recovery using a diffusion model
45

Bandara, V.W., Pezeshki, A., and Jayasumana, A.P., "Spatiotemporal model for Internet traffic
anomalies," Networks, IET, vol.3, no.1, pp.41--53, March 2014.

Paffenroth, R., du Toit, P., Nong, R., Scharf, L., Jayasumana, A.P., and Bandara, V., "Space-Time signal
processing for distributed pattern detection in sensor networks," Selected Topics in Signal Processing,
IEEE Journal of , vol.7, no.1, pp.38--49, Febuary 2013.

Bandara, V., Jayasumana, A.P., Pezeshki, A., Illangasekare, T.H., and K. Barnhardt, "Subsurface plume
tracking using sparse wireless sensor networks," Electronic Journal of Structural Engineering (EJSE) Special Issue: Wireless Sensor Networks and Practical Applications, pp.1--10, December 2010.

Bandara, V.W., Jayasumana, A.P., and Whitner, R., "An adaptive compressive sensing scheme for
network tomography based fault localization," Communications (ICC), 2014 IEEE International
Conference on, pp.1290--1295, 10-14 June 2014.

Dhanapala, D.C., Bandara, V.W., Pezeshki, A., and Jayasumana, A.P., "Phenomena discovery in WSNs:
A compressive sensing based approach," Communications (ICC), 2013 IEEE International Conference
on , pp.1851--1856, 9-13 June 2013.

Bandara, V.W., and Jayasumana, A.P., "Extracting baseline patterns in Internet traffic using Robust
Principal Components," Local Computer Networks (LCN), 2011 IEEE 36th Conference on, pp.407--415,
4-7 October 2011.
46

Bandara, V., Pezeshki, A., and Jayasumana, A.P., "Modeling spatial and temporal behavior of Internet
traffic anomalies," Local Computer Networks (LCN), 2010 IEEE 35th Conference on , pp.384--391, 1014 Oct. 2010.

Bandara, V.W. , Scharf, L.L., Paffenroth, R.C., Jayasumana, A.P., and DuToit, P.C. , “Empirical recovery
regions of robust PCA,” in preparation.

Bandara, V.W., Dhanapala, D.C., Pezeshki A., and Jayasumana, A.P., “Performance bounds for sparse
signal recovery from random samples,” in preparation.

Bandara, V.W., and Jayasumana, A.P., “Adaptive compressive sensing for network fault localization," in
preparation.

Nanayakkara, A., and Bandara, V., “Asymptotic behavior of the eigenenergies of anharmonic oscillators
V(x)=x2N + bx2,” Canadian Journal of Physics/Revue Canadienne de Physique, pp. 959--968,
September 2002.

Nanayakkara, A., and Bandara, V., “Approximate energy expressions for confining polynomial
potentials,” Sri Lankan Journal of Physics, vol.3, pp.17--37, 2002.

Bandara, V.W., Vidanapathirana, A.C, and Abeyratne, S.G., "Contouring with DC motors - a practical
experience," Industrial and Information Systems, First International Conference on, pp.474--479, 8-11
August 2006.
47

Prof. Randy Paffenroth (WPI)

Mr. Rick Whitner (JDSU)

Dr. Philip Du Toit (Numerica Corporation)

Dr. Ryan Nong (Numerica Corporation)

Dr. Kenneth Parker (Agilent Technologies)
48
1.
Monitor the network with a few
path measurements
2.
Localize the faulty links within a
few adaptive path measurements
◦ Require orders of magnitude less
measurements than the state of the
art

Network tomography concepts
used for monitoring

Compressive sensing used for
resolution

Loose Source Routing and Route
Recording (LSRR) for
measurements
51
Select a random set of tomographic paths for monitoring
Monitoring
Collect measurements on the monitoring paths
No
Are measurements
anomalous ?
Yes
Fault Localization
Use adaptive solver to identify faulty link candidates
Identify and carry out additional measurements
No
Are all the anomalies
localized and verified ?
Yes
52

Phase I – Common component extraction:
◦ Remove anomalies
◦ Extract common component – Robust Principal Component Analysis
(RPCA)

Phase II – Salient component extraction:
◦ Extract salient component of the common component – classical
Principal Component Analysis (PCA)

Compact representation
◦ Smoothen
◦ Extend over the time and space
◦ FFT filter
53

Time window
◦ Auto Correlation Function (ACF) /
cycle-detectors
• Spatial arrangement
– Robust Baseline – Network (RBL-N)
– A window worth of traffic of multiple links
– Traffic characterization
• Temporal arrangement
– Robust Baseline – Link (RBL-L)
– Multiple time windows on a single link
– Anomaly detection
Time window
Links
Time window
Time Periods
54

Robust PCA based extraction
◦ Resilient against impurities
◦ Low rank  common component
 Dataset made with a few principal traces

Extract the most prominent common behavior
L  UV
L
T
=

U
VT
U  L    V  {Li }
T
T
Li  i  ViT
p m   U(m, i)  Li
i
iI
pm
=
Li = iViT
m
U(m,i)
55
Identify prominent Fourier coefficients
Time
Periods
temporally and spatially valid baseline
1.
◦
2.
Time window
Use a superset of temporal and spatial Fourier
coefficients
FFT filter for on-the-fly baseline separation
2 i N 1
kt
N
1
yB [t] 
e

N k{0K}
 y[ j]  e
j0

RBL-N1
RBL-N2
RBL-L1
RBL-L2

2 i
jk
N
y[j] : input data series
yB[t] : baseline component
N : fundamental period
K : superset of Fourier coefficients
56
Temporal analysis on Seattle to Denver link
(showing 5 weeks)
57
58
(a) Complete grid

(b) Sparse grid
(c) Communication Tree
Reporting
◦ Each node sums its contribution (PSF) and its childrens’ contribution together and
transmits to its parent
◦ Thus only one transmission on a link

Re-distributing
◦ Root node sums the contributions of all the nodes
◦ Send down the status of the nn network in a mm message
59
(a) Sparse sensor field
with on 25% locations
monitored
(b) Measurements at
observed nodes
(c) Approximation
(d) Measurements
with a full grid
60
(a) Plume
(c) Matrix Completion
(b) 5% samples
61
(d) Matrix Completion and Compressive sensing
Dataset
Sensor
measurements
Features
… …
f11(lT,1)
f11(lT,K)
X1p+1(t)
F
X1q(t)
……
X (t)
G
…
X11(t)
X1p(t)
x 1(t)
Derived
Features
X1M(t)
x N(t)
62
Related documents
Bayesian Model Selection and the Extended BIC for High-dimensional Regression and Graphical Models
Bayesian Model Selection and the Extended BIC for High-dimensional Regression and Graphical Models
Dileep Mardham
Dileep Mardham
2
2
slides
slides
Mar10IntroDB
Mar10IntroDB
Homework 17
Homework 17
Document
Document
Lab- Magnetics and Seafloor Spreading
Lab- Magnetics and Seafloor Spreading
Alg 1B CC Sec 12.1 Notes inked
Alg 1B CC Sec 12.1 Notes inked
: Sparse Matrix Algorithms CS 290N / 219 )
: Sparse Matrix Algorithms CS 290N / 219 )
Introduction to Database Design
Introduction to Database Design
Iterative Solution of Linear Systems
Iterative Solution of Linear Systems
Solving Linear Systems: Iterative Methods and Sparse Systems COS 323
Solving Linear Systems: Iterative Methods and Sparse Systems COS 323