|
11:00 - 12:30
|
Technical Session 1
|
|
|
Price / Cooling Aware and Delay Sensitive Scheduling in Geographically Distributed Data Centers |
|
|
Abstract: Servers in data centers consume large amount
of energy which increase the operational cost for
cloud service providers, that spend a major portion
of their revenue to pay bills due to inefficient
workload assignment and wastage of resources. In
order to mini- mize the operational cost of data
centers, it is essential to optimize the scheduling
of the jobs. In this paper, we address the problem
of inefficient cooling system, SLA violations due to
network delays and processing delays in
geographically distributed data centers. We propose
scheduling algorithms that aim to minimize the
cooling cost by exploiting the temperature varia-
tions within the data centers and electricity cost
by taking advantage of time-space-varying
fluctuation of electricity prices. SLA violations
are aimed to be mini- mized by assigning jobs
considering deadlines, network delays and queuing
delays. Experiments conducted on CloudSim show that
price/cooling aware and delay sensitive scheduling
reduces the overall cost by 22% as compared to
random scheduling.
|
|
|
WAN Capacity Forecasting for Large Enterprises
|
|
|
Abstract:
Large enterprises require reliable and scalable network
connectivity which relies heavily on correct network design
for LAN and ample bandwidth on WAN. The latter is mostly
affected by external market-defined prices, which, absent careful
optimization and estimation, can result in unnecessary business
expenses.
This paper presents a framework for network capacity forecast
of a large enterprise to enable accurate and reliable prediction of
WAN requirements for all enterprise offices. Quarterly forecasts
are generated for individual offices in an enterprise network
using historical bandwidth utilization for each office and their
associated usage headcount. This framework is currently used
to inform WAN circuit upgrade/downgrade decisions for more
than 70 offices, and more than 200 associated circuits. The
framework uses statistical regression models to create 6, 12, and
24 months forecast for each office, and rigorously evaluates the
forecast accuracy with real data going back to 2014Q1. This
office-centric approach makes the framework applicable to any
corporate network or any large/distributed network-dependent
organization.
|
|
|
Dynamic Placement of Virtual Network Functions based on Model Predictive Control
|
|
|
Abstract:
Dynamic placement of the virtual network functions
(VNFs) is one of the promising approaches to handling timevarying
demands; when demands are small, the energy consumption
can be reduced by placing the VNFs to a small number of
physical nodes and shutting down unused nodes. If the demands
becomes large, the VNFs are migrated to allocate the sufficient
resources. In the dynamic placement of the VNFs, it is important
to avoid a large number of migrations at each time because the
migration requires a large amount of bandwidth. In this paper,
we propose a new method to dynamically place the VNFs to follow
the traffic variation without migrating a large number of VNFs.
Our method is based on the model predictive control (MPC). By
applying the MPC to the dynamic placement of the VNFs, our
method starts migration in advance by considering the predicted
future demands. As a result, our method allocates sufficient
resources to the VNFs without migrating a large number of VNFs
at the same time even when traffic variation occurs. Through
simulation, we demonstrate that our method handles the time
variation of the demands without requiring a large number of
migration at any time slot.
|
| |
Collating time-series resource data for system-wide job profiling
|
|
|
Abstract:
Through the collection and association of discrete
time-series resource metrics and workloads, we can both provide
benchmark and intra-job resource collations, along with systemwide
job profiling. Traditional RDBMSes are not designed to
store and process long-term discrete time-series metrics and
the commonly used resolution-reducing round robin databases
(RRDB), make poor long-term sources of data for workload
analytics.
We implemented a system that employs ”Big-data”
(Hadoop/HBase) and other analytics (R) techniques and tools
to store, process, and characterize HPC workloads. Using this
system we have collected and processed over a 30 billion timeseries
metrics from existing short-term high-resolution (15-sec
RRDB) sources, profiling over 200 thousand jobs across a wide
spectrum of workloads.
The system is currently in use at the University of Kentucky for
better understanding of individual jobs and system-wide profiling
as well as a strategic source of data for resource allocation and
future acquisitions.
|
|
14:00 - 15:10
|
Technical Session 2
|
| |
Towards an Approximate Graph Entropy Measure for Identifying Incidents in Network Event Data |
|
|
Abstract:
A key objective of monitoring networks is to identify
potential service threatening outages from events within the
network before service is interrupted. Identifying causal events,
Root Cause Analysis (RCA), is an active area of research, but
current approaches are vulnerable to scaling issues with high
event rates. Elimination of noisy events that are not causal is key
to ensuring the scalability of RCA. In this paper, we introduce
vertex-level measures inspired by Graph Entropy and propose
their suitability as a categorization metric to identify nodes that
are a priori of more interest as a source of events.
We consider a class of measures based on Structural, Chromatic
and Von Neumann Entropy. These measures require NPHard
calculations over the whole graph, an approach which obviously
does not scale for large dynamic graphs that characterise
modern networks. In this work we identify and justify a local
measure of vertex graph entropy, which behaves in a similar
fashion to global measures of entropy when summed across the
whole graph. We show that such measures are correlated with
nodes that generate incidents across a network from a real data
set.
|
| |
A New Approach for Clustering Alarm Sequences in Mobile Operators
|
|
|
Abstract:
Telecom Networks produce huge amount of daily
alarm logs. These alarms usually arrive from different regions
and network equipments of mobile operators at different times. In
a typical network operator, Network Operations Centers (NOCs)
constantly monitor those alarms in a central location and try to
fix issues raised by intelligent warning systems by performing a
trouble ticketing based management system. In order to automate
rule findings, different sequential rule mining algorithms can be
exploited. However, the number of sequential rules and alarm
correlations that can be generated by using these algorithms can
overwhelm the NOC administrators since some of those rules are
neither utilized nor reduced appropriately by the non-customized
sequential rule mining algorithms. Therefore, additional efficient
and intelligent rule identification techniques need to be developed
depending on the characteristic of the data. In this paper, two new
metrics that is inspired from document classification approaches
are proposed in order to increase the accuracy of the sequential
alarm rules. This approach utilizes new definition of identifying
transactions as alarm features and clustering the alarms by
their occurrences in built transactions. Experimental evaluations
demonstrate that up to 61% accuracy improvements can be
achieved through utilizing the proposed appropriate metrics
compared to a sequential rule mining algorithm.
|
| |
nDEWS: a new domains early warning system for TLDs
|
|
|
Abstract:
We present nDEWS, a Hadoop-based automatic
early warning system of malicious domains for domain name
registry operators, such as top-level domain (TLD) registries.
By monitoring an entire DNS zone, nDEWS is able to single
out newly added suspicious domains by analyzing both domain
registration and global DNS lookup patterns of a TLD. nDEWS is
capable to detect several types of domain abuse, such as malware,
phishing, and allegedly fraudulent web shops. To act on this data,
we have established a pilot study with two major .nl registrars,
and provide them with daily feeds of their respective suspicious
domains. Moreover, nDEWS can also be implemented by other
TLD operators/registries.
|
|
16:00 - 17:10
|
Technical Session 3
|
| |
Detection of Vulnerability Scanning Using Features of Collective Accesses Based on Information Collected from Multiple Honeypots
|
|
|
Abstract:
Attacks against websites are increasing rapidly
with the expansion of web services. An increasing number of
diversified web services make it difficult to prevent such attacks
due to many known vulnerabilities in websites. To overcome
this problem, it is necessary to collect the most recent attacks
using decoy web honeypots and to implement countermeasures
against malicious threats. Web honeypots collect not only
malicious accesses by attackers but also benign accesses such
as those by web search crawlers. Thus, it is essential to develop
a means of automatically identifying malicious accesses from
mixed collected data including both malicious and benign
accesses. Specifically, detecting vulnerability scanning, which
is a preliminary process, is important for preventing attacks.
In this study, we focused on classification of accesses for
web crawling and vulnerability scanning since these accesses
are too similar to be identified. We propose a feature vector
including features of collective accesses, e.g., intervals of request
arrivals and the dispersion of source port numbers, obtained
with multiple honeypots deployed in different networks for
classification. Through evaluation using data collected from
37 honeypots in a real network, we show that features of
collective accesses are advantageous for vulnerability scanning
and crawler classification.
|
| |
Optimizing ATM Cash Flow Network Management
|
|
|
Abstract:
Automated Teller Machine (ATM) service providers
are increasingly challenged with improving the quality of customer
service while reducing the cost of cash flow management.
Effectively balancing the need to have enough cash in the
ATMs to avoid out-of-cash incidents as well as to reduce the
cash interest cost and the cash refill cost challenges the most
experienced cash flow management teams. In this paper we
propose an optimization framework for managing the ATM cash
flow network. The interactions among various constraints and
cost factors are included in the framework to allow decisionmaking
regarding the optimal cash refill amount and schedule.
We demonstrate the effectiveness of the proposed approach using
sample data from a large commercial bank.
|
| |
How to choose from Different Botnet Detection Systems?
|
|
|
Abstract:
Given that botnets represent one of the most aggressive
threats against cybersecurity, various detection approaches
have been studied. However, whichever approach is used, the
evolving nature of botnets and the required pre-defined botnet
detection rule sets employed may affect the performance of
detection systems. In this work, we explore the effectiveness
two rule based systems and two machine learning (ML) based
techniques with different feature extraction methods (packet
payload based and traffic flow based). The performance of
these detection systems range from 0% to 100% on thirteen
public botnet data sets (i.e. CTU-13). We further analyze the
performances of these systems in order to understand which
type of a detection system is more effective for which type of
an application.
|
