Méthodes d'autoréparation proactives pour les réseaux d'opérateurs / Proactive self-healing methods for carrier networks

Vidalenc, Bruno

28 June 2012

Les opérateurs de réseaux de télécommunications accordent une importance toute particulière à la gestion des pannes. L’implication de l'humain dans la prise de décision et l'analyse d'une quantité énorme d'alarmes et d'informations, ainsi que le caractère réactif des mécanismes de gestion des pannes, ne permettent pas la réactivité nécessaire à une gestion optimale des incidents. Pour pallier ce problème, cette thèse s'intéresse à des mécanismes proactifs qui anticipent les pannes afin d'améliorer l'efficacité de leur gestion. La mise en oeuvre, dans les équipements, de composants autonomes capables d'analyser en permanence l'état de santé du réseau permettrait de fournir une information en temps réel sur le risque de panne, nécessaire au déploiement de nouveaux mécanismes d'autoréparation proactifs. La première partie de cette thèse est donc consacrée à la définition des composants architecturaux indispensables à l'introduction de fonctions d'autoréparation proactives. Dans un deuxième temps, nous étudions et analysons en détail trois mécanismes d'autoréparation proactifs exploitant une information de risque de panne. Le premier mécanisme a pour objectif d'accélérer la convergence des protocoles de routage à état de lien en adaptant la fréquence d'envoi des messages de détection de pannes en fonction du risque de panne. Le deuxième mécanisme modifie dynamiquement les métriques de routage afin de détourner le trafic des équipements risqués et de minimiser l'impact d'une panne sur le trafic. Enfin, le dernier mécanisme s'attache aux dispositifs de protection et de restauration du protocole GMPLS afin d'adapter dynamiquement la consommation des ressources, aux risques encourus / Network providers attach a significant focus to fault-management. Indeed, availability and quality of service are highly important parameters in the competition between networks operators. Tthe involvement of human in the decision making process and the analyzing a huge amount of alarms and information, as well as the reactive nature of fault management mechanisms, do not allow the required reactivity for optimal management of incidents. This thesis focuses on proactive mechanisms which anticipate failures to improve the effectiveness of their management. Indeed, the failures are often preceded by alarms or symptomatic behaviors. Implementation, in equipment, of autonomous components capable of continuously analyzing the network health would enable to provide a real-time risk of failure information, required to deploy new proactive self-healing mechanisms. The first part of this thesis is devoted to the definition of architectural components necessary for the introduction of proactive self-healing functions. Then, in a second step, we study and analyze in detail three self-healing mechanisms exploiting a proactive risk-level of failure information. The first mechanism is designed to accelerate the convergence of link-state routing protocols by adjusting the frequency of sending failure detection messages function of the risk-level. The second mechanism dynamically tunes routing metrics in order to divert traffic flows from risky equipment and to minimize the failure incidence on traffic. Finally, the last proposition is dedicated to the recovery mechanisms of GMPLS protocol by dynamically adapting the resources consumption of recovery to the involved risks

Réseaux autonomes

Gestion des pannes

Autoréparation

IP

MPLS

GMPLS

OSPF

Autonomic networks

Fault-management

Self-healing

IP

MPLS

GMPLS

OSPF

Uma arquitetura baseada na teoria do perigo para predição de ataques de segurança em redes autonômicas

Oliveira, Dilton Dantas de

31 January 2013

The growth in the number of connected devices, in the volume of data traffic and of applications used has shown a significant increase in the complexity of today's networks, leaving the activity of management increasingly difficult for network and system administrators. Management aspects, such as the security of these systems has been a major challenge faced by the researchers, especially considering that, in parallel, there has been also a significant increase in the degree of sophistication of malicious activities. This scenario requires the development of sophisticated security systems also, in order to prevent or contain attacks increasingly destructive to systems, such as worm attacks. And the biological inspiration has been a main ally in this endeavor, bringing several concepts and new ways of thinking and solving these problems. This work used the bio-inspired concepts of Autonomic Networks (self-managing networks inspired by the functioning of the human nervous system)and Artificial Immune Systems (computer security systems inspired by the functioning of the human immune system), to define a management architecture for network self-protection, through the prediction of security attacks. This architecture incorporates the Danger Theory immune-inspired model and uses its Dendritic Cells algorithm to correlate events and detect anomalies. The architecture analysis was performed on an Early Warning System, which uses notifications received from worm already infected machines as additional information to identify the imminence of an infection in still vulnerable machines. In the experiments the gain in time obtained with this early identification was used in the Conficker worm propagation model and the results showed a reduction in the number of infected machines and, consequently, in the worm propagation across a network / O crescimento do número de dispositivos conectados, do volume de dados trafegados e das aplicações utilizadas tem evidenciado um aumento importante na complexidade das redes atuais, deixando a atividade de gerência cada vez mais difícil para os administradores de redes e sistemas. Aspectos de gerência, como a segurança desses sistemas tem sido um dos principais desafios enfrentados pelos pesquisadores, principalmente, considerando que, em paralelo, observa-se um também importante aumento no grau de sofisticação das atividades maliciosas. Tal cenário exige o desenvolvimento de sistemas de segurança igualmente sofisticados, com o intuito de impedir ou conter ataques cada vez mais destrutivos aos sistemas, como os ataques de worms. E a inspiração biológica tem sido uma das grandes aliadas nesta empreitada, trazendo diversos conceitos e novas formas de pensar e resolver esses problemas. Este trabalho utilizou os conceitos bio-inspirados das Redes Autonômicas (redes autogerenciáveis inspiradas nos funcionamento do sistema nervoso humano) e dos Sistemas Imunes Artificiais (sistemas de segurança computacional inspirados no funcionamento do sistema imunológico humano), para definir uma arquitetura de gerência para autoproteção de redes, através da predição de ataques de segurança. Tal arquitetura incorpora o modelo imuno-inspirado da Teoria do Perigo e utiliza o seu Algoritmo das Células Dendríticas para correlacionar eventos e detectar anomalias. A análise da arquitetura foi realizada em um Sistema de Alerta Antecipado, que usa notificações recebidas de máquinas já infectadas por worm como informação adicional para identificar a iminência de uma infecção em máquinas ainda vulneráveis. Nos experimentos o ganho de tempo obtido com essa identificação precoce foi utilizado no modelo de propagação do worm Conficker e os resultados apontaram uma redução no número de máquinas infectadas e, consequentemente, na propagação deste worm em uma rede

Redes autonômicas

Autoproteção

Teoria do perigo

Algoritmo das células dendríticas

Sistemas de alerta antecipado

Autonomic networks

Self-protection

Danger theory

Dendritic cell algorithm

Early warning systems