Intelligence Security Home Network MUDr. Lubomir PouSek Institute for BioMedical Engineering, Zikova 4, 166 36 Prague 6 Czech Technical University in Prague, E-Mail:
[email protected]
Rudolf Volner, PhD. Institute for BioMedical Engineering, Zikova 4. 166 36 Prague 6 Czech Tcchnical University in Prague, E-Mail: vulneriiotibmi.cviIt.cz
provided insights into intelligent computing processes. Significant progress has been made in rule-based reasoning, planning, and problem solving. Future generation networking will be characterized by the need to adapt to the demands o f agile networking, which include rapid response to changing customer requirements, automated design and engineering, lowercost services, transparent distributed networking, resourcc allocation on demand, real-time planning and scheduling, increased quality, reduced tolcrance for error, and in-process measurement and feedback. Future networking systems will require automated intellisent networking features that apply intelligencc to the domain of networking in such a way as to make possible the realization of a full range of agile and adaptable networks. Cable operators will have to face the commercial and operational strategy for: Building out or upgrading to bi-directional (two way) networks, Offering voice tclephony to residential and business consumers, Offering multi-channel digital television, Video-on-demand, Home shopping, Home banking, Residential and business telephony, High-speed Internet, Home security. The purpose of distributing the central information server function locally is to reduce the network communications costs by allowing subscribers to access videos through their local information servers. Thus, the distributed interactive information system architecture design needs to be closely aligned to the subscriber access pattern and the marketing strategy. For example, if the system places the most frequently viewed ,,hot“ information’s as close to subscribers as possible, it is expected that the network communication costs associated with these hot information accesses can be significantly reduced. In this system, an infomation archive is still needed in case the local information server cannot provide information’s requested by users. Note that each local information server may be a mini central information server, and its information contents may be downloaded OK-line from the central information server and updated periodically. This concept is similar
ABSTRACT The term sccurity network intelligence is widely used in the lield of communication security network. A number of new and potentially concepts and products based on the conccpt of security nctwork intelligence have been introduced, including smart llows, intelligent routing, and intelligent web switching. Many intelligent systems focus on a specific security service. function, or devicc, and do not provide true end-to-end scrvice network intelligence. T N ~ sccurity network intelligence requires more than a set of disconnected elements, it rcqtiircs an interconnecting and functionally coupled architecture that enables the various functional levels to interact and communicate with each othcr. We propose a uniform work for understanding end-to-end communication security network intelligence (CSNI), which is defined as the ability of a network to act appropriately in a changing environment. We consider an appropriate action to be one that increases the optimal and efficient use of network resources in delivering services, and we define success as the achievement of behaviour sub-goals that support the service provider’s ultimate goals, which are defined external to the network system. The work presented incorporates the functional elements of intelligence into computational modules and interconnects the modules into networks and hierarchies that have spatial, logical, and temporal properties. Bascd on the work proposed, we describe an end-to-end multi-service network application spanning the network security management layer, optical layer, switchingirouting layer, security services layer, and othcr layers.
Keywords: security, network, communications 1.
INTRODUCTION
The study of security network intelligence is an extremely active area in the field of communications. Thanks to the latest advances in data communications - especially in ,the services sector and in the communications software, photonics, and programmable technologies areas - service providers are spending millions of dollars a year on an increasinsly intelligent communication infrastructure and applications. Research in the areas of learning automata, intelligent agents technologies, intelligent data-mining, knowledge discowry, data-driven task sequencing, intelligent databases, wire-speed real-time databases, virtual modelling, and sophisticated communication network modelling has
0-7803-7882-2/03/$17.0002003 IEEE
30
to today’s library but will be served by other local libraries if the serving local library cannot provide the service. The distributed interactive information system can be structured in a hierarchical way for system scalability and evolution. I t can start from an initial two level system with a central information server and several local information servers to a systcm with as many levels o f the hierarchy as needed. The number o f levels needed depends on the network size, network costs, and network performance requirements. The CATV interactive system can be structured in a hierarchical way for system scalability and evolution - Figure 1. It can start from an initial two-level system with a central video server and several local video servers to a system with as many levels o f the hierarchy as necded. The number o f levels needed depends on the network size, network costs and network performance requirements. Compared with the centralized video system, the distributed CATV video server may have a lower average network connection cost an higher system reliability, but at the expense of a significant amount of local storage systems needed.
2.
End-User Layer The end-user security intelligence layer provides the capabilities needcd at the uscr’s prcmiscs, which arc not normally considered part o f the service providcrs’ networks. Because o f improvements in the access bandwidth available to the end-user, the importance o f this layer i s continuing to grow. New developments in the Internet, home networking, and wired and wireless technologies are fueling the growth of the end-user intelligence layer. The increased bandwidth permits expanded intelligence within the equipment deployed in the customer premiscs and requircs additional functionality and coordination within the scrvicc provider space. These changes could make it possible to provide content to the user premises in anticipation o f user needs and at times when there i s less use o f the service provider’s network. Furthermore, intelligence at the end-user layer will be imponant in supporting new serviccs tailorcd to the usage patterns and interests o f users.
DEFINITION OF N E T W O R K INTELLIGENCE
Application Lager The number o f new network applications and services to be supported continues to increase rapidly. The traffic generated by these applications creates different trat‘tic load and flow patterns, depending upon whether or not the applications are: real-time, computation intensive, network topology dependent, end user dependent, high bandwidth, delay sensitive. In order to properly design, evaluate, and deploy efficient network equipment for an application environment, a service provider must have a good understanding o f the source models o f the network application traffic. I n particular, one would like to find characteristics o f how an application host generates network traffic that are invariant over time. There are a number of reasons-based on application architecturcs, design, and human factors-why application traffic may vary significantly. They include: user access type, application communication methods, single transaction vs. multiple linked transaction applications, end user input and interaction strategy. Intelligent service mediation techniques are used to control access to network services and to customize behavior for the service provider, application provider, and end user. Application security layer intelligence will allow application service providers to manage application and return on investment-by dynamically matching appropriate resources with applications demands.
Intelligent security and communication networks must at least be able to understand the security and communication environment, to make decisions, and to use and manage network resources efficiently. More sophisticated levels o f security network intelligence include the ability to recognize user, application, service provider, and infrastructure needs, as well as expected and unexpected events, the ability to present knowledge in a world model, and the ability to reason about and plan for the future. For the purposes on this paper, CSNl i s defined as the ability of a network system to act appropriately in a changing environment. An appropriate action is one that increases the optimal and efficient use o f network resources in delivering high-quality services, success is the achievement of behavioral sub-goals that support the service provider’s overall goals. Both the criteria for success and the service provider’s overall goals are defined external to the intelligent security network system. Typically, they are defined by the service provider’s business objectives and are implemented by network designers, programmers, and operators. CSNl is the integration o f knowledge and feedback into an input and output-based, interactive, goal-directed, security, networked system that can plan and generate effective, purposeful action directed toward achieving goals. Network intelligence will evolve through growth in computational power and through the accumulation o f knowledge about the types o f input data needed for making decisions concerning expected response, and about the algorithmic processing required in a complex and changing communications environment. Increasingly sophisticated network intelligence makes possible look-ahead planning, management before responding and reasoning about the probable results of alternative actions. These intelligent network capabilities can provide service providers with competitive and operational advantages over traditional networks.
31
Subscriber Layer The subscriber-based intelligent network environment consists of a group of customer premises equipment (CPE) devices communicating and sharing one or more resources in a dcccntralizcd way. This type of networking dcmands certain intercsting relationships bctwecn thc scrvice provider’s network clements and the CPE devices. Good examples of subscriber-based intelligence are peer-to-peer network applications, cluster-computing networked parallel processing, and mapping of logical storage area networks on physical or virtual network topologies. Some of these applications demand particular logical network topologies to enablc the applications. New applications and new business models are pushing service providers to support these environments. The advantages of using subscriber-based intelligence are that it speeds up algorithm execution, minimizes inter-node comnlunication delays, improves resource utilization, and provides fault tolerance by restoring network connectivity (transparently to the user) when faults occur. Furthermore, it allows features and services to be customizcd for pre-designated user groups or for an individual user. In this environmcnt, a user would be able to select preferred network resource characteristics (such as virtual topologies), to active personalized features (from “skins” through connection speeds), and to provide infonnation to the system to improve its performance.
do business and hence, the way they build and evolve their next-generation networks. Increasingly, service providers are being pressured to build networks capable of supporting a variety of old and new infrastructures and to provide new value-added services at the lowest possible initial and incremental price. The problems inherent in simultaneously supporting an existing network and deploying a new multiservice infrastructure point to a solution that avails itself o f the benefits of the frame relay, asynchronous transfer mode (ATM), IP, and dense wavelength division multiplexing (DWDM) technologies. Infrastructure layer intelligence provides the capabilities to deal with these complexities. Technologies such as all-optical DWDM and multiservice platforms are making possiblc a convergence of technologies and service platforms, in this layer, network solution can operate in dynamic, reconfigurable, multivcndor, multitcchnology. and multiprotocol environments. Network Management Layer Network management layer intelligence deploys, integrates, and coordinates all the resources necessary to configure, monitor, test, analyze, evaluate, and control the security and communication network to meet service-level objectives. The goals of network management are efficient use of resources, control o f strategic assets, minimization of downtime, management of constantly changing communications technology and services, and reduction o f the cost of network operations. Intelligence within the network management layer must integrate diverse services, networks, technologies and equipment. The network structure in Figure 3 captures the security and .communications intelligence information flow depicted in Figure 2. In Figure 3, the layers with clouds represent virtual entities or soft devices. Even though Figure 3 depicts network management as a separate layer, some network management functions are actually distributed across the other layers embedded in element management systems. For simplicity and convenience, this embedding is not shown.
Service Provider Layer Security service provider layer intelligence makes it possible to carry end user traffic by applying service provider constraints to end used needs. Intelligent tunneling, virtual network switchinglrouting in virtual private networks (VPNs), load balancing networks, and virtual local area networks (VLANs) are examples of service provider intelligence. This layer’s features include quality of service (QoS), isolation, load distribution, and policing capabilities that allow service providers to deliver flexible, measurable, and enforceable service-level azreements (SLAs) to other service providers and to subscribers and to deliver real-time and non-real-time services from multiple sources. This enables a service provider to provide large service providers with dedicated virtual resources and to allow small service providers to share virtual resources that are managt-d administratively by the service provider.
3.
Programmable Technology a n d Control Layer This layer provides interoperabiliw and adaptability across heterogeneous networks that support a wide range o f signaling protocols. The programmable switches translate industry signaling protocols into a generic signaling format, simplifying the addition of new protocols. This capability allows legacy service providers and new service providers to provide rich, seamless interoperability between their network domains and enables signaling inter-working between multiple vendor gateways.
ENTITIES IN T H E SECURITY AND COMMUNICATIONS M O D E L
The security and communications model contains information about stored network entities. The knowledge database contains a list of all the entities that the intelligent network system knows about. A subset of this list is the set of current entities known to be present in any given situation. A subset of the list current entities is the set of entities-of-attention on locality of reference properties. There are two types entities: generic, specific. A generic entily is an example of a class of entities. A generic entity structure contains the attributes of its class. A specific entity is a particular instance o f an
Infrastructure Provider Layer Broadband technology promises a convergence of technologies and service platforms. A variety of factors are forcing today’s leading service providers to change how they
32
possible to incorporate compulational capability in all network devices. Unfortunately, although shrinking technology has made networking devices smart, it has not always improved their usability.
entity. A specific entity structure inherits the attributes of the class to which it belongs. An example o f an entity structure is shown in Table I . Communications events A communications events in an intelligent network node is a spate, condition, or situation that exists in a network at a point in time or occurs over an interval of time. Events are represented in the communications model with attributes in time and space. Event attributes may indicate such things as start and end time, duration, type, and relationship to other events. An example of an event structure is shown in Table 2.
6.
[ I ] Volner, R., : CATV - Inrerocrive Securirv and Com,nrmicalion S,v.y,em, proceedings the institute of electrical and electronics engineers, 34th Annual 2000 International Carnahan Conference on Security Technology, October 2000 Ottawa, Canada. pp. 124-136 , IEEE Catalog Number 00CH37083, ISBN 0.7803-
Communication task Communication task knowledge is knowledge of how to perform a task, including information about the algorithms, protocols, parameters, time, events, resources, information, and conditions required and the costs, benefits. and risks to be expected. In a network node, task knowlcdge may be expressed implicitly in algorithms, software, or hardware, or explicitly in data structures or a network node database. A communication task Structure is represented as a data structure in which task knowledge is stored. In systems in which task knowledge is explicit, a task structure can be defined for each task in the task vocabulary. An example of a task structure is shown in Table3. 4.
5965-8, [2] Volner, R., : Home .seciirir,v sj,.ylern and CATV, 35th Annual 2001 International Carnahan Conference on Security Technology, October 2001 London, England. pp. 293 - 306 IEEE Catalog Number OICH37186 , ISBN 0-7803-6636-0, [3] Volner, R., : CATV Archirecrnrefor Secifriry. 36th Annual 2002 International Carnahan Conference on Security Technology, October 2002, Atlantic City. New Jersey, USA, pp. 209 - 215, IEEE Catalog Number 02CH37348 ISBN 0-7803-7436-3. [SI Volner, R., Bores, P., Ticha. D.: CATV - orchirecrrire and si,nirlarion network confcrcnce proceedings, The 6th Biennial Conference on Electronics and Microsystems Technology BEC 98, Tallinn. Estonh, October 1998, pp. ? I I - 214 [6] Zilka, Z., Volner, R.: Sysrcm soliitiot~ for trunsmission of inrerucrive .srwicrs on husis of oprical CATV, procecdings of SPIE, 3rd IntCmntional Conferencc Photonics Prague 99, Prague, June 1999, pp.. and Programme & Book of Abstracts pp. 32, ISBN 80861 14-27-9 [7] Klima. M.: Some Remarks On JTC IdenriJicorion Mdhod For Seciirih Pwposes. Proceedings of 32nd Annual 1998 International Camahan Confcrence on Sccurity Technolopy, October 1998. Virginia. USA, pp. 163-168 [8] Klitiia, M.: Evalnation of JTC Mrrhod Robiarne.ss in Srcurily Applications, Proceedings of 33rd Annual 1999 International Carnahan Conference on Security Technology, October 1999, Madrid. Spain, pp 233-237. IEEE Catalog Number Y9CH36303, ISBN 0.78035241-5.
SELF-ORGANIZING INTELLIGENT NETWORKS
Fundamentally new and disruptive technologies are producing new networking applications, which, in turn are creating a far greater dcniand for cornniunication services and rcsourccs than in the past. This section describes a self-organizing intclligenl networks paradigm in which networks can reconfigure network topologies and provision resources and services dynamically. It also describes an end-to-end intelligent network application, shown in Figure 3, in which a network monitors itself, leams about its environment and the environment's impact on network resources, makes intelligent decisions, and takes appropriate actions based on prior network behavior-as observed over time-on an application or service basis. Figurc 3 is essentially the same Figure 2, with the addition of a self-organizing capability made possible by the use of an input and response processing (IRP) feedback loop. It is assumed that the network elemcnts in Figure 3 are interconnected by a system similar to the management communications network systcm. The figure illustrates the important role the network management system plays in the self-organizing network paradigm. 5.
REFERENCES
CONCLUSION
Because of the way network technology is being developed today. it is difficult to know-before it is deployed-if an endto-end setup of networking devices will really be beneficial in the field. One reason for the difficulty is that the behavior of the network layers is not well understood and is still evolving, another is thc rapid growth in the number of applications on the network. A variety of technology trcnds have made it
33
Table I - Entity structure
Table 2 - Cormnunications events
Task name
Effects
Name of the task Generic or specific Agent performing the task Activity to be performed Thing to he performed Thing to be acted upon Event that successfully terminates or renders the task successfully priority status (for example, active, halted, waiting, inactive) timing requirements source of task command fro example, tools, time, resources, and events needed to perform the task enabling conditions that must bc satisfied to begin, or continue, the task information that may be required a plan for executing the task functions that may be called algorithms that may be needed expected rcsults of task execution expected costs, risks, benefits estimated time to complete isk
34
I WAN
't....................................................
.
i
Fibre Optic System
...................................................... !
~
_ _ _ _ _ _ Security system -
MAN
Metro police
CATV network
Other centre CATV
Figure I - The CATV interactive system can he structured in a hierarchical way for system scalability and evolution
35
etwwt management
Accounting manager
Figure 2 - Mapping of layers of network intelligence
36
CPE -Customer premijer equipment' DWDM -.Dense waveten& division rnultip6ing SOH S y n c h g & aig$al'hierarchy
-
Figure 3 - End-to-end intelligent network application
37
SONET- Synchronousoptical:netwoK W N -virtual IOCal area netwok. W -Mrtuai piiveto ri-:
