1 / 36

Bayesian Network Awareness

BoF Rm A10/A11. Bayesian Network Awareness. Bill Rutherford Loki Jorgenson Marius Vilcu. Awareness … ???. Main engine failed to fire. Awareness Success Stories. Electrical power grid load prediction User analysis trend modeling - TV schedules – spike prediction Weather prediction

duff
Download Presentation

Bayesian Network Awareness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BoF Rm A10/A11 Bayesian Network Awareness Bill Rutherford Loki Jorgenson Marius Vilcu

  2. Awareness … ??? Main engine failed to fire

  3. Awareness Success Stories • Electrical power grid load prediction • User analysis • trend modeling - TV schedules – spike prediction • Weather prediction • Sensor correlation • trend modeling – storm prediction • Internet prediction • Weather maps • trend modeling – build out prediction

  4. Proprioceptive Concept • Sense of relative disposition of body • Self meta-view of body status and dynamics wrt look ahead context • Situation awareness – nerve system • Self awareness – pain emphasis !!!

  5. What is Network Awareness? • “The ability to sense the network environment and construct a state description” • Peysakhov et al., 2004 • “The capability of network devices and applications to be aware of network characteristics” • Cheng, 2002

  6. What is Network Awareness? • “The ability to answer questions quickly and accurately about network behavior” • Hughes & Somayaji, 2005 • “Realizing that each component of the network affects every other one: The people, packets, machines, subnets, sessions, transactions, traffic, and any movement on the network on all layers” • Bednarczyk et al., Black Hat Consulting whitepaper

  7. Some Terminology - Autonomics • Autonomics: full self care • Healing • Configuring • Protecting • Optimizing

  8. Autognostics • Autognostics: key player in autonomics • Capacity for networks to be self-aware • Adapt to applications • Autonomously • Monitoring • Identifying • Diagnosing • Resolving issues • Verifying and reporting

  9. Autognostics within Autonomics

  10. Autognostics Benefits • Provides autonomics with basis for response and validation • Supports self: • awareness • discovery • healing • optimization

  11. Why Bayesian Network Awareness? • One possible implementation of several characteristics of Autonomic Networking • Combines Bayesian theory with Neural Networks (Bayesian - proven technology- success stories) • Calculates the probability of certain activities that may happen within a computer network

  12. Bayesian Success Stories • Add probabilities to expert systems • NASA Mission Control • Vista System • Email • Spam Assassin • Office Assistant • paperclip guy

  13. Belief Network • What we "believe" is happening • What our beliefs are based on • How we might find out if not true • Example of a belief network • NASA Mission Control – all ok ? • Use of belief networks • Probability of problems – abort ?

  14. Bayesian Belief Network? • Powerful knowledge representation and reasoning tool under conditions of uncertainty. • Recently significant progress has been made in the area of probabilistic inference on belief networks. • Many belief network construction algorithms have been developed. • Defined by DAG and CPT

  15. Bayesian Network - DAG • Directed acyclic graph (DAG) with a conditional probability distribution for each node • Bayesian Network uses DAG to represent dependency relationships between variables • DAG structure of such networks contains: • nodes representing domain variables • arcs between nodes representing probabilistic dependencies.

  16. DAG Example Node packetCollisions packetDrops packetBlackHoles packetMalforms Arc or Edge packetLoss

  17. Bayesian Network - CPT • Second component consists of one conditional probability table (CPT) for each node • Nodes represent network activity • Activity can be ranked into ranges • Low – Medium - High • Activity baseline can be learned in an ongoing manner

  18. BNA: Concept 1 • Filter out everything normal on an ongoing basis so we can see only what is really not normal (pain) with minimal false positives • Concentrate design effort on the most critical components • monitor stack distributed event reconstruction • sensor node architecture

  19. HTTP DNS SMTP Telnet UDP Analyzer TCP Analyzer IP Analyzer Monitor Stack Concept Vector of Scalars Sensor Nodes Packet Stream

  20. BNA: Concept 2 • Feed forward adaptation – live data • Enhance granularity for hot issues • Use effectors for proactive intervention • Validate intervention-outcome relation • Self supervision • Growth-Prune model • right size to context

  21. BNA: Concept 3 • Implement proprioceptive concept • Proprioceptive meta-view • Abnormal activity (pain) reactivity • Conditioning - look ahead context • Generalize to novel data • Learn how to adapt

  22. SupercomputingConcept • Integrate BNA into compute, storage, visualization infrastructure • Learn particular eccentricities • apps … network events • distributed context • Similar to NASA

  23. Sensor Nodes • Data input nodes of neural network • Sensor nodes receive monitor stack output • Statistics by category – metadata structure • Stream event summaries • Special protocol events • Distributed event correlations • Usually accept a vector of scalars • Each scalar has an associated weight which can be adjusted by learning

  24. Known Issues/Challenges Scalability - computationally extremely expensive Bayesian inference relies on degrees of belief not an objective method of induction Generalization to novel data is problematic Bayesian Network maintenance over time The construction of belief networks remains a time consuming task overall

  25. Perceived BNA Potential what scalars have meaning wrt BNA key indicators how change network then validate what effectors how validate how interface to operators analysis/decision - output

  26. Open Discussion

  27. END

  28. Probability of Engine Failure 1 • Keneth H. Knuth, Intelligent Systems Division, NASA • Bayes Theorem as a learning rule • tells us how to update our prior knowledge when we receive new data • p(model|data, I) is called the posterior probability • what we learned from data combined with our prior knowledge • I represents prior information

  29. Probability of Engine Failure 2 • Keneth H. Knuth, Intelligent Systems Division, NASA • p(model|I) is called the prior probability • describes the degree to which we believe a specific model is the correct description before we see any data • p(data|model, I) is called the likelihood • describes the degree to which we believe that the model could have produced the currently observed data. • denominator p(data|I) is called the evidence

  30. Strategies for Sensor Nodes 1 • Use sparse matrix approach • Minimal number for what is important • Reduce overall network complexity • Disable nodes that are not contributing • Minimize number of edges in DAG • Minimize CPT size

  31. Strategies for Sensor Nodes 2 • Growing sensor based neural gas • Use self organizing map (SOM) • right size SOM growth • SOM/Sensor growth/prune model • Self organizing overlay network • Self determined connection model • Top level handoff to Bayesian nodes • node model • commonalities • Inherit behaviour

  32. What is a Monitor Stack 1? • typical link packed with heterogeneous traffic - sources of variety • Packets from different hosts, particular conversations - applications • Some carrying asynchronous unidirectional communiqués with no acknowledgement • Each packet has series of headers • direct the operation of protocols

  33. What is a Monitor Stack 2? • Pace and duration of connections is variable • Automated transactions such as name server and HTTP requests often take less than a second • Login sessions operated directly by humans may persist for hours • Payloads carried vary remarkably between applications. • Some hold exactingly formatted text, others encode manual edits of users at keyboards • Others send binary data in large blocks

  34. What is a Monitor Stack 3? • Monitor stack uses protocol analyzers to reduce and segregate traffic • Packets produced by layered protocols so monitors similarly layered • statistics about lower protocol layers • reconstruction of data streams

  35. Similar Solutions • Netuitive’s Real Time Analysis Engine • Continuously analyzes and correlates various performance variables, such as CPU utilization, memory consumption, thread allocation, traffic volume • Uses self-learning correlation and regression analysis algorithms to self-discover and study the relationships among variables • Automatically determines normal system behavior and predicts abnormalities, and triggers alarms

More Related