Research On Network Automation And Security For Optical/electrical Network Based On Telemetry Data Analytics

Recently,with the rapid rise of emerging services such as 5G,Big data,cloud computing,and the wide deployment of virtual technologies such as virtual network embeding(VNE)and network function virtualization(NFV),networks have become increasingly complex and highly dynamic,which brings new challenges to the traditional network control and management(NC&M).Meanwhile,with the popularity of IP-overEON multilayer network architecture composed of elastic optical network(EON)and IP network,it is necessary to achieve unified and efficient management of optical layer and IP layer,which further increases the difficulty of NC&M research and development.To address these issues,researchers propose a new NC&M scheme based on knowledge-defined networking(KDN).By integrating the technologies of softwaredefined networking(SDN),artificial intelligence(AI),network telemetry and data analytics,a closed-loop of "observe-analyze-act" is constructed to realize network automation(NA).Based on KDN,the network automation could reduce the human intervention and increase control efforts,however,it still faces the problem of low efficiency.In the"act" part of closed-loop,the quality of virtual software-defined networking(vSDN)reconfiguration procedure’s solution directly affects the performance of reconfiguration,and then affects the availability of the network.Therefore,it is necessary to study how to optimize the scheduling of vSDN reconfiguration to improve efficiency and complete the "act" part.In addition to the performance improvement of the system,the security could not be ignored in actual application.Hence,it is necessary to study the security of network automation.As reconfiguration is based on the observation and analysis of telemetry data,this work focuses on security issues related to network telemetry and data analytics.Specific research contents and contributions are as follows:·Firstly,in the "act" part of closed-loop,this work studies how to optimize the scheduling of vSDN reconfiguration in hybrid optical/electrical datacenter network(HOE-DCN).In this scenario,vSDN reconfiguration includes the reconfiguration of the EPS(electrical packet switching)-based and the OCS(optical circuit switching)-based networks,and the reconfiguration of optical cross-connect(OXC)will lead to the physical topology change of the optical layer.However,the optimization of vSDN reconfiguration scheduling in dynamic topology has not been fully explored yet.Based on considering the impact of OXC reconfiguration on vSDN reconfiguration,this work first time studies this problem and proposes a parallel vSDN reconfiguration scheduling scheme to improve its efficiency.We first formulate a mixed integer linear programming(MILP)model of this problem and obtain the optimal solution.Then,we develop fast heuristic algorithms to reduce the time complexity.The results of simulations confirm that the algorithms can effectively reduce the overall reconfiguration latency and the impact on quality of service(QoS),and improve the efficiency of vSDN reconfiguration.·Secondly,in the "observe" part of closed-loop,this work studies how to solve the privacy and security problems caused by eavesdropping and tampering telemetry data in the data reporting channel.Therefore,we first time propose a privacypreserving multilayer in-band network telemetry(ML-INT)and machine learning based data analytics(ML-DA)scheme to address these issues.We first leverage vector homomorphic encryption(VHE)and ML model that can diretly operate on encrypted ML-INT data for anomaly detection to overcome the security breaches due to eavesdropping,and then develop a data verification scheme based on encoding and hashing to eliminate the security threats from data tampering.Meanwhile,we implement our proposed ML-INT&ML-DA system in an IP-over-EON multilayer network testbed built with commercial equipment to verify its feasibility,effectiveness and scalability.Simulation and experimental results demonstrate that our proposal can achieve the privacy-preserving feature on the premise of guaranteeing the real-time performance of the system,and improve the privacy and security of telemetry data.·Finally,in the "analyze" part of closed-loop,this work explores the vulnerabilities of network automation brought by adversarial-sample-based attacks.This work takes the lead in the adversarial research of the ML model for anomaly detection in the network automation.We first propose the white-box attack(WBA)and black-box attack(BBA)strategies,respectively,and design effective adversarial sample generation algorithms(Jacobian-based and Self-taught-based)to realize BBA strategy.Then,we craft and leverage adversarial samples to attack ML-based classifier in the network automation,analyze the impact of adversarial samples on the performance of model quantitatively,and extend the results to different types of ML-based classifiers.Similarly,we also build a real-world IPover-EON multilayer network testbed with commercial equipment,and collect a large number of telemetry samples with it for simulations.The results verify that adversarial-sample-based attacks can seriously disturb the normal operation of the network automation.The results will provide an important reference for the defense research of system in practical application.