Intelligence Security Home Network

Rudolf Volner, PhD.

Institute for BioMedical Engineering,
Zikova 4. 1 66 36 Prague 6
Czech Tcchnical University in Prague,
E-Mail: vulneriiotibmi.cviIt.cz
ABSTRACT
The term sccurity network intelligence is widely used in the
lield of communication security network. A number of new
and potentially concepts and products based on the conccpt of
security nctwork intelligence have been introduced, including
smart llows, intelligent routing, and intelligent web switching.
Many intelligent systems focus on a specific security service.
function, or devicc, and do not provide true end-to-end
scrvice network intelligence. T N ~ sccurity network
intelligence requires more than a set of disconnected
elements, i t rcqtiircs an interconnecting and functionally
coupled architecture that enables the various functional levels
to interact and communicate with each othcr.
We propose a uniform work for understanding end-to-end
communication security network intelligence (CSNI), which
is defined as the ability of a network to act appropriately in a
changing environment. We consider an appropriate action to
be one that increases the optimal and efficient use of network
resources in delivering services, and we define success as the
achievement of behaviour sub-goals that support the service
providers ultimate goals, which are defined external to the
network system. The work presented incorporates the
functional elements of intelligence into computational
modules and interconnects the modules into networks and
hierarchies that have spatial, logical, and temporal properties.
Bascd on the work proposed, we describe an end-to-end
multi-service network application spanning the network
security management layer, optical layer, switchingirouting
layer, security services layer, and othcr layers.
Keywords: security, network, communications
1. INTRODUCTION
The study of security network intelligence is an extremely
active area in the field of communications. Thanks to the
latest advances in data communications - especially in ,the
services sector and in the communications software,
photonics, and programmable technologies areas - service
providers are spending millions of dollars a year on an
increasinsly intelligent communication infrastructure and
applications. Research in the areas of learning automata,
intelligent agents technologies, intelligent data-mining,
knowledge discowry, data-driven task sequencing, intelligent
databases, wire-speed real-time databases, virtual modelling,
and sophisticated communication network modelling has
0-7803-7882-2/03/$17.0002003 IEEE
MUDr. Lubomir PouSek
Institute for BioMedical Engineering,
Zikova 4, 166 36 Prague 6
Czech Technical University in Prague,
E-Mail: puusek@ubmi.cvut.cz
provided insights into intelligent computing processes.
Significant progress has been made in rule-based
reasoning, planning, and problem solving.
Future generation networking will be characterized by
the need to adapt to the demands of agile networking,
which include rapid response to changing customer
requirements, automated design and engineering, lower-
cost services, transparent distributed networking,
resourcc allocation on demand, real-time planning and
scheduling, increased quality, reduced tolcrance for
error, and in-process measurement and feedback. Future
networking systems will require automated intellisent
networking features that apply intelligencc to the domain
of networking in such a way as to make possible the
realization of a full range of agile and adaptable
networks.
Cable operators will have to face the commercial and
operational strategy for:
Building out or upgrading to bi-directional (two
way) networks,
Offering voice tclephony to residential and business
consumers,
Offering multi-channel digital television,
Video-on-demand,
Home shopping,
Home banking,
High-speed Internet,
Home security.
The purpose of distributing the central information
server function locally is to reduce the network
communications costs by allowing subscribers to access
videos through their local information servers. Thus, the
distributed interactive information system architecture
design needs to be closely aligned to the subscriber
access pattern and the marketing strategy. For example,
if the system places the most frequently viewed ,,hot
informations as close to subscribers as possible, i t is
expected that the network communication costs
associated with these hot information accesses can be
significantly reduced. In this system, an infomation
archive is still needed in case the local information
server cannot provide informations requested by users.
Note that each local information server may be a mini -
central information server, and its information contents
may be downloaded OK-line from the central information
server and updated periodically. This concept is similar
Residential and business telephony,
30
to todays library but will be served by other local libraries if
the serving local library cannot provide the service.
The distributed interactive information system can be
structured in a hierarchical way for system scalability and
evolution. I t can start from an initial two level system with a
central information server and several local information
servers to a systcm with as many levels of the hierarchy as
needed. The number of levels needed depends on the network
size, network costs, and network performance requirements.
The CATV interactive system can be structured in a
hierarchical way for system scalability and evolution - Figure
1. It can start from an initial two-level system with a central
video server and several local video servers to a system with
as many levels of the hierarchy as necded. The number of
levels needed depends on the network size, network costs and
network performance requirements. Compared with the
centralized video system, the distributed CATV video server
may have a lower average network connection cost an higher
system reliability, but at the expense of a significant amount
of local storage systems needed.
2. DEFINITION OF NETWORK
I NTELLI GENCE
Intelligent security and communication networks must at least
be able to understand the security and communication
environment, to make decisions, and to use and manage
network resources efficiently. More sophisticated levels of
security network intelligence include the ability to recognize
user, application, service provider, and infrastructure needs,
as well as expected and unexpected events, the ability to
present knowledge in a world model, and the ability to reason
about and plan for the future.
For the purposes on this paper, CSNl i s defined as the ability
of a network system to act appropriately in a changing
environment. An appropriate action is one that increases the
optimal and efficient use of network resources in delivering
high-quality services, success is the achievement of
behavioral sub-goals that support the service providers
overall goals. Both the criteria for success and the service
providers overall goals are defined external to the intelligent
security network system. Typically, they are defined by the
service providers business objectives and are implemented
by network designers, programmers, and operators. CSNl is
the integration of knowledge and feedback into an input and
output-based, interactive, goal-directed, security, networked
system that can plan and generate effective, purposeful action
directed toward achieving goals.
Network intelligence will evolve through growth in
computational power and through the accumulation of
knowledge about the types of input data needed for making
decisions concerning expected response, and about the
algorithmic processing required in a complex and changing
communications environment. Increasingly sophisticated
network intelligence makes possible look-ahead planning,
management before responding and reasoning about the
probable results of alternative actions. These intelligent
network capabilities can provide service providers with
competitive and operational advantages over traditional
networks.
End-User Layer
The end-user security intelligence layer provides the
capabilities needcd at the uscrs prcmiscs, which arc not
normally considered part of the service providcrs
networks. Because of improvements i n the access
bandwidth available to the end-user, the importance of
this layer i s continuing to grow. New developments in
the Internet, home networking, and wired and wireless
technologies are fueling the growth of the end-user
intelligence layer. The increased bandwidth permits
expanded intelligence within the equipment deployed in
the customer premiscs and requircs additional
functionality and coordination within the scrvicc
provider space. These changes could make it possible to
provide content to the user premises in anticipation of
user needs and at times when there i s less use of the
service providers network. Furthermore, intelligence at
the end-user layer will be imponant in supporting new
serviccs tailorcd to the usage patterns and interests of
users.
Application Lager
The number of new network applications and services to
be supported continues to increase rapidly. The traffic
generated by these applications creates different trattic
load and flow patterns, depending upon whether or not
the applications are:
real-time,
computation intensive,
network topology dependent,
end user dependent,
high bandwidth,
delay sensitive.
In order to properly design, evaluate, and deploy
efficient network equipment for an application
environment, a service provider must have a good
understanding of the source models of the network
application traffic. I n particular, one would like to find
characteristics of how an application host generates
network traffic that are invariant over time. There are a
number of reasons-based on application architecturcs,
design, and human factors-why application traffic may
vary significantly. They include:
user access type,
application communication methods,
Intelligent service mediation techniques are used to
control access to network services and to customize
behavior for the service provider, application provider,
and end user. Application security layer intelligence will
allow application service providers to manage
application and return on investment-by dynamically
matching appropriate resources with applications
demands.
single transaction vs. multiple linked transaction
applications,
end user input and interaction strategy.
31
Subscriber Layer
The subscriber-based intelligent network environment
consists of a group of customer premises equipment (CPE)
devices communicating and sharing one or more resources in
a dcccntralizcd way. This type of networking dcmands certain
intercsting relationships bctwecn thc scrvice providers
network clements and the CPE devices. Good examples of
subscriber-based intelligence are peer-to-peer network
applications, cluster-computing networked parallel
processing, and mapping of logical storage area networks on
physical or virtual network topologies. Some of these
applications demand particular logical network topologies to
enablc the applications. New applications and new business
models are pushing service providers to support these
environments. The advantages of using subscriber-based
intelligence are that it speeds up algorithm execution,
minimizes inter-node comnlunication delays, improves
resource utilization, and provides fault tolerance by restoring
network connectivity (transparently to the user) when faults
occur. Furthermore, it allows features and services to be
customizcd for pre-designated user groups or for an
individual user. In this environmcnt, a user would be able to
select preferred network resource characteristics (such as
virtual topologies), to active personalized features (from
skins through connection speeds), and to provide
infonnation to the system to improve its performance.
Service Provider Layer
Security service provider layer intelligence makes it possible
to carry end user traffic by applying service provider
constraints to end used needs. Intelligent tunneling, virtual
network switchinglrouting in virtual private networks
(VPNs), load balancing networks, and virtual local area
networks (VLANs) are examples of service provider
intelligence. This layers features include quality of service
(QoS), isolation, load distribution, and policing capabilities
that allow service providers to deliver flexible, measurable,
and enforceable service-level azreements (SLAs) to other
service providers and to subscribers and to deliver real-time
and non-real-time services from multiple sources. This
enables a service provider to provide large service providers
with dedicated virtual resources and to allow small service
providers to share virtual resources that are managt-d
administratively by the service provider.
Programmable Technology and Control Layer
This layer provides interoperabiliw and adaptability across
heterogeneous networks that support a wide range of
signaling protocols. The programmable switches translate
industry signaling protocols into a generic signaling format,
simplifying the addition of new protocols. This capability
allows legacy service providers and new service providers to
provide rich, seamless interoperability between their network
domains and enables signaling inter-working between
multiple vendor gateways.
I nfrastructure Provider Layer
Broadband technology promises a convergence of
technologies and service platforms. A variety of factors are
forcing todays leading service providers to change how they
do business and hence, the way they build and evolve
their next-generation networks. Increasingly, service
providers are being pressured to build networks capable
of supporting a variety of old and new infrastructures
and to provide new value-added services at the lowest
possible initial and incremental price. The problems
inherent in simultaneously supporting an existing
network and deploying a new multiservice infrastructure
point to a solution that avails itself of the benefits of the
frame relay, asynchronous transfer mode (ATM), IP, and
dense wavelength division multiplexing (DWDM)
technologies. Infrastructure layer intelligence provides
the capabilities to deal with these complexities.
Technologies such as all-optical DWDM and
multiservice platforms are making possiblc a
convergence of technologies and service platforms, in
this layer, network solution can operate in dynamic,
reconfigurable, multivcndor, multitcchnology. and
multiprotocol environments.
Network Management Layer
Network management layer intelligence deploys,
integrates, and coordinates all the resources necessary to
configure, monitor, test, analyze, evaluate, and control
the security and communication network to meet
service-level objectives. The goals of network
management are efficient use of resources, control of
strategic assets, minimization of downtime, management
of constantly changing communications technology and
services, and reduction of the cost of network operations.
Intelligence within the network management layer must
integrate diverse services, networks, technologies and
equipment.
The network structure in Figure 3 captures the security
and .communications intelligence information flow
depicted in Figure 2. In Figure 3, the layers with clouds
represent virtual entities or soft devices. Even though
Figure 3 depicts network management as a separate
layer, some network management functions are actually
distributed across the other layers embedded in element
management systems. For simplicity and convenience,
this embedding is not shown.
3. ENTI TI ES IN THE SECURI TY AND
COMMUNI CATI ONS MODEL
The security and communications model contains
information about stored network entities. The
knowledge database contains a list of all the entities that
the intelligent network system knows about. A subset of
this list is the set of current entities known to be present
in any given situation. A subset of the list current entities
is the set of entities-of-attention on locality of reference
properties.
There are two types entities:
generic,
specific.
A generic entily is an example of a class of entities. A
generic entity structure contains the attributes of its
class. A specific entity is a particular instance of an
32
entity. A specific entity structure inherits the attributes of the
class to which i t belongs. An example of an entity structure is
shown in Table I .
Communications events
A communications events in an intelligent network node is a
spate, condition, or situation that exists in a network at a point
in time or occurs over an interval of time. Events are
represented in the communications model with attributes in
time and space. Event attributes may indicate such things as
start and end time, duration, type, and relationship to other
events. An example of an event structure is shown in Table 2.
Communication task
Communication task knowledge is knowledge of how to
perform a task, including information about the algorithms,
protocols, parameters, time, events, resources, information,
and conditions required and the costs, benefits. and risks to be
expected. In a network node, task knowlcdge may be
expressed implicitly in algorithms, software, or hardware, or
explicitly in data structures or a network node database.
A communication task Structure is represented as a data
structure in which task knowledge is stored. In systems in
which task knowledge is explicit, a task structure can be
defined for each task in the task vocabulary. An example of a
task structure is shown in Table3.
4. SELF-ORGANI ZI NG I NTELLI GENT
NETWORKS
Fundamentally new and disruptive technologies are producing
new networking applications, which, in turn are creating a far
greater dcniand for cornniunication services and rcsourccs
than in the past. This section describes a self-organizing
intclligenl networks paradigm in which networks can
reconfigure network topologies and provision resources and
services dynamically. It also describes an end-to-end
intelligent network application, shown in Figure 3, in which a
network monitors itself, leams about its environment and the
environment's impact on network resources, makes intelligent
decisions, and takes appropriate actions based on prior
network behavior-as observed over time-on an application or
service basis. Figurc 3 is essentially the same Figure 2, with
the addition of a self-organizing capability made possible by
the use of an input and response processing (I RP) feedback
loop. I t is assumed that the network elemcnts in Figure 3 are
interconnected by a system similar to the management
communications network systcm. The figure illustrates the
important role the network management system plays in the
self-organizing network paradigm.
5. CONCLUSI ON
Because of the way network technology is being developed
today. it is difficult to know-before it is deployed-if an end-
to-end setup of networking devices will really be beneficial in
the field. One reason for the difficulty is that the behavior of
the network layers is not well understood and is still evolving,
another is thc rapid growth in the number of applications on
the network. A variety of technology trcnds have made it
possible to incorporate compulational capability in all
network devices. Unfortunately, although shrinking
technology has made networking devices smart, it has
not always improved their usability.
6. REFERENCES
[ I ] Volner, R., : CATV - Inrerocrive Securirv and
Com,nrmicalion S,v.y,em, proceedings the institute of
electrical and electronics engineers, 34th Annual 2000
International Carnahan Conference on Security
Technology, October 2000 Ottawa, Canada. pp. 124-136
, IEEE Catalog Number 00CH37083, ISBN 0.7803-
5965-8,
[2] Volner, R., : Home .seciirir,v sj,.ylern and CATV, 35th
Annual 2001 International Carnahan Conference on
Security Technology, October 2001 London, England.
pp. 293 - 306 IEEE Catalog Number OICH37186 ,
ISBN 0-7803-6636-0,
[3] Volner, R., : CATV Archi recrnrefor Secifriry. 36th
Annual 2002 International Carnahan Conference on
Security Technology, October 2002, Atlantic City. New
J ersey, USA, pp. 209 - 215, IEEE Catalog Number
02CH37348 ISBN 0-7803-7436-3.
[SI Volner, R., Bores, P., Ticha. D.: CATV - orchirecrrire
and si,nirlarion net work confcrcnce proceedings, The
6th Biennial Conference on Electronics and
Microsystems Technology BEC 98, Tallinn. Estonh,
October 1998, pp. ?I I - 214
[6] Zilka, Z., Volner, R.: Sysrcm soliitiot~ f or
trunsmission of inrerucrive .srwicrs on husis of oprical
CATV, procecdings of SPIE, 3rd IntCmntional
Conferencc Photonics Prague 99, Prague, J une 1999, pp..
and Programme & Book of Abstracts pp. 32, ISBN 80-
861 14-27-9
[7] Klima. M.: Some Remarks On J TC IdenriJicorion
Mdhod For Seci i ri h Pwposes. Proceedings of 32nd
Annual 1998 International Camahan Confcrence on
Sccurity Technolopy, October 1998. Virginia. USA, pp.
163-168
[8] Klitiia, M.: Eval nati on of JTC Mrrhod Robiarne.ss in
Srcurily Appl i cati ons, Proceedings of 33rd Annual 1999
International Carnahan Conference on Security
Technology, October 1999, Madrid. Spain, pp 233-237.
IEEE Catalog Number Y9CH36303, ISBN 0.7803-
5241-5.
33
Table I - Entity structure
Table 2 - Cormnunications events
Task name
Effects
Name of the task
Generic or specific
Agent performing the task
Activity to be performed
Thing to he performed
Thing to be acted upon
Event that successfully terminates or renders the task successfully
priority
timing requirements
source of task command
expected costs, risks, benefits
estimated time to complete
isk
status (for example, active, halted, waiting, inactive)
fro example, tools, time, resources, and events needed to perform the task
enabling conditions that must bc satisfied to begin, or continue, the task
information that may be required
a plan for executing the task
functions that may be called
algorithms that may be needed
expected rcsults of task execution
34
't. ...................................................
I WAN
.
i Fibre Optic System
......................................................
!
Security system -
Metro police
_ _ _ _ _ _ ~ MAN
CATV network
Other centre CATV
Figure I - The CATV interactive system can he structured in a hierarchical way for system scalability and evolution
35
et wwt management
Accounting manager
Figure 2 - Mapping of layers of network intelligence
36
CPE -Customer premijer equipment'
DWDM -.Dense waveten& division rnultip6ing
SOH - S y n c h g & aig$al'hierarchy
SONET- Synchronous optical:netwoK
W N -vi rt ual IOCal area netwok.
W -Mrt uai piiveto ri-:
Figure 3 - End-to-end intelligent network application
37