This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the ICC 2007 proceedings.
Security in All-Optical Networks: Self-Organization and Attack Avoidance† Jae-Seung Yeom1 , Ozan Tonguz1 , and Gerardo Casta˜no´ n2 Department of Electrical and Computer Engineering 1 Carnegie Mellon University Pittsburgh, PA 15213-3890, USA e-mail: {jyeom, tonguz}@ece.cmu.edu 2
Center of Electronics and Telecommunications, Tecnol´ogico de Monterrey Eugenio Garza Sada 2501 Sur, Monterrey, N.L., 64849, M´exico e-mail:
[email protected]. Abstract—While transparent WDM optical networks become more and more popular as the basis of the Next Generation Internet (NGI) infrastructure, such networks raise many unique security issues. The existing protection schemes which only consider unintended failures and only rely on postmortem detection and reaction are not sufficient to provide security assurance for such infrastructures which require timely protection from malicious sabotage as well as inadvertent faults. Moreover, as may have been observed from past practices, providing a particular solution specialized to each incessantly discovered new problems would not dramatically improve the situation. In order to increase the security of future networks we will need to imbed intelligence into the network such that they can continuously learn from the experience in faults and self-organize to protect themselves from potential failures caused by malicious new attacks or ordinary reliability problems. In this paper, we present results with simple vulnerability and attack scenarios in order to demonstrate how the self-organization helps to adapts against new vulnerabilities and avoid attacks.
I. I NTRODUCTION While current optical networks mostly involve optoelectronic conversion at cross-connects, transparent all-optical networks (AON) are becoming more and more attractive, where the wave-length division multiplexing (WDM) provides transparent circuits between end terminals without regeneration but only with amplification in the middle. This transparency is desirable in many respects. For instance, it helps to avoid the bottleneck with optoelectronic conversion at each switch, therefore saves cost (less transponders), provides a simple way for heterogeneous terminals to share network resources, allows various customer-centric services, and enables terminal upgrades without requiring the entire network to reconfigure. However, transparency raises many security vulnerabilities as well as reliability issues which do not exist in traditional optoelectronic networks [1], [2]. In WDM systems, multiple optical signals co-propagate in fiber and optical components, possibly affecting each other directly or indirectly. Then, the quality of a signal is sometimes dependent on or degraded by other signals. Moreover, in a transparent channel, a signal
is not regenerated in the middle of a lightpath. Therefore, signal degradation is accumulated over the path. It has been discussed how signals can be maliciously designed to pass through transparent components, causing undesirable effects at remote components and degrading other signals passing through the components [1]. While there are many reliability studies to defeat physical layer impairment problems in AONs, these measures require human operation to adapt to network changes or concentrate on failures that are most likely to happen. On the contrary, it is less important to attackers how often a fault occurs spontaneously. Attackers rather have more interest in failures that can be repeted aven if those are rare. In addition, attackers may use automated software to repeatedly cause a fault far more often than it would occur otherwise. Attackers who artfully exploit well-known or newly discovered or unexpected vulnerabilities may circumvent the existing countermeasures. Then, it may become necessary to shutdown the affected part of the network or to leave it vulnerable until a human operator diagnoses the problem and comes up with a solution, which is unacceptablly long in many cases. As the resource provisioning paradigm moves toward more dynamic regimes, the IP layer, which may be currently accessed by users or attackers, is directly placed on top of the WDM layer, and new emerging technologies comes into play, failure management has become a very important issue to offer a secure and resilient network [3]. Meanwhile, many traditional protection strategies for optical networks would become insuf cient with these trends, which rely on postmortem detection and reaction against pre-informed vulnerabilities after the damage caused by failures. A complementary strategy is to handle unexpected failures and avoid potentially malicious or dangerous attempts before they are casted into attacks and begin causing damages. In particular, considering the high data rate on optical channels, a service disruption even for a short period of time would be disastrous. Thus, our strategy is based on two approaches: to avoid attacks as much as possible and
1-4244-0353-7/07/$25.00 ©2007 IEEE
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the ICC 2007 proceedings.
to provide a more fundamental way of managing failures and potential threats by autonomous adaptation In this paper, we present some preliminary results which show how self-organization can help to achieve these goals. The rest of the paper is organized as follows. In Section II, we briefly identify the threat of concern in AONs, and discuss existing countermeasures. In Section III, we describe how a network can learn to self-organize to reduce potential failures in the future. In Section V, we demonstrate how an attack can be avoided with self-organization via a simulation experiment. In Section IV, we describe our WDM network simulator and optical component modeling included in the simulator.
path setup request
RWA decision
update classifier
change state user traffic
network
channel quality
input
state machine
output
feature vector (state)
label
data
learning
II. T HREATS AND RELATED WORK In this paper, we focus on such cases where the goal of attacks is disruption or degradation of service by exploiting physical layer impairments [1]. An attacker may directly inject malicious signals from compromised optical components or manipulate components which may affect information-bearing signals. Such an attack requires full access to the components (including physical access and the control software of the components). However, optical components such as cross-connects are typically locked in a secure facility with restricted access. Therefore, one might consider such a direct attack unlikely, but insiders have all the capability. Past experiences show that the computer related crimes by insiders (i.e., employees of a company as well as ex-employees and partners) are as significant as those coming from outsiders [4]. Furthermore, as the IP-over-WDM vision comes true, the control of IP and WDM layers are being merged. In supporting the merged control efficiently, IP and WDM components may become integrated as well. In such a case, it is also likely that the management of IP and WDM layers becomes merged. The more tightly merged are they, the more risk is shared between IP and WDM layer. As the network size grows and equipments become sophisticated, many device vendors also provide management systems which can be remotely operated by automated management softwares. However, such softwares are often found vulnerable and can be exploited for attacks on network infrastructures [11]. Network security countermeasures are categorized into three types of practices: prevention, detection and reaction. Since attacks are achieved via physical layer impairments, limiting the physical layer vulnerabilities is of common interest in both reliability and security researches. In transparent optical networks, prevention schemes which aim to reduce vulnerabilities include network design, component design, provisioning, and operational regulations, etc. In general, two approaches exist to assure reliable optical channels in the presence of physical layer impairments: the routing constrained by estimated physical layer impairments and the network architecture design to guarantee the service quality in every possible case in the given network and traffic demand [5]–[10]. Their strengths and weaknesses are discussed in detail in [11]. While these measures are more adequate to guarantee the strict sense of reliability under a given condition, they lacks the capability
Fig. 1. Self-organizing mechanism: The network is modeled as a state machine. The approximate functional relationship between states and outputs of the state machine is learned, and then used to routing make decision.
of adaptation to network expansion, component upgrade or aging, and creative attacks. In addition, they tends to prepare for the worst case when various effects are involved while limiting the utilization, or focus on a limited set of impairment effects which are most likely to happen spontaneously while being unprepared for the unexpected [5], [9]. On the other hand, the agile adaptation to network condition changes and creative attacks is crucial for perpetual availability, which is not provided in many cases when human intervention is required. Our goal is to address this problem with autonomous adaptation against new vulnerabilities and the effective recognition of risk. Monitoring and detection methods in AONs are discussed in [12]–[14]. Failure location algorithms which provide a framework to locate faults and attacks in AONs also exist [15]–[17]. Countermeasures against eavesdropping on optical channel, such as a new medium access protocol and quantum cryptography, are discussed in [18], [19]. III. S ELF - ORGANIZING NETWORKS In this section, we briefly introduce the self-organization design presented in [11] and discuss how the approach achieve self-organization with experimental results. A. Design and Implementation The purpose of self-organization is that if a network experiences significant physical layer impairment problems in certain network conditions, it learns them, and then tries to keep away from any of such conditions or unforseen but similar conditions which are expected to produce similar or worse performance. For example, instead of blindly using the first-fit route as in the fixed alternate routing protocol, it chooses the safest route satisfying the connection request. The key difference from the previous works is that such intelligence is obtained without the human intervention or the detailed knowledge of the network component subsystem and is updated autonomously as the network changes. We use supervised machine learning approach for pattern classification to support this.
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the ICC 2007 proceedings.
data
observing
learning
classifier (a) Learning cycle continuously alternates between observing and learning stages Fig. 2.
0th
1st
2nd
3rd
(b) Incremental learning using current and previous data
Learning for autonomous and perpetual adaptation
Here, we define a network as a state machine, where the current state of a network is defined as the current set of wavelength usage status on each link in the network and two supplemental information [11]. A single lightpath setup request makes a transition between states deterministically and there are only a finite number of states. At a given state, the network takes traffic as input and produces output which is the worst channel quality at that state of the network in terms of the bit error rate or the packet drop rate of a channel. Current state-of-the-art technology provides such networkwide performance monitoring up to a certain degree [20]. We assume that complete bit error statistics are available, though in practice every error checking code has detection limitation. We plan to further study this issue with a semi-supervised learning using the expectation maximization (EM) algorithm [21]. Many physical layer impairment effects strongly depend on the wavelength usage and the lightpath setup status on top of the physical topology [8]. For example, the optical signalto-noise ratio (OSNR) penalty due to cross-phase modulation (XPM) is often considered as a monotonic increasing function of the number of wavelength used on the fiber and of the power per channel, and a decreasing function of dispersion and channel spacing [8]. Therefore, we believe that it is adequate to define network state using wavelength usage status and the two summary values in regard to end-to-end paths. The self-organizing network requires a two stage learning cycle to improve the way of adaptation by itself: observation stage and learning stage. The initial stage is the observation stage and the learning process continuously alternates between the two stages. What we observe is the worst channel quality at a state of the network. What we learn is the relationship between the channel quality and a network state; in other words, the classifier (or the boundaries between channel quality classes). Observed data is used in the next learning stage, and the learned classifier is used in the next observation stage. The duration of an observation stage is dependent on the time required to collect significant data for learning, which is dependent on the number of features in the data representation as well as the data distribution. In our experiment, each observation stage spends around 160 seconds in simulation clock while producing around 27,000 examples. The duration
of learning is dependent on the processing capability and the size of given data. In our experiments, it takes longer than 30 minutes using a Pentium 4 2.0 GHz machine in general. The worst case complexity of support vector machine (SVM) learning algorithm is O(dL l2 ), where dL is the dimension of data and l is the number of data [22]. There exist many decomposition algorithms to support parallel computation, although none is applied to our computation [22]. In conclusion, it is important to reduce the feature space in addition to designing an efficient one. Due to the uneven data distribution, some state may be observed less often than others, or may not even be observed. Whereas it is desirable to collect and use sufficient data, the duration of data collection and learning has to be minimized. During the cycle of learning, the learning is incremental in such a way that each learning stage learns from half of the examples used in the previous learning stage as well as the examples collected from the current cycle, as shown in Figure 2. Thus, applying a new classifier, though premature, may expose rare state examples, making the classifier more robust, thus making the learning faster. Raw data are composed of the feature values for wavelength usage status and two supplemental information at each state, and the corresponding channel quality at each state. To prepare the final feature vectors to feed the learning algorithm, four additional processing steps are applied. First, feature values are normalized, then the principal component analysis (PCA) is applied to reduce the sparse matrix into a smaller but denser matrix. Then, after assigning a label to each feature vector, the linear discriminant analysis (LDA) is applied to make the classes more distinctive [21]. Finally, the individual PCA (IPCA) is applied to make the principal pattern more visible within each class [21]. As a result, 5 features are selected from the LDA transformation, and 5 features are selected from each of the IPCA transformation. Therefore the dimension of the features space is reduced to 15. These choices of feature numbers require further investigation. However, we do not pursue this issue in this study. Support vector machine (SVM) with a radial basis function (RBF) kernel is used for learning [22]. The final classifier model is selected from crossvalidation among the learning parameter combinations. The fixed-alternate first-fit RWA routing decision module is extended to include SVM classifier module, and SV M Light is modified to support online classification of an individual example [23], [24]. The classifier uses the classifier learned from the previous learning stage to classify given examples (states) and helps make better routing decisions in terms of channel quality. Before making a routing decision and allocating a new lightpath, the classifier decides which of the future states by the requested transition (a lightpath setup request) leads to the safest state, where the safety measure is the distance from the class boundary in the safer class direction. Then, the new lightpath is granted for the safest transition [11].
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the ICC 2007 proceedings.
B. Preliminary Result
x 10
5
Packet Drop Rate
Packet Drop Rate
9 8 7 6 5 4
x 10
4 3 2 1
3 2
0
1
2
3
4
5
6
0
7
0
1
(a) Packet drop rate (8 λs)
Avoidedance Rates
Avoidedance Rates
4
5
0.5
0.5 0.4 0.3 0.2
1
2
3
4
5
6
0.45
0.4
0.35
7
1
2
Learning Cycle
3
4
5
Learning Cycle
(c) Avoidance rate (8 λs)
(d) Avoidance rate (16 λs)
0.5
0.16 0.14
Blocking Rate
0.45 0.4 0.35 0.3 0.25
3
(b) Packet drop rate (16 λs)
0.6
0.1
2
Learning Cycle
Learning Cycle
Blocking Rate
Figures 3(a) and 3(b) show that the packet drop rate decreases and converges as the learning cycle increases. The comparison between the left plots and the right plots in Figure 3 shows the difference between self-organization behavior of a heavily loaded network and a lightly loaded network. The same traffic load is injected into networks with 8 channels per link (left) and 16 channels per link (right). Figure 3(a) and 3(b) also shows how the self-organization reaches the mature point as the learning cycle proceeds, and that there is a difference in convergence speed between the two networks. The avoidance rate shown in Figures 3(c) and 3(d) means the ratio of the use of the alternate route when the primary route is still available. It may be used to decide when to pause the learning cycle together with the packet drop rate. However, the learning cycle needs to restart with environment changes, such as equipment upgrades or topology changes. Figures 3(e) and 3(f) show that the blocking performance gets worse while the packet dropping performance improves as the learning cycle proceeds. (The blocking rate here does not include the channels which are allocated but not able to satisfy the required quality. It simply considers the blocked channels due to wavelength availability.) It could be explained from the fact that the advantage of first-fit scheme is the better utilization of wavelength space by efficiently organizing in-use wavelengths towards the lower end of the wavelength space and allowing higher chance of wavelength allocation to a new lightpath setup request [24]. In a sense, the fixed-alternate routing algorithm is simply an extension of such a logic. However, self-organization somehow disrupts such ordering by arbitrarily switching between two routes, and therefore increases blocking probability. We believe that if the selforganization is given more degree of freedom in choosing wavelengths, this tradeoff problem might be mitigated. Our future work will address how self-organization can take the call blocking issue into consideration [25], [26]. The classification speed depends on many factors. In our experiment scenario, it takes the order of microseconds by using Pentium 4 2.0 GHz machine. The faster the speed, the more dynamic and short-termed bandwidth allocation would be feasible. According to [22], the computation complexity for classification is O(M Ns ) where M is the number of computations needed to evaluate the kernel and Ns is the number of support vectors. In case of the RBF kernel used in our experiment, M is O(dL ), where dL is the dimension of feature vectors, and Ns is O(l), where l is the number of training examples. Thus, in the worst case, classification complexity will be O(dL l). Fortunately, there exist many parallelization algorithms to speed up this calculation though none is applied to our computation [22]. dL is dependent on the data distribution. l is dependant on dL . The larger the dL , the more data is required to obtain meaningful information. When data are separable, the feature space can be further reduced to a smaller dimension space without loosing much of the information from the data. One way to make data more
−5
−6
10
0.12 0.1 0.08 0.06 0.04
0
1
2
3
4
5
6
Learning Cycle
(e) Blocking rate (8 λs)
7
0.02
0
1
2
3
4
5
Learning Cycle
(f) Blocking rate (16 λs)
Fig. 3. Self-organizing behavior of the network with 8 channels (left) and 16 channels (right) per link
separable is to design the feature space (state representation) in that way. In fact, whether data are separable or not depends on numerous factors. The detailed discussion is out of the scope of this paper, but discussed in detail in [21]. In our setting, we used 20,000 sampled data with feature space dimension of 15 in the network of 36 nodes. Therefore, the complexity of routing decisions is O(300, 000) [11]. On the other hand, the complexity of the algorithm presented in [6] is O(n4 ) = O(1, 679, 616). IV. E XPERIMENTAL S ETUP OF THE PHYSICAL LAYER IMPAIRMENT SIMULATION
During the simulation, we have used a network with 6x6 regular grid topology for simulation efficiency, though the use on irregular topology could have made learning easier due to the potentially more conspicuous patterns molded by irregularity. Each node has 8 or 16 transponders depending on
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the ICC 2007 proceedings.
the number of channels supported, and nodes are connected to each other by a OC-12 duplex fiber link. The propagation delay of each link span is 0.268 msec. Each simulation run lasts around 155 seconds while 5,637,009 packets are transmitted and 27,141 lightpaths are setup on average. The size of a packet is chosen as 16,320 bytes for simulation efficiency. Traffic is randomly generated for the 100 pseudorandom pairs of source and destination where the maximum number of hops is 6, based on the Poisson distribution in which the average arrival rate is set to 2.0 connections per sec and the average holding time of connection is set to 0.1 sec. The purpose of the simulation is to demonstrate how the proposed self-organization approach helps to mitigate physical layer impairment issues in transparent multiwavelength optical networks. Therefore, it is necessary to generate physical layer impairment patterns in the network on which a learning algorithm can work. Among the various types of impairments, only crosstalk effects in cross-connects, amplified spontaneous emission (ASE) noises and cross-saturation of erbium-doped fiber amplifiers (EDFA), and power losses in key optical components are simulated, and only OSNR penalties from these effects are considered [28], [29]. This limited set of physical layer impairments is still sufficient to introduce the self-organization approach while keeping the computation load workable during simulation with the given network size and channel data rate. For such a presentation, we have developed a simulator based on ns-2 (2.1b6) and OW ns with our WDM component modules [30], [31]. The key components of the physical layer of transparent WDM networks are transceivers, duplex fibers, amplifiers and optical cross-connects (OXC). The fiber model gives effect to the propagation delay and fiber attenuation. The transmitter model carries the lightpath setup delay and transmission delay into effect. The amplifier model exercises the ASE noise, gain saturation, frequency dependent gain, pumping source, etc [28], [32]. The gain of a amplifier is updated over every sampling period which is at most the half of the amplifier effective time [28]. Our simulator models cross-bar type electro-optic switches with the LiNbO3 substrate, the insertion loss as described in [33], and the crosstalk level around -30 dB. Currently, our simulator only includes coherent(phase-correlated) homodyne crosstalk for simplicity [29]. The amount of crosstalk depends on the average crosstalk level and the strength and phase of signal in the switching element. In our simulation, the phase of the signal is randomly selected for each optical packet frame. The packet header format of ns-2 is modified to contain three signal-quality-related fields (SQRF): optical signal power, ASE noise power, and crosstalk noise power. Then, when a packet passes through an optical components on a lightpath, the physical layer effects are calculated and these fields are updated to represent the effect on the signal quality of the packet. Finally, when a receiver receives a packet, it calculates the SNR based on the SQRFs and the bit error rate (BER). Then, the number of bit errors of the received packet is randomly generated from the assumed Gaussian distribution of the number of bit errors which has the mean of n·BER and the
standard variation of n·BER· (1-BER), where n is the number of bits in a packet. It is assumed that a packet is dropped if it contains more than a certain number of bit errors. V. ATTACK AVOIDANCE In this section, we present an experimental result which shows how self-organization helps to avoid attacks in addition to the autonomous adaptation discussed in Section III-B. In this experiment, it is assumed that the attacker has knowledge of the topology and traffic in the network. The target of the attack in this scenario is the connection between node 7 and node 26. From the topology and traffic information, the attacker conjectures the time window and links where the targeted connection is likely to be present. The attacker compromises two nodes, node 1 and node 19. Then, the attacker is able to access the lightpath setup interface and the wavelength assignment status, or directly controls wavelength assignment logic. In both of the cases, the attacker knows which wavelengths are assigned to the lightpaths at the compromised nodes. In the former case, the attacker does not directly assign necessary wavelengths for attacks, but repeats lightpath setup requests until finally obtains the wavelength of choice. The attacker assess the set of wavelengths which are potentially used by the targeted lightpath by trying to setup a lightpath from the compromised node to each node in the path of the targeted connection. Finally, the gain competition (cross gain saturation) and crosstalk attacks are launched towards those candidate lightpaths [1]. If it is not successful, the attacker can keep trying until success unless such repeating attempts are prevented by some means. Unfortunately, there is no such means in most cases. This is what makes this kind of attacks when aided by automated software tools especially harmful as the case of the TCP reset attack [27]. Table I shows the traffic generation scenario used in this experiment. It includes both the legitimate user traffic and the attack traffic. Each row describes a potential setup of lightpaths from node src to node dst between beginT and endT . The lightpath for a connection is released when there is no traffic to serve, and it is reestablished when more traffic arrives. Figure 4(a) shows a lightpath setup status of the network at a certain moment during the simulation of the scenario in Table I. In this example, the attacker tries to launch an attack involving 7 times of gain competition and 2 times of crosstalk effects. Connections 9, 10, 23, and 24, listed in Table I, are to achieve gain competition attacks, which correspond to the lightpaths 1→2→8→14→20→26, 1→2→8→14→20, 19→13→7→8→9 and 19→13→7→8→9 respectively. Connections 6, 7, 8, 21, and 22 help gain competition attack channels get assigned higher numbered channels, such that they have stronger effect. Connection 14, 15, 18, and 19 tries to setup two crossing lightpath with each candidate lightpath of the target connection, which are 19→20→21 and 19→13→14→15. Connections 16 and 17 are to preempt the lightpath required for the crosstalk attacks. The rest of the connections are from legitimate network usage. Some of these connections may unintentionally add malicious effects to the
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the ICC 2007 proceedings.
TABLE I T RAFFIC GENERATION SCENARIO no. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
src 20 4 0 7 2 1 1 1 1 1 6 14 30 19 19 19 19 19 19 7 19 19 19 19 26 2 25
dst 26 14 2 13 13 2 3 8 26 20 14 17 20 15 21 14 21 15 21 26 12 13 9 9 13 20 28
beginT 0.000 0.000 0.000 0.001 0.002 0.003 0.004 0.005 0.006 0.006 0.000 0.000 0.000 0.000 0.000 0.001 0.001 0.052 0.052 0.007 0.008 0.008 0.009 0.009 0.010 0.011 0.012
endT 6.000 6.000 6.000 0.101 0.102 0.103 0.104 0.105 6.000 6.000 0.010 0.005 0.004 6.000 6.000 0.051 0.051 6.000 6.000 6.000 0.018 0.018 6.000 6.000 6.000 6.000 6.000
comments
; ; ; ; ;
preparing gain competition preparing gain competition preparing gain competition gain competition attack gain competition attack
; ; ; ; ; ; ; ; ; ; ;
crosstalk attack crosstalk attack crosstalk preparation crosstalk preparation crosstalk attack crosstalk attack TARGET preparing gain competition preparing gain competition gain competition attack gain competition attack
targeted channels, which might have been tolerated under ordinary circumstances. As a result, the packet drop rate was 1.25 × 10−5 and the average bit error rate was 1.09 × 10−6 . The scenario in Table I is tried again with the self-organizing control from the third learning cycle. As a result, no packet was dropped and the average bit error rate was 1.82 × 10−9 . During the simulation, 26% of lightpaths are assigned to the alternative routes. Figure 4(b) shows an example of how each of the attack attempts is avoided with the help of selforganization. The gain competition attempts via the lightpaths 1→2→8→14→20 and 19→13→7→8→9 are diverted to the lightpaths 1→7→13→19→20 and 19→20→14→15→9 respectively. The latter does not have gain competition effect on the target lightpath at the link between 14 and 20 because they are in opposite directions and therefore pass through different amplifiers. Two crosstalk attempts are also successfully avoided by allocating the two attack lightpaths 19→20→21 and 19→13→14→15 to the lightpaths 19→20→21 and 19→20→21→15 respectively with different wavelengths from that used by the target. The attack traffic used in this scenario has not appeared while training the classifier. This demonstrates the capability of avoiding previously inexperienced attacks, which is the benefit of the function approximation approach for classification. The potential fault examples that can be correctly classified by the classifier built by observing only few representative fault examples are far larger in number than the observed. This is why the machine learning approach is especially useful in avoiding unforseen attacks. VI. C ONCLUSION In this paper, we have shown that self-organization is a very promising direction for providing security protection in future
(a) Lightpath setup without avoidance
(b) Lightpath setup with avoidance Fig. 4. Attack and avoidance experiment: The same traffic generation scenario in Table I is tried (a) without self-organization and (b) with selforganization. As a result, injected attacks are successfully avoid with the selforganized network.
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the ICC 2007 proceedings.
transparent optical networks. Most of the current reliability approaches are not effective enough to keep up with newly emerging vulnerabilities and continuously evolving attacks. On the other hand, the self-organizing network autonomously and persistently adapts to network changes by learning newly exposed vulnerability patterns and obviates the exploitation of the vulnerabilities that are discovered so far as well as the ones that are not encountered yet but similar. Our preliminary results show that a self-organizing network can provide powerful defense mechanisms by limiting the attack capability of hostile parties. However, the improvement comes at the expense of a larger blocking probability. We are currently investigating how self-organization can count in the call blocking issue. The self-organization capability is provided via machine learning techniques. In this paper, we present results with simple vulnerability and attack scenarios in order to demonstrate how the self-organization helps to adapt against new vulnerabilities and avoid attacks. Our future work will also include further improving the self-organization intelligence by using more efficient learning techniques. R EFERENCES [1] M. Medard, D. Marquis, R. Barry, and S. Finn, “Security issues in All– Optical Networks,” IEEE Network, vol. 11, no. 3, pp. 42-48, May-June 1997. [2] B. Ramamurthy, et al., “Impact of Transmission Impairments on the Teletraffic Performance of Wavelength-Routed Optical Networks,” IEEE/OSA Journal of Lightwave Technology, vol. 17, no. 10, pp. 17131723, Oct. 1999. [3] N. Ghani, S. Dixit, and T. Wang, “On IP-over-WDM Integration: A Retrospective,” IEEE Communications Magazine, vol. 41, no. 9, pp. 4245, Sep. 2003. [4] CSI/FBI, “Computer Crime and Security Survey 2000-2004.” [Online]. Available at: http://www.gocsi.com [5] J. Strand, A. L. Chiu and R. Tkach, “Issues for Routing in the Optical Layer,” IEEE Communications Magazine, vol. 39, no. 2, pp. 81-87, Feb. 2001. [6] I. Tomkos, et al., “Performance Engineering of Metropolitan Area Optical Networks through Impairment Constraint Routing,” IEEE Communications Magazine, vol. 42, no. 8, pp. S40–S47, Aug. 2004. [7] A. Jukan and G. Franzl, “Path Selection Methods with Multiple Constraints in Service-Guaranteed WDM Networks,” IEEE/ACM Transactions on Networking, vol. 12, no. 1, pp. 59–72, Feb. 2004. [8] R. Cardillo, V. Curri, and M. Mellia, “Considering Transmission Impairments in Wavelength Routed Networks,” in Proc. of 9th conference on Optical Network Design and Modelling, pp. 421-429, Feb. 2005. [9] Y. Huang, J. P. Heritage, and B. Mukherjee, “Connection Provisioning With Transmission Impairment Consideration in Optical WDM Networks With High-Speed Channels,” IEEE/OSA Journal of Lightwave Technology, vol. 23, no. 3, pp. 982-993, Mar. 2005. [10] G. Casta˜non, “An Optical Cross Connected Architecture Based on Planar Lightwave Circuits Switches”, in Proc. of IEEE Workshop on High Performance Switching and Routing, May 2005. [11] J. Yeom and O. K. Tonguz, “Security and Self-Organization in Transparent Optical Networks: An Overview,” AccessNets, Sept. 2006. [12] M. Medard, D. Marquis, and S. R. Chinn, “Attack Detection Methods for All-Optical Networks,” Network and Distributed System Security Symposium, 1998. [13] S. Stanic, et al., “Efficient Alarm Management in Optical Networks,” in Proc. of DARPA Information Survivability Conference and Exposition, vol. 1, pp. 252-260, Apr. 2003. [14] D. C. Kilper, et al., “Optical Performance Monitoring,” IEEE/OSA Journal of Lightwave Technology, vol. 22, no. 1, pp. 294-304, Jan. 2004. [15] R. Bergman, M. Medard, and S. Chan, “Distributed Algorithms for Attack Localization in All–Optical Networks,” Network and Distributed System Security Symposium, session 3, paper 2, 1998.
[16] C. Mas, I. Tomkos, and O. K. Tonguz, “Failure Location Algorithm for Transparent Optical Networks,” IEEE Journal on Selected Areas of Communications, Special Series on Optical Communications and Networking, vol. 23, no. 8, pp. 1508-1519, Aug. 2005.. [17] T. Wu and A. K. Somani, “Cross-talk Attack Monitoring and Localization in All-Optical Networks,” IEEE/ACM Transactions on Networking, vol. 13, no. 6, pp. 1390-1401, Dec. 2005. [18] B. H. Simov, J. P. Jue and S. Tridandapani, “Integrating Security in the MAC Layer of WDM Optical Networks,” Photonic Network Communications, vol. 4, no. 1, pp. 19-35, Jan. 2002. [19] C. Elliott, D. Pearson and G. Troxel. Quantum Cryptography in Practice. in Proc. of the conference on applications, technologies, architectures, and protocols for computer communications, pages 227–238. ACM SIGCOMM, Aug. 2003. [20] C. Fraleigh, et al., “Packet-Level Traffic Measurements from the Sprint IP Backbone,” IEEE Network, vol. 17, no. 6, pp. 6-16, Nov.-Dec. 2003. [21] R. Duda, P. Hart, and D. Stork, Pattern Classification, WileyInterscience, 2nd edition, October 2000. [22] C. Burges, “A Tutorial on Support Vector Machines for Pattern Recognition,” Knowledge Discovery and Data Mining, vol. 2, no. 2, pp. 121-167, 1998. [23] T. Joachims, “SV M Light Support Vector Machine,” [Online]. Available at: http://svmlight.joachims.org. [24] H. Zang, J. P. Jue, and B. Mukherjee, “A Review of Routing and Wavelength Assignment Approaches for Wavelength–routed Optical WDM Networks,” SPIE Optical Networks Magazine, vol. 1, no. 1, pp. 47-60, Jan. 2000. [25] Y. V. Kiran, T. Venkatesh, and C. Siva Ram Murthy, “Reinforcement Learning Based Path Selection and Wavelength Selection in Optical Burst Switched Networks,” in Proc. of IEEE BROADNETS, Oct. 2006. [26] S. Khodayari, M. J. Yazdanpanah, “Network Routing Based on Reinforcement Learning in Dynamically Changing Networks,” in Proc. of the 17th IEEE International Conference on Tools with Artificial Intelligence, Nov. 2005. [27] “Open Source Vulnerability Database,” [Online]. Available at: http:// www.osvdb.org/4030 [28] K. Iizuka, Elements of Photonics, vol. 2, Wiley-Interscience, 2002. [29] I. T. Monroy and E. Tangdiongga, Crosstalk in WDM Communication Networks. pp. 109-125, Kluwer Academic Publishers, 2002. [30] “The Network Simulator - ns-2,” [Online]. Available at: http://www.isi. edu/nsnam/ns/ [31] N. M. Bhide and K. M. Sivalingam, “Design of OWns: Optical Wavelength Division Multiplexing (WDM) Network Simulator,” in Proc. of 1st SPIE Optical Networking Workshop, Jan. 2000. [32] P. C. Becker, N. A. Olsson, and J. R. Simpson, Erbium-Doped Fiber Amplifiers (Optics and Photonics), Academic Press, May 15, 1999. [33] I. Sawaki, et al., “Rectangularly Configured 4x4 Ti:LiNBO3 Matrix Switch with Low Drive Voltage,” IEEE Journal on Selected Areas of Communications, vol. 6, no. 7, Aug. 1988.
