bayesian network awareness l.
Skip this Video
Loading SlideShow in 5 Seconds..
Bayesian Network Awareness PowerPoint Presentation
Download Presentation
Bayesian Network Awareness

Loading in 2 Seconds...

play fullscreen
1 / 36

Bayesian Network Awareness - PowerPoint PPT Presentation

  • Uploaded on

BoF Rm A10/A11. Bayesian Network Awareness. Bill Rutherford Loki Jorgenson Marius Vilcu. Awareness … ??? . Main engine failed to fire. Awareness Success Stories. Electrical power grid load prediction User analysis trend modeling - TV schedules – spike prediction Weather prediction

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Bayesian Network Awareness' - druce

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
bayesian network awareness

BoF Rm A10/A11

Bayesian Network Awareness

Bill Rutherford

Loki Jorgenson

Marius Vilcu

Awareness … ???

Main engine failed to fire

awareness success stories
Awareness Success Stories
  • Electrical power grid load prediction
    • User analysis
      • trend modeling - TV schedules – spike prediction
  • Weather prediction
    • Sensor correlation
      • trend modeling – storm prediction
  • Internet prediction
    • Weather maps
      • trend modeling – build out prediction
proprioceptive concept
Proprioceptive Concept
  • Sense of relative disposition of body
  • Self meta-view of body status and dynamics wrt look ahead context
  • Situation awareness – nerve system
    • Self awareness – pain emphasis !!!
what is network awareness
What is Network Awareness?
  • “The ability to sense the network environment and construct a state description”
          • Peysakhov et al., 2004
  • “The capability of network devices and applications to be aware of network characteristics”
          • Cheng, 2002
what is network awareness6
What is Network Awareness?
  • “The ability to answer questions quickly and accurately about network behavior”
          • Hughes & Somayaji, 2005
  • “Realizing that each component of the network affects every other one: The people, packets, machines, subnets, sessions, transactions, traffic, and any movement on the network on all layers”
          • Bednarczyk et al., Black Hat Consulting whitepaper
some terminology autonomics
Some Terminology - Autonomics
  • Autonomics: full self care
      • Healing
      • Configuring
      • Protecting
      • Optimizing
  • Autognostics: key player in autonomics
    • Capacity for networks to be self-aware
      • Adapt to applications
    • Autonomously
      • Monitoring
      • Identifying
      • Diagnosing
      • Resolving issues
      • Verifying and reporting
autognostics benefits
Autognostics Benefits
  • Provides autonomics with basis for response and validation
  • Supports self:
    • awareness
    • discovery
    • healing
    • optimization
why bayesian network awareness
Why Bayesian Network Awareness?
  • One possible implementation of several characteristics of Autonomic Networking
  • Combines Bayesian theory with Neural Networks (Bayesian - proven technology- success stories)
  • Calculates the probability of certain activities that may happen within a computer network
bayesian success stories
Bayesian Success Stories
  • Add probabilities to expert systems
    • NASA Mission Control
      • Vista System
    • Email
      • Spam Assassin
    • Office Assistant
      • paperclip guy
belief network
Belief Network
  • What we "believe" is happening
    • What our beliefs are based on
    • How we might find out if not true
  • Example of a belief network
    • NASA Mission Control – all ok ?
  • Use of belief networks
    • Probability of problems – abort ?
bayesian belief network
Bayesian Belief Network?
  • Powerful knowledge representation and reasoning tool under conditions of uncertainty.
  • Recently significant progress has been made in the area of probabilistic inference on belief networks.
  • Many belief network construction algorithms have been developed.
  • Defined by DAG and CPT
bayesian network dag
Bayesian Network - DAG
  • Directed acyclic graph (DAG) with a conditional probability distribution for each node
  • Bayesian Network uses DAG to represent dependency relationships between variables
  • DAG structure of such networks contains:
    • nodes representing domain variables
    • arcs between nodes representing probabilistic dependencies.
dag example
DAG Example






Arc or Edge


bayesian network cpt
Bayesian Network - CPT
  • Second component consists of one conditional probability table (CPT) for each node
  • Nodes represent network activity
    • Activity can be ranked into ranges
      • Low – Medium - High
    • Activity baseline can be learned in an ongoing manner
bna concept 1
BNA: Concept 1
  • Filter out everything normal on an ongoing basis so we can see only what is really not normal (pain) with minimal false positives
  • Concentrate design effort on the most critical components
    • monitor stack distributed event reconstruction
    • sensor node architecture
monitor stack concept





UDP Analyzer

TCP Analyzer

IP Analyzer

Monitor Stack Concept

Vector of Scalars



Packet Stream

bna concept 2
BNA: Concept 2
  • Feed forward adaptation – live data
    • Enhance granularity for hot issues
    • Use effectors for proactive intervention
    • Validate intervention-outcome relation
  • Self supervision
    • Growth-Prune model
      • right size to context
bna concept 3
BNA: Concept 3
  • Implement proprioceptive concept
    • Proprioceptive meta-view
    • Abnormal activity (pain) reactivity
    • Conditioning - look ahead context
  • Generalize to novel data
    • Learn how to adapt
supercomputing concept
  • Integrate BNA into compute, storage, visualization infrastructure
  • Learn particular eccentricities
      • apps … network events
      • distributed context
  • Similar to NASA
sensor nodes
Sensor Nodes
  • Data input nodes of neural network
  • Sensor nodes receive monitor stack output
    • Statistics by category – metadata structure
      • Stream event summaries
      • Special protocol events
      • Distributed event correlations
  • Usually accept a vector of scalars
  • Each scalar has an associated weight which can be adjusted by learning
known issues challenges
Known Issues/Challenges

Scalability - computationally extremely expensive

Bayesian inference relies on degrees of belief

not an objective method of induction

Generalization to novel data is problematic

Bayesian Network maintenance over time

The construction of belief networks remains a time consuming task overall

perceived bna potential
Perceived BNA Potential

what scalars have meaning wrt BNA

key indicators

how change network then validate

what effectors

how validate

how interface to operators

analysis/decision - output

probability of engine failure 1
Probability of Engine Failure 1
  • Keneth H. Knuth, Intelligent Systems Division, NASA
  • Bayes Theorem as a learning rule
    • tells us how to update our prior knowledge when we receive new data
  • p(model|data, I) is called the posterior probability
    • what we learned from data combined with our prior knowledge
  • I represents prior information
probability of engine failure 2
Probability of Engine Failure 2
  • Keneth H. Knuth, Intelligent Systems Division, NASA
  • p(model|I) is called the prior probability
    • describes the degree to which we believe a specific model is the correct description before we see any data
  • p(data|model, I) is called the likelihood
    • describes the degree to which we believe that the model could have produced the currently observed data.
  • denominator p(data|I) is called the evidence
strategies for sensor nodes 1
Strategies for Sensor Nodes 1
  • Use sparse matrix approach
    • Minimal number for what is important
    • Reduce overall network complexity
    • Disable nodes that are not contributing
    • Minimize number of edges in DAG
    • Minimize CPT size
strategies for sensor nodes 2
Strategies for Sensor Nodes 2
  • Growing sensor based neural gas
    • Use self organizing map (SOM)
      • right size SOM growth
        • SOM/Sensor growth/prune model
          • Self organizing overlay network
  • Self determined connection model
    • Top level handoff to Bayesian nodes
      • node model
        • commonalities
          • Inherit behaviour
what is a monitor stack 1
What is a Monitor Stack 1?
  • typical link packed with heterogeneous traffic - sources of variety
    • Packets from different hosts, particular conversations - applications
      • Some carrying asynchronous unidirectional communiqués with no acknowledgement
    • Each packet has series of headers
      • direct the operation of protocols
what is a monitor stack 2
What is a Monitor Stack 2?
  • Pace and duration of connections is variable
    • Automated transactions such as name server and HTTP requests often take less than a second
    • Login sessions operated directly by humans may persist for hours
  • Payloads carried vary remarkably between applications.
    • Some hold exactingly formatted text, others encode manual edits of users at keyboards
    • Others send binary data in large blocks
what is a monitor stack 3
What is a Monitor Stack 3?
  • Monitor stack uses protocol analyzers to reduce and segregate traffic
  • Packets produced by layered protocols so monitors similarly layered
    • statistics about lower protocol layers
    • reconstruction of data streams
similar solutions
Similar Solutions
  • Netuitive’s Real Time Analysis Engine
    • Continuously analyzes and correlates various performance variables, such as CPU utilization, memory consumption, thread allocation, traffic volume
    • Uses self-learning correlation and regression analysis algorithms to self-discover and study the relationships among variables
    • Automatically determines normal system behavior and predicts abnormalities, and triggers alarms