Papers by Mohammed Samaka
2017 IEEE International Conference on Communications (ICC), 2017
Lately application service providers (ASPs) and Internet service providers (ISPs) are being confr... more Lately application service providers (ASPs) and Internet service providers (ISPs) are being confronted with the unprecedented challenge of accommodating increasing service and traffic demands from their geographically distributed users. Many ASPs and ISPs, such as Facebook, AT&T and others have adopted micro-service architecture to tackle this problem. Instead of building a single, monolithic application, the idea is to split the application into a set of smaller, interconnected services, called micro-services (or simply services). Such services are lightweight and perform distinct tasks independent of each other. Hence, they can be deployed quickly and independently as user demands vary. Nevertheless, scheduling of micro-services is a complex task and is currently under-researched. In this work, we address the problem of scheduling micro-services across multiple clouds, including microclouds. We consider different user-level SLAs, such as latency and cost, while scheduling such services. Our aim is to reduce overall turnaround time for the complete end-to-end service in service function chains and reduce the total traffic generated. In this work we present a novel fair weighted affinity-based scheduling heuristic to solve this problem. We also compare the results of proposed solution with standard biased greedy scheduling algorithms presented in the literature and observe significant improvements.
HYPER-VINES: A HYbrid Learning Fault and Performance Issues ERadicator for Virtual NEtwork Services over Multi-Cloud Systems
2019 International Conference on Computing, Networking and Communications (ICNC), 2019
Fault and performance management systems, in the traditional carrier networks, are based on rule-... more Fault and performance management systems, in the traditional carrier networks, are based on rule-based diagnostics that correlate alarms and other markers to detect and localize faults and performance issues. As carriers move to Virtual Network Services, based on Network Function Virtualization and multi-cloud deployments, the traditional methods fail to deliver because of the intangibility of the constituent Virtual Network Functions and increased complexity of the resulting architecture. In this paper, we propose a framework, called HYPER-VINES, that interfaces with various management platforms involved to process markers through a system of shallow and deep machine learning models. It then detects and localizes manifested and impending fault and performance issues. Our experiments validate the functionality and feasibility of the framework in terms of accurate detection and localization of such issues and unambiguous prediction of impending issues. Simulations with real network fault datasets show the effectiveness of its architecture in large networks.
2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), 2017
Cloud computing has been widely adopted by application service providers (ASPs) and enterprises t... more Cloud computing has been widely adopted by application service providers (ASPs) and enterprises to reduce both capital expenditures (CAPEX) and operational expenditures (OPEX). Applications and services previously running on private data centers are now being migrated to private or public clouds. Since most of the ASPs and enterprises have globally distributed user bases, their services need to be distributed across multiple clouds, spread across the globe which can achieve better performance in terms of latency, scalability and load balancing. The shift has eventually led the research community to study multi-cloud environments. However, the widespread acceptance of such environments has been hampered by major security concerns. Firewalls and traditional rule-based security protection techniques are not sufficient to protect user-data in multi-cloud scenarios. Recently, advances in machine learning techniques have attracted the attention of the research community to build intrusion detection systems (IDS) that can detect anomalies in the network traffic. Most of the research works, however, do not differentiate among different types of attacks. This is, in fact, necessary for appropriate countermeasures and defense against attacks. In this paper, we investigate both detecting and categorizing anomalies rather than just detecting, which is a common trend in the contemporary research works. We have used a popular publicly available dataset to build and test learning models for both detection and categorization of different attacks. To be precise, we have used two supervised machine learning techniques, namely linear regression (LR) and random forest (RF). We show that even if detection is perfect, categorization can be less accurate due to similarities between attacks. Our results demonstrate more than 99% detection accuracy and categorization accuracy of 93.6%, with the inability to categorize some attacks. Further, we argue that such categorization can be applied to multi-cloud environments using the same machine learning techniques.
Journal of Reliable Intelligent Environments, 2017
Deployment of Network Function Virtualization (NFV) over multiple clouds accentuates its advantag... more Deployment of Network Function Virtualization (NFV) over multiple clouds accentuates its advantages like flexibility of virtualization, proximity to customers and lower total cost of operation. However, NFV over multiple clouds has not yet attained the level of performance to be a viable replacement for traditional networks. One of the reasons is the absence of a standard based Fault, Configuration, Accounting, Performance and Security (FCAPS) framework for the virtual network services. In NFV, faults and performance issues can have complex geneses within virtual resources as well as virtual networks and cannot be effectively handled by traditional rulebased systems. To tackle the above problem, we propose a fault detection and localization model based on a combination of shallow and deep learning structures. Relatively simpler detection has been effectively shown to be handled by shallow machine learning structures like Support Vector Machine (SVM). Deeper structure, i.e., the stacked autoencoder has been found to be useful for a more complex localization function where a large amount of information needs to be worked through to get to the root cause of the problem. We provide evaluation results using a dataset adapted from fault datasets available on Kaggle and another based on multivariate kernel density estimation and Markov sampling.
Future Internet, 2018
This paper presents the development of a Supervisory Control and Data Acquisition (SCADA) system ... more This paper presents the development of a Supervisory Control and Data Acquisition (SCADA) system testbed used for cybersecurity research. The testbed consists of a water storage tank’s control system, which is a stage in the process of water treatment and distribution. Sophisticated cyber-attacks were conducted against the testbed. During the attacks, the network traffic was captured, and features were extracted from the traffic to build a dataset for training and testing different machine learning algorithms. Five traditional machine learning algorithms were trained to detect the attacks: Random Forest, Decision Tree, Logistic Regression, Naïve Bayes and KNN. Then, the trained machine learning models were built and deployed in the network, where new tests were made using online network traffic. The performance obtained during the training and testing of the machine learning models was compared to the performance obtained during the online deployment of these models in the network. ...
Qatar Foundation Annual Research Conference Proceedings Volume 2014 Issue 1, 2014
Any global enterprise, such as, Qatar National Bank, with branches in many countries is an exampl... more Any global enterprise, such as, Qatar National Bank, with branches in many countries is an example of an Application Service Provider (ASP) that uses multiple cloud data centers to serve their customers. Depending upon the time of the day, the number of users at different location changes and the ASPs need to rescale their operation at each data center to meet the demand at that location.
Qatar Foundation Annual Research Conference Proceedings Volume 2018 Issue 3, 2018
Traditionally, in cellular networks, users communicate with the base station that serves the part... more Traditionally, in cellular networks, users communicate with the base station that serves the particular cell under coverage. The main functions of a base station can be divided into two, which are the baseband unit (BBU) functionalities and the remote radio head (RRH) functionalities. The RRH module is responsible for digital processing, frequency filtering and power amplification. The main sub-functions of the baseband processing module are coding, modulation, Fast Fourier Transform (FFT) and others. Data generally flows from RRH to BBU for further processing. Such BBU functionalities may be shifted to the cloud based resource pool, called as the Cloud-Radio Access Network (C-RAN) to be shared by multiple RRHs. Advancements in the field of cloud computing, software defined networking and virtualization technology may be leveraged by operators for the deployment of their BBU services, reducing the total cost of deployment. Recently, there has been a trend to collocate the baseband uni...
Computer Communications, 2018
The new generation of 5G mobile services place stringent requirements for cellular network operat... more The new generation of 5G mobile services place stringent requirements for cellular network operators in terms of latency and costs. The latest trend in radio access networks (RANs) is to pool the baseband units (BBUs) of multiple radio base stations and to install them in a centralized infrastructure, such as a cloud, for statistical multiplexing gains. The technology is known as Cloud Radio Access Network (CRAN). Since cloud computing is gaining significant traction and virtualized data centers are becoming popular as a cost-effective infrastructure in the telecommunication industry, CRAN is being heralded as a candidate technology to meet the expectations of radio access networks for 5G. In CRANs, low energy base stations (BSs) are deployed over a small geographical location and are connected to a cloud via finite capacity backhaul links. Baseband processing unit (BBU) functions are implemented on the virtual machines (VMs) in the cloud over commodity hardware. Such functions, built in software, are termed as virtual functions (VFs). The optimized placement of VFs is necessary to reduce the total delays and minimize the overall costs to operate CRANs. Our study considers the problem of optimal VF placement over distributed virtual resources spread across multiple clouds, creating a centralized BBU cloud. We propose a combinatorial optimization model and the use of two heuristic approaches, which are, branch-and-bound (BnB) and simulated annealing (SA) for the proposed optimal placement. In addition, we propose enhancements to the standard BnB heuristic and compare the results with standard BnB and SA approaches. The proposed enhancements improve the quality of the solution in terms of latency and cost as well as reduce the execution complexity significantly. We also determine the optimal number of clouds, which need to be deployed so that the total links delays, as well as the service migration delays, are minimized, while the total cloud deployment cost is within the acceptable limits.
Transactions on Emerging Telecommunications Technologies, 2018
With the enhancements in the field of software-defined networking and virtualization technologies... more With the enhancements in the field of software-defined networking and virtualization technologies, novel networking paradigms such as network function virtualization (NFV) and the Internet of things (IoT) are rapidly gaining ground. Development of IoT as well as 5G networks and explosion in online services has resulted in an exponential growth of devices connected to the network. As a result, application service providers (ASPs) and Internet service providers (ISPs) are being confronted with the unprecedented challenge of accommodating increasing service and traffic demands from the geographically distributed users. To tackle this problem, many ASPs and ISPs, such as Netflix, Facebook, AT&T and others are increasingly adopting micro-services (MS) application architecture. Despite the success of MS in the industry, there is no specific standard or research work for service providers as guidelines, especially from the perspective of basic micro-service operations. In this work, we aim to bridge this gap between industry and academia and discuss different micro-service deployment, discovery and communication options for service providers as a means to forming complete service chains. In addition, we address the problem of scheduling micro-services across multiple clouds, including micro-clouds. We consider different user-level SLAs, such as latency and cost, while scheduling such services. We aim to reduce overall turnaround time as well as costs for the deployment of complete end-to-end service. In this work, we present a novel affinity-based fair weighted scheduling heuristic to solve this problem. We also compare the results of proposed solution with standard greedy scheduling algorithms presented in the literature and observe significant improvements. 1
IEEE Internet Computing, 2017
Network slicing for 5G is receiving significant attention from the telecommunications industry as... more Network slicing for 5G is receiving significant attention from the telecommunications industry as a means to provide network as a service (NaaS) for different use cases. Network slicing is a technology which allows network operators to build multiple virtual networks on a shared infrastructure. With network slicing, service providers can deploy their applications and services flexibly and quickly to accommodate specific requirements of diverse services such as augmented reality, online games, e-health and others. As an emerging technology with a number of advantages, network slicing has raised many issues for the industry and academia alike. In this article, we discuss the background and related work in network slicing and propose a framework for 5G network slicing. Finally, we discuss the challenges of network slicing and future research directions.
Computer Communications, 2017
Service Function Chaining (SFC) is the problem of deploying various network service instances ove... more Service Function Chaining (SFC) is the problem of deploying various network service instances over geographically distributed data centers and providing inter-connectivity among them. The goal is to enable the network traffic to flow smoothly through the underlying network, resulting in an optimal quality of experience to the end-users. Proper chaining of network functions leads to optimal utilization of distributed resources. This has been a de-facto model in the telecom industry with network functions deployed over underlying hardware. Though this model has served the telecom industry well so far, it has been adapted mostly to suit the static behavior of network services and service demands due to the deployment of the services directly over physical resources. This results in network ossification with larger delays to the end-users, especially with the data-centric model in which the computational resources are moving closer to end users. A novel networking paradigm, Network Function Virtualization (NFV), meets the user demands dynamically and reduces operational expenses (OpEx) and capital expenditures (CapEx), by implementing network functions in the software layer known as virtual network functions (VNFs). VNFs are then interconnected to form a complete end-toend service, also known as service function chains (SFCs). In this work, we study the problem of deploying service function chains over network function virtualized architecture. Specifically, we study virtual network function placement problem for the optimal SFC formation across geographically distributed clouds. We set up the problem of minimizing inter-cloud traffic and response time in a multi-cloud scenario as an ILP optimization problem, along with important constraints such as total deployment costs and service level agreements (SLAs). We consider link delays and computational delays in our model. The link queues are modeled as M/D/1 (single server/Poisson arrival/deterministic service times) and server queues as M/M/1 (single server/Poisson arrival/exponential service times) based on the statistical analysis. In addition, we present a novel affinity-based approach (ABA) to solve the problem for larger networks. We provide a performance comparison between the proposed heuristic and simple greedy approach (SGA) used in the state-of-the-art systems. Greedy approach has already been widely studied in the literature for the VM placement problem. Especially we compare our proposed heuristic with a greedy approach using first-fit decreasing (FFD) method. By observing the results, we conclude that the affinity-based approach for placing the service functions in the network produces better results compared against the simple greedy (FFD) approach in terms of both, total delays and total resource cost. We observe that with a little compromise (gap of less than 10% of the optimal) in the solution quality (total delays and cost), affinity-based heuristic can solve the larger problem more quickly than ILP.
Recent Advances in Communications and Networking Technology, 2016
Most global enterprises and application service providers need to use resources from multiple clo... more Most global enterprises and application service providers need to use resources from multiple clouds managed by different cloud service providers, located throughout the world. The ability to manage these geographically distributed resources requires use of specialized management and control platforms. Such platforms allow enterprises to deploy and manage their applications across remote clouds that meet their objectives. Generally, these platforms are multi-threaded, distributed and highly complex. They need to be optimized to perform well and be cost effective for all players. For optimization to succeed, it has to be preceded by profiling and performance evaluation. In this paper we present techniques to profile such platforms using OpenADN as a running example. The effectiveness of using profiling data with the two factor full factorial design to analyze the effect of workloads and other important factors on the performance, has been demonstrated. It is seen that the workload, of varying number of users and hosts, does not have a significant impact on the performance. On the other hand, functions like host creation and polling have significant impact on the execution time of the platform software, indicating potential gains from optimization.
2016 International Conference on Information Science and Security (ICISS), 2016
Cloud computing is gaining significant attention, however, security is the biggest hurdle in its ... more Cloud computing is gaining significant attention, however, security is the biggest hurdle in its wide acceptance. Users of cloud services are under constant fear of data loss, security threats and availability issues. Recently, learning-based methods for security applications are gaining popularity in the literature with the advents in machine learning techniques. However, the major challenge in these methods is obtaining real-time and unbiased datasets. Many datasets are internal and cannot be shared due to privacy issues or may lack certain statistical characteristics. As a result of this, researchers prefer to generate datasets for training and testing purpose in the simulated or closed experimental environments which may lack comprehensiveness. Machine learning models trained with such a single dataset generally result in a semantic gap between results and their application. There is a dearth of research work which demonstrates the effectiveness of these models across multiple datasets obtained in different environments. We argue that it is necessary to test the robustness of the machine learning models, especially in diversified operating conditions, which are prevalent in cloud scenarios. In this work, we use the UNSW dataset to train the supervised machine learning models. We then test these models with ISOT dataset. We present our results and argue that more research in the field of machine learning is still required for its applicability to the cloud security.
International Journal of Communication Networks and Distributed Systems, 2016
Application Service Providers (ASPs) obtaining resources from multiple clouds have to contend wit... more Application Service Providers (ASPs) obtaining resources from multiple clouds have to contend with different management and control platforms employed by the cloud service providers (CSPs) and network service providers (NSP). Distributing applications on multiple clouds has a number of benefits, but absence of a common multi-cloud management platform that would allow ASPs dynamic and real time control over resources across multiple clouds and interconnecting networks makes this task arduous. Open Application Delivery Network (OpenADN), a multi-cloud management and control platform, fills this gap. However, performance issues of such a complex, distributed and multithreaded platform, not tackled appropriately, may neutralize some of the gains accruable to the ASPs. In this paper, we establish the need for and methods of collecting precise and fine-grained behavioral data of OpenADN like platforms that can be used to optimize their behavior to control operational cost, performance (e.g., latency) and energy consumption.
Journal of Network and Computer Applications, 2016
Cloud computing is gaining significant attention and virtualized datacenters are becoming popular... more Cloud computing is gaining significant attention and virtualized datacenters are becoming popular as a costeffective infrastructure. The network services are transitioning from a host-centric to a data-centric model moving the data and the computational resources closer to the end users. To meet the dynamic user demands, network operators have chosen to use elastic virtual resources to implement network services over static rigid physical model. With the advent of network function virtualization (NFV), network services instances are provisioned across multiple clouds for performance and load balancing purposes. Interconnection of these instances to form a complete end-to-end network service is complex, time consuming and expensive task. Service function chaining (SFC) is a mechanism that allows various service functions to be connected to each to form a service enabling carriers to benefit from virtualized software defined infrastructure. SFC is an enabler for NFV, providing a flexible and economical alternative to today's static environment for Cloud Service providers (CSPs), Application Service Providers (ASPs) and Internet Service Providers (ISPs). This paper provides a closer look at the current SFC architecture and a survey of the recent developments in SFC including its relevance with NFV to help determine the future research directions and the standardization efforts of SFC. Finally, the paper discusses open research topics in relevance with the SFC architecture and demonstrates a need for an analytical model for the SFC architecture to achieve the optimal performance.
2015 International Conference on Advanced Computing and Communications (ADCOM), 2015
Network Function Virtualization (NFV) allows Internet Service Providers (ISPs) to implement key f... more Network Function Virtualization (NFV) allows Internet Service Providers (ISPs) to implement key function modules, such as, BRAS (Broadband Remote Access Server), IMS (Internet Multimedia System), etc. in virtual machines in a cloud environment. One of the key problems in NFV implementation is the placement of virtual machines (VMs) in clouds managed by different cloud service providers each with its own management interface. It would be helpful if the clients can implement their policies in a multi-cloud environment using a single interface. Our proposed solution is a modular multi-cloud management system called OpenADN that provides a common interface for resource allocation in a multi-cloud environment. The solution is also applicable to non-ISP applications, such as, banking, financial, and other sectors that need to use globally distributed multi-cloud resources. This paper presents a brief overview of the OpenADN architecture. The key feature of OpenADN is that multiple tenants can share the resources and all resource owners keep complete control over their resources. The data plane module of OpenADN is called OpenADN (Open Application Delivery Network). OpenADN has been implemented and brief details of implementation are also presented in this paper. 1
2015 IEEE International Conference on Cloud Engineering, 2015
Network Function Virtualization (NFV) and Service Chaining (SC) are novel service deployment appr... more Network Function Virtualization (NFV) and Service Chaining (SC) are novel service deployment approaches in the contemporary cloud environments for increased flexibility and cost efficiency to the Application Service Providers and Network Providers. However, NFV and SC are still new and evolving topics. Optimized placement of these virtual functions is necessary for acceptable latency to the end-users. In this work we consider the problem of optimal Virtual Function (VF) placement in a multicloud environment to satisfy the client demands so that the total response time is minimized. In addition we consider the problem of dynamic service deployment for OpenADN, a novel multi-cloud application delivery platform. 1
Computer Networks, 2014
Today, most large Application Service Providers (ASPs) such as Google, Microsoft, Yahoo, Amazon a... more Today, most large Application Service Providers (ASPs) such as Google, Microsoft, Yahoo, Amazon and Facebook operate multiple geographically distributed datacenters, serving a global user population that are often mobile. However, the service-centric deployment and delivery semantics of these modern Internet-scale applications do not fit naturally into the Internet's host-centric design. In this service-centric model, users connect to a service, and not a particular host. A service virtualizes the application endpoint, and could be replicated, partitioned, distributed and composed over many different hosts in many different locations. To address this gap between design and use, ASPs deploy a service-centric network infrastructure within their enterprise datacenter environments while maintaining a (virtual) host-centric service access interface with the rest-of-the-Internet. This is done using data-plane mechanisms including data-plane proxying (virtualizing the service endpoint) and Layer 7 (L7) traffic steering (dynamically mapping service requests to different application servers and orchestrating service composition and chaining). However, deploying and managing a wide-area distributed infrastructure providing these service-centric mechanisms to support multi-data center environments is prohibitively expensive and difficult even for the largest of ASPs. Therefore, although recent advances in cloud computing make distributed computing resources easily available to smaller ASPs on a very flexible and dynamic pay-as-you-go resource-leasing model, it is difficult for these ASPs to leverage the opportunities provided by such multi-cloud environments without general architectural support for a service-centric Internet. In this paper, we present a new service-centric networking architecture for the current Internet called OpenADN. OpenADN will allow ASPs to be able to fully leverage multi-cloud environments for deploying and delivering their applications over a shared, service-centric, wide-area network infrastructure provided by third-party providers including Internet Service Providers (ISPs), Cloud Service Providers (CSPs) and Content Delivery Networks (CDNs). The OpenADN design leverages the recently proposed framework of Software Defined Networking (SDN) to implement and manage the deployment of OpenADN-aware devices. This paper focuses mostly on the data-plane design of OpenADN.
Uploads
Papers by Mohammed Samaka