A Situation-Aware Information Infrastructure

Resilience is a vital property of communications systems and unified ICT environments, and is achieved mainly by infrastructural redundancy, and static security and network control (e.g., through multipath routing protocols, signature-based intrusion detection systems). This results in mostly monolithic solutions that are service and location-specific, and they protect the infrastructure against a static and well-defined set of threats. However, current approaches do not incorporate, nor do they take advantage of, the wealth of spatio-temporal information available in today's ICT environments, such as sensing, logs, packet data, or external global media feeds. Such diverse data and information sources from heterogeneous environments unified over ICT infrastructures can be exploited to create situation awareness, and can help protect the infrastructure from a range of dynamic and emerging adversarial events (e.g., from new types of failures due to complexity and centralisation, to denial of service attacks and natural disasters) that current static approaches fail to provide [1][2][3].
At the same time, today's ICT environments are evolving as crucial, mission-critical socio-economic systems, and their optimal performance depends on adaptive and intelligent schemes to ensure resilient operation at the onset of legitimate or malicious adversarial events. In order to realise this aim, there needs to be a suitable instrumentation, measurement, analysis, and control infrastructure that will operate natively with, and add intelligence to, the unified networked environment.

In this project, we propose to design and develop a generic, resilient and adaptive situation-aware information infrastructure that would predict and confront the broad range of challenges faced by the network. We aim to provide novel and practical mechanisms that will enable a deeper understanding of the dynamic and non-stationary evolution of mission-critical systems through harnessing 'big data' sets of relevant internal (monitored) and external (global media feeds) spatio-temporal information - what we call 'context'. Our mechanisms will be incorporated as a protocol suite within a Software-Defined architecture, integrated as a native component in (future) computer networks design. This project is not simply aiming at integrating off-the-shelf solutions into a unified scheme, but rather to revisit the resilience challenge in mission-critical ICT environments and contribute new solutions to the information processing, algorithmic, networking and systems aspects of such undertakings.

The research will be carried out over two years jointly at the Universities of Lancaster and Glasgow, involving investigators with a wide range of expertise (from resilient and autonomic communications, through network instrumentation and management, to information retrieval) and in collaboration with a number of leading industrial partners in the areas of safety-critical systems (NATS), industrial control networks (EADS-IW), and hardware-accelerated custom computation products (Solarflare). This consortium will ensure delivery of excellent research results with direct industrial applicability and transformative effects on future intelligent mission-critical infrastructures.


[1]. Windows Azure service interruption:
http://blogs.msdn.com/b/windowsazure/archive/2012/08/02/root-cause-analysis-for-recent-windows-azure-service-interruption-in-western-europe.aspx
[2]. Air Traffic Management system malfunction at Dublin Airport:
http://www.computerworld.com/s/article/9110319/Dublin_Airport_radar_system_brought_down_by_faulty_network_card
[3]. Power outage hits London Data Centre:
http://www.theregister.co.uk/2012/07/10/data_centre_power_cut/

This project has excellent potential for significant direct and indirect impact for a range of beneficiaries. This is already partly evident from the explicit interest and contributions offered by our four leading industrial partners, namely EADS-IW, NATS, Solarflare and JANET that are offering significant resources and data to tackle the objectives of this work.

We will also participate in appropriate standardization activities with ENISA and organize workshops co-located with prestigious conferences such as ACM SIGCOMM, ACM SIGIR and IEEE INFOCOM. Apart from aiming to publish in these conferences we will also target major events such as IFIP/IEEE IM, IFIP/IEEE NOMS, and high-profile journals such ACM/IEEE Transaction in Networking, i.e we are also aiming for high impact in the scientific domain alongside industrial and societal impact.

Directly, the outcomes of this work will have immediate and longer-term impact for the following beneficiaries:

Mission-critical infrastructure and service providers - The situation-aware information infrastructure that will result from this work, integrated with next generation networking architectures, will significantly improve the resilience, adaptability and seamless operation of future unified ICT environments at the onset of adversarial events. Results from this work will increase service predictability and dependability and will have a direct positive impact on return on investment.

Hardware and network equipment vendors - Results from this work will provide new insights in the instrumentation, measurement, and analysis support that will need to be provided natively and at very high-speeds by future resilient and situation-aware infrastructures. We will produce prototype hardware-accelerated processing modules that equipment vendors can then optimize and incorporate into their future platforms. ASIC, FPGA, and switch/router equipment vendors (e.g., Cisco, HP, Juniper) are particularly likely to benefit.

Software-Defined Networking (SDN) vendors - This work will provide a new suite of situation-aware protocols that will operate as part of a framework for fast and flexible, programmable service deployment in short timescales. We will extend the current SDN model to provide for increased distributed intelligence alongside the centralised abstraction of the network control plane. SDN and Openflow software and equipment vendors will benefit from this extended functionality.


Security solutions providers - The proposed work will develop novel online anomaly and intrusion detection algorithms that will harness both operational data and external information sources of input in order to detect, identify and remediate threats to the infrastructures. This will shed new light on combinatorial information processing and potentially to novel patterns of abnormal system-wide behaviour. Security software warehouses and security assessment companies will particularly benefit from these outcomes.

Information retrieval and filtering software providers - The parallel processing of global public content sources to extract information relevant to particular infrastructures while simultaneously creating notions of locality, time, and incident context, will shed new light on processing high-volume, high velocity, and high-noise information feeds.

Indirectly, the following will benefit:

Users - The provision of native resilience mechanisms will benefit the many users who are increasingly using shared infrastructures, and will indirectly facilitate IT-as-a-Utility by making infrastructures more dependable.

The RAs working on this project will develop unique research and development skills in cutting-edge networking, machine learning, and information retrieval and filtering technologies, while working closely with leading industry providers.