A formal framework for modelling complex network management systems

Journal of Network and Computer Applications ∎ (∎∎∎∎) ∎∎∎–∎∎∎

Contents lists available at ScienceDirect

Journal of Network and Computer Applications journal homepage: www.elsevier.com/locate/jnca

A formal framework for modelling complex network management systems Francisco Macia-Perez, Iren Lorenzo-Fonseca, Jose Vicente Berna-Martinez n Department of Computer Science, University of Alicante, Carretera San Vicente del Raspeig s/n, 03690 San Vicente del Raspeig, Alicante, Spain

art ic l e i nf o

a b s t r a c t

Article history: Received 5 March 2013 Received in revised form 18 September 2013 Accepted 20 September 2013

Society today is completely dependent on computer networks, the Internet and distributed systems, which place at our disposal the necessary services to perform our daily tasks. Subconsciously, we rely increasingly on network management systems. These systems allow us to, in general, maintain, manage, configure, scale, adapt, modify, edit, protect, and enhance the main distributed systems. Their role is secondary and is unknown and transparent to the users. They provide the necessary support to maintain the distributed systems whose services we use every day. If we do not consider network management systems during the development stage of distributed systems, then there could be serious consequences or even total failures in the development of the distributed system. It is necessary, therefore, to consider the management of the systems within the design of the distributed systems and to systematise their design to minimise the impact of network management in distributed systems projects. In this paper, we present a framework that allows the design of network management systems systematically. To accomplish this goal, formal modelling tools are used for modelling different views sequentially proposed of the same problem. These views cover all the aspects that are involved in the system; based on process definitions for identifying responsible and defining the involved agents to propose the deployment in a distributed architecture that is both feasible and appropriate. & 2013 Elsevier Ltd. All rights reserved.

Keywords: Network management systems Frameworks and models Conceptual model Functional model Architectural model Business process modelling notation Multi-agent system Service oriented architecture

1. Introduction It is impossible to discuss today's society without making reference to the exchange of digital information. Most branches of social, economic and scientific fields have joined the cyber world, and computer networks are the basis on which these connections are based. The increasing number of computers together with the rapid development of communications technology has led to the widespread use of the World Wide Web. The latest statistics (IWS, 2012) show that more than a third of the world's population is connected to the Internet. This situation has caused an increased use of Information and Communication Technologies (ICT), both in business and in everyday life (National Statistics Institute of Spain, 2012). Thus, an increase has also occurred in the use of all types of electronic services, such as banking services, electronic commerce, entertainment and even medical diagnosis (Macia et al., 2009a, 2009b). Our homes, jobs, study centres and vehicles make use of networks and distributed services that exist to offer more possibilities and features (Chen et al., 2011). However, all of these existing distributed n

Corresponding author. Tel.: þ 34 965 90 3400x1307; fax: þ34 96 590 9643. E-mail addresses: [email protected] (F. Macia-Perez), [email protected] (I. Lorenzo-Fonseca), [email protected], [email protected] (J.V. Berna-Martinez).

systems require a sophisticated set of management systems for maintenance, sustainability, security and good performance. Often, the systems for managing distributed applications are not accounted for during the development of projects or simply cannot be developed at that time. These management systems must be developed afterward and this happens in case like development of intrusion detection systems, monitoring systems, web services activities, antivirus applications, and systems for the regeneration of network nodes. In this paper, we propose a methodology for systematically generating these network management systems, which simplifies the process of creating the systems. Management is a secondary task in the distributed system (for example, an online banking application, medical diagnosis or flight booking needs a management task), but often its cost is greater than that of the main system. Even so, it is important to take into account that ignoring management systems could be a recipe for main system failure. Distributed systems today are composed of thousands of components, including operating systems, software applications, servers, networks and storage devices, and each component has its own configuration. This heterogeneity has become an important factor in the system complexity and increases the difficulty of generalising the management actions across distributed systems with different functionalities and architectures (Shan et al., 2010). In addition, both the behaviour and workload caused by users

1084-8045/$ - see front matter & 2013 Elsevier Ltd. All rights reserved. http://dx.doi.org/10.1016/j.jnca.2013.09.017

Please cite this article as: Macia-Perez F, et al. A formal framework for modelling complex network management systems. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.09.017i

2

F. Macia-Perez et al. / Journal of Network and Computer Applications ∎ (∎∎∎∎) ∎∎∎–∎∎∎

constantly changes, and both the hardware and software are updated and changed often, which makes the system, as a whole, have a large amount of uncertainty (Jing et al., 2006). Therefore, the complexity in the management of distributed information systems comes from its very large scale, its dynamics and its heterogeneity. Several initiatives have emerged that attempt to propose methodologies, protocols and standards to manage the means and resources of these distributed systems. A clear example is the initiative that was proposed by the International Organization for Standardization (ISO), which, under the leadership of the Open Systems Interconnection (OSI) Group, has created a network management model as a way of understanding the major functions of network management systems. This model is called FCAPS (acronym for fault, configuration, accounting, performance, and security) (ISO/IEC, 1988) and is currently known as FAB (short for fulfillment, assurance, and billing) (ITU-T, 2004); it classifies network management functions into five groups (ITU-T, 1996, 1997): fault, configuration, statistics, performance and security. Hence, standards have emerged to support the management of broadcast environments of distributed systems, such as ICMP (Internet Control Message Protocol) (RFC 792, 1981) or SNMP (Simple Network Management Protocol) (RFC 3410, 2002). Security management is another major nucleus in the management of distributed systems (Maciá et al., 2011). Cyber-attacks have increased alarmingly in recent years. Until 2003, the growth in the number of attacks sent to CERT (Computer Emergency Response Team) has been exponential. The CERT retained the statistical control of the attacks only until 2003 because the widespread use of automated attack tools trivialises the incident numbers, providing little information regarding the scope and impact of the attack (CERT, 2012). This complex situation in systems and computer networks has resulted in the development of research (Ghosh and Schwartzbard, 1999; Lippmann and Lunningham, 2000; Kruegel et al., 2005; Liang and Sekar, 2005; Debar and Viinikka, 2005; Polychronakis et al., 2007), to create security mechanisms, from which we can identify three fundamental safety measures: prevention, evasion and detection (Kruegel et al., 2005). The security system includes combating malicious users, errors or (simply) bad luck. This discipline focuses on the tools, processes and methods that are required for the design, implementation, testing and adaptation of the systems. An experienced staff with interdisciplinary experience is required, and the staff should have knowledge of cryptography, computer security, and hardware as well as have a formal background in economics, psychology, organisation and legislation (Anderson, 2008). Today, cloud computing is becoming the new paradigm for information technology worldwide (Macia-Perez et al., 2012). This new paradigm is joining the industry's major companies, such as Amazon, Microsoft, Google and IBM (Jung and Chung, 2010). This advancement implies that this new scenario is now more distributed, and there is more uncertainty because many of the devices and systems that will be part of our applications are completely unknown to us. This complexity makes it more difficult to control security in its various aspects (Jamil and Zaki, 2011), both related to the illegal activities of users, viruses or malware and the integrity of the systems, such as monitoring services, correct operation of applications, and hardware failure. For these reasons, we identify the need for methodologies, tools, techniques and models to generate, in a systematic way, the management systems that enable the administration and control of distributed software/hardware in all of the aspects involved in management and without significant cost to the realisation of a distributed system. The management and administration functions are secondary to the primary functions of a distributed system

and, therefore, should be a task that, while complex, can easily be accomplished. In this paper, we propose a methodology for the development of a complex network management system. Toward this goal, we outline, in Section 2, a formal framework that allows to systematically define and consider the various aspects that are involved in the management system. This framework divides the model into a view that is composed of three sub-models, which show three different views of the same system. In Sections 3, 4 and 5, we show the sub-models into which the proposal is divided: a conceptual model, a functional model and an architectural model. In Section 6, we develop a case study that shows the validity of the proposed model. Finally, in Section 7, we present the main conclusions of this work.

2. Formal framework The definition of a model for a Network Management System (NMS) is a crucial step in the development of an NMS, especially if proposals aim for the broad power of generalisation. It is essential to ensure that NMS definition is rigorous and has the least ambiguity possible; thus, it is also important to clarify the formal foundations in which the system will be described (Stolfo and Mok, 1999). If Heisenberg's uncertainty principle (“What you study, you change.”) is a problem that is caused by the observation of a system, an NMS is unable to escape from this principle, but this principle could nevertheless be one of its greatest assets. After all, the NMS is a network service that has the same nature as those who want to manage it. The NMS runs and relies on the same resources that will be affected in the event of a failure or malfunction, and every action to manage the system will have a direct and immediate impact on the NMS itself. Thus, instead of avoiding or minimising this principle, the approach taken to develop our Model NMS (MNMS) is precisely to fully assume this principle from the beginning. For us, creating an MNMS is nothing more than to model the system to be managed, or what is the same in this case, to model the computer network to be managed. This approach intrinsically incorporates System and Network Management so that uncertainty principle is trivialised. In a more formal way and in equation form: MNMS  Network Model þNMS. In any case, although we have identified the final target of the model, we must still determine how to approach the model. Given that a model must be a valid simplification of reality that is suitable to our interests, we must ensure that the model reflects all of the important elements for the development of an NMS, and we must attempt to ignore all superfluous details of the network. Given how complex a system with these characteristics is, we have chosen to divide the general model into three different models that provide three different views of the same system. Figure 1 shows a graphical representation of this concept. In this figure, the centre of the model is the computers network and, accordingly, the general model is composed of three alternative views, which are organised into three different dimensions. First, we propose a conceptual model (ConcepModNMS) that focuses on describing the main tasks of the NMS, allowing us to see the system through the processes (P) that take place within it and allowing us to identify their requirements. Moreover, the functional model (FunModNMS) proposes a vision of the NMS from the point of view of the actors (A) that are responsible for the implementation and the relationships between them, using as a reference the ConcepModNMS. Finally, from the procedures that are identified in the ConcepModNMS and the agents that are responsible for the implementation identified in the FunModNMS, an Architectural Model (ArchModNMS) detects the necessary

Please cite this article as: Macia-Perez F, et al. A formal framework for modelling complex network management systems. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.09.017i

F. Macia-Perez et al. / Journal of Network and Computer Applications ∎ (∎∎∎∎) ∎∎∎–∎∎∎ Conceptual Model (ConcepModIDS)

general model, which serve as cornerstones on which each of the models is developed. Thus, the method of formalisation is basically a sequential procedure for obtaining each of the sub-models that compose the model of the NMS; more formally

Processes(P)

For malisation Method MNMS ¼ 〈Procedure f or Models M i =M i A  ConcepModNMS; FunModNMS; ArchModNMS 〉

Goals

Computer Network Agents (A) Resources(R)

Architectural Model (ArchModIDS)

Functional Model (FunModIDS)

Fig. 1. Dimensions of an MNMS.

Computer Networks Experts

Moreover, the tools that are used are defined by: formalisms that are used for the specification of each model, such as Unified Modelling Language (UML); other formal frameworks, such as Multi-Agent Systems (MAS); design patterns, such as Model-ViewControllers (MVC); and architectures, such as SOA, an n-tier Client/ Server, software components and distributed hardware. Formally, we can express this concept as follows: Formalisation Tools ¼〈UML, MAS, Design Patterns, Architectures〉. We use UML as a common and basic language for the definition of formalisms, using different variants according to what best suits our interests, for example, Erikson–Penker for processes, AUML (Agent UML) for MAS and UML for architectures. Thus, the proposed method of formalisation is the following:

 First is the conceptual modelling. This model uses the processes Framework

Formalization Method

P

3

Formalization Tools UML

Conceptual Model

A

Functional Model

R

Architectural Model

ErikssonPenker

BPMN

AUML

MAS

SOA

OWL-S

BPEL



Ontologies OWL



Model NMS Computer Networks

NMS

Fig. 2. Phases of the formal framework for modelling an NMS.

resources to model the NMS through the technologies that are needed to implement it (R).Additionally, ArchModNMS organises resources to ensure the necessary technological substrate for the deployment and operation of an NMS that is based on the described model. Thus, the MNMS shall be composed mainly of the three models that are described here and by the sets P, A and R, which are obtained during the process; more formally: MNMS¼ 〈ConcepModNMS, FunModNMS, ArchModNMS, P, A, R〉. Once we identify how our model will work, it is important to define a method that allows us to obtain the model systematically. This method should provide a formal expression of the model with the aim of introduce very few ambiguities and, thereby, the understanding of the model to be clear and simple. For this reason, the proposed framework is based on a method of formalisation for the MNMS and a set of tools that facilitate their creation, i.e.: Framework ¼〈Formalisation Method MNMS, Formalisation Tools〉. As illustrated in Fig. 2, a method is proposed that identifies three sequential stages, so that each stage is supported by the results of the previous stage. Each phase of the method for modelling an NMS is correlated with the three models that are proposed and the three perspectives that are identified in the

that are involved in the NMS as a driveline. It focuses on the modelling of processes that managers often perform in the organisation. The model is formalised through the Eriksson– Penker notation as an extension of UML. Second is the functional modelling. This model uses the elements that were defined in the previous step. This step aims to convert the ConcepModNMS to an algorithm that can be implemented and executed effectively by a distributed computing system. For this proposal, the model defines the granularity and parallelism of the processes and obtains the functional model. It uses the actors that are responsible for the execution of the processes as the main axis of the modelling. The model is formally expressed as a MAS distributed system of action-reaction and AUML notation. The final stage is architectural modelling, which aims to provide a technological environment that makes the proposal viable. All of this work is performed under a service-oriented approach and is formally expressed using UML notation. Architectures that can be applied are based on n-tier architectures, architectures of distributed software components, SOA (Service-Oriented Architecture) and Multi-Agent Systems, which consider each element of the system to be a software– hardware component that is distributed and highly decoupled.

The following chapters explain the formal basis that is used for different models, the conceptual model, the functional model and the architectural model, as well as the relationships between them. All of these models are aimed at providing the main views of our Model NMS (MNMS) (which will be its name throughout this document).

3. Conceptual model The conceptual model aims to describe the domain of our problem by analysing and capturing its requirements: a computer network in good working condition. The source of the fundamental knowledge that will support the analysis is the experience and knowledge that has been accumulated by the experts, such as network administrators and systems administrators. The ConcepModNMS represents a simplified way of thinking (a viewpoint of the experts on the system); thus, the more comfortable approach to follow is to identify the different objects to manage

Please cite this article as: Macia-Perez F, et al. A formal framework for modelling complex network management systems. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.09.017i

F. Macia-Perez et al. / Journal of Network and Computer Applications ∎ (∎∎∎∎) ∎∎∎–∎∎∎

4

(e.g., information, files, applications, and resources), their responsibilities, the activities involved and the steps for each of those activities. Moreover, as soon as the NMS must defend the interests of an organisation, public or private, the experts will have to ensure that all of the work is performed in alignment with the overall policies of the organisation. Considering the characteristics of the model and the need to align with the interests of the organisation, process modelling methodology emerges as being very appropriate and well proven in the enterprise domain; it has a series of formal tools that are well suited to our needs (Recker et al., 2009). The concept of a process has been defined often because it is the basis of a new approach to business organisation and is considered to be a basic principle of obtaining satisfactory results efficiently (Beltrán et al., 2003). The family of ISO 9000 conceptualised a process as a set of interrelated activities or interacting activities that transform inputs into results (ISO/TC, 2012). This definition is enriched with important concepts that are handled inside the Business Process Management (BPM) area. BPM is a business methodology that is aimed at improving efficiency through the systematic management of business processes (Smith and Fingar, 2002; Rosen et al., 2004; Jeston and Neils. 2006). This type of process is described by the following characteristics:

    

<>

Process Goal

<>

<>

Input

Accordingly, we formally define the set P as comprising all p processes identified and defined in the system, where each p A P is compound by a tuple that is composed of a set Ap of actors αi that are responsible for the development of the process p, a set Rp of resources ri that are involved in the process and an ordered sequence workflow WFp of tasks ti, where Ap DAyRp DR. Formally, we denote this arrangement with the following tuple: p ¼〈Ap, Rp, WFp〉. To define the ordered sequence of tasks, we have chosen to define a graph in which the nodes are the tasks ti A Tp, with Tp DT, and the edges are a set of indices ITp that are related to the tasks. This scenario can be formally expressed as WFp ¼〈Tp, ITp〉/Tp D T 4 ITp DN. From this moment and for the sole purpose of simplifying the notation, it is understood that the definition of a workflow WFpi of a process pi A P can be given by the enumeration of a series of tasks tk A T and the enumeration of a series of processes pj AP. Considering this simplified notation, we also obtain that: pi, pj A P, 8 pj A WFpi,sith ATpj-th A Tpi. Furthermore, we have the corollary: Tpj DTpi. To represent the relationships between the processes, we use the notation of Eriksson and Penker (1999). This notation is an extension of UML for business processes and has strong descriptive power for the specification of processes and procedures. In this way, we achieve a graphical representation that is standard and formal. The extension of Eriksson and Penker (1999) for business represents a process in a UML class diagram with the symbol for a process, as shown in Fig. 3. In UML, the process symbol is a schematic of an activity from the activity diagram. The process takes input resources from the left and indicates output resources on the right side (shown as dependencies of the process according to the UML standard syntax). The objective of the process can be expressed as a { goalc object in the upper process symbol. Resources that are part of or are involved in the process are shown below the symbol of the process. The resources that are used by or

Output

Process <>

<>

<>

<>

Resource A

Resource B

Fig. 3. Schematic of Eriksson–Penker notation.

<>

Process Goal

Input

Output

Process <>

Has a goal. Has a specific input. Has a specific output. Uses resources and can change their states. Is composed of activities that are executed in a specific order.

<>

Resource A

<>

Resource B

Fig. 4. Eriksson–Penker schematic, simplified.

Table 1 Description of resources elements. E Label Specifies the resource name. Re Relationship Type of dependence of the resource with the process (input| output|supply|control|achieve).

needed by the process are related to it through a { supply c dependence, and resources that control the process use the stereotype { Control c. These resources can be objects, information or actors because they include everything that you need to run the process. However, because of the importance of actors for the model (they will be the centre of attention in the next stage of the modelling), they are considered in a separate set of other resources. Given that all of the processes and resources will have the labels { processc and { resourcec , respectively, we omit these labels in the figures, leaving only { goalc to specify that it is a goal (Fig. 4). More precisely, we formalised each resource r A R as a pair that is composed of a label and a relationship, formally ri ¼ 〈E, Re〉 (Table 1). We include the { achievec dependence in the types of dependencies to identify the goals of the process. The WFp workflow is associated with a process p and is formally described graphically in the notation of Eriksson–Penker. This notation is an extension of the activity diagrams and, therefore, includes stereotypes and relationships that are characteristic of these diagrams, identifying the activities with the tasks that are defined within our model. This arrangement shows the workflow of a process through the relationships between the processes and tasks of sub-process p1 (Fig. 5). The result of this modelling step is the formal description of all processes involved in managing computer networks, which are synthesised in the set P, together with a first approximation of actors (A) and resources (R) t implicated. For this goal, we use the

Please cite this article as: Macia-Perez F, et al. A formal framework for modelling complex network management systems. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.09.017i

F. Macia-Perez et al. / Journal of Network and Computer Applications ∎ (∎∎∎∎) ∎∎∎–∎∎∎

concept of a computer network as a basis, and we apply the knowledge of experts and the policies of the organisation that will be used by NMS to obtain a NMS model. This model is based on processes and uses tools such as a BPM and the notation of Eriksson–Penker (Fig. 6).

4. Functional model The purpose of functional modelling is to define exactly how to perform the processes that were identified in the ConcepModNMS to ensure the procurement of an effective and efficient model always in accordance with the requirements set. Given that these requirements must include scalability and adaptability to change (dynamism), the system is modelled from the functional point of view with a distributed approach taking as reference the responsible for performing the functions, i.e., the elements of the set A that were identified during the conceptual modelling. Summarising all of the factors that were described, we can specify the main features of the functional model as follows:

 It is a distributed environment.  The model is focused on the actors that are responsible for the implementation of the processes.

5

The theory of agents and, more specifically, Multi-Agent Systems provides a basic formal framework that is suitable for the requirements that have been described (Maciá et al., 2005). Multiagent systems possess sufficient expressive capacity to address complex scenarios and are totally run by agents. An agent is an entity that can exercise independently and this definition fits perfectly with the set of actors A that were identified during the stage of conceptual modelling; it should now take over to lead this new stage of modelling. Thus, the expected result of functional modelling is the Multi-Agent System, which formally represents the NMS and becomes the distributed algorithm to be implemented. We use the Agent Unified Modelling Language as a graphic formalism of modelling (FIPA, 2000a, 2000b; Cabac and Moldt, 2004; Cabac et al., 2003), which is an extension of UML that represents the relationship between agents. The formalisation of this model is made based on the formal framework that is defined in Maciá and García (2006) and that proposes a model of action-reaction for scalable and distributed network management systems. Thus, we define that FunModNMS contains the environment to regulate (in this case, the network model NetMod) and those responsible for regulating it (agents that correspond to the set of actors A), which is defined as ConcepModNMS: FunModNMS ¼〈NetMod, A〉. Next, we will look at each construct in more detail below.

 It aims to create a scalable and dynamic model. 4.1. Network model

t2 t1

t4 p1

t3

t4

Fig. 5. Representation of a workflow WF that comprises four tasks and the tasks associated with the process p1.

Computer Networks Requirements

Tools

ErikssonPenker

BPM

Conceptual Model

Experts Organizaonal Policies

Model NMS Based on Processes Fig. 6. Key elements that are involved in conceptual modelling.

The NetMod corresponds to the environment model that was defined in Maciá and García (2006). This model is described by the set of states of the environment(Σ),actions that can be performed on these states (T) and were identified in the ConcepModNMS, the influences exerted by the agents(Γ) and the React function that models the network reaction to the actions of the agents: NetMod ¼ 〈Σ, T, Γ, React〉. The set of states of the environment is crucial to the model; thus, it is important to describe through tools that represent and share knowledge, using a common vocabulary and promoting the sharing and reuse of such knowledge. For this reason, we selected an ontological approach because we have the formal specification of a shared conceptualization (Borst, 1997). An ontology describes the concepts of a domain and their relationships. The most recent development in standard ontology languages is OWL (Web Ontology Language), from the World Wide Web Consortium, with its three basic variants, OWL-Lite, OWL-DL (description logics) and OWL-Full. In this case, we use the OWL-DL language as a language for representing ontologies because it allows greater expressiveness while maintaining the principles of computational completeness and decidability (Horridge, 2009). Thus, each state of the medium si A Σ can be defined by the union of the set of elements that is composed of classes, attributes, sets of relationships, functions, axioms and instances si ¼ 〈C, At, Re, Ax, I〉. This description of the states of the world is based on the definition of ontologies (Gruber, 1993) (Table 2)

Table 2 Description of elements of each state. C

Classes

At Re

Attributes Relationships

F Ax

Functions Axioms

I

Instances

Classes represent concepts and can be entities over which properties can be set, such as an object type, the description of a task, a function, action, strategy or reasoning process. Attributes represent the internal structure of the concepts. Relationships represent relationships between the domain concepts. Among the different types of possible relationships are the taxonomic relationships (“is a”) and partonomics (“part of”), which are binary relations highlights. Functions are a special type of relationship. The n-th element is unique relative to the previous n  1. Axioms are expressions that are always true. They can be used to define complex constraints on the values of the attributes and the arguments of the relations. Instances are occurrences in real-world concepts. In all instances, the concept attributes are assigned a value.

Please cite this article as: Macia-Perez F, et al. A formal framework for modelling complex network management systems. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.09.017i

F. Macia-Perez et al. / Journal of Network and Computer Applications ∎ (∎∎∎∎) ∎∎∎–∎∎∎

6

The actions are the other determining elements in the description of the environment. Actions can be executed on the NetMod and can transform one state into another. These actions are defined via a finite set T that is specified in the conceptual model, which includes all of the possible tasks that can be performed on the environment. These tasks can be grouped into processes. Agents who execute the tasks can be responsible for performing all of the tasks in a process or for supervising the execution of the tasks by other agents. There is a relationship between the tasks and the states of the environment. The execution of each task by the agents is an action on the environment and causes a state transition. With the existence of various agents, it is necessary to consider the implementation of simultaneous actions. The realisation of the tasks of each agent on a state of the medium does not involve a direct change in the state, but instead involves a state change intention, which we call an influence on the environment (Maciá and García, 2006). The union of all of the influences that regulate agents achieves the state change of the medium. Therefore, each influence γi A Γ is considered to be only an attempted action on the states of the environment. The ultimate goal is the transformation of one state of the environment into another. This transformation is accomplished through the reaction of the environment to the different influences of the regulating agents. Thus, it remains to define the reaction of the environment as a function that models the development of new states through the interactions between the current state and the influences. Therefore, the transformation from one state to another can be described formally as s(t þ 1)¼ React(s(t),γ), where γ ¼∏nk ¼ 1γk 4 n¼ Card(MAS) and γ ¼(γ1, γ2, … γn) represents a vector that comprises the influences brought by different regulators. At this point, we have defined the NetMod formally. Next, we must define the regulators, to obtain a complete NMS model. Below, we explain these agents in detail because they are an important part of the model and they are the agents that govern the process.

4.2. Regulator agents Regulators are specified by agent theory. These agents respond to the PDE (Perception–Deliberation–Execution) model (Genesereth and Nilsson, 1987) because they are constantly perceiving environmental states, deliberating and executing tasks on the environment. Thus, we take the set of actors A that are defined for the conceptual model to be a first approximation of the agents comprising the MAS that is being defined. This set can be increased constructively along the model definition. All of these agents possess the PDE structure, to allow each agent αi AA to be defined as α¼〈Percepα, Delibα, Execα〉. Through perception, the agent identifies environmental states. Thus, it can be understood to be a function that converts a state of the environment into an interpretation of the state made by the agent. These interpretations are what we call perceptions and can be defined for an agent α using the set Φα, such as in Φα ¼ {ϕ1, ϕ2, …, ϕn}. The purpose of the perception function is to convert the medium state in the perceptions of the agents. Perception is defined for an agent α as an application of the set of states of the environment on the set of perceptions of the agent, with the following notation: Perceptα: Σ-Φα. Moreover, the deliberation is one of the more complex functions because it defines objectives, decision making and memory, if necessary. Figure 7 shows the PDE architecture with the capability

Fig. 7. Structure of a cognitive agent that is capable of memorisation.

of memorising. Therefore, these agents can develop a more complex function of deliberation and can use stored knowledge. Using cognitive agents produces a more complex model because these agents have internal memory states, which will be described. These internal states directly influence the deliberation that takes the agent from their perceptions. Thus, we must define the internal states of an agent α through the set Sα, i.e., Sα ¼{s1, s2, …, sn}. The inner states of the agents can vary because of perceptions; this variation is accomplished through the memory function. The memory function of each agent relates the perceptions and the internal states and obtains new internal states. We can express this arrangement formally asMemα: ΦαSα-Sα The deliberation function relates the perceptions and the knowledge of the agent (collected in the internal states) and obtains the tasks (defined in ConcepModNMS), i.e., Delibα: ΦαSα-T. After obtaining the tasks, they must be executed by the agent. The operation executing the tasks by the agents is defined in terms of the perceptions of agents and does not use the environment states. Thus, each agent can perform their tasks without requiring global knowledge of the state of the environment but by using its perceptions and generating influences Execα: TΦα-Γ. Thus, an agent can be defined as a set of perceptions and internal states that are related by perception, memory, deliberation and execution, which is the same as α¼〈Φα, Sα, Percepα, Memα, Delibα, Execα〉. The behaviour of such agents is expressed in terms of the states of the environment and the internal states of the agent and obtains the tasks to execute and new internal states of the agents. Thus, the behaviour of an agent α, for an environment state s and an internal states, is described by the expression Behaveα(s,s) ¼ 〈Delibα(s,s), Memα(s,s)〉cons ¼Percepα(s). Therefore, the overall system changes from one state to another are expressed as follows: sðt þ 1Þ ¼ RezctðsðTÞ; ∏ni¼ 1 Execi ðDelibi ðsðtÞ; si ðtÞÞÞÞ

s1 ðt þ1Þ ¼ Mem1 ðs1 ðtÞ; s1 ðtÞÞ ⋮ sn ðt þ 1Þ ¼ Memn ðsn ðtÞ; sn ðtÞÞ

with si ðtÞ ¼ Percepi ðsðtÞÞ 4 n ¼ CardðMASÞ 4.3. Social model Another important element to define within the Multi-Agent System is the classification of the types of agents that can exist within the model. Following the philosophy used for defining actors, MAS will have an organisational structure comprising operator agents (AO) and coordinating agents (AC) (Fig. 8). Operator agents are responsible for performing the tasks of a process, and the coordinators are responsible for this execution. Thus, Ac⋃Ao ¼A; considering that generated classifications are disjoint, then we have Ac⋂Ao ¼{}. Moreover, with regard to interactions with the environment, there are three basic types: agent input interfaces (the input

Please cite this article as: Macia-Perez F, et al. A formal framework for modelling complex network management systems. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.09.017i

F. Macia-Perez et al. / Journal of Network and Computer Applications ∎ (∎∎∎∎) ∎∎∎–∎∎∎

Regulating Agents Coordinating Agents

Operating Agents

Fig. 8. Types of agents in the organisational structure.

(AI)

(AOI)

Actions (T) States

Network

(Σ)

(achieve : sender : receiver : content (tráfico = suspendido) : language fipa-sl : ontology Ontolog-NMS ) Fig. 10. ACL message example.

MAS-NMS

(AII)

7

Γ

Action/Reaction Fig. 9. General communication model.

interface), internal agents (internal) and agent output interfaces (output interfaces). These agents are shown in Fig. 9. From Fig. 9, we present the following definitions: AII is defined as the set of all of the agents αII that are responsible for taking the information from the environment and transforming it into messages to communicate with the other agents and the input interface agents. AI is defined as the set of all of the agents αI that are responsible for processing information by performing the main features of the NMS and the internal agents. AOI is defined as the set of all of the agents αOI that communicate directly with the environment to bring the influence of the agents to the computer network and to the output interface agents. Thus, the union of disjoint sets AII, AI, AOI produces Α,i.e., AII [ AI [ AOI ¼ A. 4.4. Communication model Clearly, aside from the description of the perception of the environment by the agents, it is necessary to formally define the communication between them. To make this definition, we use the concept of the communication of intelligent agents. Communication between agents is defined by three key elements: the transport protocol, the language of communication and the interaction protocol. The transport protocol refers to the transport mechanism that is used for communication, for example, TCP (Transmission Control Protocol), HTTP (Hypertext Transfer Protocol), or SMTP (Simple Mail Transfer Protocol). The communication language used in this framework to formalise communication between agents is the ACL, which stands for Agent Communication Language (Sadek, 1992). This language requires a vocabulary dictionary to define the correct words in the context of the application and a content language such as KIF (Knowledge Interchange Format). KIF is a version of prefix notation for predicate calculus of the first order, with multiple extensions to increase its expressiveness. Although it is possible to design a complete framework for communication solely based on KIF sentences, it would not be efficient to do so because such a

Fig. 11. Examples of agents and their communication interface definitions using BRIC.

framework would include information about sending and receiving agents, and KIF is context independent. To provide a communication language in which the context is accounted for, we use the communication language KQML (Knowledge Query and Manipulation Language) (Labrou and Finin, 1998). In short, an ACL message is a KQML expression in which the arguments are terms or KIF sentences, which are formed by words from the vocabulary of ACL. Below is an example of a message. This example uses the standard message FIPA (Foundation for Intelligent Physical Agents) ACL (FIPA, 2000a) and is displayed as an agent αi tells another agent αj that it must disrupt network traffic. This message can be expressed as follows in FIPA ACL (Fig. 10). Finally, we must define the interaction protocol that is responsible for specifying the type of communication between agents. In this case, we use direct communication through the contract net protocol (Smith, 1980) or the shared protocol specification (Davis and Smith, 1983). Contract net agents distribute requests to different agents when they need a service. These agents launch deals that have values that are set by the requesting agent, and they select which of the contract net agents will perform the contract. This communication is used in cases where it is necessary because it is very expensive due to the number of messages that must be sent. In shared specification, agents do not request services; instead, they provide information to other agents about their needs and abilities. When the need arises for a service, this information is used to coordinate activities. To graphically represent communication between agents, we propose the notation BRIC (Basic Representation of Interactive Components) (Ferber, 1999). The purpose of this formalism is to provide a representation of the operational performance of an agent and a MAS that is based on a component approach. Expanding on this notation, communication between agents is represented by an output interface for the agent to initiate communication and an input interface for the agent that receives the information. Figure 11 shows a simple example of three members and their respective interfaces. In this example, six interfaces have been defined (three input and three output). Similarly, we define, as a communication channel between two agents, the tuple that is formed by the output interface of the initiator agent that acts as communication controller, the input interface of the receiving agent and an interaction protocol: Chanelαi:αj ¼〈OutputInterfaceαi, InputInterfaceαj, InteractionProtocol〉. Following the example given in Fig. 11, Fig. 12 shows the resulting three communication channels.

Please cite this article as: Macia-Perez F, et al. A formal framework for modelling complex network management systems. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.09.017i

F. Macia-Perez et al. / Journal of Network and Computer Applications ∎ (∎∎∎∎) ∎∎∎–∎∎∎

8

i

j

j

i

j

h

h

j

i

h

h

j

Fig. 12. Communication channels that correspond to the example of Fig. 11.

Fig. 15. SOA architecture for MNMS.

and the receptor agent αj. In this example, the protocol represented corresponds to the contract net protocol that is defined by FIPA (2000b). In Fig. 14, we can see how, with all of these tools, the following requirements established at ConcepModNMS can formalise the Multi-Agent System that describes the FunModNMS of the MNMS.

5. Architectural model

Fig. 13. Sequence diagram of the contract net protocol.

Tools

Model NMS Based on Precesses

MAS Ontologies

Functional Model

AUML

Requirements

Scalability Dynamism Distributed System

Model NMS Bassed on Multi-agent System Fig. 14. Main elements that are involved in the functional model.

Furthermore, the interaction protocol is defined by using AUML sequence diagrams, which are used because of their high expressive power when displaying the objects that participate in the interaction and the sequence of messages that are exchanged. Figure 13 shows the sequence diagram that corresponds to the channel protocol interaction αi:αj between the initiator agent αi

To test the feasibility of the functional model, it is necessary to propose an architecture that identifies and organises the technologies that are used to build the model. Therefore, after obtaining the functional model, we must propose an Architectural Model that uses the resources as the main focus for guiding the following process. The FunModNMS addresses the MNMS from a distributed approach. From the representation based on Multi-Agent Systems, we obtain a solution to the requirements of adaptation and scalability. Because the natural runtime environment will be distributed (on the computer network that is managed), distributed architectures are an ideal tool to deploy the elements of this FunModNMS. However, the scalability provided by distributed architectures is insufficient, so it is necessary to conceive models beyond the ad-hoc communications via incorporation of new technologies which could offer their functionalities in an open way in order to facilitate the interoperability of the applications that use these technologies. For this reason, our architectural model is based on the following:

 N-Tier architectures to facilitate the distribution and organisa



tion of different functional levels of the system (e.g., user, access, business, and resources). Architectures based on distributed software components, where each agent of the models is treated as a component that can achieve independence with respect to the platform on which the components are deployed. Finally, in a Service Oriented Architecture, in which each component (agent) offers its functionality as a service; this arrangement achieves a high level of decoupling while ensuring a standardised and independent platform for interaction between the components. To accomplish this goal, the MAS resulting of FunModNMS is mapped to an architecture in which each agent is offered as a service within the network.

Following the scheme of SOA and considering that the agents can act as consumers or providers of services, Fig. 15 shows an overview of the proposed organisation.

Please cite this article as: Macia-Perez F, et al. A formal framework for modelling complex network management systems. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.09.017i

F. Macia-Perez et al. / Journal of Network and Computer Applications ∎ (∎∎∎∎) ∎∎∎–∎∎∎

Functional Model

Fig. 16. Architectural models described in the ArchModNMS.

Tools Requirementes

SOA

Architectural Model

LAN/WAN Network Features

UML

Model NMS Computer Network

(Lorenzo, 2010), networks computer management (Macia-Perez, 2001), high availability of network services (Marcos-Jorquera, 2010), development of bio-inspired robotic systems (Berna-Martinez, 2011) or knowledge management in data mining (Wilford-Rivera, 2010). Because of space, we will focus in just one of previously cited example and it will be described in the following epigraph to illustrate the validity and viability of the proposed framework. The selected case study is the modelling of an intrusion detection system due to its complexity and thoroughness. As we discussed above, the security of a network system is highly complex, and this responsibility is often delegated to tools provided by the external companies that produced the main system. For this reason, it is necessary to design security systems that are robust, reliable and well-conceived from the beginning. 6.1. Description of a model of an intrusion detection system

Model NMS Based on Multi-agent System

Distributed Architecture

9

NMS

Fig. 17. Main elements that are involved in architectural modelling.

However, SOA is only the architectural model to be followed as part of a pattern; actually the architecture includes an important group of models that describe the system from different points of view. For this description, we use UML as a formal tool (Booch et al., 2005), which provides diagrams for explaining classes, components and systems that are deployed. The ArchModNMS is based on FunModNMS to describe both the conceptual architecture and the physical architecture through a set of UML diagrams (Fig. 16). For architectural conceptual model, we use a layer diagram (Fowler, 2002) which shows the components distribution in application layer and service layer. This diagram also contains the components distribution in the different levels: user, access, business and resources. All of this using SOA architectural pattern (Erl, 2005) and the Model View Controller (MVC) (Gamma et al., 1995). Furthermore, the physical model is specified through component diagram and deployment diagram. The first of them relates all necessary components in the system, and the second one represents the nodes that are needed to deploy the component containers that have been identified. So, to put it in a nutshell: the Architectural Modelling stage uses FunModNMS and supporting in knowledge of the characteristics of the network applies techniques of distributed architectures and service-orientation using UML modelling for obtaining the MNMS, which is driven by resources (Fig. 17).

6. Case study The proposed framework has been used in works related to a wide variety of areas such as network intrusion detection

Security is a fundamental aspect of any system and cannot be fully specified during the design of the system because the amount and kind of attack evolves, changes and depends on the activity of the system. For this reason, the most common scenery is to implement a basic internal security in the system and reinforce the security using external systems like antivirus, firewalls or intrusion detection. In our case, one of the research areas of our group is the generation of intrusion detection systems (IDSs), in which detection capability and system performance are balanced. The modelling phase for an intrusion detection system on a network is a crucial step in the development, especially if one of the goals is to achieve proposals that are broadly generalisable. For this finish is essential to obtain a rigorous definition and unambiguously, so the formal basis are imperative. Following the formal framework that was specified in the previous chapters, we will describe the model of an intrusion detection system or MIDS (Lorenzo, 2010). Because the main objective is to show the feasibility of the framework for specifying the network management systems, we do not show the complete model; instead, we specify parts of different sub-models that have been described. Thus, we illustrate the expressive power of the formal framework. We are not going to discuss the advantages and disadvantages of the different techniques that can be used during intrusion detection because this subject is a problem that is out of the scope of the present work. In our case, we used the dimension reduction of the PCA (principal component analysis) algorithm and we used SOM (Self-organizing map) to detect intruders (Maciá et al., 2011). The suitability of these choices is discussed in other papers that have already been submitted (Lorenzo, 2010). 6.2. Conceptual model Overall, the global system IDS analyses network traffic and executes tasks on the network to maintain control over the actions of the attackers. Because we are not interested in sacrificing the capacity or the efficiency of the detection versus the performance classification, our MIDS comprises various main processes, such as a reduction engine that allows a resizing of network traffic data to analyse it and obtain a good yield, an engine that senses reduced traffic and reports the presence of intruders, and an answer engine that generates appropriate actions to control intruders. Therefore, we can establish Fig. 18 as a first approximation of a conceptual model of an IDS. The Reduction Engine (PRE) is the first process that takes place within the MIDS. The aim of this process is to find a model that reduces the amount of original data traffic, and then, applies the model and updates it with changes in the environment. The process by which the Detection Engine (PDE) detects intrusions can contain a reduction in data traffic, which is the outcome of the

Please cite this article as: Macia-Perez F, et al. A formal framework for modelling complex network management systems. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.09.017i

F. Macia-Perez et al. / Journal of Network and Computer Applications ∎ (∎∎∎∎) ∎∎∎–∎∎∎

10

<>

Maximize efficiency detection

Reduction Engine

(pRE)

TCP/IP traffic

TCP/IP reduced traffic

Detection Engine

(pDE)

Network

Detection report

Response Engine

(pReE)

Response action

Fig. 18. General model of an IDS.

Fig. 20. Workflow for the Sniffer Process (WFS).

resources, and the workflows. Thus, we have a formal model that specifies the conceptual functioning of the system. For the sake of brevity, we do not cover the details of how a SOM was selected as the detection engine. This map is an unsupervised training architecture that is easily deployed and implemented; SOM has demonstrated a high level of accuracy and generalisation power in several research studies (Maciá et al., 2011). 6.3. Functional model

Fig. 19. Workflow for the reduction engine (WFRE).

above process. Then, the most characteristic feature of the model can be exercised, which is the classification of network packets. Finally, the detection reports are analysed by the Response Engine (PReE), to act on the network through response actions if necessary. We can delve into the sub-processes of each main process. In our paper, after analysing several alternatives, we chose the Principal Component Analysis as the reduction algorithm. We chose this algorithm for its unsupervised training, its assurance of minimal information loss and its basis in linear characteristics. In Fig. 19, we observe the workflow that was defined for the Reduction Engine process. First, it comprises a sniffer process (Ps) of data packets of TCP/IP. This process is coordinated by an actor Sensor (αSensor). Subsequently, a reduction process (PR) becomes responsible for implementing the PCA filter and obtains the reduced TCP/IP traffic. As before, a Reduction agent (αReduction) is responsible for overseeing the process. The PCA filter uses a training process (PPCAT), which allows you to stay constantly updated with zero maintenance. This training process involves a selection of packages that produces a set of training packages to be used by the PCA process to obtain a PCA model. The agent that is responsible for training will be the Trainer Agent PCA (αPCATrainer). If we go deeper into each sub-process, we can complete the description of PRE. For example, the sniffer process Ps takes the TCP/IP network packets and extracts from them the information that is relevant for classification, thereby obtaining the selected traffic. The sniffer process filters the features that were described in the selection rules; the actors that were responsible for these tasks are αSniffer and αDataSelector. In Fig. 20, we can observe the specific specifications for a sniffer process. Following this methodology of successive refinement, would describe each sub-process as follows: Reduction Engine, Detection Engine and finally, Response Engine. In this conceptual model of an IDS, we obtain the following: the involvement of all the processes, a first approximation of the agents responsible,

Once the goals are defined through the processes and their conceptual descriptions, we turn to functional modelling. Taking the conceptual model as a starting point, the goal of the functional model is to transform a conceptual view directed by processes and tasks into a new functional vision in which agents are responsible for the execution of those processes. To accomplish this goal, we analyse and define the concepts of the previous model to express how to perform each process. In practical terms, the end result of this phase is a distributed detection algorithm that was defined through a Multi-Agent System. The MAS can be implemented and executed by a computer system effectively. To perform this task, we describe the world through the environment, which is, in this case, the network model, the regulator agents and the detailed operation of each of the agents; algebraically FunModIDS ¼〈NetMod, A〉. We can define the NetMod as the set of states of the world, the tasks and the influences NetMod¼〈Σ, Τ, Γ〉. The states of the world Σ describe the main concepts that are used in the environment for regulation, the tasks Τ are the actions that the agents run and the influences Γ are the execution of a task on a state of the world. Following the definitions in a formal framework, we use an ontological representation for world states. Given how complex the task is of describing a computer network through an ontology (López et al., 2004, 2005; Hiu and Debao 2006; Klie et al., 2007; Strassner et al., 2009), we focus only on the descriptions of the concepts that are used by the agents. Our IDS takes, as an information source, the network traffic and, more specifically, the packages that flow in the network. Thus, we have collected an ontology that describes the states of the world, the main conceptualisations and the restrictions between the network packets (IP, ICMP, UDP, TCP, Ethernet frames, and application data) and their headers. Our ontology focuses on two fundamental concepts: the headers and packets, where each generates a hierarchy of relationships, as seen in Fig. 21 (left). To match the packets with the headers, we establish two main relationships, which have inverse characteristics: hasHeader and isHeaderOf. With these relationships, the main constraints are defined for each class (seen in Fig. 21 (right)). After defining the main concepts and relationships, it is necessary to specify the restrictions that give validity to each class. Therefore, the relationships between the headers and the packages are limited, and the cardinalities are added. This procedure allows greater robustness and consistency when modelling states. The tasks, which are cornerstones of this functional view, constitute and act as connecting corners with the conceptual view

Please cite this article as: Macia-Perez F, et al. A formal framework for modelling complex network management systems. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.09.017i

F. Macia-Perez et al. / Journal of Network and Computer Applications ∎ (∎∎∎∎) ∎∎∎–∎∎∎

11

Fig. 21. (Left) Classes ontology network package specified in the Protégé tool. (Right) Restrictions of the class PaqTCP.

because they correspond to the processes and tasks that are identified during the conceptual modelling. A formal point of view can be defined by the structure shown in equation: t¼〈name, pre, action〉. This structure describes the name, preconditions and actions that will take place if the preconditions are met (Maciá and García, 2006). The tasks that are part of the overall operation of the IDS were defined in the previous chapter when describing the main processes of ConcepModIDS. In the Functional Model, these tasks are re-expressed in terms of tasks that can be executed by a software agent. For example, the task PCs Search can be described as: name-PCs searchðρ; M; MC; EVÞ pre action-ExistsðρÞ && Preprocessing ðρÞ && TrainðMÞ action-Covariance Matrixðr; MCÞ

Fig. 22. Organisational structure of MAS.

-EigenVectors ðMC; VPÞ -ObtainModelðEV; MÞ Where ρ is the set of training data, MC is the covariance matrix, VP is the set of eigenvectors of the covariance matrix and M is the model of PCA that is obtained. After defining the issues that concern the network environment, we must define the agents that will regulate the environment to keep out intruders. The main agents that are part of the MAS are identified in the conceptual model as responsible actors that are involved in the tasks and processes of ConceptModIDS. Moreover, within this functional model, new agents that cooperate with the conduct and control of the identified tasks are added. A definition of the agents is made by determining clear roles for each actor, which allows the MAS described to have a predefined and static structure. Thus, each agent will perform a specific group of tasks throughout its lifecycle. All of the MAS agents pursue a common goal: to efficiently detect attacks and to keep the network environment stable and free from intrusion. If we define ΣSeg DΣ as a set of environment states in which there are no network attacks, then the overall objective of the MAS can be defined formally as follows: minimise the distance between the states of the medium that are obtained from the influences of the agents, and take any state in the set ΣSeg. In other words, the target of the MAS is described as: Min (Dist (s(t þ1), sn))|sn A ΣSeg. Regardless of whether they have a common goal, agents are divided into operating agents and coordinating agents according to their type of operation. Operating agents are responsible for

Fig. 23. General basic model of IDS.

carrying out the tasks, and coordinating agents are those who oversee them. For this case, we will be more specific with coordinating agents because the level of supervision is very important. Thus, we define a hierarchical organisational structure for a Multi-Agent System that has the following: a General Coordinator Agent that is responsible for the operation of the entire system by performing the planning and control processes,

Please cite this article as: Macia-Perez F, et al. A formal framework for modelling complex network management systems. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.09.017i

12

F. Macia-Perez et al. / Journal of Network and Computer Applications ∎ (∎∎∎∎) ∎∎∎–∎∎∎

several Model Coordinating Agents, several subordinate agents of the Coordinating Operation, and finally, the Operator Agents. Model Coordinating Agents can also be direct supervisors of Operating Agents (Fig. 22). The General Coordinator agent is the agentIDS (αIDS). This agent is responsible for controlling the entire operating system through its relationship with the supervisors of each of the model agents: Sensor agent, Sensing Model coordinator; Reducer agent, Reducer Model coordinator; Classifier agent, Detection Model coordinator; Administrator agent; Response Model coordinator; General Trainer agent, Trainer Model coordinator; Evaluator agent and Selfmanagement Model coordinator. Additionally, there are direct links between model coordinators to conduct the operation. The tasks to perform that are its primary function are usually the activation and deactivation of each of the major processes of the model and the control of the overall workflow. Thus, the agent

Fig. 24. Communication interfaces of an agent IDS.

Application layer Middleware layer Physical Layer Computer Network

Fig. 25. General architectural model.

αIDS is related directly to the controllers of the main functions, which are grouped according to the model to ensure the agent's control, as shown in the interaction diagram in Fig. 23. Following the diagram in Fig. 23, note that agent αIDS uses output interfaces for each of coordinator models, as shown in Fig. 24, where the notation used is BRIC. Similarly, the remaining agents of the system would be detailed, which would obtain finally the complete model of the action-reaction of the IDS. 6.4. Architectural model After defining the concepts and main features of the Model of IDS (ConcepModIDS and FunModIDS), it is necessary to propose software and hardware resources that give viability to the MIDS and that establish a structure and organisation for all of the elements involved. Thus, we rely on the previous views for a new view that explains how to materialise the model, using the resources as the main focus of modelling for obtaining an Architectural Model (ArchModIDS). The first major decision that we make to define our architecture is, as explained in the formal framework, the search for a distributed architecture and for an architectural model that responds to the model of agents that are defined at the functional stage and that contribute to the overall goals within the MIDS, such as scalability, deployment, adaptability to change and manageability. Usually, the ArchModIDS is defined by an application layer, a middleware layer and a physical layer. In the application layer, agents are distributed as software components. They implement the core functionality of the MIDS and ignore the specifics of the physical layer through the middleware layer, which offers the necessary support for communication with this physical layer (Fig. 25). To go beyond the ad-hoc communication that is offered by the distributed architectures, the paradigm of service-oriented architecture is used as a pattern for communication between software components that provide services and act as network services. Thus, this pattern enables them to offer their functionality openly, and it can be accessed through standard mechanisms that are defined by SOA. Moreover, for interaction with users, the architectural pattern Model-View-Controller is used. This pattern ensures an appropriate separation between the user interface and the business logic via a control component. Usually, the ArchModIDS is described as an n-tier architecture that is based on distributed software components under the architectural patterns of SOA and MVC. There are several views or models with which to divide the description of software architecture (Booch et al., 2005; López et al., 2005). For the specification of the ArchModIDS, the functional model is used as a guide for obtaining two basic models of

Fig. 26. Conceptual model of the technical architecture ArchModIDS of the MIDS.

Please cite this article as: Macia-Perez F, et al. A formal framework for modelling complex network management systems. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.09.017i

F. Macia-Perez et al. / Journal of Network and Computer Applications ∎ (∎∎∎∎) ∎∎∎–∎∎∎

the architecture: Conceptual Model of the Architecture and Physical Model of the Architecture. For a comprehensive description of the design and structure of the system, we use the conceptual model of the technical architecture, which is defined in (Booch et al., 1998), and the SOA service definitions that are defined in (Erl, 2005). The conceptual description of the technical architecture of ArchModIDS is performed through a diagram that is built by using layers and levels that are adapted to the specific case of the MIDS that we are defining. To construct this model, the elements of various functional layers are described for both the services and the applications. At the same time, the diagram includes the different logical levels in which the various functional layers of the application are located. Figure 26 shows the diagram for the conceptual model of the technical architecture, with key components of the application layer distributed by the levels and middleware services with which they are supported. Specific agents in the functional model are distributed in it. The conceptual model of the architecture is focused on the logical aspects of system design, while the physical model provides a closer look at the implementation, emphasising the reuse

13

and performance of different components. An important element in the deployment of the application is the concept of the component container (Booch et al., 1998). Each container groups a set of components and contains a layer of middleware through the services that are defined. Each physical machine can host one or more containers. Figure 27 shows the internal structure of a component container. This container has an application layer where the components are located, and another middleware layer provides these components the basic functional services. To accomplish the deployment of the container, the concept of a node must be accounted for. In this case, we understand a node to be a resource that is equipped with computational processing power and memory (Booch et al., 2005). Because each component is designed at the model level for operational efficiency and resource consumption, a less dense functionality can be offered by embedded devices that contain processing power and memory requirements, which achieves lower cost solutions, as shown in Fig. 28.

7. Conclusions Component Container Applicationlayer Comp.

Comp.

Service layer

Workflow

Rules

Securiti

Operating System Network Node HW Fig. 27. Internal structure of a component container.

TCP/IP Network

Profiles

Search

Registry

Proxy

Persistence

SOA services

This paper has presented a formal framework that systematises the process of creating management network services. This framework provides a structured and rigorous methodology that facilitates obtaining systems that are modelled with standard tools and follows a procedure that ensures a formal basis. Moreover, the framework conceives such systems by modelling the processes that are involved, considering the overall objectives from the early stages of development. Finally, the framework provides concrete methods to progress in the development of the application and to convert a set of processes in an architectural deployment that is feasible with existing technologies at all times. The proposed methodology is based on three interconnected models: conceptual, functional and architectural. The conceptual model of the system can address the MNMS reference to the processes that are involved, which usually develops systems administrators and performs the analysis by using the ErikssonPenker extension of UML notation for the processes. The functional model specifies MNMS while emphasising the actors that are responsible for the processes. Here, we used the theory of agents, which is specifically an action–reaction model. This tool provides a technical and functionally solid foundation in addition to having a high expressive power for the functional description of the distributed systems. Finally, the model architecture proposes a technological infrastructure on which the distributed model can

Fig. 28. Deployment diagram.

Please cite this article as: Macia-Perez F, et al. A formal framework for modelling complex network management systems. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.09.017i

14

F. Macia-Perez et al. / Journal of Network and Computer Applications ∎ (∎∎∎∎) ∎∎∎–∎∎∎

be deployed: a hybrid core formed by the n-tier architecture and distributed components using the approach of an SOA pattern. The patterns are presented sequentially in the methodology and show the method of obtaining a model that is based on the previous model. The consistency of the three models is guaranteed because, they are different views of the same system. This construct allows us to focus attention on the key dimensions of the development of a management system: design, functionality and architecture. To illustrate the use of the formal framework that is proposed in this research, we present a case study: modelling an IDS. It has been found that the methodology allows us to define the system completely before implementation, incorporating the desired properties into the model, such as flexibility, scalability and modularity. The resulting model defines all of the aspects of the IDS system, including the hardware architecture that is necessary for its deployment. At present, this framework has been applied successfully in other areas that are very different, such as the modelling of network services and the modelling of distributed services that integrate different data sources in data mining. For the sake of brevity, it is impossible to incorporate these other cases in this paper. However, at present, we continue to incorporate new application domains that allow us to refine, generalise and consolidate the proposal. References Anderson RJ. Security engineering: a guide to building dependable distributed systems. Indianapolis, Indiana: Wiley Publishing Inc.; 978-0-470-06852-6. Beltrán, J., Carmona, M., Carrasco, R., Rivas, M. & Tejedor, F. Guía para una gestión basada en procesos, Andalucia: Corporación Cooperativa, 2003, 84-923464-7-7. Berna-Martinez JV. Modelado de sistemas robóticos basado en servicios e inspirado en el funcionamiento y organización del sistema neurorregulador en los humanos [Tesis]. Spain: Universidad de Alicante; 2011. Booch G, Rumbaugh J, Jacobson I. The unified modeling language user guide. Massachusetts: Addison Wesley; 1998. Booch G, Rumbaugh J, Jacobson I. The unified modeling language. Massachusetts: Adisson-Wesley; 2005. Borst P. Engineering ontologies. Int J Hum Comput Stud 1997;46(2–3):365–406. CERT statistics. 〈http://www.cert.org/stats/cert_stats.html#vulnerabilities〉. [checkdec. 2012]. Cabac L, Moldt D. Formal semantics for AUML agent interaction protocol diagrams. Agent-oriented software engineering V. In: Odell J, Giorgini P, Müller JP, editors. Lecture notes in Computer Science, vol. 3382. New York, USA: Springer; 2004. p. 47–61. Cabac L, Mold D, Rolke H. A proposal for structuring petri net-based agent interaction protocols. In: Proceedings of the applications and theory of petri nets. Proceedings, LNCS vol. 2679. Springer; 2003. p. 102–20. Chen M-C, Chen J-L, Chang T-W. Android/OSGi-based vehicular networkmanagementsystem. Comput Commun 2011;34(2):169–83. Davis R, Smith RJ. Negotiation as a metaphor for distributed problem-solving. Distrib. Artif. Intell. 1983;20(1):63–109. Debar H, Viinikka J. Introduction to intrusion detection and security information management. Foundations of security analysis and design III FOSAD. In: Alessandro Aldini, Roberto Gorrieri, Fabio Martinelli, editors. New York, USA: Springer; 2005. vol. 3655. p. 207–36. Eriksson H, Penker M. Business modeling with UML: business patterns at work. Canada: Wiley & Sons; 1999. Erl T. Service-oriented architecture: concepts, technology, and design. Boston: Prentice-Hall PTR; 2005. FIPA Propose interaction protocol specification. Foundation for intelligent physical agents. 〈http://www.fipa.org/specs/fipa00036/〉; 2000a [check dec. 2012]. FIPA Contract net interaction protocol specification. Foundation for intelligent physical agents. 〈http://www.fipa.org/specs/fipa00029/〉; 2000b [check dec. 2012]. Ferber J. Multi-agent systems. An introduction to distributed artificial intelligence. Massachusetts: Addison-Wesley; 0-201-36048-9. Fowler M. Patterns of enterprise application architecture. Massachusetts: AdissonWesley Professional; 2002. Gamma,A., Helm, E., Johnson, R. &Vlissides, J. Design patterns: elements of reusable object-oriented software. Massachusetts: Adisson-Wesley Professional; 1995. Genesereth M., Nilsson N.J logical foundations of artificial intelligence. Morgan Kaufman; 1987. Ghosh A, Schwartzbard A. Study in using neural networks for anomaly and misuse detection. In: Proceedings of the 8th USENIX security symposium; 1999. p. 23–36.

Gruber TA. Translation approach to portable ontology specification. Knowl Acquis 1993;5:199–220. Hiu X, Debao X. A common ontology-based intelligent configuration management model for IP-network devices. In: Proceedings of the international conference on innovative computing, information and control; 2006. Horridge M. Practical guide to building OWL ontologies using Protégé 4?and COODE tools, ed. 1.2: University of Manchester; 2009. p. 2. ISO/IEC JTC1/SC21/WG4 N571: information processing systems—open systems interconnection, systems management: overview, London; July 1988. ISO/TC 176/SC 2/N544R. Guidance on the process approach to quality management. ISO. 〈www.iso.ch/iso/en/iso9000/200rev9.html〉 [check dec. 2012]. ITU-T. M.3010 Principles for a telecommunications management network; 1996. ITU-T. M.3400 TMN management functions; 1997. ITU-T. M.3050 Enhanced telecom operations map (eTOM)—the business process framework; 2004. IWS. Internet World Stats. 〈http://www.internetworldstats.com/stats.htm〉 [october 2012]. Jamil D, Zaki H. Cloud computing security. Int J Eng Sci Technol IJEST 2011;3(4). Jeston J, Neils. J. Business process management. Practical guide to successful implementations. Oxford, UK: Elsevier; 2006. Jing G, Chen H, Yoshihira K. Discovering likely invariants of distributed transaction systems for autonomic system management. Clust Comp 2006;94:385–99. Jung Y, Chung M. Adaptive security management model int the cloud computing environment. In: Proceedings of the 12th international conference on advanced communication technology (ICACT). South Korea; 2010. Klie T, Gebhard F, Fischer S. Towards automatic composition of network management web services. In Proceedings of the international symposium on integrated network management. Munich; 2007. Kruegel C, Kirda E, Mutz D, Robertson W, Vigna G. Polymorphic worm detection using structural information of executables. In: Proceeding of the 8th international symposium on recent advances in intrusion detection, RAID. LNCS vol. 3858. Springer; 2005. p. 207–26. Kruegel Ch, Valeur F, Vigna G. Instrusion detection and correlation. Challenges and solutions. Santa Barbara, USA: Springer; 2005. Labrou Y, Finin T. Semantics and conversions for an agent communication language. In: Readings in Agents, Huhns M, Singh M, editor. Morgan Kaufmann; 1998. p. 235–42. Liang Z, Sekar R. Automatic generation of buffer overflow attack signatures: an approach based on program behavior models. In: Proceedings of the 21st annual computer security applications conference. IEEE Computer Society; 2005. p. 215–24. Lippmann R, Lunningham R. Improving intrusion detection performance using keyword selection and neural networks. Comput Netw 2000;34:597–603. López J, Villagrá V, Berrocal J. Applying the WebOntology language to management information definitions. IEEE Commun Mag 2004;42(7):68–74. López J, Villagrá V, Berrocal J. Application of OWL-S to define management interfaces based on Web Services. In: Proceedings of 8th IFPI/IEEE international conference on management of multimedia networks and services. LNCS vol. 3754; 2005. p. 24–6. Lorenzo I. Modelo de detección de intrusos basado en técnicas de reducción de características. Solución al dilema capacidad-eficiencia. Spain: Universidad de Alicante; 2010 ([Tesis]). Maciá F, García J. Mobile agent system framework suitable for scalable networks. Kybern Int J Syst Cybern 2006;35(no. 5):688–99. Maciá F, García JM, Soriano A, Ruiz D. Multiple mobile agent system framework suitable for pervasive computing. Comput Inform 2005;24(4):427–40. Macia F, Marcos, D,Gilart V. Energy management system as embedded service: saving energy consumption of ICT. In: Proceedings of the 22nd International conference on architecture of computing systems, ARCS. LNCS vol. 5455; 2009a. Macia F, Marcos D, Gilart V, Mora FJ, Berná JV. Phoenix computing: IT semantic management models (TIN2006-04081). In: Proceedings of the Actas de la Jornada de Seguimiento de Proyectos en Tecnologías Informáticas. Boadilla del Monte, Madrid; 2009b. Maciá F, Mora FJ, Marcos D, Gil JA, Ramos H, Lorenzo I. Network intrusion detection system embedded on a smart sensor. IEEE Trans Ind Electron 2011;58 (3):722–32. Macia-Perez F. Modelos de administración de redes heterogéneas de computadores: sistema de regeneración de nodos de red [Tesis]. Spain: Universidad de Alicante; 2001. Macia-Perez F, Berna-Martinez JV, Marcos-Jorquera D, Lorenzo-Fonseca I, Ferrandiz-Colmeiro A. A new paradigm: cloud agile manufacturing. Int J Adv Sci Technol (SERC) 2012;45:47–54. Marcos-Jorquera D. Difusión masiva de información en los modelos de gestión de redes: aplicación a los servicios de alta disponibilidad sobre Internet [Tesis]. Spain: Universidad de Alicante; 2010. National Statistics Institute of Spain. 〈http://www.ine.es〉 [october 2012]. Polychronakis M, Anagnostakis K, Markatos E. Emulation-based detection of nonself-contained polymorphic shellcode. In: Proceedings of the 10th international symposium on recent advances in intrusion detection RAID. LNCS vol. 4637. Springer; 2007. p. 87–106. RFC 3410.〈http://www.ietf.org/rfc/rfc3410.txt〉; 2002 [check dec. 2012]. RFC 792. 〈http://tools.ietf.org/rfc/rfc792.txt〉; 1981 [check dec. 2012]. Recker JC, Rosemann M, Indulska M, Green P. Business process modelling: a comparative analysis. J Assoc Inform Syst 2009;10(4):333–63. Rosen, M SOA, BPM and MDA. Azora Technologies; 2004.

Please cite this article as: Macia-Perez F, et al. A formal framework for modelling complex network management systems. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.09.017i

F. Macia-Perez et al. / Journal of Network and Computer Applications ∎ (∎∎∎∎) ∎∎∎–∎∎∎ Sadek, DA. Study in the logic of intention. In: Proceedings of the knowledge representation and reasoning, (KR'92); 1992. p. 462–73. Shan H, Jiang G, Yoshihira K. Extracting overlay invariants of distributed systems for autonomic system management. In: Proceedings of the Fourth IEEE International conference on self-adaptive and self-organizing systems. Budapest, Hungary; 2010. Smith H, Fingar P. Business process management. The third wave. Tampa: MeghanKiffer Press; 2002. Smith RG. The contract net protocol: high-level communication and control in a distributed problem solver. EEE Trans Comput 1980;29:1104–13.

15

Stolfo SJ,Mok KW. A data mining framework for building intrusion detection models. In: Proceedings of the IEEE Symposium on security and privacy; 1999. p. 120–32. Strassner J, Neuman J, Vander Meer S, Davy S, Barret K, Raymer D, Samudrala S. The design of a new policy model to support ontology-driven reasoning for autonomic networking. J. Network Syst Manage 2009;17:5–32. Wilford-Rivera I. Modelo de integración de conocimiento huérfano descubierto mediante minería de datos. Spain: Universidad de Alicante; 2010 ([Tesis]).

Please cite this article as: Macia-Perez F, et al. A formal framework for modelling complex network management systems. Journal of Network and Computer Applications (2013), http://dx.doi.org/10.1016/j.jnca.2013.09.017i