Secure Grid Computing - GridSec Project - University of Southern ...

NPC-2004 Oct. 18, 2004 

Relative Performance of Three Scheduling 

Algorithms on the NAS Workload under 

Three Different Risky Conditions 

Scheduling Algorithms Makespan (sec) Ave. Rsp. Time (sec) Ranking 

The Total Execution Time of 5,000 jobs 

on 20 Grid sites with10 levels of site speed 

--- Makespan in second under the PSA workload with uniform 

distributions on the site security level (0.4 – 1.0) and on the job 

security demand (0.6-0.9) 

Min-Min Secure 6491186 131% 1308360 203% ≈ 4 th 

0.5-Risky 5714605 115 % 926952 144 % ≈ 3 rd 

Risky 5402546 109 % 811873 126 % ≈ 2 nd 

Sufferage Secure 6454823 130 % 1292948 201 % ≈ 4 th 

0.5-Risky 5834757 118 % 999765 155 % ≈ 3 rd 

Risky 5441722 110 % 819667 127 % ≈ 2 nd 

STGA 4939777 100 % 643076 100 % 1 st 

Makespan(seconds) 

2.0x10 6 

1.5x10 6 

1.0x10 6 

5.0x10 5 

0.0 

Min-min 

1 2 3 4 5 6 7 

Secure 

Min-min 

f-Risky 

Min-min 

Risky 

Sufferage 

Secure 

Sufferage 

f-Secure 

Sufferage 

Risky 

STGA 

October 18, 2004, Kai Hwang http://GridSec.usc.edu 

19 


20 

Total Grid Site Resource Utilization (%) 

Basic Concept of Internet Episodes 

--- Plotted for a partially risky situation with f = 0.5 

under the PSA workload distributed to 20 Grid sites 

100 

• Event Type: A, B, C, D, E, F, etc. 

Site Utilization (%) 

80 

60 

40 

20 

0 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 

Grid Resource Site 

Min-Min f-risky 

Sufferage f-risky 

STGA 

• Event Sequence: e.g., 

• Window: Event sequence with a particular width 

• Episode: partially ordered set of events, e.g. whenever A occurs, B 

will occur soon 

• Frequency of episode: fraction of windows in which episode occurs 

• Frequent episode: set of episodes having a frequency over a 

particular frequency threshold 

• Frequent episode rules are generated to describe the 

connection events 


21 


22 

Frequent Episode Rules (FER) 

for Characterizing Network Traffic Connections 

E → D, F ( c, s ) 

The episode of 3 connection events (E, D, F) = (http, smpt, telent). 

On the LHS , we have the event E (http). On the RHS, we have two 

consequence events D (smpt) and F(telnet); where s is the 

support probablity and c is the confidence level specified below: 

(service = http, flag = SF) → 

(service = smpt, srcbyte = 5000), 

(service = telnet, flag = SF) (0.8, 0.9) 

Support probability s = 0.9 and Confidence level c = 0.8 that the 

episode will take place in a typical traffic stream 

The JAIDS Architecture 

Audit records 

from traffic data 

Known 

attack 

signatures 

from ISD 

provider 

Single-connection attacks 

detected at packet level 

IDS 

Signature 

Matching 

Engine 

Attack 

Signature 

Database 

Unknown 

or burst 

attacks 

New 

signatures 

from 

anomalies 

detected 

Episode Rule 

Database 

ADS 

Training data from 

audit normal traffic 

records 

Episode 

Mining 

Engine 

ADS 

Signature 

Generator 

Anomalies detected 

over multiple 

connections 


23 


24 

Keynote Presentation at the IFIP International Conference on Network and Parallel Computing, 

(NPC 2004), Wuhan, China, Oct. 18, 2004 4

Previous page

Next page

1

2

3

4

5

6

Secure Grid Computing - GridSec Project - University of Southern ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?