/ENRICH

ENRICH -- RobustnEss ANalysis for tRaffIC SHaping

Primary LanguagePythonGNU General Public License v2.0GPL-2.0

ENRICH -- non-robustnEss aNalysis for tRaffIC sHaping

ENRICH (non-robustnEss ANalysis for tRaffIC SHaping) is an approach that combines software testing and machine learning to generate input constraints for identifying non-robust behaviours of Network Traffic Shaping Systems (NTSS). The output of ENRICH is ranges on input traffics that lead to system’s non-robust behaviours. ENRICH is evaluated using our NTSS simulator, named SOHOSim. SOHOSim is a fully virtual environment consisting of several virtual machines that enable us to simulate various network-usage scenarios. An overview of ENRICH is described below:

  • Test Generation (1). Generate a set of test inputs for NTSS such that robustness measure for some test inputs is below robustness threshold and for some others is above robustness threshold.

  • Model Building (2). Given a test suite build models that help us recognize the conditions under which the system exhibits its non-robust behaviour. We use decision tree regression models in our work.

  • Search Space Reduction (3). Using the Regression Tree generated in the second step we find the conditions under which the system reveals its non-robust behaviour. These conditions are then used in the next iteration to reduce the search space and are finally returned as the output of ENRICH.

License

This software is released under GNU GENERAL PUBLIC LICENSE, Version 2. Please refer to the license.txt

Content Description

Folders:

  • Code: contains the code of ENRICH, BASELINE and the config file.
  • Evaluation: contains two subfolders: RQ1 and RQ2. These folders contain the code used for each research question.
  • Results: contains two subfolders: RQ1 and RQ2. These folders contain the results of each research question.

Prerequisite

SOHOSim Installation Instructions

SOHOSim consists of three virtual machines (VMs) created using VirtualBox: the first VM (VM1) simulates SOHO users, the second (VM2) simulates the router, and the third (VM3) simulates external users. VM1 generates several data flows by executing separate instances of the nuttcp tool -- a client-server-based Linux application for generating network flows and measuring network performance. These data flows are routed to VM3 which runs the server component of nuttcp. VM2 runs a single instance of OpenWRT which is a Linux operating system primarily used on embedded devices to route network traffic. We configure VM2 to run Common Applications Kept Enhanced (CAKE); CAKE is an advanced and widely used traffic-shaping algorithm. VM2 runs dpinger as a probe tool to obtain MOS values. VM1 and VM3 connect to the router (VM2) via virtual network adapters and links.

The following steps show how to setup our simulator for NTSS (SOHOSim) whose architecture is illustrated in the following figure:

On Virtualbox:
  1. Add a host-only ethernet adapter (tools -> create). Set the an arbitrary IPv4 address (e.g. 192.168.99.2) and network mask to 255.255.255.0. DHCP server is also disabled.
  2. Create a linux-based (Ubuntu 20.04) virtual machine and attach the host-only adapter (which was created in step 1) to the virtual machine using the network tab of the setting. This machine will be the SOHO User (VM1). As a result, one IP is associated to this machine.
  3. Create a second linux-based (Ubuntu 20.04) virtual machine and attach the network adapter of the laptop (or any adapter that is used to connect to the internet) to adapter 1 (select bridged adapter at this step). This machine will be the traffic destination (VM3). Define 8 IPv4 addresses on this machine. Later in step 4, we will associate each IP to each NTSS class. To do so, use Network Manager Text User Interface (type nmtui in terminal) and set 8 IPv4s in the edit connection tab.
  4. Create a linux-based (linux 2.6 / 3.x / 4.x) virtual machine and add the OpenWrt disc image to it. Next, in setting/network, attach the newly created host-only adapter to adapter 1, and a bridged adapter to adapter 2. The bridged adapter is the network adapter of the physical machine (or any adapter that is used to connect to the internet). As a result, this machine will have two IPv4 addresses (one denoting adapter 1 and one denoting adapter 2). This machine will be the router (VM2). Note that adapter 2 of VM2 and adapter 1 of VM3 should be the same. Afterwards, to associate each IP of VM3 to each NTSS class (i.e. to prioritize traffic) we need to fist mark the traffics that are routed to each IP. To do so, we modify the firewall rules of OpenWrt. Start by typing vim /etc/config/firewall in the terminal. This will bring up all the firewall rules of VM2. Add the following lines for each IP of VM3 to this file:
config rule
        list proto 'all'
        option target "DSCP'
        option set_dscp 'CSx' #where x is replaced by 0 to 7 indicating different traffic types
        option src 'lan'
        list dest_ip '192.168.0.xx' #where '192.168.0.xx' is replaced by each ip of VM3
        option name 'NAME' #name of the rule

For example, by doing so, we mark the traffic routed to 192.168.0.20 as CS0, to 192.168.0.21 as CS1, ..., to 192.168.0.27 as CS7. Next, we use the diffserv8 mapping of CAKE to specify priorities to each IP (or each CSx class). In other words, differv8 and tc qdisc commands allow us to modify the internal mapping and configurations of NTSS. This part is already done in the code of ENRICH and BASELINE.

Next, we install nuttcp and dpinger:

The config file (config.ini) is used to configure the settings of ENRICH and BASELINE codes. The file contains different sections covering information of the VMs (see table below):

Section Information
VM2
  • IP of adapter 1 (lan)
  • Username
  • Password
  • TotalBandwidth
VM1
  • IP of adapter 1
  • Username
  • Password
VM3
  • List of 8 IPs
Dpinger
  • Path to the report file
  • Name of report file