June 29, 2020
15:00-18:00 (CEST)
Tutorials will run on June 29 in parallel among them and also with the Doctoral Forum and the Workshops. Information about tutorials, including their description and proposers, can be found hereafter:
Cross-Layer Soft-Error Resilience Analysis of Computing Systems
In a world with computation at the epicenter of every activity, computing systems must be highly resilient to errors even if miniaturization makes the underlying hardware unreliable. Techniques able to guarantee high reliability are associated to high costs. Early resilience analysis has the potential to support informed design decisions to maximize system-level reliability while minimizing the associated costs. This tutorial focuses on early cross-layer (hardware and software) resilience analysis considering the full computing continuum (from IoT/CPS to HPC applications) with emphasis on soft errors. The tutorial will guide attendees from the definition of the problem down to the proper modeling and design exploration strategies considering the full system stack (i.e., from circuit to software).
- Provide a deep understanding of the cross-layer impact of hardware faults on the full system
stack, taking into account all derating factors from technology (silicon) to software. - Describe and analyze methodologies and tools for the evaluation of the resilience of each
system layer (i.e., circuit, microarchitecture, and software). - Illustrate how specific approaches for resilience analysis working at different layers of the
system stack can be integrated to provide full system level analysis. - Showcase the accuracy, strengths and weaknesses of the presented techniques.
Students, researchers and practitioners working on computing systems hardware and software design, with concerns about the impact of hardware faults on the full system level operation.
It is expected a basic understanding of computing systems hardware and software such as: logic design, computer architecture and microarchitecture, operating systems and programming. Some basic background on hardware defect mechanisms, fault and error modeling.
The tutorial is organized in an incremental manner. It starts with an introduction to reliability and cross-layer techniques followed by the main techniques applied at each abstraction level (e.g., circuits, architecture and software). The last part is focused on the most advanced concepts of stochastic cross-layer modelling, analysis and optimization. The agenda will be:
- Introduction – Basic Concepts, Terminology (30 minutes)
- Technology level resilience assessments (30 minutes)
- Microarchitecture level resilience assessments (30 minutes)
- Software level resilience assessments (30 minutes)
- Stochastic based approach for System level resilience assessments (30 minutes)
- Alberto Bosio, École Centrale de Lyon, France
- Stefano Di Carlo, Politecnico di Torino, Italy
- Alessandro Savino, Politecnico di Torino, Italy
- Dimitris Gizopoulos, University of Athens, Greece
- Ramón Canal, Universitat Politècnica de Catalunya and Barcelona Supercomputing Center, Spain
Teaser
Tutorial video with Q&A
Into the Unknown: Unsupervised ML Algorithms for Anomaly-Based Intrusion Detection
One of the open challenges of past and recent systems is to identify errors before they escalate into failures. To such extent, most of the Error Detectors or enterprise Intrusion Detection Systems adopt signature-based detection algorithms, which consist of looking for predefined patterns (or "signatures") in the monitored data in order to detect an error or an ongoing attack. Data is usually seen as a flow of data points, which represent observations of the values of the indicators at a given time. Signature-based approaches usually score high detection capabilities and low false positive rates when experimenting known errors or attacks, but they cannot effectively adapt their behaviour when systems evolve or when their configuration is modified. As an additional consequence, signature-based approaches are not meant to detect zero day attacks, which are novel attacks that cannot be matched to any known signature. Moreover, when a zero-day attack that exploit newly added or undiscovered system vulnerabilities is identified, its signature needs to be derived and added as a new rule to the IDS.
To deal with unknowns, research moved to techniques suited to detect unseen, novel attacks. Anomaly detectors are based on the assumption that an attack generates observable deviations from an expected – normal – behaviour. Briefly, they aim at finding patterns in data that do not conform to the expected behaviour of a system: such patterns are known as anomalies. Once an expected behaviour is defined, anomaly detectors target deviations from such expectations, protecting against known attacks, zero-day attacks and emerging threats. To such extent, most of the anomaly detection algorithms are unsupervised, suiting the detection, among others, of unknown errors or zero-day attacks, without requiring labels in training data
The primary learning objectives of the tutorial are to demonstrate the capability of unsupervised learning algorithm to detect cyber-attacks and in particular zero-day attacks, and to instruct the attendees on the process to perform a well-crafted evaluation campaign.
In fact, after showing the current threat landscape as expanded by technical reports of agencies as ENISA, we will introduce anomaly detection, which is acknowledged as the most reliable answer to the detection of unknown errors or attacks. The participants will understand and use unsupervised algorithms that are particularly suited for anomaly detection, the main families and the differences in the way they decide if a data point is anomalous or normal. Participants will be involved in an hands-on session by using the RELOAD tool, which allows executing unsupervised anomaly detection algorithms and observing metric scores they provide on different datasets. This hands-on session, which can be conducted individually or in groups, will originate the final session which will constitute the final takeover of the tutorial, based both on participants activities and organizers’ experience in the domain.
The RELOAD tutorial targets anyone who is interested in the application of unsupervised ML algorithms for intrusion detection, with PhD students or young researchers as primary target audience. Consequently, we expect a remarkable amount of conference attendees to be interested in the topics of this tutorial, which targets beginners, with some content for intermediate. In fact, the tool to be used in the hand-on session will allow PhD students, researchers and practitioners who are starting to explore the discipline to get their first quantitative estimation of attack detection capabilities of algorithms, hiding implementation details which may be difficult to control at a first stage.
The tutorial will be composed by the following blocks.
- B1. Digression on the Current Threat Landscape (10% of tutorial time). Starting from public reports e.g., ENISA, we will describe the current state of cyber-attacks.
- B2. Anomaly-Based Intrusion Detection (15% of tutorial time). This part highlights some key terms and components that will be used in the rest of the tutorial, alongside with its role in detecting intrusions.
- B3. Unsupervised Algorithms and their Characteristics (10% of tutorial time). We will introduce some of the most common algorithms to be used for unsupervised anomaly detection.
3 - B4. Presentation of the RELOAD Tool (15% of tutorial time): This part will let the audience understand what the RELOAD tool offers, and how to use the RELOAD tool for executing unsupervised algorithms.
- B5. Hands-On Session (40% of tutorial time): the attendees can use the tool to perform intrusion detection on public attack datasets that are previously downloaded by the organizers and shared with the slides.
- B6. Wrap-up and Final Discussion (10% of tutorial time): Results obtained during hand-on session will be discussed together with the audience, originating final discussions. We will prepare spare material for enriching the discussion, expanding on already existing studies.
- Tommaso Zoppi, University of Florence, Italy
- Andrea Ceccarelli, University of Florence, Italy
- Andrea Bondavalli, University of Florence, Italy
Teaser
Tutorial videos with Q&A
Into the Unknown: Unsupervised ML Algorithms for Anomaly-Based Intrusion Detection - Part 1
Into the Unknown: Unsupervised ML Algorithms for Anomaly-Based Intrusion Detection - Part 2
The InterPlanetary File System and the filecoin network
The InterPlanetary File System (IPFS) is a peer-to-peer content-addressable distributed file
system that seeks to connect all computing devices with the same system of files. It is an
open-source community-driven project, with reference implementations in Go and Javascript,
and a global community of millions of users.
IPFS resembles past and present efforts to build and deploy Information-Centric Networking
approaches to content storage, resolution, distribution and delivery. IPFS and libp2p , which is
the modular network stack of IPFS, are based on name-resolution based routing. The resolution
system is based on Kademlia DHT and content is addressed by flat hash-based names. IPFS
sees significant real-world usage, with over 250,000 daily active network nodes, millions of end
users and wide adoption by several other projects in the Decentralised Web space, but not only.
An adjacent project to IPFS, which was also masterminded and is also being developed within
Protocol Labs (the umbrella company of IPFS and libp2p) is filecoin . Filecoin is a cryptocurrency
that supports a decentralised storage and delivery network. Storage and retrieval miners are
rewarded according to their contribution to the network and the mechanics of filecoin secure the
network against malicious activity
The main objective of this tutorial is to let researchers, developers, and users understand IPFS
and the capabilities it provides.
More specifically, participants will:
- Understand how IPFS brings content addressing as a core primitive for data distribution
- Learn how to use CIDs (content identifiers) to find content and interpret what the content
is programatically - Learn how to create custom data structures using IPFS and its underlying data format,
IPLD (InterPlanetary Linked Data) - Understand how libp2p bring process addressing as a core primitive for P2P and
runtime-independent applications
The attendees do not need to have prior knowledge of IPFS, libp2p or filecoin and basic
knowledge and understanding of core networking and network security principles will be
adequate in order to follow along.
- Understanding how IPFS deals with files (60 mins)
- Solving distributed networking problems with libp2p (60 mins)
- The lifecycle of data in IPFS and filecoin (40 mins)
- Developing Apps with the IPFS API (20 mins)
- David Dias, Peer-2-Peer Software Engineer at Protocol Labs, (Palo Alto, CA and Lisbon,
Portugal). - Dr. Ioannis Psaras, EPSRC Fellow and University Lecturer (Assistant Professor) at
University College London and a Research Scientist at Protocol Labs.