Query for docs

[meixsh]

Hello, I have read the corresponding paper of Athena. I think your design is very generic and scalable. Thus, I think it will be popular. But I am still not very clear about the system, I just have a fuzzy impression. And I will read it more times. I hope you could supply me some docs that describe the whole system flow with related data structure in the view of code execution with a simple but real app. Because I want to understand the source code entirely, I really hope there are some useful docs could help me analyse it. Thanks!

[shlee89]

Thank you for your interests.

Unfortunately, we don't have technical documents to detail the Athena framework. For understanding how an Athena application works, we made a simple DDoS detector including feature extraction, training models, validating them, and real-time detection on a simulated environment.

I would recommend that you first build and execute the Athena framework in a single mode and take a look details about our DDoS sample application. The sample application code gives you insights on how to build your own application because it contains function usages with various parameters.

If you have any questions about Athena, please feel free to contact me. I will guide you.

Thanks!

Seunghyeon.

On 20 Dec 2018, at 4:59 PM, melvin notifications@github.com wrote:

Hello, I have read the corresponding paper of Athena. I think your design is very generic and scalable. Thus, I think it will be popular. But I am still not very clear about the system, I just have a fuzzy impression. And I will read it more times. I hope you could supply me some docs that describe the whole system flow with related data structures in view of code execution with a simple but real app. Because I want to understand the source code entirely, I really hope there are some useful docs could help me analyse it. Thanks!

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/shlee89/athena/issues/6, or mute the thread https://github.com/notifications/unsubscribe-auth/AFwgGcXEM9GkqbG1VY15xwVHU89JoJ-nks5u60NsgaJpZM4Zbr9f.

[meixsh]

Thank you for your cordial reply. To be honest, I have not reviewed about Athena's code, but I have some questions at the moment which maybe ridiculous. But I still hope you could answer those for me.

First, I want to know that how and when you build the ML detection model's data set which for training the model.

Second, what's the origin for extracted features. Whether the security app (e.g. DDoS etc.) itself would dispatch table-mod or flow-mod messages for monitoring. If it does, I want to know how it could get along well with apps's regulated tables which are not dispatched from Athena but from the northbound apps upon ONOS. For example, for the feature of pair flow counting, does Athena just analysis messages result from apps upon ONOS or it will dispatch related flow mod for counting.

Third, does Athena enable openflow multi-table. Because I have noticed that your paper referred openflow 1.3.

That's all. Thank you.

[shlee89]

Here, answers for you.

1) Athena basically provides a set of functions to classify network events such as network flows or OpenFlow specific events (e.g., Packet_Ins). To this, you need to build a model to satisfy your classification requirements and use it to handle future events. Also, you can test your model to satisfy your requirement well by validating the model. In DDoS application, you can see the model creation function and the validation function as examples.

2) Athena dispatches OpenFlow events from/to the controller. If an application or a switch issues events, the Athena framework catches all messages between the control plane and the data plane.

3) Athena supports OpenFlow 1.3. Regardless of multi-table, it works well.

Thanks.

Seunghyeon

On 21 Dec 2018, at 12:02 PM, melvin notifications@github.com wrote:

Thank you for your cordial reply. To be honest, I have not reviewed about Athena's code, but I have some questions at the moment which maybe ridiculous. But I still hope you could answer those for me.

First, I want to know that how and when you build the ML detection model's data set which for training the model.

Second, what's the origin for extracted features. Whether the security app (e.g. DDoS etc.) itself would dispatch table-mod or flow-mod messages for monitoring. If it does, I want to know how it could get along well with apps's regulated tables which are not dispatched from Athena but from the northbound apps upon ONOS. For example, for the feature of pair flow counting, does Athena just analysis messages result from apps upon ONOS or it will dispatch related flow mod for counting.

Third, does Athena enable openflow multi-table. Because I have noticed that your paper referred openflow 1.3.

That's all. Thank you.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/shlee89/athena/issues/6#issuecomment-449225613, or mute the thread https://github.com/notifications/unsubscribe-auth/AFwgGf5eNcL5DTOE3VjAnkgA6FX0nnR7ks5u7E9GgaJpZM4Zbr9f.

[meixsh]

Thank you. From your answer, I read it that Athena just catches all messages between ONOS and Switches. And Athena itself won't generate table-mod or flow-mod messages to data plane. Maybe it would generate statistic messages. Am I right? And Athena use those messages to extract features which for training selected ML model. That means that ML model do not accept any prepared data set offline for training.

Thank you. Melvin

[shlee89]

That depends on your athena applications. If you want to issue flow rules to mitigate malicious traffic (for example), the Athena instance issues flow rules (or modifying tables) as you want.

For the question about the training data, you can use "prepared data" if you put them into the database in advance. If you want to do that, you need to put your data into the database and specify feature constraints (See "https://github.com/shlee89/athena#specify-feature-constraints-and-data-pre-processing https://github.com/shlee89/athena#specify-feature-constraints-and-data-pre-processing")

Thanks Seunghyeon.

On 21 Dec 2018, at 1:04 PM, melvin notifications@github.com wrote:

Thank you. From your answer, I read it that Athena just catches all messages between ONOS and Switches. And Athena itself won't generate table-mod or flow-mod messages to data plane. Maybe it would generate statistic messages. Am I right? And Athena use those messages to extract features which for training selected ML model. That means that ML model do not accept any prepared data set offline for training.

Thank you. Melvin

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/shlee89/athena/issues/6#issuecomment-449238277, or mute the thread https://github.com/notifications/unsubscribe-auth/AFwgGRn4nFEFK5G2_wQGoFDRci_64d9zks5u7F3OgaJpZM4Zbr9f.

[shlee89]

Please let me know if you have further questions.