Jeffrey O. Kephart

Directed-graph epidemiological models of computer viruses

The strong analogy between biological viruses and their computational counterparts has motivated the authors to adapt the techniques of mathematical epidemiology to the study of computer virus propagation. In order to allow for the most general patterns of program sharing, a standard epidemiological model is extended by placing it on a directed graph and a combination of analysis and simulation is used to study its behavior. The conditions under which epidemics are likely to occur are determined, and, in cases where they do, the dynamics of the expected number of infected individuals are examined as a function of time. It is concluded that an imperfect defense against computer viruses can still be highly effective in preventing their widespread proliferation, provided that the infection rate does not exceed a well-defined critical epidemic threshold.<<ETX>>

Utility functions in autonomic systems

Utility functions provide a natural and advantageous framework for achieving self-optimization in distributed autonomic computing systems. We present a distributed architecture, implemented in a realistic prototype data center, that demonstrates how utility functions can enable a collection of autonomic elements to continually optimize the use of computational resources in a dynamic, heterogeneous environment. Broadly, the architecture is a two-level structure of independent autonomic elements that supports flexibility, modularity, and self-management. Individual autonomic elements manage application resource usage to optimize local service-level utility functions, and a global arbiter allocates resources among application environments based on resource-level utility functions obtained from the managers of the applications. We present empirical data that demonstrate the effectiveness of our utility function scheme in handling realistic, fluctuating Web-based transactional workloads running on a Linux cluster.

Power and Performance Management of Virtualized Computing Environments Via Lookahead Control

There is growing incentive to reduce the power consumed by large-scale data centers that host online services such as banking, retail commerce, and gaming. Virtualization is a promising approach to consolidating multiple online services onto a smaller number of computing resources. A virtualized server environment allows computing resources to be shared among multiple performance-isolated platforms called virtual machines. By dynamically provisioning virtual machines, consolidating the workload, and turning servers on and off as needed, data center operators can maintain the desired quality-of-service (QoS) while achieving higher server utilization and energy efficiency. We implement and validate a dynamic resource provisioning framework for virtualized server environments wherein the provisioning problem is posed as one of sequential optimization under uncertainty and solved using a lookahead control scheme. The proposed approach accounts for the switching costs incurred while provisioning virtual machines and explicitly encodes the corresponding risk in the optimization problem. Experiments using the Trade6 enterprise application show that a server cluster managed by the controller conserves, on average, 26% of the power required by a system without dynamic control while still maintaining QoS goals.

Measuring and modeling computer virus prevalence

To understand the current extent of the computer virus problem and predict its future course, the authors have conducted a statistical analysis of computer virus incidents in a large, stable sample population of PCs and developed new epidemiological models of computer virus spread. Only a small fraction of all known viruses have appeared in real incidents, partly because many viruses are below the theoretical epidemic threshold. The observed sub-exponential rate of viral spread can be explained by models of localized software exchange. A surprisingly small fraction of machines in well-protected business environments are infected. This may be explained by a model in which, once a machine is found to be infected, neighboring machines are checked for viruses. This kill signal idea could be implemented in networks to greatly reduce the threat of viral spread. A similar principle has been incorporated into a cost-effective anti-virus policy for organizations which works quite well in practice.<<ETX>>

Efficient resource provisioning in compute clouds via VM multiplexing

Resource provisioning in compute clouds often require an estimate of the capacity needs of Virtual Machines (VMs). The estimated VM size is the basis for allocating resources commensurate with workload demand. In contrast to the traditional practice of estimating the VM sizes individually, we propose a joint-VM sizing approach in which multiple VMs are consolidated and provisioned, based on an estimate of their aggregate capacity needs. This new approach exploits statistical multiplexing among the workload patterns of multiple VMs, i.e., the peaks and valleys in one workload pattern do not necessarily coincide with the others. Thus, the unused resources of a low utilized VM can be directed to the other co-located VMs with high utilization. Compared to individual VM based provisioning, joint-VM sizing and provisioning may lead to much higher resource utilization. This paper presents three design modules to enable the concept in practice. Specifically, a performance constraint describing the capacity need of a VM for achieving a certain level of application performance; an algorithm for estimating the size of jointly provisioning VMs; a VM selection method that seeks to find good VM combinations for being provisioned together. We showcase that the proposed three modules can be seamlessly plugged into existing applications such as resource provisioning, and providing resource guarantees for VMs. The proposed algorithms and applications are evaluated by monitoring data collected from about 16 thousand VMs in commercial data centers. These evaluations reveal more than 45% improvements in terms of the overall resource utilization.

An architectural approach to autonomic computing

We describe an architectural approach to achieving the goals of autonomic computing. The architecture that we outline describes interfaces and behavioral requirements for individual system components, describes how interactions among components are established, and recommends design patterns that engender the desired system-level properties of self-configuration, self-optimization, self-healing and self-protection. We have validated many of these ideas in two prototype autonomic computing systems.

An artificial intelligence perspective on autonomic computing policies

We introduce a unified framework that interrelates three different types of policies that will be used in autonomic computing system: action, goal, and utility function policies. Our policy framework is based on concepts from artificial intelligence such at: states, actions, and rational agents. We show how the framework can be used to support the use of all three types of policies within a single autonomic component or system, and use the framework to discuss the relative merits of each type.

Computers and epidemiology

Analogies with biological disease with topological considerations added, which show that the spread of computer viruses can be contained, and the resulting epidemiological model are examined. The findings of computer virus epidemiology show that computer viruses are far less rife than many have claimed, that many fail to thrive, that even successful viruses spread at nowhere near the exponential rate that some have claimed, and that centralized reporting and response within an organization is an extremely effective defense. A case study is presented, and some steps for companies to take are suggested.<<ETX>>

Dynamic pricing by software agents

Abstract We envision a future in which the global economy and the Internet will merge, evolving into an information economy bustling with billions of economically motivated software agents that exchange information goods and services with humans and other agents. Economic software agents will differ in important ways from their human counterparts, and these differences may have significant beneficial or harmful effects upon the global economy. It is therefore important to consider the economic incentives and behaviors of economic software agents, and to use every available means to anticipate their collective interactions. We survey research conducted by the Information Economies group at IBM Research aimed at understanding collective interactions among agents that dynamically price information goods or services. In particular, we study the potential impact of widespread shopbot usage on prices, the price dynamics that may ensue from various mixtures of automated pricing agents (or “pricebots”), the potential use of machine-learning algorithms to improve profits, and more generally the interplay among learning, optimization, and dynamics in agent-based information economies. These studies illustrate both beneficial and harmful collective behaviors that can arise in such systems, suggest possible cures for some of the undesired phenomena, and raise fundamental theoretical issues, particularly in the realms of multi-agent learning and dynamic optimization.

A Multi-Agent Systems Approach to Autonomic Computing

The goal of autonomic computing is to create computing systems capable of managing themselves to a far greater extent than they do today. This paper presents Unity, a decentralized architecture for autonomic computing based on multiple interacting agents called autonomic elements. We illustrate how the Unity architecture realizes a number of desired autonomic system behaviors including goal-driven self-assembly, self-healing, and real-time self-optimization. We then present a realistic prototype implementation, showing how a collection of Unity elements self-assembles, recovers from certain classes of faults, and manages the use of computational resources (e.g. servers) in a dynamic multi-application environment. In Unity, an autonomic element within each application environment computes a resource-level utility function based on information specified in that applicationýs service-level utility function. Resource-level utility functions from multiple application environments are sent to a Resource Arbiter element, which computes a globally optimal allocation of servers across the applications. We present illustrative empirical data showing the behavior of our implemented system in handling realistic Web-based transactional workloads running on a Linux cluster.