 Yeah, hi, good morning, everyone. So my name is Aman, and we are going to discuss Advanced Threat Prediction and Orchestration for Service Chains in SP Cloud. So mainly, I wanted to discuss four important things. First, what are the threats that a service provider domain can get? What are the appliances that we are using to handle those threats? The current service chain design in the service provider cloud, and the problem with that particular design and what we are proposing so that we can solve that problem. So the most common threats in a service provider domain can be a packet sniffing. As we know that, as an internet domain, is an encrypted domain, any malicious user who can get the access of the packet can read through the IPs and ports. There can be malware attacks where a malicious user can try to send viruses. They can send worms, dogs, and horses into the system. There can be denial of service attacks when a user tries to block all other operations by sending packet at a certain rate. These are the common threats in the service provider domain. What are the appliances that are used? One most famous is a firewall. So the firewall can act in two different manner. It can act in a stateful manner as well as a stateless manner. Stateless manner, when it acts, there are a set of rules like a ACL rule or there are a set of URL filtering rules that it acts on. Then there can be stateful firewalls as well. Stateful as in, they maintain a database through which they know what are the trusted packets, what are the trusted sources and destination. If there are any untrusted source, the firewall can deny that. There is an intrusion prevention system. So basically, this is a next-gen firewall which is having the capability of to do deep packet inspection. It is used for malware protection kind of thing. Now I'll go ahead and discuss about the current service chain design. So as you can see, there are a couple of branches, couple of enterprise branches, then there is an internet. And in between, there is a service provider domain. So in this domain, there is an open stack infrastructure on which there are NFVs created like a router or IPS or a firewall. These infrastructure are controlled by a NFV orchestrator which talks to open stack and then it can orchestrate these devices. So the idea is when we say about a service chain, a packet coming out of a branch to the internet goes via all these devices one by one and all the packet filtering and other things are happening on these service chains. So the chain of these three devices can be called as a service chain. A traffic coming out of a CP to the service chain is always encrypted. It's in a secure tunnel. And when it goes out of the service chain to the internet traffic, it is unencrypted. So it's the duty of these service chains to identify the security threats present and to handle them. So the problem that we see with this service chain design is that there is no dynamic approach in that. So at the start of the creation of this service chain, we'll either go for a router as a service or we'll go, we'll couple with the router with the firewall as a service or we couple both of them with the IPS as a service. But on demand, we cannot provision something or on demand, we cannot orchestrate new rules. So that is the problem that we are trying to tackle in this case. So the design that we discuss about, so we know that Neutron has a tap as a service plugin. So what we do, so suppose there's a simple case of a router as a service when there is a, in the service chain, there's a single router being orchestrated by the NFB orchestrator. So what we will do, we will copy the packet from the OBS switch to a network analyzer through the tap as a service plugin. The network analyzer will have set of tools like IDS, traffic analyzer. It will have graphical tools to present graph from the analyzed traffic. So the idea is this network analyzer tool will detect the threat present in the system. And on demand, there is a orchestrator plugin module in that which can have API invocation to the NFB orchestrator. And on demand, we can create new NFBs or if you want to add, if you want to modify rules in the current NFB design or the current set of rules that we wanted to modify, we can do through this API invocation. So you see, before there was a router as a service present, now we have coupled the router with the firewall as a service as well. And just, it's very easy. The network analyzer tool has IDS, the intrusion detection system, which can basically do a deep packet inspection as well as it can do a pattern analysis. It can do the signature analysis of a traffic. Then there is a graphical tool. There can be any graphical tool connected here. And then when a certain kind of threat is detected, based on that, the API can be invoked and the proper NFB which can handle that or a rule which can handle that can be created on demand. So the advantages that we see here. So this is a very good cost and resource optimization because in an enterprise when there are no need for a firewall or an IPS system, why do you buy them? If there are network threats, which can threat that kind of traffic, you can have it on demand. It has a very fast response in an event of a threat. As it is dynamic, as it is API driven, it is very fast. It doesn't only create an NFB on demand but can modify the existing rules based on threat analysis. For some kind of threat, we just want to add a rule in the firewall. We don't want a new IPS device to be generated. So it can identify such kind of a threat and on demand it can create, it can add rules in the current firewalls. There is no manual intervention required for some identified cases because we are not going to analyze all kind of threats here. So some static kind of threat we can identify and based on that we can orchestrate rules. So what is the further enhancement that we plan? So we want to incorporate this kind of threat detection via machine learning. We want to analyze, we want to bring data sets through which we can analyze them and then do a predictive analysis. We can analyze the P-CAP captures with technologies like TensorFlow or Pandas. These are the Python libraries for machine learnings. Then we can have dynamic orchestration of rules for every kind of a threat. Once you do machine learning and you do deep packet inspection on a large data set, we can do dynamic orchestration around all set of rules. We do pattern learning with the increasing data set as this is one base technology that we identified. Yeah, so mostly then, if any question or answer we can discuss. No questions, it's all good. So we have started our research on this. We have started writing a couple of modules. So it's not yet completely done, but we know which direction to move forward. I have my teammate as well present with me. So we did as in a collaboration with a few folks in India. Yeah, exactly. So these are some of the research work that we did and these are the, yeah, we started exploding these kind of tools, but there are more, we know that. Based on the P-CAP captures that we have in the packets, you can run a learning kind of thing and prediction, for those we would be using TensorFlow and Pandas. TensorFlow, I felt that somehow it is very useful when you are doing kind of network prediction and all. So it's, I mean, that is what I felt. And Pandas in general, I mean, that is. I think that would come once we have the analysis in place and then you would usually go for the optimization. So we're trying to put that in place. We tried to look for a couple of tools. Didn't quite find any open source tool, which does that. So, I mean, when we do this, we would like to collaborate with people and probably put it in the open source. We saw that this piece is quite missing. So you have so many to, I mean, whenever you do a service change, that's kind of static. And in a dynamic fashion, you never really get to do that. And that would be a lot of optimization costs, savings in the long run. Rules engine as in the tool. So basically, this is a intrusion detection system which we are using, which does a packet, deep packet inspection and tries to find out the signature as well as the pattern kind of a thing. So, no, this is a common tool actually. We are not exploring, yeah. So this is not related to any code-based kind of a thing. This is a appliance kind of a thing which we are using as of now. Okay, thank you. We'll discuss it.