Abstract
Diversification is one of the most effective approaches to defend multitier systems against attacks, failure, and accidents. However, designing such a system with effective diversification is a challenging task because of stochastic user and attacker behaviors, combinatorial-explosive solution space, and multiple conflicting design objectives. In this study, we present a systematic framework for exploring the solution space, and consequently help the designer select a satisfactory system solution. A simulation model is employed to evaluate design solutions, and an artificial neural network is trained to approximate the behavior of the system based on simulation output. Guided by a trained neural network, a multi-objective evolutionary algorithm (MOEA) is proposed to search the solution space and identify potentially good solutions. Our MOEA incorporates the concept of Herbert Simon’s satisficing. It uses the decision maker’s aspiration levels for system performance metrics as its search direction to identity potentially good solutions. Such solutions are then evaluated via simulation. The newly-obtained simulation results are used to refine the neural network. The exploration process stops when the result converges or a satisfactory solution is found. We demonstrate and validate our framework using a design case of a three-tier web system.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abraham, A., & Jain, L. (2004). Evolutionary multipobjective optimization. In A. Abraham, L. Jain, & R. Goldberg (Eds.), Evolutionary Multiobjective Optimization. Berlin: Springer.
April, J., Glover, F., Kelly, J. P., & Laguna, M. (2003). Practical introduction to simulation optimization. In The 2003 winter simulation conference.
Avizienis, A., & Chen, L. (1977). On the implementation of N-version programming for software fault tolerance during execution. IEEE COMPSAC, 77, 149–155.
Avizienis, A., & Laprie, J.-C. (1986). Dependable computing: from concepts to design diversity. In The IEEE (pp. 629–638).
Bain, C., Faatz, D., Fayad, A., & Williams, D. (2001). Diversity as a defense strategy in information systems. The MITRE Corporation.
Barron, F. H., & Barret, B. E. (1996). Decision quality using ranked attribute weights. Management Science, 42, 1515–1523.
Barton, R. R., & Meckesheimer, M. (2006). Metamodel-based simulation optimization. In S. G. Henderson, & B. L. Nelson (Eds.), Handbook in OR & MS (pp. 535–574). Amsterdam: Elsevier.
Benjamin, R., Gladman, B., & Randell, B. (1998). Protecting IT systems from cyber crime. The Computer Journal, 41(7).
Better, M., Glover, F., Kochenberger, G., & Wang, H. (2008). Simulation optimization: applications in risk management. International Journal of Information Technology Decision Making, 7(4), 571–587.
Budhijara, N., Marzulio, K., Schneider, F., & Toueg, S. (1993). The primary-backup approach. In S. Mullender (Ed.), Distributed systems (2nd ed., pp. 199–216). Workingham: Addison-Wesley.
Charnes, A., & Cooper, W. W. (1961). Management models and industrial applications of linear programming. New York: Wiley.
Chen, P.-Y., Kataria, G., & Krishnan, R. (2005). Software diversity for information security. In Fourth workshop on the economics of information security (WEIS05). Harvard University, Cambridge, MA.
Coello Coello, C. A., & Mariano Romero, E. C. (2005). Evolutionary algorithms and multiple objective optimization. In M. Ehrgott, & X. Gandibleux (Eds.), Multiple criteria optimization: state of the art annotated bibliographic surveys. Boston/Dordrecht/London: Kluwer Academic.
Dellino, G., Lino, P., Meloni, C., & Rizzo, A. (2009). Kriging metamodel management in the design optimization of a CNG injection system. Mathematics and Computers in Simulation, 79(8), 2345–2360.
Dellino, G., Kleijnen, J. P. C., & Meloni, C. (in press). Robust optimization in simulation: Taguchi and response surface methodology. International Journal of Production Economics. doi:10.1016/j.ijpe.2009.12.003
Demuth, H., & Beale, M. (2002). Neural network toolbox for use with Matlab, user’s guide. The MathWorks, Inc.
Ellison, R. J., Fisher, D. A., Linger, R. C., Lipson, H. F., Longstaff, T., & Mead, N. R. (1997). Survivable network systems: an emerging discipline (Technical Report, CMU/SEI-97-TR-013). CMU Software Engineering Institute.
Forrest, S., Somayaji, A., & Ackley, D. (1997). Building diverse computer systems. In Proceedings of the sixth workshop on hot topics in operating systems. Los Alamitos: Computer Society Press.
Fu, M. C. (2002). Optimization for simulation: theory vs. practice. INFORMS Journal on Computing, 14(3), 192–215.
Galletta, D. F., Henry, R., McCoy, S., & Polak, P. (2004). Web site delays: how tolerant are users? Journal of the Association for Information Systems, 5(1), 1–28.
Geer, D., Pfleeger, C. P., Schneier, B., Quarterman, J. S., Metzger, P., Bace, B., & Gutmann, P. (2003). Cyberinsecurity: the cost of monopoly. Computer Communications Industry Association.
Gifford, D. (1979). Weighted voting for replicated data. In Proceedings of seventh symposium of operation system principles (pp. 150–162). New York: ACM Press.
Goela, T., Vaidyanathana, R., Haftkaa, R. T., Shyya, W., Queipob, N. V., & Tuckerc, K. (2007). Response surface approximation of Pareto optimal front in multi-objective optimization. Computer Methods in Applied Mechanics and Engineering, 196(4–6), 879–893.
Hagan, M. T., & Menhaj, M. (1994). Training feedforward networks with the marquardt algorithm. IEEE Transactions on Neural Networks, 5(6), 989–993.
Jalote, P. (1994). Fault tolerance in distributed systems. Englewood: Prentice Hall.
Kaaniche, M., Laprie, J.-C., & Blanquart, J.-P. (2000). Engineering of complex computer systems. Sixth IEEE International Conference on ICECCS, 2000, 36–46.
Kalyanmoy, D., Sundar, J., Rao, N. U. B., & Shamik, C. (2006). Reference point based multi-objective optimization using evolutionary algorithms. International Journal of Computational Intelligence Research, 2(3), 273–286.
Keller, G. (2005). Statistics for management and economics (7th ed.). Brooks/Cole: Thomson.
Law, A. M., & Kelton, W. D. (1991). Simulation modeling and analysis. New York: McGraw-Hill.
Li, M., Li, G., & Azarm, S. (2008). A Kriging metamodel assisted multi-objective genetic algorithm for design optimization. Journal of Mechanical Design, 130(3).
Littlewood, B., & Strigini, L. (2004). Redundancy and diversity in security. In ESORICS 2004, 9th European symposium on research in computer security. Sophia Antipolis, France. Berlin: Springer.
Littlewood, B., Popov, P., & Strigini, L. (2001). Modelling software design diversity—a review. ACM Computing Surveys, 33(2), 177–208.
Liu, Y., & Trivedi, K. S. (2004). A general framework for network survivability quantification. In 12th Gi/Itg conference on measuring, modelling and evaluation of computer and communication systems together with 3rd Polish-German teletraffic symposium.
Lotfi, V., Stewart, T. J., & Zionts, S. (1992). An aspiration-level interactive model for multiple criteria decision making. Computers & Operations Research, 19(7), 671–681.
March, J. G. (1994). A primer on decision making: how decisions happen. Free Press: New York.
Microsoft (2009). Deployment patterns (Microsoft Enterprise Architecture, Patterns, and Practices).
Nutt, P. C. (2005). Search during decision making. European Journal of Operational Research, 160(3), 851–876.
Peng, Y., Kou, G., Shi, Y., & Chen, Z. (2008). A descriptive framework for the field of data mining and knowledge discovery. International Journal of Information Technology & Decision Making, 7(4), 639–682.
Russell, S., & Norvig, P. (2003). Artificial intelligence: a modern approach (2nd ed.). Upper Saddle River: Prentice Hall.
Shao, B. B. M. (2005). Optimal redundancy allocation for information technology disaster recovery in the network economy. IEEE Transactions on Dependable and Secure Computing, 2(3).
Simon, H. A. (1976). Administrative behavior: a study of decision-making processes in administrative organization. New York: Free Press.
Simon, H. A. (1996). The sciences of the artificial. Cambridge: MIT Press.
Stamp, M. (2004). Risks of monoculture. Communications of the ACM, 47(3).
Stevens, F., Courtney, T., Singh, S., Agbaria, A., Meyer, J. F., Sanders, W. H., & Pal, P. (2004). Model-based validation of an intrusion-tolerant information system. In 23rd symposium on reliable distributed systems (SRDS 2004).
Tanenbaum, A. S., & van Steen, M. (2002). Distributed systems principles and paradigms. Upper Saddle River: Prentice Hall.
Tchangani, A. P. (2009). Evaluation model for multiattributes–multiagents decision making: satisficing game approach. International Journal of Information Technology & Decision Making, 8(1), 73–91.
Thomas, R. (1979). A majority consensus approach to concurrency control for multiple copy databases. ACM Transactions on Database Systems, 4(2), 180–209.
Umar, A. (2003). E-business and distributed systems handbook: architecture module. Nge Solutions.
Wallenius, J., Dyer, J. S., Fishburn, P. C., Steuer, R. E., Zionts, S., & Deb, K. (2008). Multiple criteria decision making, multiattribute utility theory: recent accomplishments and what lies ahead. Management Science, 54(7), 1336–1349.
Wang, J., & Zionts, S. (2005). WebAIM: an online aspiration level interactive method. Journal of Multi-Criteria Decision Analysis, 13, 51–63.
Wang, J., & Zionts, S. (2006). The aspiration level interactive method (AIM) reconsidered: robustness of solutions. European Journal of Operational Research, 175(2), 948–958.
Wang, J., & Zionts, S. (2008). Negotiating Wisely: considerations based on multi-criteria decision making/multi-attributes utility theory. European Journal of Operational Research, 188(1), 191–205.
Wang, J., Sharman, R., & Ramesh, R. (2008). Shared content management in replicated web systems: a design framework using problem decomposition, controlled simulation and feedback learning. IEEE Transactions On Systems, Man, And Cybernetics (Part C), 38(1), 110–124.
Wierzbicki, A. P. (1980). The use of reference objective in multiobjective optimization. In G. Fandel, & T. Gal (Eds.), Multiple criteria decision making, theory and application (pp. 468–486). Berlin: Springer.
Zhang, Y., Vin, H., & Alvisi, L. (2002). Heterogeneous networking: a new survivability paradigm. In NSPW’01. Cloudcroft, New Mexico, USA.
Zona Research Inc (1999). The economic impacts of unacceptable Web site download speeds. Zona Research Inc.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wang, J., Sharman, R. & Zionts, S. Functionality defense through diversity: a design framework to multitier systems. Ann Oper Res 197, 25–45 (2012). https://doi.org/10.1007/s10479-010-0729-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10479-010-0729-7