Fuzzy Neural Network for Routing

Consider the computer network in Figure 1.11. Suppose a message needs to be sent from
node A (source) to node G (destination). The first decision faced by the routing algorithm at
node A will be to determine if the message should be transmitted through node B (link 1),
node C (link 2) or node D (link 3). Determining a value for each of those three possible
outgoing links will make this decision. These three values, computed by the proposed routing
strategy, will represent the expected time to destination via node B (link 1), node C (link 2)
and node D (link 3). These three time values will be compared and the link that gives the
shortest expected time will be chosen as the first link in routing the message to the destination
(node G).

Figure 1.11: Example computer network

The expected time value for every outgoing link will be determined through the use of
fuzzy logic and a neural network, using information specific to each outgoing link as
described in the previous section (distance, throughput, congestion and failure state). Each of
our four metrics was described earlier with three concepts. For example, distance could be
short, medium, or long. Although illustrated on the same graph in our figures because they
pertained to the same concept, these actually represent separate fuzzy sets. That is, “short
distance” is one fuzzy set. It happens to overlap with “medium distance” which is another
fuzzy set. For a particular outgoing link and destination, we might have membership grades
of 0.0 for “short distance”, 0.4 for “medium distance”, and 0.8 for “long distance”, meaning
that the distance tends to be slightly more long than medium for this route. The source node
will maintain a fuzzy neural network that will assess the time required for the data to reach
the destination via that particular link. Therefore, this membership grade information needs
to be conveyed to the neural network for each of our four metrics. Thus, three fuzzy sets for
each of four metrics results in twelve fuzzy sets for each link considered (see Table 1.0).

Table 1.0 : Twelve fuzzy sets

Data for a particular link (distance, throughput, congestion, failure) will be transformed
into twelve fuzzy membership grades, one for each of the fuzzy sets, thus resulting in twelve
inputs to the neural network. In addition to the twelve fuzzy membership grades, there will be
two additional inputs to the neural network, namely the packet size and destination of the
message. The neural network design is illustrated in Figure 1.12.

Figure 1.12: Neural network design

When node A’s controller (Figure 1.11) determines the best link to use from among link1,
link 2 or link 3, the neural network will be invoked three different times using three sets of
inputs to get three expected time values. These three time values are then compared to find
the link that will give the lowest expected time to reach the destination. That will be the link
chosen to send the message along. When the message arrives at the next node, the same
process will be repeated using a similar neural network for all outgoing links of that particular
node. This procedure continues until the destination node is reached. A similar, but not
identical, neural network will be present at each node of the computer network. This
dissertation will establish the advantages of this routing strategy by testing it at a single source
node. Results obtained with this neural network can easily be generalized to all nodes on the
computer network.

Trusted Internet Connection

Similar to Departments and Agencies that utilize Networx MTIPS, those using a TIC will already have a contractual relationship in place with their ISP, usually a Networx ISP. Pursuant to that relationship, the ISP, in its ordinary course of business, will use routing tables to ensure that only traffic intended for the Department or Agency’s IP addresses is routed to the Department or Agency’s networks. And the Department or Agency remains responsible for ensuring that only traffic intended for, or originating from, that Department or Agency is routed through the EINSTEIN sensor.

Since EINSTEIN collects network flow information for all traffic traversing a sensor, if, in a rare case the required contractual routing protections fail, in the normal course only network flow information associated with the improperly routed traffic would be collected. This mechanism minimizes the possibility of capturing or releasing Personally Identifiable Information (PII). If improperly routed network traffic matched a pattern of known malicious activity an alert would be triggered. In the event of an alert, and upon further inspection and investigation with the Department or Agency receiving the incorrectly routed traffic, a US-CERT analyst would be able to identify an incorrectly routed traffic error. US-CERT would then work with NCSD’s Network Security Deployment and Federal Network Security branches, the relevant Department or Agency, the ISP and, if necessary, the MTIPS vendor, to remedy the routing problem. In the unlikely event that an ISP’s routing tables mistakenly assign a government IP address to a commercial client, a routing loop would result. The routing loop would cause errors and break the commercial customer’s connection. When the ISP detects the routing loop or the customer reports its broken connections to the ISP, the ISP would correct the error in its ordinary course of business.