Enhancing real-time embedded systems development Повышение реального времени встроенных систем развития
using artificial immune systems с использованием искусственных иммунных систем
Thesis Proposal Диссертация Предложение
Nicholas Lay Николай Lay
Supervisor: Dr Iain Bate Научный руководитель: д-р Ян Батэ
April 2007 Апрель 2007
Abstract Аннотация
This document outlines a proposal for the creation of a technique to enhance the В настоящем документе излагается предложение о создании техники для повышения
development of real‐time embedded systems, enabling the production of reliable развития в режиме реального времени встроенных систем, что позволяет производство надежных
embedded software in a way that is economical for use in non‐safety‐critical systems. встроенное
программное обеспечение таким образом, что является экономически
выгодным для использования в не-безопасности критически важных систем.
Existing development techniques rely heavily on formal analysis methods which are Существующие методы развития полагаются на формальные методы анализа, которые
time consuming and inflexible. много времени и негибкой. Utilising principles derived from immunology an Используя принципы, вытекающие из иммунологии
alternative solution is proposed which allows systems to detect anomalies occurring Альтернативным решением предлагается, которая позволяет систем обнаружения аномалий, происходящих
as part of their operation, providing designers with a flexible and adaptive method как часть их работы, предоставляя дизайнерам с гибким и адаптивным методом
of locating problems in software. размещения проблемы в программном обеспечении.
Contents Содержание
1. 1. Introduction Введение
As the application of computer systems has increased greatly over the last few Как применения компьютерных систем значительно выросло за последние несколько
decades, there has been a significant increase in the utilisation of embedded systems, десятилетий, имело место значительное увеличение использования встроенных систем,
where the functionality of the computer system is encapsulated inside the device it где функциональность компьютерной системы заключена внутри устройства оно
controls. контроля. The increase of adoption of embedded systems, with the resultant increase Увеличение принятия встраиваемых систем, в результате чего увеличение
in processing power they bring, has allowed both improvements in existing device в вычислительной мощности они приносят, позволило как улучшения в существующие устройства
classes, and also the creation of devices in new application areas. классов, а также создания устройств в новых областях применения.
A particular domain in which embedded systems are now particularly widespread is Конкретной области, в которых встраиваемых систем в настоящее время особенно широкое распространение
the Consumer Electronics (CE) industry. Бытовая электроника (CE) промышленности. The last few decades have seen a significant В последние несколько десятилетий произошло значительное
increase in the market for CE devices, driven by the development of new увеличение на рынке устройств CE, движимый развития новых
technologies to replace existing devices (such as the rise of digital cameras replacing технологий для замены существующих устройств (таких как рост цифровых камер заменив
those based on photographic film) as well as the emergence of new technologies such те, которые основаны на фотопленке), а также появление новых технологий, таких
as mobile telephones [Bouyssounouse and Sifakis 2005]. как мобильные телефоны [Bouyssounouse и Сифакис 2005]. In addition, the complexity Кроме того, сложность
of the devices produced is also increasing exponentially: it has been estimated that из устройств производятся также растет в геометрической прогрессии: было подсчитано, что
the amount of code in embedded devices doubles every two years [Gibbs 1994, van объем кода во встраиваемых устройств удваивается каждые два года [Гиббса 1994 года, ван
Ommering 2003]. Ommering 2003].
The CE marketplace is characterised by being extremely competitive, served by a Куплю CE характеризуется быть весьма конкурентоспособной, обслуживаемых
large number of different manufacturers, with each often offering ranges of products большое количество различных производителей, с каждым часто предлагают линейки продуктов
catering for a range of price points and feature sets. Питание для диапазона цен и наборов функций. It is therefore vitally important Поэтому жизненно важно
for a CE manufacturer to ensure that its products enter the marketplace at the right для CE производителя обеспечить, чтобы его продукция войти на рынке в нужное
time and at the right cost: if a product is late to market, or simply too expensive время и в нужное стоимость: если продукт позднего выхода на рынок, или просто слишком дорогой
when compared to products from competing manufacturers, it is likely to lose sales. по сравнению с продуктами от конкурирующих производителей, это, вероятно, потеряет продаж.
A large number of CE devices (and other embedded systems) now incorporate Большое количество устройств CE (и других встроенных систем) теперь включают
components with real‐time characteristics. компонентов в режиме реального времени характеристиками. The failure of a system to meet these Отказ системы для удовлетворения этих
requirements may cause various errors, which in some cases may be observable to требований может привести к различным ошибкам, которые в некоторых случаях может наблюдаться в
the user as sluggish behaviour or a lack of responsiveness, or in other cases may Пользователь, как вяло поведение или отсутствие реакции, или в других случаях могут
cause the system to fail completely. причиной системы совсем не будут. In devices where there is a high expectation of В устройствах, где есть высокие ожидания
reliability, a system with real‐time requirements must be able to satisfy those надежность, система в режиме реального времени требования должны быть в состоянии удовлетворить эти
requirements. требования. A system which is perceived as being unreliable, or which is Система, которая воспринимается как ненадежный, или которое
frustrating to use by being unresponsive, is more likely to be unsuccessful in the расстраивает использовать, будучи не удается, скорее всего, будет неудачной в
marketplace, and may even adversely affect the reputation of its manufacturer, рынке, и может даже негативно повлиять на репутацию его производителя,
causing a loss of sales of other unrelated products which do not suffer from the same вызывая потери продаж других не связанных с продуктами, которые не страдают от той же
problems. проблемы.
1.1. 1.1.
Development of embedded systems Развитие встроенных систем
The process by which embedded systems are developed is frequently challenging, in Процесс, посредством которого встроенных систем разрабатываются часто сложные, в
part due to the presence of a number of competing requirements which must be отчасти из-за наличия ряда конкурирующих требований, которые должны быть
traded‐off against each other [Vahid and Givargis 2002]. торгуются друг против друга [Вахид и Givargis 2002]. These requirements may Эти требования могут
relate to the functionality of the system, but they may also constrain other properties, относятся к функциональности системы, но они также могут ограничивать других свойств,
such as the unit cost or the system's power consumption. таких, как стоимость единицы или в энергопотребление системы. If a system includes real‐ Если система включает в реальном
time components, these will have real‐time deadlines which must be met. компоненты времени, то они будут иметь в режиме реального времени сроки, которые должны быть выполнены.
7 7
Particularly in CE devices, in order to maximise the profitability of a system in a В частности, в CE устройств, в целях обеспечения максимальной рентабельности системы
competitive marketplace, it is necessary to keep the costs associated with the design конкурентном рынке, необходимо сохранить расходы, связанные с дизайном
and manufacture of a system to a minimum, as these costs must be recovered и производство системы до минимума, так как эти расходы должны быть восстановлены
through sales of the final system. путем продажи выпускной системы. The costs for each system include two major Расходы для каждой системе включают два основных
components. компонентов. One of these is the unit cost: this is the cost incurred through physically Одним из них является стоимость единицы: это затраты, понесенные через физически
manufacturing one system, such as its component parts, energy costs and associated производства одной системы, такие как его составные части, расходы на энергию и связанные с ними
labour. труда. In addition to this are the costs incurred during the development of the В дополнение к этому являются расходы, понесенные в ходе разработки
system, known as non‐recurring engineering (NRE) costs: these will include the Система, известная как единовременные техники (НЭ) стоит: это будет включать в себя
design and prototyping costs, the cost of setting up manufacturing plants to produce проектирование и создание прототипа расходы, расходы по созданию предприятий по производству
the system, and the cost of any testing or certification required by the product. системы, а стоимость любого тестирования или сертификации требуется продукта.
The incorporation of real‐time components into embedded systems makes the Включение в режиме реального времени компонентов в встраиваемых систем делает
development process particularly challenging. процесс развития особенно сложным. Traditional real‐time development Традиционный в режиме реального времени развития
techniques rely extensively on a priori analysis techniques to determine whether a методы полагаются на методы анализа априорно определить, является ли
system will satisfy all of its real‐time requirements. Система будет удовлетворять все его в режиме реального времени требованиям. Although these techniques result Хотя эти методы результат
in highly reliable systems, and are frequently used in the development of safety‐ в высоконадежные системы, и часто используются в развитие безопасности
critical RTES such as those used in the automotive industry, they are typically критической ВС РВ, таких как те, которые используются в автомобильной промышленности, они, как правило,
incompatible with the CE development process, which is often rapid and generally несовместимы с процессом развития CE, которая часто быстрое и в целом
must be as cheap as possible. должно быть как можно дешевле.
1.2. 1.2.
Problems with embedded software engineering Проблемы со встроенной программной инженерии
From the literature it is clear that the focus of most software engineering research has Из литературы видно, что в центре внимания большинства научных исследований программного обеспечения
been on functional correctness and understanding. был на функциональную корректность и понимание. In particular, Dijkstra, in his work В частности, Дейкстра, в своей работе
on software architecture [1969, 1972] was primarily concerned with improving the по архитектуре программного обеспечения [1969, 1972] был прежде всего заинтересован в улучшении
understandability of software. понятности программного обеспечения. Later work in the area concentrated on the Позже работы в области сосредоточена на
development of techniques such as modularisation [Parnas 1972], to allow the развитие методов, таких как модуляризации [Парнас 1972], с тем чтобы
construction of large software systems by separate teams, each focussing on a small строительство крупных программных систем на отдельные группы, каждая акцентом на малые
portion of the system's overall functionality. часть в общей функциональности системы. This has further evolved, with the Это дальнейшее развитие, с
incorporation of ideas such as software reuse, into the modern concept of внедрение идей, таких как программное обеспечение повторного использования, в современной концепции
component‐based software engineering [Batory and OʹMalley 1992, Garlan and Shaw компонентной разработки программного обеспечения [Батория и Омалли 1992 года, Гарлан и Шоу
1993]. 1993].
Until relatively recently, there has been little consideration of non‐functional До сравнительно недавнего времени, было мало рассмотрение нефункциональные
properties in the software engineering literature. свойства в литературе разработки программного обеспечения. Methods of evaluating the non‐ Методы оценки не-
functional properties of a component‐based system are now being investigated (eg функциональные свойства компонентов системы, основанной в настоящее время исследованы (например,
[Russell and Jacome 2003, Bondarev et al. [Russell и Хакоме 2003 года, Бондарев и др.. 2004]), but there are as yet no mature 2004]), но Есть еще не зрелый
technologies suitable for use in the development of real‐time embedded systems. технологий, пригодных для использования в развитии реального времени встраиваемых систем. In В
particular, most proposed techniques have not yet been shown to be scalable for В частности, большинство предлагаемых методов еще не было показано, что для масштабируемых
dealing with more complex systems, and they also make the assumption that the дело с более сложными системами, и они также делают предположение, что
non‐functional properties of individual components combine predictably, which нефункциональных свойств отдельных компонентов объединить предсказуемо, что
particularly with complex systems involving a large number of component особенно в сложных системах с большим числом компонентов
interactions, is not necessarily the case. взаимодействий, не обязательно так.
Component‐based approaches have been used during the development of embedded Компонент подходы были использованы при разработке встроенных
software, although they are not yet commonplace [Graaf et al. программное обеспечение, хотя они еще не являются обычным [Грааф и др.. 2003]. 2003]. Of significance Важное значение
is the Koala Component Model developed by Philips Research for the production of является Коала компонента модели, разработанной Philips Research для производства
embedded software in televisions [van Ommering 1998, van Ommering et al. встроенного программного обеспечения в телевизоры [ван Ommering 1998 года, ван Ommering и др.. 2000]. 2000].
8 8
Koala was developed to allow embedded software to be produced quickly from a Коала была разработана для встроенного программного обеспечения, чтобы быть произведены быстро от
reusable kit of components, taking into account projected increases in the complexity многоразовый комплект компонентов, принимая во внимание прогнозируемый рост сложности
of embedded software and to support the development of “families” of products. встроенного программного обеспечения и поддержки развития "семьи" продуктов.
Although Koala has helped in these respects, it does not consider the non‐functional Хотя Коала помогло в этом отношении, она не считает нефункциональные
properties of components or systems, and therefore is unable to guarantee that real‐ свойств элементов или систем, и поэтому не может дать гарантий, что реальные
time components will satisfy their requirements. компоненты времени удовлетворит их требования.
1.3. 1.3.
Problems with real-time development techniques Проблемы в реальном времени, методы развития
The development of real‐time systems is an area which has seen active research over Развитие системы реального времени является районом, который видел активные исследования по
many years [Burns and Wellings 2001], and this has given rise to a number of много лет [Бернс и Уэллингс 2001], и это привело к ряду
techniques which can be employed to guarantee that a system will satisfy all of its методов, которые могут быть использованы, чтобы гарантировать, что система будет удовлетворять все свои
real‐time properties. в режиме реального времени свойствами.
Although these techniques are effective at producing reliable real‐time software, they Хотя эти методы эффективны при производстве надежных времени программного обеспечения реальной, они
have a number of characteristics which give rise to problems when considering their имеют ряд характеристик, которые приводят к проблемам при рассмотрении их
application in the development of CE devices. применение в разработке устройств CE.
Firstly, the majority of real‐time engineering techniques are based on a priori formal Во-первых, большинство в режиме реального времени инженерии основаны на априорных формальных
analysis of system components. анализ компонентов системы. The nature of such analysis techniques makes them Характер таких методов анализа делает их
time consuming, particularly where frequent small changes are made to the system, много времени, особенно там, где частые незначительные изменения, внесенные в систему,
as this requires that large portions of the analysis be repeated taking the changes into поскольку для этого требуется, что значительная часть анализа повторяется с изменениями в
account. счет. This also makes analysis techniques inflexible with regards to product Это также делает анализ методов негибкими в отношении продукта
families: two systems which share a common base but which differ slightly in семьи: две системы, которые разделяют общую базу, но незначительно отличаться в
specific features must be analysed as separate systems; analysis results cannot be особенности должны быть проанализированы как отдельные системы, анализ результатов не может быть
transferred between products or even between different versions of a single product. передается между продуктами или даже между разными версиями одного продукта.
As real‐time development techniques are biased towards reliability, they have a Как в режиме реального времени методы развития смещены в сторону надежности, они имеют
tendency to focus specifically on the system's ability to perform in worst‐case Тенденция к конкретно по системе способность выступать в наихудшем
situations, even where the likelihood of such a situation occurring is slight. ситуациях, даже там, где вероятность такой ситуации, происходящие мало. A system Системы
which is guaranteed to perform in the worst case should always be reliable, but will которые гарантированно выступят в худшем случае всегда должна быть надежной, но будет
be underutilised if the worst case scenario occurs infrequently or if it requires far быть недостаточно, если худшем случае происходит редко или если она требует гораздо
greater resources than the average case. больше ресурсов, чем в среднем случае.
When developing using real‐time analysis techniques, it is frequently the case that При разработке использованием времени методы анализа реальной, это часто бывает, что
specialist knowledge is required in order that system analysis is carried out специальных знаний требуется для того, что системный анализ проводится
effectively. эффективно. This, combined with the other factors already outlined, makes real‐time Это, в сочетании с другими факторами, уже наметили, создает в режиме реального времени
analysis comparatively expensive compared with other software development Анализ сравнительно дорогими по сравнению с другими разработки программного обеспечения
techniques. методы.
It is not the case that it is impossible to carry out real‐time analysis during the Это не так, что невозможно проводить анализ в реальном времени во время
development of embedded systems: indeed, embedded systems used in safety‐ Разработка встраиваемых систем: действительно, встроенных систем, используемых в безопасности
critical situations, such as those used in the aerospace and automotive industries, will критических ситуациях, таких, как те, которые используются в аэрокосмической и автомобильной промышленности, будет
be developed using these techniques. быть разработаны с использованием этих методов. However, the nature of the marketplace for CE Однако, характер рынка для CE
devices, which typically sees a high turnover of new products and relatively short устройств, которые обычно видит высокий оборот новых продуктов и относительно короткий
product lifetimes, means that there is little scope for the costs associated with Продукт жизни, означает, что существует мало возможностей для расходов, связанных с
performing real‐time analysis to be recovered. выполнение времени анализ реального восстановления. The fact that the findings of any Тот факт, что результаты любого
9 9
analysis are only applicable to the system analysed makes it particularly анализ применим только к системе проанализированы делает его особенно
uneconomical to analyse CE devices fully. неэкономичным для анализа CE устройств в полном объеме.
1.4. 1,4.
Motivation for research Мотивация для исследований
It is clear that a technique permitting the development of reliable real‐time Ясно, что техника позволяет разработка надежных в режиме реального времени
embedded software, which does not suffer the drawbacks of existing real‐time встроенного программного обеспечения, который не страдает недостатками существующих в реальном времени
techniques, is yet to be developed. методы, еще не разработаны. However, with the increase in complexity of Однако, с увеличением сложности
computer systems in general (and CE devices in particular) such a technique would компьютерные системы в целом (и CE устройств, в частности) такой техники будет
be of great benefit to the CE industry as a whole. быть весьма полезным для CE отрасли в целом.
With this in mind, the thesis will examine alternative methods of system analysis and Имея это в виду, диссертации будут рассмотрены альтернативные методы системного анализа и
development which could be employed to improve the reliability of RTES. развития, которые могут быть использованы для повышения надежности ВС РВ. Given the Учитывая
apparent lack of suitable solutions in the software engineering domain, and the ever очевидным отсутствием подходящих решений в области разработки программного обеспечения, и когда-либо
increasing complexity of the systems in question, the research will focus on adaptive Усложнение системы в вопрос, исследования будут сосредоточены на адаптивных
methods of computation, particularly drawing on so‐called “non‐standard” методов расчета, в частности, опираясь на так называемых "нестандартных"
approaches derived from observations of the natural world. подходы, полученные из наблюдений природы.
In particular, the literature survey highlighted the potential for the use of artificial В частности, обзор литературы, подчеркнули потенциал для использования искусственных
immune systems (AIS) in solving the problems associated with RTES development, иммунной системы (АИС) в решении проблем, связанных с развитием ВС РВ,
although it also noted that there were significant issues, particularly with respect to Хотя он также отметил, что существуют значительные проблемы, особенно в отношении
resource usage, which would need to be overcome in order for immune‐inspired использование ресурсов, которые необходимо будет преодолеть для того, чтобы иммунная стиле
techniques to be useful to RTES designers. методов, которые будут полезны для ВС РВ дизайнеров.
10 10
2. 2. Thesis Тезис
2.1. 2.1.
Hypothesis Гипотеза
The thesis will investigate the application of artificial immune systems to the Диссертация будет расследовать применение искусственной иммунной системы
development of real‐time embedded systems, based on the following hypothesis: развитие встроенные системы, основанные на следующую гипотезу:
Artificial immune systems can provide an adaptive, responsive Искусственная иммунная система может обеспечить адаптивные, отзывчивые
method to detect anomalies in real‐time embedded systems метод для обнаружения аномалий в режиме реального времени встроенных систем
The aim behind this hypothesis is to devise an original method for enhancing the Цель за этой гипотезы заключается в разработке оригинального метода для повышения
development of real‐time embedded systems to be employed in non‐safety‐critical развития в режиме реального времени встраиваемых систем на работу в не-безопасности критически важных
situations. ситуациях. The incorporation of anomaly detection into a system as part of the Включение обнаружения аномалий в системе в качестве части
development process allows errors and potential problems to be flagged to the развития процесса позволяет ошибки и потенциальные проблемы, которые необходимо плавают под флагом
developers while the system is tested: these can then be rectified before the system is Разработчики в то время как система испытания: они могут быть устранены до системы
deployed. развернуты.
The principles used for anomaly detection draw their inspiration from the natural Принципы, используемые для обнаружения аномалий обратить свое вдохновение из природных
immune system, specifically those of innate immunity. иммунной системы, особенно тех, врожденного иммунитета. The function of the immune Функции иммунной
system is much debated amongst immunologists, but one theory suggests that the Система активно обсуждаемым среди иммунологов, но одна из теорий предполагает, что
immune system is able to respond to the presence of danger, allowing it to detect and иммунная система в состоянии реагировать на наличие опасности, что позволяет обнаруживать и
eliminate agents which cause that danger. ликвидировать агентов, которые вызывают эту опасность. These principles have been taken as the Эти принципы были приняты в качестве
inspiration for a number of immune‐inspired algorithms, which allow the detection вдохновения для ряда иммунных стиле алгоритмы, которые позволяют обнаруживать
of danger in computer systems. опасности в компьютерных системах.
In order to show this hypothesis to be correct, any proposed solution making use of Для того, чтобы показать эту гипотезу, чтобы быть правильным, любые предлагаемые решения с использованием
AIS in real‐time embedded systems will need to be analysed according to a number АИС в режиме реального времени встроенных систем должны быть проанализированы в соответствии с числом
of criteria, to ensure that it achieves the desired results, and that it is comparable критериев, чтобы обеспечить достижение желаемых результатов, и что она сравнима
with other techniques with similar aims. с другими методами с аналогичными целями.
• Correctness: any proposed solution must be able to successfully identify any • Правильность: любые предлагаемые решения должны быть в состоянии успешно выявлять любые
anomalies present in a RTES – of all the metrics discussed here, the correctness of аномалий в настоящее время ВС РВ - всех метрик, обсуждаемых здесь, правильность
a solution is the most fundamental. решение наиболее фундаментальной. When considering correctness, it is При рассмотрении корректность, это
particularly important to evaluate the solution's overall accuracy, taking into особенно важно для оценки в общую точность решения, принимая во
account not just successful identifications, but also the presence of false positives внимание не только успешного отождествления, но и наличие ложных срабатываний
and false negatives. и ложных негативов. An AIS‐based solution which upholds the hypothesis will АИС-решение на базе которой придерживается гипотезы будет
therefore be able to correctly identify anomalies present in a system. Поэтому быть в состоянии правильно определить аномалии присутствуют в системе.
• Responsiveness: particularly with solutions applied to in‐service systems, it is • Оперативность: в частности с решения, применяемые в обслуживании системы, это
important that the identification of any anomalies present in the system are важно, что выявление любых аномалий настоящее время в системе
identified quickly whenever they occur. определили быстро, когда они происходят. A system which is slow to detect Системы, которая медленно для обнаружения
anomalies is potentially less effective than one which is highly responsive, аномалий потенциально менее эффективны, чем тот, который является высокое быстродействие,
especially at detecting transient anomalies where the period for which the fault is особенно при обнаружении аномалии, где переходный период, за который неисправность
present is shorter than the response time Настоящий короче, чем время отклика
• Flexibility: as a major problem with traditional real‐time development techniques • Гибкость: в качестве главной проблемы с традиционными в режиме реального времени методы развития
is that they are inflexible, an important goal of any improved development является то, что они являются негибкими, важная цель любого улучшения развития
11 11
technique is that it can be applied to a variety of problems with little or no effort техники является то, что он может быть применен к различным проблемам с практически без усилий
on the part of the system designer. со стороны системы дизайнера. This will allow the technique to be used with Это позволит технику для использования с
families of similar products, or in updated versions of products, without the need семей подобных продуктов, или в обновленные версии продуктов, без необходимости
to perform large amounts of time‐consuming analysis for each one. для выполнения большого количества времени анализа для каждого из них.
• Scalability: for a solution to be successfully applied in real‐world systems, it must • Масштабируемость: для решения успешно применяются в системах реального мира, он должен
be capable of being scalable to work with systems of the size and complexity of быть способна масштабируемых для работы с системами от размера и сложности
those being produced today. те, что производятся сегодня. In addition, it should be able to cope with projected Кроме того, она должна быть в состоянии справиться с прогнозируемым
increases in system complexity, making the solution of continued use in the увеличения сложности системы, что делает решение дальнейшего использования в
longer term. долгосрочной перспективе.
• Resource efficiency: the need for a solution to make efficient use of resource is of • эффективность использования ресурсов: необходимость решения для эффективного использования ресурсов имеет
significance when considering systems where resources are limited, as is the case значение при рассмотрении систем, где ресурсы ограничены, как и в случае
with RTES in the consumer electronics domain. с ВС РВ в области потребительской электроники. Any solution intended to be Любое решение предназначено для
integrated into an in‐service RTES must therefore be able to function effectively интегрированы в находящихся в эксплуатации ВС РВ должна быть в состоянии функционировать эффективно
within the available system resources for it to be useful. в пределах имеющихся ресурсов системы для того, чтобы быть полезным.
In analysing the solution against these properties, comparisons will be made against При анализе решения в отношении этих свойств, сравнение будет против
other potential solutions, both immune‐inspired and traditional, allowing the overall других возможных решений, как иммунная стиле и традиционные, что позволяет общего
effectiveness of the new approach to be accurately gauged. Эффективность нового подхода, который будет точно судить.
2.2. 2.2.
Extended abstract Расширенная аннотация
As the adoption of embedded systems has become increasingly widespread, Как принятие встроенных систем становится все более распространенным,
consumer expectations of reliability have risen alongside a significant increase in потребительских ожиданий надежности выросли вместе значительное увеличение
system complexity and increasing marketplace competition. сложность системы и повышения конкуренции на рынке. As a consequence, the Как следствие,
developers of real‐time embedded systems frequently have to contend with a range Разработчики в режиме реального времени встроенных систем часто приходится сталкиваться с целым рядом
of varying requirements which are frequently conflicting. различной требования, которые часто противоречат друг другу.
Existing techniques for producing reliable software are effective but suffer from Существующие методы получения надежного программного обеспечения являются эффективными, но страдают от
being expensive, inflexible and time‐consuming to apply, and frequently are not быть дорогим, негибким и много времени, чтобы применять, и часто не
easily scalable to larger or more complex systems. легко масштабируемых для больших или более сложных систем. These factors make them Эти факторы делают их
unsuitable for use in the often rapid development cycles associated with mass‐ непригодны для использования в часто быстрого развития циклов, связанных с масс-
market embedded devices. рынка встроенных устройств.
There is therefore a need for a development process to allow the rapid production of Существует поэтому необходимость развития процесс, чтобы позволить быстрое производство
reliable software. надежного программного обеспечения. The software engineering discipline has provided solutions, such Инженерные дисциплины программное обеспечение при условии решения, такие,
as reuse and component‐based engineering, which allow software to be developed как повторное использование и компонентной техники, программного обеспечения, которые позволяют разработать
from a predefined “kit” of parts, each of which can be verified individually; however, из предопределенных "комплект" из частей, каждая из которых может быть проверен индивидуально, однако,
these techniques generally concentrate solely on software functionality rather than эти методы как правило, сосредоточены исключительно на функциональности программного обеспечения, а не
on non‐functional properties, and efforts to extend these techniques have so far на не-функциональные свойства, а также усилия, чтобы эти методы до сих пор
proven lacking. доказано не хватает.
In order to produce reliable complex software, we look to concepts derived from Для того, чтобы производить надежный программный комплекс, мы надеемся, что понятия производных от
nature to improve the software development process, by changing the emphasis of природой для улучшения процесса разработки программного обеспечения, путем изменения акцент
reliable software development. Надежная разработка программного обеспечения. Introducing into systems the ability to detect Введение в системы способность обнаруживать
anomalies as they run allows them to be flagged to the system designers for аномалий, как они бегут позволяет им быть помечены для разработчиков систем для
rectification, without the need for formal proof. ректификации, без необходимости формального доказательства. Drawing on observations of the Опираясь на наблюдения
12 12
natural immune system, this thesis proposes the use of immune‐inspired techniques природных иммунной системы, этот тезис предлагает использовать иммунной стиле методы
to incorporate anomaly‐detection mechanisms into a system, therefore allowing the включить аномалия обнаружения механизмов в системе, поэтому позволяет
system to identify potential problems during its development process, and системы для выявления потенциальных проблем в ходе его разработки процесса, и
continuing once it is placed into service. продолжается после его ввода в эксплуатацию.
As part of the work, the issues surrounding the incorporation of immune‐inspired В рамках работы, вопросы, касающиеся включения иммунной стиле
techniques into embedded systems are examined in detail, with consideration being методы в встраиваемых системах рассматриваются в деталях, с учетом время
given to the optimisation of the immune algorithm for maximum effectiveness, уделено оптимизации иммунной алгоритм для достижения максимальной эффективности,
whilst still providing flexibility. пока все еще обеспечивает гибкость. Given the intended application domain, significant Учитывая предназначен домен приложения, значительное
attention is paid to ensuring that the immune‐inspired technique is able to function внимание уделяется обеспечению того, чтобы иммунная-вдохновили техника в состоянии функционировать
satisfactorily in a constrained environment, by establishing the level of system удовлетворительно в ограниченной среде, путем установления уровня системы
resources required. ресурсов.
The work makes contributions to the RTS community by proposing an original Работа вносит вклад в сообщество RTS, предлагая оригинальные
method of software development for real‐time embedded systems, which enables the метод разработки программного обеспечения в режиме реального времени встроенных систем, что позволяет
production of reliable software without the need for the formal analysis procedures производство надежного программного обеспечения без необходимости формальных процедур анализа
normally needed. Обычно требуется. The enhancements made to the immune algorithms used also Усовершенствования, внесенные в иммунной алгоритмов, используемых также
benefit the AIS community, as well as the application of AIS techniques in a domain выгоды АИС сообщества, а также применения АИС методы в области
where they have not previously been utilised. , где они ранее не были использованы.
13 13
3. 3. Progress Прогресс
The literature survey highlighted the possibility of using immune‐inspired Обзор литературы, подчеркнул возможность использования иммунной стиле
techniques to provide a solution to the problem of anomalies in RTES. технику для обеспечения решения проблемы аномалий в ВС РВ. Further Далее
reading and discussions with members of the AIS community has emphasised the чтения и обсуждения с членами сообщества АИС подчеркнул
potential of an emerging class of techniques based on concepts derived from innate потенциал нового класса методов, основанных на концепции производным от врожденных
immunity. иммунитет. By not involving a full adaptive immune system, systems inspired by По не связанных с полной адаптивной иммунной системы, системы вдохновлен
innate immune principles are more suited to use in resource‐constrained врожденного иммунитета принципы больше подходят для использования в условиях ограниченных ресурсов
environments, such as those found in embedded systems. средах, таких как те, что во встраиваемых системах. One suggested application Один из них предложил приложения
of an innate AIS provides anomaly detection in autonomous robots [Neal et al. из врожденной АИС обеспечивает обнаружение аномалий в автономных роботов [Нил и др.. 2006]. 2006].
Initial research into innate immune‐inspired concepts highlighted the potential of the Первоначальные исследования врожденной иммунной стиле концепций, выдвинутых потенциал
Dendritic Cell Algorithm (DCA). Дендритные Алгоритм Cell (DCA). This has been recently developed following Это было недавно разработали следующие
extensive in vivo observations of a specific type of antigen‐presenting cell, and is обширной в естественных условиях наблюдения определенного типа антиген-представляющих ячейки, и
modelled on the observed characteristics of these cells [Greensmith et al. по образцу наблюдаемые характеристики этих клеток [и др. Гринсмит. 2005]. 2005]. The
DCA has been used to solve anomaly‐detection problems with good results: by the АКН была использована для решения аномалия обнаружения проблемы с хорошими результатами: по
developers in an intrusion detection system [Greensmith et al. Разработчики в системы обнаружения вторжений [и др. Гринсмит. 2006]; and also for the 2006], а также для
detection of danger in sensor networks [Kim et al. обнаружения опасности в сенсорных сетей [и др. Ким. 2006]. 2006]. The DCA, therefore, DCA, следовательно,
appears to be a good starting point on which to base an anomaly‐detecting innate представляется хорошей отправной точкой, на основе которой аномалий выявления врожденных
AIS in RTES. АИС в ВС РВ.
In looking to apply the DCA to RTES problems, a number of deficiencies with the В поисках применять DCA в ВС РВ проблемы, число недостатков, связанных с
DCA have been identified. АКН выявлено не было. In particular, due to the DCA being based observations of В частности, в связи с DCA основываясь наблюдения
antigen‐presenting cells in vivo , the initial applications of the algorithm have made антиген-представляющих клеток в естественных условиях, начальная применения алгоритма сделали
use of certain aspects of these observations which are not necessarily relevant to the использование определенных аспектов этих наблюдений, которые не обязательно имеющих отношение к
problems to which the DCA is being applied. проблемы, к которым DCA применяется. Making assumptions in this way can Делать предположения таким образом можно
lead to a bias being induced in the algorithm, which may cause its operation to be привести к смещения, вынуждающие в алгоритм, который может привести к его операцию, которая будет
inconsistent or incorrect. несовместимыми или неверными.
Therefore, this work has investigated whether it is possible for the DCA parameters Таким образом, эта работа проверить, действительно ли это возможно для параметров DCA
to be determined by an evolutionary process. , который будет определен эволюционный процесс. By evolving the parameters, they По развивается параметров, они
become set at values which are appropriate for the problem being solved, so стать установлен на уровне значений, которые используются для решаемой задачи, так
removing any bias towards specific solutions which might be created by using удаления какой-либо предвзятости по отношению к конкретным решениям, которые могут быть созданы с помощью
potentially incorrect values derived from observations. потенциально неправильные значения, полученные из наблюдений. Consequently, the work Следовательно, работа
makes contributions to both the AIS and RTS communities. делает вклад как в АИС и РТС общин.
Progress has been made by developing a task scheduling simulator, on top of which Прогресс был достигнут путем разработки планирования симулятор задачи, на вершине которой
an AIS based on the DCA has been implemented. АИС на основе АКН был реализован. The implementation has been Реализации был
structured in a way that should make it straightforward to incorporate different структурирована таким образом, что должно сделать ее простой, чтобы включить различные
evolutionary strategies to modify the DCA's parameters, therefore allowing them to эволюционных стратегий для изменения параметров в АКН, поэтому позволяет им
be compared against each other quickly and simply. можно сравнить друг с другом быстро и просто.
A paper has recently been written detailing the application of the DCA to RTES, and Бумаги в последнее время было написано подробно применение DCA в ВС РВ, и
has been submitted to the 2007 Congress on Evolutionary Computation (CEC) for был представлен в 2007 году конгресс по эволюционные вычисления (ЦИК) для
publication. публикации. A copy of the paper is attached to this document. Копия документ прилагается к настоящему документу.
15 15
4. 4. Plans Планы
It is envisaged that the thesis will comprise the following sections: Предполагается, что тезис будет состоять из следующих разделов:
• •
Introduction Введение
• •
Literature review Обзор литературы
• •
Application of AIS to RTES Применение АИС в ВС РВ
• •
Evolution of AIS properties Эволюция АИС свойства
• •
Scalability and robustness Масштабируемость и надежность
• •
Resource issues Ресурс вопросы
• •
Summary of results Обзор результатов
• •
Conclusions Выводы
The literature review will examine the current state of the art in real‐time embedded Обзор литературы будет рассмотрено состояние дел в режиме реального времени встроенных
systems development and highlight some of the problems which occur that are разработка систем и выделить некоторые из проблем, которые возникают, которые
difficult to solve with established techniques. трудно решить с установленными методами. In addition, it will examine Кроме того, будут рассмотрены
developments in the field of artificial immune systems, particularly with respect to разработки в области искусственных иммунных систем, особенно в отношении
applications of AIS in solving anomaly detection problems. применения АИС в решении задач обнаружения аномалий.
The third chapter will describe the application of AIS to the classes of problems В третьей главе будут описаны применения АИС для классов задач
frequently encountered during RTES development. часто встречающихся в процессе разработки ВС РВ. This will include a discussion of Это будет включать обсуждение
the immune principles chosen and the rationale behind the decisions made. иммунной принципы выбрали и обоснование принятых решений. Specific Конкретные
details of the mapping between RTES components and the structures of the Подробная информация о отображение между ВС РВ компонентов и структур
implemented AIS will be examined. осуществляется АИС будет рассмотрен. This work benefits both the real‐time systems Эта работа приносит пользу и систем реального времени
community, by providing an original method by which the reliability of real‐time сообщества, путем предоставления оригинального метода, которым надежности в режиме реального времени
embedded software can be improved, and also the AIS community, by establishing a встроенного программного обеспечения могут быть улучшены, а также АИС сообщества, путем создания
new application domain for AIS techniques. новый домен приложения для АИС методы.
Following on from the application of AIS to RTES, the work will concentrate on Исходя из применения АИС для ВС РВ, работа будет сосредоточена на
improving the effectiveness of the AIS by using evolutionary techniques to optimise повышение эффективности АИС с помощью эволюционных методов с целью оптимизации
the parameters of the immune algorithms. параметров иммунной алгоритмов. This will form the bulk of the original Это сформирует часть оригинальной
work in the thesis, as current applications of artificial immune systems rely on the работы в диссертации, как текущие применения искусственной иммунной системы опираются на
parameters being chosen by the designers, leading to an induced bias in the параметры выбираются дизайнеров, что приводит к индуцированной смещения в
operation of these systems. эксплуатации этих систем. Assuming the use of the DCA as the primary immune Предполагая использование DCA как первичный иммунный
algorithm, research will be conducted into the evolution of a variety of DC Алгоритм, исследования будут проводиться в эволюции различных DC
properties, including the internal signal weightings and thresholds. свойствами, в том числе внутренних весов сигнала и пороги.
The aim of the work at this point is to examine how the evolutionary strategy Целью работы на данном этапе заключается в изучении как эволюционная стратегия
adopted affects the output of the AIS, particularly in this case with regards to any принятые влияет на выход из АИС, в частности в этом случае в отношении любого
change in the system's ability to detect anomalies. изменения в системе способность обнаруживать аномалии. Of particular concern here will be Особую озабоченность здесь будет
the properties of the fitness function used to guide the evolutionary process, and the свойства фитнес-функция, используемая для руководства эволюционный процесс, и
effects of different fitness functions on the overall operation of the AIS will be влияние различных функций фитнес общее функционирование АИС будет
discussed. обсуждается. In a wider context, the work will examine the effectiveness of the DCA В более широком контексте, работы будут рассмотрены эффективности DCA
compared with other immune algorithms, and also with other more traditional по сравнению с другими иммунной алгоритмов, а также с другими более традиционными
anomaly detection methods, based on the level of accuracy achieved for anomaly аномалия методы обнаружения, в зависимости от уровня точности достигается при аномалии
detection. обнаружения.
17 17
The next section of work will concern the flexibility of the AIS‐based solution, to В следующем разделе работы будут касаться гибкости АИС-решение, основанное на
verify that the solution can be directly incorporated into a number of different проверить, что решение может быть непосредственно включены в различные
problem situations and provide a good solution with little modification. проблемных ситуаций и обеспечить хорошее решение с незначительными изменениями. This is an Это
important factor in the solution being useful to the designers of RTES, as current real‐ Важным фактором в решении быть полезным для дизайнеров ВС РВ, как текущие реального
time techniques are inflexible. время методы негибкой. This section of work will look to expand the scope of Этот раздел работы будет выглядеть расширить сферу
the scenarios to be solved by the AIS. сценарии, которые будут решены АИС.
In the context of task scheduling, the ability to cope with different scheduling В контексте планирования задач, способность справляться с различными планирования
strategies and larger task sets will be investigated, and further to this, tasks with стратегий и больших наборов задача будет проведено расследование, и в дополнение к этому, задачи с
irregular release patterns (sporadic and aperiodic tasks) will be incorporated into the нерегулярной выпуска (спорадическое и апериодических задач) будут включены в
test scenarios. тестовых сценариев. The ability of the AIS to detect anomalies in these more complex Способность АИС для обнаружения аномалий в этих более сложных
systems will then be evaluated. системы будет оценен.
As this work is being carried out with particular reference to the consumer Как эта работа ведется с особым акцентом на потребителя
electronics domain, a significant part of this work will consider the implications of Электроника области, значительная часть этой работы будет рассмотреть вопрос о последствиях
deploying AIS‐derived techniques in a resource‐constrained environment typical of развертывания АИС полученных методами в ограниченных ресурсов среды типичные
those found in CE devices. , которые содержатся в устройства CE. In order to establish the minimum level of resources Для того чтобы установить минимальный уровень ресурсов
required by the DCA, the work will look at how constraining various parameters, требуется АКН, работа будет выглядеть, как сдерживающие различных параметров,
such as the DC population size, affects the DCA's ability to detect anomalies таких, как численность населения, округ Колумбия, влияет DCA способность обнаруживать аномалии
successfully, with a view to establishing a correlation between the complexity of the успешно, с целью установления взаимосвязи между сложностью
problem system and the resources required to successfully detect anomalies in it. Система проблемы и ресурсы, необходимые для успешного обнаружения аномалий в нем. In В
addition to this, work will be done to compare the resource requirements of the DCA Кроме того, работа будет сделана, чтобы сравнить потребности в ресурсах DCA
against those of other immune‐inspired solutions. против тех, других иммунных-вдохновил решений.
The conclusion of the thesis will evaluate the final DCA‐based solution against the Заключении диссертации будет оценивать окончательный DCA-решение на базе против
requirements set out in section 2 .1, to determine the degree to which it satisfies the требованиям, изложенным в разделе 2 .1, чтобы определить степень, в которой он удовлетворяет hypothesis. гипотезы.
The work detailed by the thesis will be of relevance to both the RTS and AIS Работы с разбивкой по тезис будет отношение как к РТС и АИС
communities. общин. In particular: the provision of an original method to enhance the В частности: предоставление оригинальный способ повышения
development of real‐time embedded software will benefit the RTS community, while развития в режиме реального времени встроенного программного обеспечения принесет пользу сообществу РТС, в то время как
simultaneously providing a new application area for immune‐inspired techniques. одновременно обеспечивая новые области применения для иммунной стиле методов.
The modifications made to the DCA will be of interest to the wider AIS community,. Изменения, внесенные в DCA будет представлять интерес для более широкого сообщества АИС.
18 18
5. 5. Timetable Расписание
• Tidy up loose ends, identify and fix bugs in initial DCA/RTES implementation: 2 • Убирать свободные концы, выявить и исправить ошибки в начальной АКН / осуществления ВС РВ: 2
weeks недель
• Investigate effect of guided evolution on DCA operation. • Изучение влияния руководствоваться эволюции на операции АКН. Compare and evaluate Сравнивать и оценивать
different evolutionary strategies and establish most effective approach. различные эволюционные стратегии и созданию наиболее эффективный подход. Selection Выбор
and evaluation of fitness function: 4 months и оценки целевой функции: 4 месяца
• Evaluate flexibility and robustness of solution by checking with a variety of • Оцените гибкость и надежность решения, проверяя с различными
different scenarios. различных сценариев. Check with alternative scheduling models and incorporating Проверьте с альтернативными моделями планирования и включение
tasks with more complex release patterns. 3‐4 months задачи с более сложных моделей выпуска. 3-4 месяцев
• Conduct investigations into minimum resource requirements for DCA. • Проведение исследований в минимальные потребности в ресурсах для DCA.
Comparisons with other techniques, both AIS‐based and traditional. Сравнения с другими методами, как АИС-и традиционных. Investigate Расследовать
scalability of DCA solution to larger problems. масштабируемость решения DCA к большим проблемам. Establish correlation between Создание корреляция между
problem complexity and resource requirements. 4 months Сложность проблемы и потребности в ресурсах. 4 месяца
• Write up: 6 months • Создать "за": 6 месяцев
19 19
6. 6. References Список литературы
Batory, D. and OʹMalley, S. (1992). Батория, Д. и Омалли, С. (1992). The design and implementation of hierarchical Разработка и внедрение иерархической
software systems with reusable components. ACM Trans. программных систем с многократно используемых компонентов. ACM Транс. Softw. Softw. Eng. Рус. Methodol. 1 (4): Методологию). 1 (4:
355‐398. 355-398.
Bondarev, E., Muskens, J., de With, P., Chaudron, M. and Lukkien, J. (2004). Бондарев, Е., Muskens Дж. де С, П., Chaudron, М. и Lukkien, J. (2004).
Predicting real‐time properties of component assemblies: A scenario‐simulation Прогнозирование в реальном времени свойств компонента сборки: сценарий-моделирования
approach. 30th Euromicro Conference : 40‐47, IEEE. подхода:. тридцатых Euromicro конференции 40-47, IEEE.
Bouyssounouse, B. and Sifakis, J. (2005). Embedded systems design: The artist roadmap Bouyssounouse, Б. и Сифакис, J. (2005). Встроенные системы дизайн художника план
for research and development , Springer‐Verlag. научных исследований и разработок, Springer-Verlag.
Burns, A. and Wellings, A. (2001). Real‐time systems and programming languages , 3rd Бернс, А. и Веллингс, А. (2001). Системы реального времени и языки программирования, 3-й
edition, Pearson Education. издание, Pearson Education.
Dijkstra, E. W. (1969). Дейкстра, Е. В. (1969). Structured programming. Working Conference on Software Структурное программирование. Рабочая конференция по программному обеспечению
Engineering , NATO Science Committee. Инженерная, Научный комитет НАТО.
Dijkstra, E. W. (1972). Дейкстра, Е. В. (1972). Notes on structured programming. Structured programming . Заметки о структурного программирования. Структурное программирование. O.‐ О. -
J. Dahl, E. W. Dijkstra and C. A. R. Hoare. Дж. Даль, Э. В. Дейкстра и С. А. Р. Хоара. Academic Press. М.: Мир.
Garlan, D. and Shaw, M. (1993). Гарлан, Д. и Шоу, М. (1993). An introduction to software architecture. Advances in Введение в архитектуру программного обеспечения. Достижения в области
software engineering and knowledge engineering . разработки программного обеспечения и инженерных знаний. G. Tortora. Г. Тортора. World Scientific Publishing Всемирный Научные издания
Company. Компании.
Gibbs, W. W. (1994). Гиббс, У. У. (1994). Trends in computing: Software's chronic crisis. Scientific Тенденции в вычислительных: кризис. Хронические Software Научно
American 271 (3): 86. Американский 271 (3): 86.
Graaf, B., Lormans, M. and Toetenel, H. (2003). Граф, Б., Lormans, М. и Toetenel, Х. (2003). Embedded software engineering: The Встроенное программное обеспечение техники:
state of the practice. IEEE Software 20 (6): 61‐69. состояние практике. IEEE Software 20 (6) 61-69.
Greensmith, J., Aickelin, U. and Cayzer, S. (2005). Гринсмит Дж. Aickelin, У. и Cayzer, С. (2005). Introducing dendritic cells as a Представляя дендритные клетки как
novel immune‐inspired algorithm for anomaly detection. ICARIS 2005 : LNCS3627 : Роман иммунной стиле алгоритм для обнаружения аномалий. ICARIS 2005 LNCS3627:
153‐167, Springer‐Verlag. 153-167, Springer-Verlag.
Greensmith, J., Aickelin, U. and Twycross, J. (2006). Гринсмит Дж. Aickelin, У. и Туайкросс, J. (2006). Articulation and clarification of Формулирование и уточнение
the dendritic cell algorithm. ICARIS 2006 : LNCS4163 : 404‐417, Springer‐Verlag. дендритные клетки. алгоритм ICARIS 2006: LNCS4163: 404-417, Springer-Verlag.
Kim, J., Bentley, P., Wallenta, C., Ahmed, M. and Hailes, S. (2006). Ким, Д., Бентли, П., Wallenta, С. Ахмед, М. и Хейлс, С. (2006). Danger is Опасность
ubiquitous: Detecting malicious activities in sensor networks using the dendritic cell вездесущие: Обнаружение вредоносной деятельности в датчик сетей с использованием дендритных клеток
algorithm. ICARIS 2006 : LNCS4163 : 390‐403, Springer‐Verlag. Алгоритм:. ICARIS 2006 LNCS4163: 390-403, Springer-Verlag.
Neal, M., Feyereisl, J., Rascunà, R. and Wang, X. (2006). Нил, М., Feyereisl Дж. Rascunà Р., Ван, Х. (2006). Donʹt touch me, iʹm fine: Dont Touch мне, им хорошо:
Robot autonomy using an artificial innate immune system. ICARIS 2006 : LNCS4163 : Робот автономии использованием искусственной иммунной системы. ICARIS 2006 LNCS4163:
349‐361, Springer‐Verlag. 349-361, Springer-Verlag.
21 21
Parnas, D. L. (1972). Парнас, Д. Л. (1972). On the criteria to be used in decomposing systems into modules. О критерии, используемые при разложении системы на модули.
Commun. Commun. ACM 15 (12): 1053‐1058. ACM 15 (12): 1053-1058.
Russell, J. T. and Jacome, M. F. (2003). Расселл, Дж. Т. и Хакоме, М. Ф. (2003). Architecture‐level performance evaluation of Архитектура уровня оценки эффективности
component‐based embedded systems. 2003 Design Automation Conference : 396‐401, компонентной встроенных систем:. 2003 Дизайн автоматизации конференции 396-401,
ACM Press. ACM Press.
Vahid, F. and Givargis, T. D. (2002). Embedded system design: A unified Вахид, Ф. и Givargis, TD (2002):. Встроенные системы дизайн единой
hardware/software introduction , Wiley. аппаратно-программных введения, Wiley.
van Ommering, R. (1998). Ван Ommering, Р. (1998). Koala, a component model for consumer electronics Коала, компонентной модели для бытовой электроники
product software. 2nd International ESPRIT ARES Workshop on Development and программного продукта. 2-я Международная ESPRIT ARES семинар по вопросам развития и
Evolution of Software Architectures for Product Families : LNCS1429 : 76‐86, Springer‐ Эволюция архитектуры программного обеспечения для семейств продуктов: LNCS1429: 76-86, Springer-
Verlag. Verlag.
van Ommering, R. (2003). Ван Ommering, Р. (2003). Configuration management in component based product Управление конфигурацией в компонент продукта на основе
populations. 10th International Workshop on Software Configuration Management (SCM‐ населения. десятый международный семинар по Software Configuration Management (SCM-
10) : LNCS2649 : 16‐23. 10): LNCS2649: 16-23.
van Ommering, R., van der Linden, F., Kramer, J. and Magee, J. (2000). Ван Ommering, Р. ван дер Линден, Ф. Крамер, Дж. и Маги, J. (2000). The koala Коала
component model for consumer electronics software. IEEE Computer 33 (3): 78‐85. компонентной модели для электроники программное обеспечение потребителей:. IEEE Computer 33 (3) 78-85.
22 22
Applying Artificial Immune Systems to Real-Time Embedded Применение искусственных иммунных систем в режиме реального времени Встроенные
Systems Системы
Nicholas Lay, Iain Bate Николай Лай, Иэн Батэ
Department of Computer Science, University of York, UK Факультет компьютерных наук, Университет Йорка, Великобритания
e-mail: {nlay, ijb}@cs.york.ac.uk электронная почта: {nlay, ijb} @ cs.york.ac.uk
Abstract —Real-time systems are becoming more complex at Аннотация-Системы реального времени становятся все более сложными в
the same time as the expectation of adaptability and то же время, как ожидание адаптации и
dependability rises. надежность возрастает. Traditional methods for ensuring no faults Традиционные методы обеспечения не неисправностей
in the design or identifying their source are labour intensive
and overly restrictive. In this paper we explore how concepts of
AIS can be applied to RTS to aid their design and maintenance.
Contributions are made to both the AIS and RTS communities.
I. I I. Я
NTRODUCTION ВЕДЕНИЕ
A. Real-time systems
In the field of systems engineering, systems are often
considered to possess so-called “real-time” requirements. In В
these systems, the correctness of an operation depends not
just on the result of the computation, but also on the time at
which that result is produced [1].
Real-time systems are traditionally associated with safety-
critical or high-integrity applications, where incorrect
behaviour cannot be tolerated as it may result in catastrophic
consequences. последствия. In addition, a large number of systems exist
where real-time properties are desirable, although the failure
to meet these will not have the same severe consequences. A
system can be considered to be “hard” real-time if it is
imperative that all real-time constraints are met. So-called
“soft” real-time systems are ones where ideally real-time
requirements should be met, but where the occasional failure
can be tolerated. Most systems contain a mixture of “hard”
and “soft” tasks.
The properties of real-time systems and the various
complexities with their development has been the subject of
active research over many years and consequently they are
relatively well understood, with a wide range of specialist
development and analysis tools available. In the safety-
critical domain, software must frequently be analysed and
verified to ensure that it is correct and that it meets its timing
requirements [2]. However, these techniques are time-
consuming and often require specialist knowledge:
consequently, the development of reliable real-time software
is too expensive for anything except safety or security-
critical projects. In addition, many of the techniques used are
based on worst-case circumstances and are therefore
pessimistic: this leads to an under-utilisation of the system
resources in a majority of cases.
B. Embedded systems
The adoption of computer systems has increased
dramatically throughout the last few decades. In particular, В частности,
classical computer systems are now significantly
outnumbered by embedded computer systems, that is,
computers which are encapsulated inside another device.
Although there are a number of new devices which make
extensive use of embedded systems, such as mobile
telephones, frequently embedded computer systems are
employed as a replacement for discrete control logic or
custom control circuits. Particular domains in which
embedded systems are frequently found include automobiles
and consumer electronics devices [3]. It is widely Он широко
anticipated that the market for these embedded computer
systems will increase exponentially over the next ten years
[4]. [4].
There are a number of factors which are specific to the
development of embedded systems, particularly those which
are to be utilised in mass-market products. Most significant
is the need to keep the manufacturing costs down: where a
system may be included in hundreds of thousands (or even
millions) of units, a small saving on the cost of each unit
combines to produce a considerable overall saving [5]. It is Это
important to consider the costs associated with developing
the product, as these must be recovered through sales of the
final product. конечного продукта. In a competitive marketplace, it is crucial that
a product enters the market at the correct time: if it is late, it
may lose sales to rival products. It is also important that the Важно также, что
product is reliable and contains features appropriate for its
class. класса.
With the general increase in complexity in computer
systems, many embedded systems have started to include
components with real-time properties, effectively creating a
new class of “Real-Time Embedded Systems”. In some В некоторых
cases, such as in automobiles, these systems are safety-
critical, and are generally engineered using real-time
systems techniques. Typically, the automotive industry
makes use of a standardised range of components from a
few specialised suppliers, in order to reduce development
costs. расходов. Safety-critical components are generally isolated from
non-essential ones, to ensure that their operation is not
affected by the failure or malfunctioning of non-essential
systems [3].
Systems with definite real-time properties are being
increasingly utilised in the consumer electronics domain.
These systems are clearly not safety-critical, and
consequently it is not economically feasible to engineer
them using real-time analysis techniques; however the
system must still be engineered with regard to its real-time
properties, as inability to meet these may still cause
problems. проблемы. These may range from small issues, such a
perception of unresponsiveness or “lag” having a negative
effect on usability, through to more severe issues such as
complete failure of the system. These conflicting design
criteria result in the need for trade-offs during the design and
implementation of embedded systems [6].
This is particularly true for digital broadcasting platforms,
which transmit digitally-encoded audio and video signals. A
digital receiver must be able to decode the incoming signal,
separate it into audio and video streams, and these must then
be decompressed.
C. Why AIS?
The use of RTES in consumer electronics devices leads to
a significant conflict during the design process. There is a Существует
need for the device to achieve a high level of reliability and
therefore for it to meet all its real-time requirements, but at
the same time, market forces dictate that the development
must be both fast and cheap, to ensure the product reaches
the market on time and to maximise profitability. As well as А также
being expensive and time-consuming, current real-time
development techniques are inflexible, and do not readily
support changes during the development process. This Это
makes them unsuitable for use in the majority of CE
development. развития.
AIS has been successfully applied to a wide variety of
anomaly detection problems [7], and our work examines the
potential for AIS to be used for anomaly detection in
systems which have both real-time and embedded
characteristics, which will afford greater flexibility during
the design process. Incorporating AIS will give a system the
ability to detect anomalies within itself, and should allow
systems to attain greater levels of reliability without the need
for costly and inflexible analysis procedures. This increased
flexibility should reduce the complexity and cost of the
overall development.
D. Contributions and structure
As well as providing a real-world application for AIS-
based methods, the incorporation of AIS into embedded
systems poses some interesting research problems,
particularly those related to minimising resource usage in a
constrained resource environment.
In this paper we specifically show how AIS can be
applied to detect the possibility of deadline overruns by
learning the characteristics of executing software. To Для
minimise run-time constraints, we take motivation from
innate immunology, and hence we make use of the Dendritic
Cell Algorithm (DCA). The main contributions of this paper
are the mapping of a real-time problem onto an AIS solution
in a way which minimises resource usage, and showing how
the DCA can be evolved to allow it to adapt itself to the
properties of the problem, rather than using properties
derived from the observations of living DCs in vivo .
The remainder of the paper is structured as follows:
section I I examines some of the characteristics associated
with RTES, and considers the types of anomalies which can
occur and the methods by which they can be detected;
section II I examines the potential for AIS techniques to be
applied in RTES and highlights the problems which must be
overcome for an application to be successful; section IV discusses our implementation of an AIS for anomaly
detection in RTES; finally section V gives our conclusions
and outlines some directions for future work.
II. II. R R
EAL EAL
- -
TIME EMBEDDED SYSTEMS
Our work is concerned with systems which exhibit
properties traditionally associated with real-time systems,
and also specific properties normally associated with
embedded systems development.
A. Characteristics of Real-Time Embedded Systems
The overall operation of a RTES can be thought of as a
series of tasks, each of which is responsible for a subset of
the system's total functionality. Each of these tasks has a
number of properties, which can be combined to form a
profile for each task. A typical RTES will contain a set of
tasks with a variety of different properties.
The most significant property of any task concerns its
temporal behaviour. Some tasks are periodic: they execute
repeatedly with a fixed period. Others have no fixed
repetition period, and so are classed as aperiodic or sporadic.
If the system has multiple modes of operation, it is possible
that a particular task might be periodic in one mode, but
aperiodic in another.
The majority of other properties relating to a task revolve
around that task's execution time. It is rare that a task will
execute for the same amount of time every execution cycle:
rather, the execution time will vary depending on the data to
be processed or the presence/absence of external signals.
Consequently, a task's execution time can be considered to
fall between two values: a minimum “best-case” execution
time (BCET) and a maximum “worst-case” execution time
(WCET). The utilisation of a task can be calculated using
these values and the task's period.
Another important property of a real-time task is the
task's deadline. This is the point in time where the task must
have finished its execution in order for the system to meet its
real-time constraints. реального времени. Typically, any system which employs
multi-tasking will incorporate a scheduler, which is
responsible for allocating processor time to each task in the
system. системы. In a real-time system, the scheduler must allocate
sufficient processor time to each task to allow it to complete
before the task reaches its deadline.
1) Similarities to job-shop scheduling
At first glance, the problem of scheduling tasks in a real-
time system looks similar to job-shop scheduling, to which
AIS techniques have been applied with good results [8], [9].
However, there are some significant differences between
job-shop scheduling and task scheduling. Job-shop
scheduling typically involves a scenario with multiple jobs
and multiple machines, where jobs must be processed on a
sequence of machines in a specific order. Task scheduling
typically only requires that each job be processed on a single
processor, although in more complex situations, tasks may
require access to specific resources as a part of their
execution which may introduce further constraints.
An important differentiation is that job-shop schedules are
finite: once a job is completed, it remains completed, and
eventually the point will be reached where every possible
job is completed. Task scheduling, conversely, has to deal
with repeating periodic tasks, and can therefore be
considered to run infinitely. The occurrence in sporadic
tasks, and the fact that tasks often experience variable
execution times on each execution, result in the overall
scheduling scheme being largely unpredictable in advance.
2) Problems with typical analysis techniques
Traditional analysis techniques used during the
development of real-time systems frequently make use of
worst-case values when execution times or utilisations are
required in calculations. In systems where reliability is
frequently the most important consideration, a system which
meets all its deadlines in a worst-case scenario should never
suffer from a deadline overrun in normal operation.
There are several issues with traditional real-time analysis
techniques. методы. To fully analyse a real-time system requires
significant amounts of time and specialist knowledge, and
consequently is also financially expensive. The costs of Расходы
undertaking this analysis increase the overall engineering
costs of the system, which must be earned back through
sales income.
There are also practical difficulties in obtaining accurate
information which can be used in the analysis of systems.
For scheduling analysis, it is necessary to obtain accurate
values for each task's WCET: this can be achieved through
either analysis or measurement. Determination of WCET by
analysis requires detailed knowledge of the hardware on
which the task will be run, and frequently gives pessimistic
results as it is difficult to analyse the effects of caches and
out-of-order execution strategies on the WCET of a
particular task [10].
Measurement-based techniques rely on repeatedly timing
the execution of a specific task and recording the longest
observed execution time. Although this is frequently simpler
than detailed analysis, there is no guarantee that the worst-
case execution time has actually been observed during the
measurement process, requiring a safety margin to be added
on top of the observed worst-case time [11].
WCET values derived from both analysis and
measurement are specific to the hardware and software
analysed, and therefore are rendered irrelevant if either the
software or underlying hardware are changed after the
analysis has been performed. The result of this is that an
independent analysis must be carried out for each different
version of a system – knowledge cannot be transferred from
one version of a product to the next.
The use of WCET values in the analysis of real-time
systems frequently leads to under-utilisation of the available
hardware [10]. This is because to ensure reliability a system
must be able to cope with all tasks running to their worst
case completion times 100% of the time, even though in
practice it is likely that those tasks will complete with time
to spare in most instances. Clearly in safety-critical systems,
where reliability is considered to be more important than
cost, overspecification of processing can be built into the
cost; however this cannot be afforded in situations where the
unit cost must be kept as low as possible.
3) Anomalies and Anomaly Detection
Problems encountered during the development and
operation of RTES can cause the system to suffer from a
variety of anomalies. There are a number of different Есть целый ряд различных
anomalies but their effects are similar, normally causing
partial or even total non-responsiveness.
a) а)
Deadline overruns
Deadline overruns occur when one of a system's
constituent tasks fails to complete before its deadline. This Это
may cause problems such as poor response times, or errors
in certain operations. It is possible for an overrun in one task
to induce further overruns in other parts of the system,
potentially leading to a worsening cycle of overruns which
may result in total system failure if left unchecked.
There exist techniques to analyse the schedulability of
tasks in a system at the design stage, which can be used to
determine whether any overruns will occur in a given task
set (eg [12], [13]). Unfortunately, these techniques are
limited in their scope: for instance, it is straightforward to
analyse a purely periodic task set, but much more difficult to
analyse a system containing sporadic or aperiodic tasks. This Это
is simply because it is not possible to determine the
frequency at which a sporadic or aperiodic task is executed.
Most techniques represent a sporadic task as a periodic one,
with a period equal to the sporadic's minimum inter-arrival
time: this is guaranteed to be safe, but is unlikely to be
representative of the task's true behaviour and is likely to
cause the analysis to be pessimistic. As with most analysis
techniques, the results are specific to the particular task set
being analysed, and are not valid if even a small change is
made to either the system hardware or software. This Это
limitation also causes a priori analysis to be impossible on
systems which allow the user to make alterations or
additions to the system's software.
b) б)
Bandwidth bottlenecks
Bandwidth bottlenecks occur when multiple devices
attempt to transfer data across a shared bus simultaneously.
This can lead to parts of the system either being starved of
data, or being unable to write data onto the bus, both cases
resulting in that part of the system being unable to continue
processing. обработки.
The presence of bandwidth bottlenecks is becoming an
increasing problem as the computational power of systems
grows [14]. In particular, data transfer capacity has been
observed to grow more slowly than processing capacity,
leading to an increase in the likelihood of data starvation. In В
addition, the latest generation of microprocessors now
feature multiple processing cores in a single package. These Эти
processors often make use of high-speed interconnections to
transfer data between cores, but any external data transfer
must be through a shared bus, which in most cases is
relatively slow.
There are various strategies for dealing with bandwidth
bottleneck issues, the most widespread being caching, where
blocks of data are pre-emptively loaded into a small amount
of high speed on-chip memory to increase the processing
performance. производительность. A cache controller can be employed to transfer
data into and out of the cache at times when the main data
bus is available. Although caching helps reduce instances of
bottlenecks, it cannot eliminate them entirely
c) с)
Deadlock/Livelock
Where a system's tasks require access to external
resources, it is possible that two tasks may require access to
the same resource simultaneously. In most situations, a
priority assignment system is used to allocate resources,
however problems can arise when different tasks require a
combination of resources. If, for example, task 1 holds
resource X and also requires resource Y to complete, and
simultaneously task 2 holds resource Y and requires
resource X to complete, then each task will be forced to wait
for the resource held by the other to become free. Neither Ни
task is able to progress: this is known as deadlock [1].
There are two main methods by which deadlock problems
can be solved. может быть решена. Deadlock detection relies on monitoring a
system for deadlocks, and aborting one or more tasks when a
deadlock is detected to allow the remaining tasks to continue
with their execution. Deadlock avoidance makes use of
analysis and specific programming techniques to prevent a
system from ever entering a deadlock situation [1].
Generally, deadlock detection/avoidance strategies have
similar characteristics to other real-time development
techniques that make them unsuitable for use in real-time
embedded systems. встраиваемых систем. Deadline detection based schemes
require the system to be monitored at run-time, which can
require additional system resources; deadline avoidance
strategies often require extensive off-line analysis during the
development process to ensure that a deadlock situation
cannot be reached.
Strategies to avoid deadlock can, if not implemented
carefully, lead to a similar situation known as livelock. This Это
occurs where two (or more) tasks enter a potential deadlock
situation, attempt to correct it, then both detect the resolution
of the deadlock situation and begin execution again. The
result is that both tasks are able to execute but neither is able
to progress.
d) г)
Problems with existing anomaly detection methods
Existing anomaly detection methods are normally
considered to be either static or dynamic. Both classes have
characteristics which can make them unsuitable for
application in a real-time embedded scenario.
Static approaches often require detailed knowledge of the
current system state, which is then used to deduce the
presence of problems. This requires a large amount of
system analysis, which often makes the techniques
inflexible. негибкой. Particularly, if problems are detected towards the
end of the development cycle, it can be difficult to fix them,
as any changes to the system require the analysis to be
completely redone. Conversely, dynamic approaches rely on
easily-computable metrics, such as overall utilisation. These Эти
are simpler to apply but can be difficult to generalise for
more complex systems.
Our work makes use of a learning approach which, given
a sufficient training period, should allow an accuracy level
close to that of static detection methods without the complex
analysis normally associated with them.
III. III. A
PPLYING
AIS АИС
Our work has started to examine the potential application
of AIS techniques to real-time embedded systems to allow
increases in reliability without the high development costs
generally associated with developing real-time systems. AIS АИС
has been used successfully to solve problems in the fields of
fault-tolerance and anomaly detection. As this application is
in a similar domain we anticipate positive results using AIS
techniques, assuming that a number of research challenges,
particularly those surrounding resource utilisation, can be
overcome. преодолеть.
Initially, our work will focus on the detection of problems
with task scheduling in a device. AIS has already been
applied to other types of scheduling with positive results [8],
[15]. [15]. It is therefore anticipated that the application of AIS to
task scheduling will show good potential. As task
scheduling has specific complexities which do not apply to
other types of scheduling, and as resource issues are
particularly important, we anticipate significant research
challenges. проблемы.
Many of the AIS techniques which have been developed
are based on the principles of the adaptive immune system
[7]. [7]. The adaptive immune system is able to alter its
behaviour in response to previously unseen antigens to
provide defence against them. Consequently, systems using
adaptive techniques are able to “evolve” to provide solutions
in previously unknown situations, and to maintain a memory
of those situations so that they can be dealt with quickly and
effectively should they arise again. This allows a system to
change as its environment and circumstances change,
resulting in a more effective solution.
Frequently, adaptive techniques have significant
processing and memory requirements, to support the
adaptation and learning properties of the system. In systems
where hardware is severely limited, such as embedded
systems, it is therefore impractical to make effective use of
adaptive AIS techniques.
A. Innate Immunity and the Danger Model
Current immunological research suggests that the function
of the innate immune system is more important to the overall
immune behaviour of an organism than previously thought
[16]. As a result of this a new class of artificial immune
systems has been established based around techniques
derived from innate immunity [17].
The innate immune system makes significant use of the
emission and detection of patterns and chemical signals.
These may be specific protein patterns only associated with
invading pathogens, or signals generated by the tissues and
cells of the body itself as a response to events in the
environment or inside individual cells. The presence of these Присутствие этих
signals induces a response from other immune system
components, including those of the adaptive immune system
[16].
There have already been a number of applications of
innate immune-inspired techniques in the AIS literature,
mainly aimed at anomaly detection, such as [18] and [19].
These techniques are unable to adapt to changes in
environment or respond to unknown issues, but generally
require fewer resources than a fully adaptive system and
offer effective solutions to problems that they are designed
to solve.
Although innate immune-inspired systems operate in a
different manner from “classic” adaptive artificial immune
systems, they are generally based around the same concept
of self/non-self discrimination which has been the basis of
immunological theory for nearly 40 years [20]. However, Тем не менее,
the process of distinguishing “self” from “non-self” has been
problematic in artificial systems, particularly when the
negative selection model has been applied. In addition, there Кроме того,
remain a number of immunological issues which the
generally accepted theory is unable to explain adequately.
Matzinger's Danger Model [21] suggests a set of
fundamentally different principles around which the immune
system is based. Rather than the immune system being able
to distinguish between “self” and “non-self”, instead the
Danger Model suggests that the immune system in fact
detects signals produced when cells in an organism die
unexpectedly.
The Danger Model is based around the idea of signal
transmission between cells, the fundamental concept being
that cells which die unexpectedly (necrosis) send out signals
which are distinct from those sent out by cells which die
naturally (apoptosis). These “danger signals” are detected by
components of the immune system, which is then mobilised
to fight the infection.
B. The Dendritic Cell Algorithm
The Dendritic Cell Algorithm (DCA) is an innate immune
concept derived from the Danger Model. It is based on the Он основан на
observations of dendritic cells (a class of antigen presenting
cells) in vivo . The idea of basing an immune-inspired system
on dendritic cells (DCs) was first outlined in [22], and
further clarified in [23].
Initially, DCs start out in an immature phase. The function Функции
of immature DCs is to collect various chemical signals
associated with varying levels of danger within the system,
and at the same time to collect samples of any potential
antigens they encounter. A DC which experiences high
levels of danger signals, through the activation of toll-like
receptors and the detection of chemical signals associated
with necrosis, becomes mature: it then travels to a lymph
node where it presents its antigen to T-cells, which initiates
an immune response against that antigen. If a DC detects
high levels of signals associated with apoptosis, and low
levels of danger signals, then it matures into a different
“semi-mature” state, which then does not travel to a lymph
node to present antigen.
The method by which DCs determine whether an antigen
should be presented relies heavily on guilt by association –
that is, an antigen observed in the presence of danger signals
is assumed to be the cause of that danger. Although in Хотя в
isolated cases this may lead to individual DCs falsely
presenting benign antigens, the combined effect of many
DCs presenting the same antigen can be taken to indicate
that that particular antigen is indeed dangerous and requires
an immune response. иммунного ответа.
This method by which DCs function in vivo can be
transferred easily to in silico systems, providing them with a
mechanism to detect problems. The signals detected by DCs
can be replaced by signals derived from specific attributes of
the system which they are monitoring. The combination of Сочетание
these input signals causes the virtual DC to mature in the
same way as its biological counterpart. The output from a
number of DCs can then be combined to deduce information
about the overall state of the system.
The DCA has been employed effectively to solve anomaly
detection problems in a number of problem areas, including
intrusion detection [23] and in sensor networks [24]. Its Его
particular advantage is that it is generally a lightweight
solution, with little on-line adaptation involved. This Это
requires fewer resources than AIS techniques which are
based around adaptive immune principles, and is therefore
more likely to be usable in a resource-constrained system.
1) DC Parameters
The functioning of the DCA relies on each DC combining
its input signals to produce an output. Therefore, the Таким образом,
weightings applied to each input signal during this
combination process plays a vital part in determining the
output value of that DC, as do the thresholds defining the
output values at which the DC reaches maturation.
Current implementations of the DCA have made use of
fixed weightings specified by the designers. Although this Хотя это
allows the artificial injection of knowledge from in vivo
observations (for example, the knowledge that DCs treat
PAMP signals as being more dangerous than those caused
by necrosis), it does cause the DC to be pre-biased to the
concept of what exactly is dangerous and what is not. There Там
is also no guarantee that the designer's weightings are
optimal for the problem being solved – they may work
acceptably, but a better solution may still exist. In addition, Кроме того,
the maturation thresholds are also fixed values: this
effectively means that the sensitivity of the DCs is set by the
designer and cannot be changed as the system runs.
Our work therefore examines the potential for the DCA to
be evolved. Allowing the weightings for each individual DC
to be variable, and changed according to an evolutionary
algorithm, should allow each DC to reach an optimal set of
parameters for the problem being solved. This evolution can
be conducted fully at the development stage, producing a set
of effective DCs which can then be incorporated into the
final system. The immune system incorporated in the final
system is still an innate immune system, however its
parameters are derived by evolution to ensure that it is as
effective as possible. This is analogous to the continuing
evolution of the human innate immune system over the
course of many generations through mutation and natural
variation. изменения.
C. Innate immunity and RTES
Innate immune-inspired techniques appear to show good
potential for application in real-time embedded systems.
These system suffer from a number of potential anomalies,
both during design and in general usage, but for various
reasons cannot be solved using established real-time
development techniques. Innate immune techniques seem to
be ideal for the detection of such anomalies, either to simply
highlight their existence during the design phase, or as part
of a system to automatically eliminate them and prevent
future occurrences.
One particular advantage of innate immune-inspired
methods is that they typically require fewer system resources
than adaptive immune systems, due to the reduced
complexity of the algorithms involved and there being less
need for large populations of immune agents. An AIS based
around innate immune principles is therefore more likely to
be usable in a resource constrained environment than one
based on adaptive immunity.
IV. IV. T T
ASK SCHEDULING WITH
AIS АИС
Our work has been towards applying immune-inspired
techniques, specifically the DCA, to situations which occur
in real-time embedded systems. As an example of a typical
RTES problem, we will examine the application of the DCA
to task scheduling.
Our implementation incorporates a population of artificial
DCs into a system, so allowing that system to detect
problems with its scheduling strategy as they arise. Initially, Первоначально,
our work is only concerned with identifying scheduling
problems, rather than with attempting to solve them.
As a part of this work we will enhance the DCA to make
it more effective in a limited-resource environment, and
establish the minimum population size which is effective at
diagnosing anomalies in these situations.
A. Mapping task scheduling to the DCA
The scenario to which we have applied the DCA is that of
a simple task scheduler, consisting initially of a small set of
purely periodic tasks (Table 1 ). These tasks are engineered
such that in most instances they complete normally, but that
the relatively infrequent release of one task (task 4) with a
long execution time can cause other tasks in the system to
overrun. переполнения. Even when this task is released, the actual
occurrence of an overrun is determined by a number of
additional factors, such as the execution times and release
rates of other tasks. Our work examines the ability of the
DCA to identify these overruns, with a view to it later being
applied in a more complex scenario. Our implementation
makes use of a fixed size DC population (initially
numbering 20 DCs).
T T
ABLE ABLE
1 1
T T
ASK PROPERTIES OF SCENARIO SYSTEM
Task ID
WCET
BCET
Deadline Крайний срок
Period Период
1 1
5 5
4 4
25 25
25 25
2 2
20 20
10 10
50 50
50 50
3 3
30 30
20 20
100 100
100 100
4 4
40 40
25 25
775 775
775 775
1) Measures
There are a huge variety of different measures from which
the status of a particular task can be derived. For the DCA to
be effective it is important to consider which of these
measures will be mapped onto the input signals for each
individual DC. Some of these measurements relate to the
system as a whole, while others are linked only to individual
tasks. задач.
System-wide measurements include the total utilisation of
all currently-running tasks in the system, giving an
indication of the system's workload. Although it is possible
for systems to function correctly in overload situations, it is
inevitable that a system with a worst-case utilisation level
greater than 100% will eventually experience problems.
Utilisation is a useful measure of the overall health of a
system, but it can be difficult to attribute system failures to
any one task.
A useful concept when considering execution properties
of individual tasks is that of slack time. This is the interval
between the completion of a task and its deadline.
Due to it not always being possible to determine the
execution time of a task a priori , it is also impossible to
determine the actual slack time for any given execution of a
task until that task is completed. However, by making use of
worst-case properties, it is possible to calculate the minimum
possible slack time at any point in a task's execution. If this Если это
worst-case slack time is less than (or equal to) zero, then the
task will complete on time and therefore not miss its
deadline. If at any point during the execution cycle the
worst-case slack time is negative, there is the possibility that
the task may overrun, although as the calculation is by
necessity based on worst-case values, it is still possible for
the task to complete on time.
The DCA supports multiple categories of input signal
which can be considered analogous to the different chemical
signals detected by DCs in vivo. We derive several different
measurements from the various task properties outlined
above, and these are employed as our input signals ( Table Our implementation of the DCA associates each DC with
a subset of the tasks present in the system, allowing the
population as a whole to monitor a variety of different
combinations of tasks. By combining the output of a number
of different DCs, it is possible to build up a picture of the
operation of the system as whole and therefore to determine
which parts of the system are experiencing problems.
T T
ABLE ABLE
2 2
D D
ERIVATION OF
DC DC
INPUT SIGNALS
Event Событие
Signal Сигнала
Derivation Вывод
Actual Фактические
overrun
PAMP PAMP
Task completion time > task deadline
Potential Потенциал
overrun
Danger Опасности
At any point from task release to
completion, worst-case response time is
greater than time to deadline
No projected
overrun
Safe Безопасной
At all points from task release to
completion, worst case response time is
less than time to deadline
Overrun in
any other task
Inflammatory
Any other task suffers an actual overrun
Worst case response time is defined as:
∑ Σ
+ +
queue очереди
run Выполнить
in в
higher выше
tasks задачи
all все
WCET
Remaining Остальные
Time Время
Execution
2) Evolution and Fitness
Currently, our implementation of the DCA supports
rudimentary evolution of some of the DC parameters in
order to produce an effective DC population. Initially, we
allow the weighting values applied to the input signals to be
varied, so influencing the DC's output signal. Evolution is
by a process of random mutation with a probability inversely
proportional to fitness. In biological terms, this equates to
either cloning a DC on mutation, or replacing it with one
with completely different characteristics. This allows us to
examine the general effect of evolutionary behaviour on the
operation of the DCA, with a view to refining the
evolutionary algorithm based on the discoveries made.
The fitness function in this case is used to gauge the
accuracy of each DC's prediction in relation to the actual
behaviour of the tasks that it monitors, and is calculated
according to Figure 1 . The presence or absence of overruns,
by which the DC fitness is established, is currently
determined using traditional analysis techniques on the
original task set. This allows the comparison of a DCA-
based detection strategy against classic real-time analysis
techniques in this scenario. For DCA-based systems to be a
viable replacement for classic analysis, however, an
alternative method of deriving fitness during evolution will
be necessary. необходимо.
set fitness to 0
for each task monitored loop
if (DC reports danger) then
if (actual danger present) then add 2 to fitness
if (potential danger present) then add 1 to fitness
if (no danger present) then subtract 1 from fitness
else if (DC reports safe) then
if (no danger present) then add 1 to fitness
if (potential danger present) then subtract 1 from fitness
if (actual danger present) then subtract 2 from fitness.
end loop
end if End If
Figure 1: Pseudocode for calculation of fitness function
In order to reduce the likelihood of a mutation in the
event of an otherwise effective DC producing bad results for
a short period of time, the level of DC fitness used to
determine mutation is computed as a moving average. When Когда
a DC undergoes mutation, this average is reset to zero.
3) Initialisation
The initialisation of the DC weightings in our
implementation is purely random: this is in line with the
random evolution strategy currently employed. Given Учитывая
enough time for the evolution to progress, and a well-tuned
evolutionary algorithm, a random initialisation should
produce an optimal result, whereas using a predetermined
starting point could bias the evolution and cause it to
converge on nearby local optima.
B. Results and evaluation
The initial results of our work suggest that the DCA does
have good potential to identify anomalies in RTES. Even Даже
with a small DC population, patterns can be seen in the
outputs of individual DCs, as they track the presence of
danger in the system.
0 0
0.1 0.1
0.2 0.2
0.3 0.3
0.4 0.4
0.5 0.5
0.6 0.6
0.7 0.7
0.8 0.8
0.9 0.9
1 1
50000 50000
52000
54000 54000
56000 56000
58000 58000
60000 60000
Time Время
Danger Опасности
DC 6
Task 1 Задача 1
Figure 2: Output of DC6 relative to Task 1
Figure 2 shows a sample of the output of one DC (dotted
line), and also the actual danger level of the task it monitors
(solid line), over a period of 10,000 execution cycles.
Overruns in the task cause an increase in its danger level and
show spikes on the graph: actual overruns are most
dangerous, and cause the larger spikes, whilst potential
overruns, being less dangerous, cause a smaller spike.
Ideally, the DC's output should follow the task's danger
level almost exactly. However, the output of a DC is
dependent on that DC's properties, which in our
implementation are mutated in the course of the evolutionary
process. процесса. The effects of mutation on the DC's output can be
seen from the graph: the DC responds differently to similar
inputs as it undergoes mutation. Several distinct behaviours
can be observed, which are bounded by mutations of the DC
properties. свойствами. There are observable mutations around 52000,
55000 and 56700 cycles, as well as a number of mutations
which have less of a noticeable effect on the DC's output.
These changes in observable output show how much
influence the DC's properties have on its output, and
therefore that there is great scope for optimising these
properties by evolution to maximise the effectiveness of the
DC. DC. The evolutionary strategy employed here (based on
random mutation) is completely unguided; evidently a more
refined evolutionary strategy is necessary to cause the DC
properties to gradually be refined to reach an optimal value.
The choice of exactly which strategy will be used will
depend on the outcome of future evaluation and comparison
work. работу. There is the potential to evaluate the suitability of
clonal selection and other immune-inspired algorithms, and
to make comparisons with other heuristic search and
evolutionary techniques such as simulated annealing or
genetic algorithms.
V. C В. С
ONCLUSIONS AND ВЫВОДЫ И
F F
UTURE WORK
In this paper we have successfully shown how concepts
from innate immunity, specifically Dendritic Cells, can be
used to detect anomalies in real-time systems, specifically
deadline overruns. This challenging problem was solved
using a combination of learning and evolution such that the
framework can adapt to changing circumstances. This is in Это в
contrast to previous work in both the real-time systems and
artificial immune systems where the knowledge has been
determined statically off-line. This approach, once matured,
could save significant amounts of development time. Future Будущее
work could look at a number of areas including more
effective evolutionary methods, and how to maximise the
efficiency of the approach while still using the minimum
amount of resources.
R R
EFERENCES EFERENCES
[1] [1]
A. Burns and A. Wellings, Real-Time Systems and Programming
Languages , 3rd edition ed: Pearson Education, 2001.
[2] [2]
P. Puschner and A. Burns, "Guest Editorial: A Review of Worst-
Case Execution-Time Analysis," Real-Time Systems , vol. 18, pp.
115-128, 2000.
[3] [3]
B. Bouyssounouse and J. Sifakis, Embedded Systems Design:
The ARTIST Roadmap for Research and Development , vol.
3436: Springer-Verlag, 2005.
[4] [4]
B. Graaf, M. Lormans, and H. Toetenel, "Embedded software
engineering: the state of the practice," IEEE Software , vol. 20,
pp. 61-69, 2003.
[5] [5]
F. Vahid and TD Givargis, Embedded System Design: A
Unified Hardware/Software Introduction : Wiley, 2002.
[6] [6]
M. Eisenring, L. Thiele, and E. Zitzler, "Conflicting criteria in
embedded system design," IEEE Design & Test of Computers ,
vol. том. 17, pp. 51, 2000.
[7] [7]
LN de Castro and J. Timmis, Artificial Immune Systems: A
New Computational Intelligence Approach : Springer-Verlag,
2002. 2002 год.
[8] [8]
E. Hart, P. Ross, and J. Nelson, "Producing robust schedules via
an artificial immune system," in proceedings of IEEE World
Congress on Computational Intelligence, Anchorage, AK, USA,
1998. 1998 год.
[9] [9]
E. Hart and P. Ross, "An Immune System Approach to
Scheduling in Changing Environments.," in proceedings of
Genetic and Evolutionary Computation Conference (GECCO
1999), Orlando, Florida, USA, 1999.
[10] [10]
A. Colin and SM Petters, "Experimental evaluation of code
properties for WCET analysis," in proceedings of 24th IEEE
Real-Time Systems Symposium (RTSS 2003), 2003.
[11] [11]
G. Bernat, A. Colin, and SM Petters, "WCET analysis of
probabilistic hard real-time systems," in proceedings of 23rd
IEEE Real-Time Systems Symposium (RTSS 2002), 2002.
[12] [12]
NC Audsley, A. Burns, MF Richardson, and AJ Wellings,
"Hard Real-Time Scheduling: The Deadline Monotonic
Approach," Proceedings 8th IEEE Workshop on Real-Time
Operating Systems and Software , pp. 133–137, 1991.
[13] [13]
L. Sha, R. Rajkumar, and SS Sathaye, "Generalized rate-
monotonic scheduling theory: a framework fordeveloping real-
time systems," Proceedings of the IEEE , vol. 82, pp. 68-82,
1994. 1994 год.
[14] [14]
MV Wilkes, "The memory gap and the future of high
performance memories," ACM SIGARCH Computer Architecture
News , vol. 29, pp. 2-7, 2001.
[15] [15]
E. Hart and P. Ross, "The evolution and analysis of potential
antibody library for use in job-shop scheduling," in New ideas in
optimization , D. Corne, M. Dorigo, and F. Glover, Eds.:
McGraw-Hill, 1999, pp. 185-202.
[16] [16]
R. Medzhitov and CA Janeway, Jr., "Innate immune
recognition and control of adaptive immune responses,"
Seminars in Immunology , vol. 10, pp. 351-353, 1998.
[17] [17]
J. Twycross and U. Aickelin, "Towards a conceptual framework
for innate immunity," in proceedings of ICARIS 2005, Banff,
Alberta, Canada, 2005.
[18] [18]
M. Neal, J. Feyereisl, R. Rascunà, and X. Wang, "Don't Touch
Me, I'm Fine: Robot Autonomy Using an Artificial Innate
Immune System," in proceedings of ICARIS 2006, Oeiras,
Portugal, 2006.
[19] [19]
X. Zhang, G. Dragffy, AG Pipe, and QM Zhu, "Artificial
innate immune system: An instant defence layer of embryonics,"
in proceedings of ICARIS 2005, Banff, Alberta, Canada, 2005.
[20] [20]
FM Burnet, "Evolution of the Immune Process in Vertebrates,"
Nature , vol. 218, pp. 426, 1968.
[21] [21]
P. Matzinger, "Tolerance, Danger, and the Extended Family,"
Annual Review of Immunology , vol. 12, pp. 991-1045, 1994.
[22] [22]
J. Greensmith, U. Aickelin, and S. Cayzer, "Introducing
Dendritic Cells as a Novel Immune-Inspired Algorithm for
Anomaly Detection," in proceedings of ICARIS 2005, Banff,
Alberta, Canada, 2005.
[23] [23]
J. Greensmith, U. Aickelin, and J. Twycross, "Articulation and
Clarification of the Dendritic Cell Algorithm," in proceedings of
ICARIS 2006, Oeiras, Portugal, 2006.
[24] [24]
J. Kim, P. Bentley, C. Wallenta, M. Ahmed, and S. Hailes,
"Danger Is Ubiquitous: Detecting Malicious Activities in Sensor
Networks Using the Dendritic Cell Algorithm," in proceedings
of ICARIS 2006, Oeiras, Portugal, 2006.
