-
Notifications
You must be signed in to change notification settings - Fork 0
/
sec_intro_context.tex
140 lines (128 loc) · 8.78 KB
/
sec_intro_context.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
%!TEX root = main.tex
%!TEX spellcheck = en_US
\section{Introduction}
\label{sec:intro}
Detecting router misconfigurations is crucial for maintaining the stability,
security, and performance of network infrastructures. Whether due to
overlooked errors in existing setups or mistakes introduced during
configuration changes, misconfigurations can lead to black holes, unintended
network access, inefficient routes, and other performance and security
issues. For example, a misconfigured access control list (ACL) may allow
unauthorized traffic, exposing the network to potential attacks; a buggy
routing policy may create loops, rendering services inaccessible and degrading
performance.
Researchers and practitioners have developed a plethora of tools for detecting
network misconfigurations. Model checkers~\cite{fogel2015general,
beckett2017general, abhashkumar2020tiramisu, prabhu2020plankton, zhang2022sre,
steffen2020netdice, ye2020hoyan, ritchey2000using,al2011configchecker,
jeffrey2009model} model a network's routing and forwarding behaviors based on
protocol semantics and device configurations, and check whether
engineer-specified reachability and resilience policies are satisfied.
Consistency checkers~\cite{kakarla2024diffy, kakarla2020finding,
le2006minerals, feamster2005detecting,
tang2021campion,le2008detecting,le2006characterization} compare configurations
within and across devices and flag inconsistencies and deviations from best
practices. LLM-based Q\&A
tools~\cite{bogdanov2024leveraging,chen2024automatic,wang2024identifying,liu2024large,
wang2024netconfeval, lian2023configuration} parse configuration files and
query pre-trained sequential transformer models through prompts to detect syntax and subtle
semantic issues.
A fundamental feature of all configuration checkers is their reliance on {\em
context}. Model checkers require protocol specifications, current (or
proposed) device configurations, and forwarding policies; consistency checkers
require configurations from multiple devices and a set of best practices; and
LLMs require a sufficient number of relevant configuration lines in query
prompts. Moreover, the correctness and completeness of this context affects
the accuracy of any configuration checker. For example, providing an incomplete set of
forwarding policies, best practices, or configuration lines
may cause misconfigurations to be missed. Similarly, improperly modeling
protocol semantics~\cite{birkner2021metha, ye2020hoyan}, excluding certain
configurations~\cite{xu2023netcov}, or supplying unrelated configuration
lines~\cite{liskavets2024prompt,tian2024examining,khurana2024and,
shvartzshnaider2024llm} may cause false alarms.
Although some context is easy to provide---\eg, current
config\-urations---many forms of context require significant manual effort.
For example, a detailed understanding of routing protocols, their
interactions~\cite{le2007rr}, and vendor-specific nuances~\cite{ye2020hoyan}
is required to accurately model networks' routing and forwarding behaviors.
Similarly, context concerning packet and route filter semantics is required to
accurately detect inconsistencies in filter
configurations~\cite{kakarla2020finding}.
%As another example, forwarding policies are rarely recorded and only certain
%types of policies can be reverse-engineered from
%configurations~\cite{birkner2020config2spec, kheradmand2020anime}.
Because LLMs are typically trained on vast volumes of data---which likely
includes protocol standards, vendor documentation, and sample
configurations---a significant amount of \textit{generic configuration
context} is already embedded in large-scale pre-trained models
(PTMs)~\cite{qiu2020pre}. However, such pre-learned generic context often
needs to be supplemented with \textit{network-specific context} included in the query prompts, which details
the actual statements within the current configuration(s) under
analysis.
Including this network-specific context in the prompt to the LLM is essential
for detecting misconfigurations that are specific to the device or network
being checked.
However, state-of-the-art
approaches, such as feeding a device's entire configuration into a single
prompt~\cite{lican,li2024long} can result in context and token overload,
diluting the model's focus. On the other hand, partitioning a
device's configuration into multiple
prompts~\cite{lian2023configuration,chen2024automatic,wang2024identifying}
may cause the LLM to ignore dependencies between configuration lines,
resulting in failures to detect certain misconfigurations.
% In this paper, we introduce a new framework, Context-Aware Iterative Prompting
% (\sysname{}), to automate context extraction and optimize prompting to LLMs
% for accurate router misconfiguration detection. We identify three key
% challenges in realizing this framework and provide solutions for them:
In this paper, we address the problem of precisely extracting and integrating network-specific context into LLM prompts to enhance the accuracy of router misconfiguration detection. We introduce the
Context-Aware Iterative Prompting (\sysname{}) framework, which
solves three key challenges in this process:
\mypara{Challenge 1: Automatic and Accurate Context Mining} Network
configurations are often lengthy and
complex~\cite{benson2009complexitymetrics}, with interrelated lines that
require careful context extraction. The challenge lies in automatically
identifying and extracting relevant context to reduce computational costs and
avoid introducing irrelevant information in prompts that could impair the accuracy of
misconfiguration detection. \textbf{Solution}: We address this challenge by
leveraging the hierarchical structure of configuration files, modeling them as
trees, where each line is a unique path from the root to a parameter value.
% This representation allows us to systematically mine three types of
% context---neighboring, similar, and referenced configuration
% statements---ensuring the LLM receives the most relevant information for
% accurate analysis.
This representation allows us to systematically mine and adhere to three core types of
context---neighboring, similar, and referenced configuration
statements---ensuring the LLM receives the most relevant information for
accurate analysis.
\mypara{Challenge 2: Parameter Values Ambiguity in Referenceable Context}
Configurations contain both pre-defined and user-defined parameter values,
with the latter requiring context for proper interpretation. For example, an
interface might reference a user-defined access control list (ACL), which must
be interpreted based on related configuration lines. When extracting
referenced context, misidentifying these can lead to irrelevant context mining
and increased computational overhead. \textbf{Solution}: To accurately
differentiate these values, we apply an existence-based method within the
configuration tree, identifying user-defined values by their presence as
intermediate nodes in other paths. Additionally, we use majority-voting to
further resolve ambiguities, ensuring consistency in how values are treated across
different contexts.
\mypara{Challenge 3 - Managing Context Overload in Prompts}
Even with precise context extraction, the volume of relevant information can
be large to fit in a single prompt.
%, risking prompt overload when fed into LLMs. Excessive context
Feeding excess context into LLMs can dilute relevance, reduce coherence, and degrade the model’s performance.
%, necessitating strategies to manage and streamline the input effectively.
\textbf{Solution}: Our framework mitigates the potential for context overload
by allowing the LLM to iteratively request specific types of context, refining
the prompt based on the model’s feedback. This approach enhances the model’s
ability to focus on the most relevant information, leading to more precise
misconfiguration detection and reducing the likelihood for context overload.
We evaluate our framework through two distinct case studies.
%: (1) synthetic change verification:
% First, using configuration snapshots from real networks, we introduce {\em synthetic} modifications to simulate potential changes that network operators may make (both correct and incorrect).
First, using configuration snapshots from real networks, we introduce {\em synthetic} misconfigurations that mirror potential operator errors.
We demonstrate that \sysname{} accurately infers and detects these misconfigurations, with at least 30\% more
accuracy than conventional partition-based LLM approach, model checkers, and consistency checkers.
%(2) comprehensive real configuration snapshot verification:
% Second, we exhaustively run \sysname{} on configuration snapshots from a medium-sized campus network, and
Second, we exhaustively run \sysname{} on configuration snapshots from a medium-sized campus network, and \sysname{} is able to detect over 20 cases of previous overlooked misconfigurations.