APPLICABILITY OF MACHINE LEARNING AND COGNITIVE COMPUTING IN COMPUTER NETWORKSChetan Kumar S

INDUSTRY EXPERTS SPEAK

• You might be surprised but what is going to drive innovation in the enterprise and public cloud is machine learning

--- Bill Coughran, Sequoia Capital

• Machine Learning is the way we are going to automate your automation

--- Chris Wright, RedHat CTO

WHAT IS MACHINE LEARNING

• The complexity in traditional computer programming is in the code (programs that people write). In machine learning, learning algorithms are in principle simple and the complexity (structure) is in the data. Is there a way that we can automatically learn that structure? That is what is at the heart of machine learning.

-- Andrew Ng

WHAT IS MACHINE LEARNING

Traditional Programming

Machine Learning

Data

Program

Output

Data

Output/Events/Nill

Program

MACHINE LEARNING TASKS

• Supervised learning is regarded as a machine learning task of inferring a function from labelled training data.

• Unsupervised learning: This is regarded as the machine learning task of inferring a function to describe hidden structures from unlabelled data.

• Reinforcement learning is an area of machine learning that is linked to how software agents take actions in the environment so as to maximise some notion of cumulative reward.

Here is Machine Learning

MACHINE LEARNING USECASES

• Security/Anomaly Detection

• Site Reliability Engineering

• Predicting and remediating problems IOT and enterprise networks

• Intent based Networking

• NFV orchestration and optimization

• New automation tools for DevOps

• Network control plane optimization

• Network Gamification

Secure Networks

Reliable Networks

Simple Networks

Optimized Networks

USECASE NETWORK OPERATION

KNOWLEDGE PLANE FOR NETWORKS

• Defined by Clark D and others, in 2003

• Subsequently re-defined by Albert Mestres et. al.,

Clark, D., et al. ”A knowledge plane for the internet,” Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications. ACM, 2003

Albert Mestres., et al. “Knowledge-Defined Networking”, CoRR, 2016.

COMPONENTS OF KDN

• The PROBLEM: Networks are distributed and each node has partial view of network

• What made this happen ? From 2003 to 20017 ?

• Streaming telemetry from network devices, NetFlow, IPFIX among others

• Network data analytics platforms

• Centralized controller architecture for network, defined via SDN or it variants

KNOWLEDGE BASED NETWORK

DATA PLANE

CONTROL PLANE

KNOWLEDGE PLANE

MA

NA

GEM

EN

T P

LAN

E

Kn

ow

led

ge D

efin

ed

Netw

ork

Op

era

tion

al Lo

op

Co

urte

sy: Alb

ert M

estre

s., et a

l.

OVERLAY NETWORK POLICIES

BUILDING OPTIMIZED NETWORK

• Big enterprise typically setup a overlay networks, using some encapsulation technique

• Underlay networks are owned by service providers

• Now if there are multiple links connecting to underlay network, how to make best choice ?

OVERLAY NETWORKS

Underlay Network

HOW TO OPTIMIZE

• How can we detect which link the overlay network can take

• Can system learn the underlay network delay/reliability characteristics ?

• If one can predict the network parameters for underlay (which is not owned by overlay), right policies can be applied

• Can perform many actions like, which link best for video services, database services etc.

NETWORK CONFIG ERRORS

CONFIG AUDITS

• A system that can learn the network configuration

• Apply best practice to the configs

• Can audit configs

• For example, if the system can learn what is encrypted traffic, can do security audit

• Can recognize configs that caused misbehavior in network

CONFIG ERRORS

Users in green VLAN, cash registers in blue VLAN

Wrong config, cash register in wrong VLAN

CONFIG ERRORS

• More common in IOT and converged networks, due to shear numbers

• Can learn the traffic and identify the device

• Can alert wrong config

• Can correct the wrong config

• Helps in troubleshooting

USECASE NETWORK ANOMALY DETECTION

NETWORK ANOMALY DETECTION

• A network anomaly is a sudden and short-lived deviation from the normal operation of the network

• Anomaly caused due to an attack on network, malware flowing in network or pure accident such as failure

• An intruder attacks the network

• Malware replicating in the network

• Interface down and traffic surges on backup link

• Bug that causes device to crash!

• Quick detection is needed to initiate a timely response,

CISCO ETA

• ETA (Encrypted Traffic Analytics)

• Detect malware based on traffic pattern, rather than traffic content

• “Signature based” malware detection fails if malware is encrypted

• Need to identify the traffic pattern for a malware, now just look out for such a traffic in your network

CISCO ETA

Switch/router records traffic flows

A cognitive Agent performs malware detection

CISCO SLN

• SLN is fundamentally a hyper-distributed analytics platform ...

• Putting together analytics and networking ...

• Goldmine of untouched data on networking gear (sensing)

• Network learns and computes models on premise (analytics)

• The Network adapts, modifies its behavior (control)

• SLN for Security: attacks are incredibly sophisticated and targeted, exfiltration of data being a major concern, requiring a next-generation approach => StealthwatchLearning Networks

CISCO SLN

FEW RESOURCES

OPEN SOURCE FRAMEWORK

• open source frame work from google https://www.tensorflow.org

• From facebook http://torch.ch

• Open source libraries

• http://scikit-learn.org/stable

• http://spark.apache.org/mllib/

• More on http://opensourceforu.com/2017/01/best-open-source-machine-learning-frameworks/