ML in the Routers: Learn from and Act on Network Traffic Bing ietf95, April 2016 1.

Slides:

Advertisements

Similar presentations

* Distributed Algorithms in Multi-channel Wireless Ad Hoc Networks under the SINR Model Dongxiao Yu Department of Computer Science The University of Hong.

Advertisements

Collaboration Mechanisms in SOA based MANETs. Introduction Collaboration implies the cooperation between the nodes to support the proper functioning of.

Resource Management §A resource can be a logical, such as a shared file, or physical, such as a CPU (a node of the distributed system). One of the functions.

Wavelength Routed Networks Wavelength Assignment Wavelength Conversion Cost Implications Network Modeling.

Race to the Top Technology and Innovation in Assessments Boston, MA Tony Alpert Oregon Department of Education.

SDN and Openflow.

Probabilistic Aggregation in Distributed Networks Ling Huang, Ben Zhao, Anthony Joseph and John Kubiatowicz {hling, ravenben, adj,

AHOP Problem and QoS Route Pre-computation Adam Sachitano IAL.

Traffic Engineering With Traditional IP Routing Protocols

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

Ant Colonies As Logistic Processes Optimizers

Energy-Efficient Design Some design issues in each protocol layer Design options for each layer in the protocol stack.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Router Architectures An overview of router architectures.

Router Architectures An overview of router architectures.

Algorithms for Self-Organization and Adaptive Service Placement in Dynamic Distributed Systems Artur Andrzejak, Sven Graupner,Vadim Kotov, Holger Trinks.

Remote Monitoring and Desktop Management Week-7. SNMP designed for management of a limited range of devices and a limited range of functions Monitoring.

LABERIO: Dynamic load- balanced routing in OpenFlow- enabled networks Author:Hui Long, Yao Shen*, Minyi Guo, Feilong Tang IEEE 27th International.

COGNITIVE RADIO FOR NEXT-GENERATION WIRELESS NETWORKS: AN APPROACH TO OPPORTUNISTIC CHANNEL SELECTION IN IEEE BASED WIRELESS MESH Dusit Niyato,

CS 712 | Fall 2007 Using Mobile Relays to Prolong the Lifetime of Wireless Sensor Networks Wei Wang, Vikram Srinivasan, Kee-Chaing Chua. National University.

Layered Approach using Conditional Random Fields For Intrusion Detection.

Machine Learning1 Machine Learning: Summary Greg Grudic CSCI-4830.

Application-Layer Anycasting By Samarat Bhattacharjee et al. Presented by Matt Miller September 30, 2002.

A Lightweight Platform for Integration of Resource Limited Devices into Pervasive Grids Stavros Isaiadis and Vladimir Getov University of Westminster

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Architectural Design l Establishing the overall structure of a software system.

DDM Kirk. LSST-VAO discussion: Distributed Data Mining (DDM) Kirk Borne George Mason University March 24, 2011.

CS 484 Load Balancing. Goal: All processors working all the time Efficiency of 1 Distribute the load (work) to meet the goal Two types of load balancing.

Artificial Neural Networks (ANN). Artificial Neural Networks First proposed in 1940s as an attempt to simulate the human brain’s cognitive learning processes.

A field of study that encompasses computational techniques for performing tasks that require intelligence when performed by humans. Simulation of human.

Control-Theoretic Approaches for Dynamic Information Assurance George Vachtsevanos Georgia Tech Working Meeting U. C. Berkeley February 5, 2003.

Theme Guidance - Network Traffic Proposed NMLRG IETF 95, April 2016 Sheng Jiang (Speaker, Co-chair) Page 1/6.

Jane W. S. Liu Institute of Information Science, Academia Sinica Fusion of Human Sensor Data and Physical Sensor Data.

Network Management Lecture 13. MACHINE LEARNING TECHNIQUES 2 Dr. Atiq Ahmed Université de Balouchistan.

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Chapter 5:Architectural Design l Establishing the overall structure of a software.

A Secure Routing Protocol with Intrusion Detection for Clustering Wireless Sensor Networks International Forum on Information Technology and Applications.

SOFTWARE TESTING TRAINING TOOLS SUPPORT FOR SOFTWARE TESTING Chapter 6 immaculateres 1.

Introduction to Machine Learning, its potential usage in network area,

InterVLAN Routing 1. InterVLAN Routing 2. Multilayer Switching.

OpenDaylight Based Machine Learning for Networks

Use Case for Distributed Data Center in SUPA

Machine Learning for Computer Security

Under the Guidance of V.Rajashekhar M.Tech Assistant Professor

University of Maryland College Park

WP18, High-speed data recording Krzysztof Wrona, European XFEL

Bing Liu (speaker), Sheng WG, ietf97, November 2016

Monitoring Persistently Congested Internet Links

California Institute of Technology

Panagiotis Demestichas

RT2003, Montreal Niko Neufeld, CERN-EP & Univ. de Lausanne

Author: Daniel Guija Alcaraz

TURN-Lite: A Lightweight TURN Architecture and Specification (draft-wang-tram-turnlite-03) Aijun Wang (China Telecom) Bing Liu (Speaker) (Huawei) IETF.

Enterprise vCPE use case requirement

CSCI1600: Embedded and Real Time Software

“Predictive Mobile Networks”

DDoS Attack Detection under SDN Context

Data collection methodology and NM paradigms

IETF standard chances of IDNet in NM area

DetNet Information Model Consideration

Utility-Function based Resource Allocation for Adaptable Applications in Dynamic, Distributed Real-Time Systems Presenter: David Fleeman {

SURVIVABILITY IN IP-OVER-WDM NETWORKS (2)

EE 122: Lecture 22 (Overlay Networks)

Internet: Quality of Service Mechanisms at Application Level

Networks Hardware.

Machine Learning for Space Systems: Are We Ready?

Yining ZHAO Computer Network Information Center,

CSCI1600: Embedded and Real Time Software

Modeling IDS using hybrid intelligent systems

Requirements of Computing in Network

Control-Data Plane Separation

Morteza Kheirkhah University College London

Presentation transcript:

ML in the Routers: Learn from and Act on Network Traffic Bing ietf95, April

Contents A Router’s role in Network Traffic ML – Router-involved Learning – In-router Learning (our focus) Perception and Future Plan 2

Router-involved Learning Routers participant in the learning process #1 They act as training data source #2 They do the decision/prediction according to the learnt pattern/rules But they don’t do the training/learning Learning is mostly done in a central entity 3

#1: Router as a Reporter/Sensor Only acts as data source for the (central) ML application, reporting: – Traffic statistics: interface counter, IPFIX/NetFlow etc. – Router status: hardware status, device profiles etc. – etc. Use Cases: – Anti-DDoS (already in commercial use) – Network QoS estimation and optimization – etc. 4

#2: Router as a Decision/Prediction Agent The training is done in the Data Center/Cloud/SDN Controller/NMS server etc. (Off-line process) The routers apply the learnt rules to the traffic pass through them. (On-line process) Implication – One single router has the same Input/Output form as the training data in DC/Cloud/SDN Controller/NMS server etc. Use Case: – DPI – etc. 5

In-Router Learning Routers can learn from the traffic/local data to gain some knowledge or decision making capability (prediction) #3 Single router learning #4 Distributed learning (Ensemble Learning) This is our focus – Router is the “first hand” entity to handle the traffic Potential fast-loop to act on the traffic – Routers can sense the raw traffic continuously Raw traffic might contain more potential valuable information comparing to the extracted statistical/status data reported to the central node 6

#3: Single Router Learning One router only does its own learning task – Both training and prediction is done within the single router Only for router-local and lightweight prediction/decision – One router can only learn the single point knowledge – Restricted computing resource in routers 7

Use Case #3-1: Dynamic Traffic Alarm Threshold One router record traffic data in a per-interface manner, attributes might contain: – Time stamp – Input traffic rate – Output traffic rate After a certain of time, the router learns the data: – Anomaly analysis of input/output traffic rate layout on the time period – To sort out the normal traffic range in a certain time period 8

Use Case #3-1: Dynamic Traffic Alarm Threshold Set up the threshold parameter for traffic alarm based on the learnt results Dynamically adjust the threshold parameter based on the new data – Periodical anomaly analysis When interface traffic exceeds the threshold – Report the event to the NMS Benefit – Faster detection than learning at the central repository – Abstracted report to the central repository, offload the overall burden of the network level learning 9

Use Case #3-2: Load Balancing Traditional scheduling algorithms – Random, Round Robin etc. ML-based scheduling – Making real-time test of some KPI as feedback Server’s load Response time Connections count 10

#4: Distributed Learning among Routers Distributed learning for the same task – Each router learns its own data/passing traffic (Local training) – Ensemble all the routers’ learning results (Global ensemble) – Distribute the ensemble learning result to all routers (Global distribution) – One router acts on the traffic independently (Local decision) 11

Use Case #4-1: Distributed Traffic Anomaly Detection Separate the traffic analysis – For a core router or edge router, the traffic volume might be massive that it is difficult to do analysis on that router – The traffic is naturally separated to the downstream routers Anomaly detection on each downstream router – e.g. DDoS traffic detection Ensemble the detection result 12

Use Case #4-2: Dynamic Routing Policy Static path in a ring network – Always two alternative paths (CW&CCW) to achieve reliability – Traditional tech: one direction by default, the other for failover Dynamic path – Each router continuously sending probing packets to determine which direction is better – Ensemble each router’s result, sort out the proper direction – All router in the ring switched to the new direction – This could be done periodically 13

(Pre) Perception In-router learning might leverage more on – Unsupervised learning No labeled data for supervised learning in the traffic – Reinforcement learning Improve the learning task performance based on autonomic real- time network testing/monitoring (Reinforcement learning) More sophisticated autonomic testing technologies are needed Single router learning (#3) could be essential even there is central learning Distributed learning (#4) has the potential capability for autonomic optimization in a subset of routers (e.g., grouped by routing domain or path) 14

Future Plan Implementation/test data of the proposed use cases Explore Reinforcement Learning Router computational capability survey – What kind of learning task could be afforded by routers – Specifically, the resource and time consumption of the proposed use cases 15

Comments? Thank you! IETF95, Buenos Arise 16