2. INDUSTRY EXPERTS SPEAK
• You might be surprised but what is going to drive
innovation in the enterprise and public cloud is machine
learning
--- Bill Coughran, Sequoia Capital
• Machine Learning is the way we are going to automate
your automation
--- Chris Wright, RedHat CTO
3. WHAT IS MACHINE LEARNING
• The complexity in traditional computer programming is in the
code (programs that people write). In machine learning, learning
algorithms are in principle simple and the complexity (structure) is
in the data. Is there a way that we can automatically learn that
structure? That is what is at the heart of machine learning.
-- Andrew Ng
4. WHAT IS MACHINE LEARNING
Traditional
Programming
Machine
Learning
Data
Program
Output
Data
Output/Events/Nill
Program
5. MACHINE LEARNING TASKS
• Supervised learning is regarded as a machine learning task of inferring a function
from labelled training data.
• Unsupervised learning: This is regarded as the machine learning task of inferring a
function to describe hidden structures from unlabelled data.
• Reinforcement learning is an area of machine learning that is linked to how software
agents take actions in the environment so as to maximise some notion of
cumulative reward.
9. KNOWLEDGE PLANE FOR
NETWORKS
• Defined by Clark D and others, in 2003
• Subsequently re-defined by Albert Mestres et. al.,
Clark, D., et al. ”A knowledge plane for the internet,” Proceedings of the 2003
conference on Applications, technologies, architectures, and protocols for computer
communications. ACM, 2003
Albert Mestres., et al. “Knowledge-Defined Networking”, CoRR, 2016.
10. COMPONENTS OF KDN
• The PROBLEM: Networks are distributed and each node has partial view of network
• What made this happen ? From 2003 to 20017 ?
• Streaming telemetry from network devices, NetFlow, IPFIX among others
• Network data analytics platforms
• Centralized controller architecture for network, defined via SDN or it variants
14. BUILDING OPTIMIZED NETWORK
• Big enterprise typically setup a overlay networks, using some encapsulation
technique
• Underlay networks are owned by service providers
• Now if there are multiple links connecting to underlay network, how to make best
choice ?
16. HOW TO OPTIMIZE
• How can we detect which link the overlay network can take
• Can system learn the underlay network delay/reliability characteristics ?
• If one can predict the network parameters for underlay (which is not owned by
overlay), right policies can be applied
• Can perform many actions like, which link best for video services, database services
etc.
18. CONFIG AUDITS
• A system that can learn the network configuration
• Apply best practice to the configs
• Can audit configs
• For example, if the system can learn what is encrypted traffic, can do security audit
• Can recognize configs that caused misbehavior in network
19. CONFIG ERRORS
Users in green VLAN, cash registers in blue VLAN
Wrong config, cash register in wrong VLAN
20. CONFIG ERRORS
• More common in IOT and converged networks, due to shear numbers
• Can learn the traffic and identify the device
• Can alert wrong config
• Can correct the wrong config
• Helps in troubleshooting
22. NETWORK ANOMALY DETECTION
• A network anomaly is a sudden and short-lived deviation from the normal operation
of the network
• Anomaly caused due to an attack on network, malware flowing in network or pure
accident such as failure
• An intruder attacks the network
• Malware replicating in the network
• Interface down and traffic surges on backup link
• Bug that causes device to crash!
• Quick detection is needed to initiate a timely response,
23.
24. CISCO ETA
• ETA (Encrypted Traffic Analytics)
• Detect malware based on traffic pattern, rather than traffic content
• “Signature based” malware detection fails if malware is encrypted
• Need to identify the traffic pattern for a malware, now just look out for such a traffic
in your network
26. CISCO SLN
• SLN is fundamentally a hyper-distributed analytics platform ...
• Putting together analytics and networking ...
• Goldmine of untouched data on networking gear (sensing)
• Network learns and computes models on premise (analytics)
• The Network adapts, modifies its behavior (control)
• SLN for Security: attacks are incredibly sophisticated and targeted, exfiltration of
data being a major concern, requiring a next-generation approach => Stealthwatch
Learning Networks
29. OPEN SOURCE FRAMEWORK
• open source frame work from google https://www.tensorflow.org
• From facebook http://torch.ch
• Open source libraries
• http://scikit-learn.org/stable
• http://spark.apache.org/mllib/
• More on http://opensourceforu.com/2017/01/best-open-source-machine-learning-
frameworks/