The rise of the NetOps engineer SecOps and cybersecurity basics for NetOps teams

What is the role of machine learning in networking?

Incorporating machine learning tools into a network can help teams predict traffic flows, generate smarter analytics, monitor network health, tighten security measures and more.

Machine learning is a branch of AI focused on programming computers to solve problems without human involvement.

Network performance management, security and health management tools all use ML to power better analytics. ML-based tools are excellent at learning normal network behavior and highlighting relatively abnormal actions. The tools implement one or more computational models, such as neural networks or genetic algorithms, to improve a pattern-matching algorithm.

The behavior of biological neurons serves as the basis for neural networks. Artificial neurons, or software, connect to each other in layers. Neurons in one layer send signals to neurons in the next, along weighted connections. Receiving signals of sufficient strength triggers a neuron to send an output: normal or abnormal. Through a training process, the ML system tunes the sent signals and the weightings on the connections.

Genetic algorithms also draw inspiration from nature. Developers start with multiple methods of identifying the correct output based on input data and then use ML to mimic what nature does: weed out the least-fit methods, mix and mutate the survivors, and repeat the cycle to improve results over time.

Applying machine learning in networking

Network performance management

ML tools can help with moment-by-moment traffic management, as well as longer-range capacity planning and management. After the tools identify when traffic spikes in some paths or fails to flow in others, they can send automated or manual direct management responses to correct the error.

For example, ML-driven route analytics might take traffic from connections that use an ISP experiencing a brownout and shift the data to connections that use different providers. Management tools with ML could shift half the traffic headed to a back-end system from one data center to another based on traffic conditions.

ML-based tools are excellent at learning normal network behavior and highlighting relatively abnormal actions.

Network analytics

Beyond management in the moment, ML tools can also predict traffic trends in ways that help guide future decisions. Network professionals should evaluate situations where it could be beneficial to use a ML tool to determine traffic flows, such as in the following examples:

  • Is traffic in the data center shifting from rack-to-rack to server-to-server within a rack?
  • Is traffic shifting from large numbers of small-packet flows to smaller numbers of large-packet flows?

Spotting trends can help IT determine what kinds of networks to design, such as leaf-spine, switch-based mesh or host-based mesh. The more data ML tools have access to across all segments of a network, the more detailed their analysis and recommendations can be. ML tools are especially helpful with root cause analysis.

Combining ML-driven analytics with other AI tools, like natural language processing, can make interacting with the systems easier and faster. Network engineers can create virtual assistants to help network administrators diagnose and fix network issues.

Image depicting deep neural network
Layers within a neural network use signals to interact and ultimately reach an output.

Health management

ML-driven analytics can detect when a network component is in the initial stages of failure and predict when those initial stages will appear for currently healthy nodes. Network equipment vendors are increasingly weaving analytics like this into their management tools, especially tools built around SaaS offerings.

Network security

ML has enormous value in network security. ML tools can analyze behavior in any kind of network entity. ML techniques vastly improve behavioral threat analytics by reducing the occurrence of false positive reports. It becomes possible to more easily spot attacks that span several levels of enterprise activity, such as email phishing, account compromise, Layer 7 attacks on web applications and OS-level network compromise.

Spotting anomalies in network behavior can help network security teams find everything from a compromised hardware node to a rogue employee on the company network. ML-powered tools are also useful in detection and remediation of DDoS attacks.

This was last published in March 2022

Dig Deeper on Network management software and network analytics