New network traffic analysis tools focus on security

ktsdesign - stock.adobe.com

What is the role of machine learning in networking?

Analytics tools that incorporate machine learning can monitor network behavior, highlight anomalies, and improve performance management and security.

Machine learning is a branch of artificial intelligence that focuses on getting a computer to figure out how to solve a problem, instead of humans telling it how to do so.

In the case of networking, machine learning can be used to improve analytics, management and security. But, to fully understand how machine learning in networking can work, it's helpful to understand a couple of machine learning models.

Machine learning tools embody one or more computational models, such as neural networks and genetic algorithms.

Neural networks are inspired by the behavior of biological neurons. Artificial neurons -- software -- are connected to each other in layers. Each can send signals to neurons in the next layer along connections that are weighted based on input importance from a previous layer. Receiving signals of sufficient strength triggers a neuron to send its own signals. The machine learning algorithm tunes the signals sent and the weightings on the connections through a training process.

Genetic algorithms also draw inspiration from nature. Developers start with multiple methods of identifying the correct output based on input data. They then use machine learning to mimic what nature does: Weed out the least fit options, mix and mutate the survivors, and repeat the cycle to improve results over time.

Deep neural network
Layers within a neural network use signals to interact and ultimately reach an output.

Applying machine learning in networking

Machine-learning-driven analytics tools are great at learning what normal network behavior looks like and highlighting anomalies relative to it. This awareness drives the utility of machine learning in networking for three areas: performance management, health management and security.

Performance management. Tools equipped with machine learning can help both with moment-by-moment traffic management and with longer-range capacity planning and management. These tools can see if traffic is spiking in some places or failing to flow in others, and they can direct automated or manual management responses.

Machine-learning-driven analytics tools are great at learning what normal network behavior looks like and highlighting anomalies relative to it.

Machine-learning-driven route analytics, for example, might shift traffic from connections using an internet provider experiencing a brownout to connections using a different provider. Machine learning management tools might shift half of the traffic headed for a back-end system from one data center to another based on traffic conditions.

Tools with machine learning can project traffic trends and help guide future decisions, like in the following examples:

  • Is traffic in the data center shifting between rack to rack and rack unit to rack unit within a rack?
  • Is traffic shifting from large numbers of small-packet flows to smaller numbers of large-packet flows?

Answers to these questions can help determine what kinds of networks an IT team designs -- e.g., leaf-spine, switch-based mesh or host-based mesh.

Health management. Similarly, machine-learning-driven analytics can help spot when a network component is in the initial stages of failure and predict when those initial stages will appear for currently healthy nodes. Network equipment vendors are increasingly weaving analytics like this into management tools, especially those built around a SaaS offering.

Security. Spotting anomalies in network behavior can help cybersecurity teams find everything from a compromised hardware node to an employee going rogue on the company network. Machine learning techniques have vastly improved the behavioral threat analytics space, as well as distributed denial-of-service detection and remediation.

Next Steps

The role of automation in SD-WAN

This was last published in January 2019

Dig Deeper on Network management software and network analytics