putilov_denis - stock.adobe.com
AI technology is forecast to affect and improve many aspects of IT operations. A prime application of AI is using it to help run networks.
Let's examine some current examples, forecast how AI will improve networks and discuss what an AI-driven network should look like.
What is AI?
AI is defined as a technology, typically a computer, that imitates intelligent human behavior. AI includes many aspects, with machine learning (ML) as the most popular subset. Below are the four main types of ML:
The first three types are those most frequently used in networking. The goal is to develop algorithms that enable computers to act without being programmed explicitly.
Current applications of AI and ML
The reality is that most organizations are just beginning to consider AI for network operations. Other segments of the IT industry, however, are rapidly adopting ML in IT operations. In fact, adoption has grown enough that a name has emerged for the practice of deploying and maintaining ML systems: MLOps.
Log analysis is perhaps the most obvious application of AI and ML. Log messages use formats that easily break into labeled elements, as shown for the syslog message below.
Log analysis can identify associations within the log data that may not be otherwise obvious. For example, one event might always trigger a sequence of other events within a short time. Or a server could start talking with other servers using a different protocol, which potentially indicates the lateral spread of malware.
Log analysis products incorporate ML to provide advanced event correlation, identify hidden patterns and recognize patterns learned from IT staff.
AI technology aids SecOps in identifying security threats as they happen, enabling instantaneous response to intrusions. It incorporates data sources, like behavioral analysis, intrusion detection system and intrusion prevention system data, DDoS attack mitigation, phishing attack identification and endpoint classification.
Behavioral analysis uses network flow data to build a model of known communication paths for server-to-server, client-to-server and client-to-client traffic. AI and ML tools quickly identify anomalous network traffic. In this case, a supervised ML algorithm identifies known-good (allowed) traffic. Then, it can highlight any questionable network flows for inspection or automatically deny traffic.
An advantage of using AI in SecOps is to improve reaction times. Malware developers use many methods to hide their presence, and rule-based systems aren't fast enough to keep IT systems safe. Only sophisticated AI techniques are suitable for detecting zero-day events and stealthy threats.
Wireless networks also see the benefits of AI and ML. For example, organizations are already deploying AI and ML for cellular radio access network spectrum management and large Wi-Fi network management. We can expect to see more advances in this area over time.
The future AI-driven network
What could the future AI-driven network look like? It's not difficult to extrapolate from current systems to powerful new systems.
AI processing could power a self-service chatbot that uses natural language processing to understand and reply to queries, such as "Why is my <application name> slow today?" The chatbot analyzes the network path from an application to the app server and the application's performance before replying with its findings. Its analysis could identify a slow application, pinpoint a network problem or report that an admin's perception is incorrect. A significant benefit is AI's ability to identify multifaceted problems based on correlating data that admins didn't anticipate.
An AI-based system could also automatically post notices in group collaboration platforms that an application server is experiencing problems or that the network in a certain location is affecting application performance for some users.
We can also expect to see AI and ML applied to traffic engineering within ISP networks, software-defined WANs and digital experience monitoring, as well as to help manage security in Secure Access Service Edge networks. It will correlate data that a traditional network management system doesn't handle, such as application and network performance metrics with product sales.
It's simply a matter of time before we start to see AI and ML applied to more aspects of networking.