There was only one new entrant in Gartner’s latest Emerging Technologies Hype Cycle report, but it’s a significant one with mind-blowing potential: Machine Learning.
Machine learning is the science of getting computers to act without being explicitly programmed. That’s the definition taken from Coursera’s machine learning course (Coursera itself having been founded by Andrew Ng, a leader in the machine learning field).
Machine Learning can also refer to the ability for powerful computers to uncover hidden information and patterns within large datasets through complex mathematics and algorithms. This is also called “Deep Learning.” It could also enable us to predict behaviors.
What Has It Got To Do With Networking?
Many networking and software vendors have been working on machine-learning techniques for years.
For example, David Meyer (Chief Scientist & CTO at Brocade and formerly at Cisco) evangelized machine-learning at an IETF forum in July 2015. You can watch his fascinating presentation here. He’s also written about the subject on Packet Pushers.
Some network security firms, including FireEye and Lastline, claim their software detects risks via machine learning. I am sure there are start-ups and young companies investing in machine learning as applied to networking (Preferred Networks for example). Please feel free to comment below if you know of other machine-learning solutions.
I actually came across Cisco’s take on machine learning when I worked there. Cisco Fellow JP Vasseur spoke about “Self-Learning Networks” at Cisco Live 2015 in Milan.
Machine Learning Use Cases
Hackers are getting more subtle, and malware can be hard to detect. Skyhigh Networks recently reported that some attacks used Twitter to exfiltrate data 140 characters at a time, and another that encoded stolen data into videos that were uploaded to YouTube.
Threats are evolving all the time and while our traditional signature-based security approach is to look for known vulnerabilities, we should instead look for anomalous behaviors we have not come across before. We need machines to create a model of the ‘normal’ and detect outliers through machine-learning.
Change success prediction
David Meyer from Brocade suggested we could analyze changes to predict possible behavior:
- This ACL/Routing/QoS change will cause event <X> with probability P
- If you configure app <X> with params <Y> there is prob P of congestion
I love this idea – especially if this was integrated into a change management platform. Assessing the risk of a change is usually based on experience and gut feeling. Imagine if changes could be automatically approved or rejected depending of the probability of the change success and expected impact. This could potentially cut the time to implement changes (and no more 3-hour change control conference calls).
Cisco suggested that its Self-Learning Network could potentially identify misbehaving networking devices (caused by software defects and hardware faults) that could not be identified with traditional tools. Imagine a Cisco feature that can detect Cisco bugs automatically! We’d better hope this feature is not bugged itself.
WAN path optimization
A machine-learning network could detect seasonality. It could predict when there will be peak traffic (for example on a Monday morning) and dynamically anticipate congestion and take proactive measure to divert traffic onto an alternate path.
Again this highlights the potential ability of machine-learning to understand what a normal behavior is, to detect anomalies, to tell us what the root cause of the anomaly might be, and to take action.
Is This Real Or Just A Concept?
Cisco’s Self Learning Solution has been presented at Cisco Live a few times and the company’s new CEO Chuck Robbins even mentioned, in his first major public appearance last week, that the Internet of Things would be secured through machine learning.
But where is the detail? Nothing has been published yet. Likewise from the other vendors such as Brocade and Juniper.
While machine learning is exciting and has lots of potential, it also raises lots of questions: How do you anticipate mega traffic bursts – i.e. a new Apple iOS release? Would a machine-learning system generate many false positives? How complex would it be to configure and maintain? Could machines be tasked to automatically take action following an anomaly?
I’ll keep an eye on how this market evolves over the next few years.