IETF Logo Mail Archive

Re: [Nmlrg] Machine Learning in network - solicitation for use cases

Sheng Jiang <jiangsheng@huawei.com> Mon, 07 September 2015 02:26 UTC

Return-Path: <jiangsheng@huawei.com>
X-Original-To: nmlrg@ietfa.amsl.com
Delivered-To: nmlrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 287711A9120 for <nmlrg@ietfa.amsl.com>; Sun, 6 Sep 2015 19:26:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RBXjbkJs9wr7 for <nmlrg@ietfa.amsl.com>; Sun, 6 Sep 2015 19:26:29 -0700 (PDT)
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [119.145.14.65]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E5331ACEFA for <nmlrg@irtf.org>; Sun, 6 Sep 2015 19:26:29 -0700 (PDT)
Received: from 172.24.1.48 (EHLO nkgeml407-hub.china.huawei.com) ([172.24.1.48]) by szxrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CRW85412; Mon, 07 Sep 2015 10:26:16 +0800 (CST)
Received: from NKGEML512-MBX.china.huawei.com ([169.254.7.33]) by nkgeml407-hub.china.huawei.com ([10.98.56.38]) with mapi id 14.03.0235.001; Mon, 7 Sep 2015 10:26:10 +0800
From: Sheng Jiang <jiangsheng@huawei.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Dacheng Zhang <dacheng.zdc@alibaba-inc.com>, "nmlrg@irtf.org" <nmlrg@irtf.org>
Thread-Topic: [Nmlrg] Machine Learning in network - solicitation for use cases
Thread-Index: AQHQ48ASOhiRuf+FmUuBbNfoBoELfZ4ludyggAE2+AD//3q3AIAIZytggAATEvGAAFOjcIAANCOAgADn5XA=
Date: Mon, 7 Sep 2015 02:26:10 +0000
Message-ID: <5D36713D8A4E7348A7E10DF7437A4B927BB2D65D@nkgeml512-mbx.china.huawei.com>
References: <D20A251E.25E52%dacheng.zdc@alibaba-inc.com> <5D36713D8A4E7348A7E10DF7437A4B927BB2B192@nkgeml512-mbx.china.huawei.com> <D20B2C03.25EC7%dacheng.zdc@alibaba-inc.com> <5D36713D8A4E7348A7E10DF7437A4B927BB2D062@nkgeml512-mbx.china.huawei.com> <D211D160.26495%dacheng.zdc@alibaba-inc.com> <D211D7F2.2651C%dacheng.zdc@alibaba-inc.com> <5D36713D8A4E7348A7E10DF7437A4B927BB2D300@nkgeml512-mbx.china.huawei.com> <55EC9987.9030002@gmail.com>
In-Reply-To: <55EC9987.9030002@gmail.com>
Accept-Language: en-GB, zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.99.197]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <http://mailarchive.ietf.org/arch/msg/nmlrg/IT0UPLxgv48i2zgnQRpk7LFfFHo>
Subject: Re: [Nmlrg] Machine Learning in network - solicitation for use cases
X-BeenThere: nmlrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Network Machine Learning Research Group <nmlrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/nmlrg>, <mailto:nmlrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nmlrg/>
List-Post: <mailto:nmlrg@irtf.org>
List-Help: <mailto:nmlrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/nmlrg>, <mailto:nmlrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Sep 2015 02:26:32 -0000


>>> DDoS and APT are very active research topics. Application layer DDoS
>>> attacks are more difficult to detect than layer 4 DDoS attacks. In many
>>> cases, the application layer DDoS does not introduce large amount
>>> traffics. However, by using big data and data mining tech, it is possible
>>> to find out the clues of such attacks.
>>
>> Hi, Dacheng,
>>
>> Applying machine learning in DDoS protection is an interest use case. For my
>understanding, the machine would learn the potential attack behaviors, am I
>right?
>>
>> If yes, I have two questions: a) does the machine learning has the possibility
>to learn/identify new attack behaviors, which was not recognized before? If
>yes, what is the working principles? b) is it possible for autonomic reaction
>from the network operational perspective after detect such DDoS attack?
>Give the machine learning may not be accurate, my guess is human
>intervention is needed.
>
>I suppose this is in some ways similar to spam processing in email. For
>example,
>a Bayesian spam filter is surprisingly good, but sometimes makes mistakes, so
>human training to correct false positives and false negatives is essential.

Hi, Brian,

I believe there is feedback-style training in spam processing. But what do you mean by "human" training? Do you mean the feedback is decided and feed by human administrators? I believe this could be done by machine learning mechanisms.

Actually, spam filtering was one of the earliest network-relevant area that starts to use machine learning. It would worth to study the machine learning applications in spam filtering. Or we could invite some expert in this area to join nmlrg discussion.

Best regards,

Sheng

>How can
>human training be achieved for a real-time case like DDOS?
>
>   Brian
>
>>
>> Best regards,
>>
>> Sheng
>>
>>> There were some related discussions in Dots. If you are interested, I
>>> could find them out later.
>>>
>>> _______________________________________________
>>> nmlrg mailing list
>>> nmlrg@irtf.org
>>> https://www.irtf.org/mailman/listinfo/nmlrg
>> _______________________________________________
>> nmlrg mailing list
>> nmlrg@irtf.org
>> https://www.irtf.org/mailman/listinfo/nmlrg
>>

v2.8.7 | Report a Bug | By Email