IETF Logo Mail Archive

Re: [Nmlrg] Machine Learning in network - solicitation for use cases

Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 06 September 2015 19:52 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: nmlrg@ietfa.amsl.com
Delivered-To: nmlrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 917331A92F0 for <nmlrg@ietfa.amsl.com>; Sun, 6 Sep 2015 12:52:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mlgwJhj1p7Ot for <nmlrg@ietfa.amsl.com>; Sun, 6 Sep 2015 12:52:51 -0700 (PDT)
Received: from mail-pa0-x22e.google.com (mail-pa0-x22e.google.com [IPv6:2607:f8b0:400e:c03::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 046C21B2DEB for <nmlrg@irtf.org>; Sun, 6 Sep 2015 12:52:51 -0700 (PDT)
Received: by padhy16 with SMTP id hy16so72195782pad.1 for <nmlrg@irtf.org>; Sun, 06 Sep 2015 12:52:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-type:content-transfer-encoding; bh=QuoA84KnH5Vi+eicyxRTf2spMiGnx18DJ8+FctXhoQE=; b=FiLgZDqkCtIlyIxrX2OLH3gQH5GOHFR1/8P622/C1HQ8crXVyZlrdR3n1jCovs/nZg 6f2j8m3s6IYq8jZbSV/7RHL1kZiJOmmauebKUTkZv2aKt7cNWRw67pKvl59OZTVsoJ1S BCFhDih73pPMd2TdDRiWU1wx+hrLzJKfJXqM8v0Ch9H2jHu0paJfuC2+n6eOQElVQzDf 55DVEVtr1MqF1UpRxF+Mk6FITwxi2xLo9XpOOnlgsdMI7lsbYJvLHgIwim92KCqnDAcx 4N1DH6SNknevyE6YU23FYIM4JNsqYMgsfWQczsV4HTLP2D8ya0MwqMrkl+xDhdYbsH04 4Lvw==
X-Received: by 10.66.227.98 with SMTP id rz2mr37374460pac.16.1441569170649; Sun, 06 Sep 2015 12:52:50 -0700 (PDT)
Received: from [192.168.178.25] ([163.47.222.171]) by smtp.gmail.com with ESMTPSA id fl6sm9415938pab.12.2015.09.06.12.52.47 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 06 Sep 2015 12:52:49 -0700 (PDT)
To: Sheng Jiang <jiangsheng@huawei.com>, Dacheng Zhang <dacheng.zdc@alibaba-inc.com>, "nmlrg@irtf.org" <nmlrg@irtf.org>
References: <D20A251E.25E52%dacheng.zdc@alibaba-inc.com> <5D36713D8A4E7348A7E10DF7437A4B927BB2B192@nkgeml512-mbx.china.huawei.com> <D20B2C03.25EC7%dacheng.zdc@alibaba-inc.com> <5D36713D8A4E7348A7E10DF7437A4B927BB2D062@nkgeml512-mbx.china.huawei.com> <D211D160.26495%dacheng.zdc@alibaba-inc.com> <D211D7F2.2651C%dacheng.zdc@alibaba-inc.com> <5D36713D8A4E7348A7E10DF7437A4B927BB2D300@nkgeml512-mbx.china.huawei.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <55EC9987.9030002@gmail.com>
Date: Mon, 7 Sep 2015 07:52:39 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <5D36713D8A4E7348A7E10DF7437A4B927BB2D300@nkgeml512-mbx.china.huawei.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/nmlrg/QQdgv9T2WFW1I9BMYT0As32hpqk>
Subject: Re: [Nmlrg] Machine Learning in network - solicitation for use cases
X-BeenThere: nmlrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Network Machine Learning Research Group <nmlrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/nmlrg>, <mailto:nmlrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nmlrg/>
List-Post: <mailto:nmlrg@irtf.org>
List-Help: <mailto:nmlrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/nmlrg>, <mailto:nmlrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Sep 2015 19:52:52 -0000

On 06/09/2015 21:01, Sheng Jiang wrote:
>> Some more detailed introduction.
>>
>> DDoS and APT are very active research topics. Application layer DDoS
>> attacks are more difficult to detect than layer 4 DDoS attacks. In many
>> cases, the application layer DDoS does not introduce large amount
>> traffics. However, by using big data and data mining tech, it is possible
>> to find out the clues of such attacks.
> 
> Hi, Dacheng,
> 
> Applying machine learning in DDoS protection is an interest use case. For my understanding, the machine would learn the potential attack behaviors, am I right?
> 
> If yes, I have two questions: a) does the machine learning has the possibility to learn/identify new attack behaviors, which was not recognized before? If yes, what is the working principles? b) is it possible for autonomic reaction from the network operational perspective after detect such DDoS attack? Give the machine learning may not be accurate, my guess is human intervention is needed.

I suppose this is in some ways similar to spam processing in email. For example,
a Bayesian spam filter is surprisingly good, but sometimes makes mistakes, so human
training to correct false positives and false negatives is essential. How can
human training be achieved for a real-time case like DDOS?

   Brian

> 
> Best regards,
> 
> Sheng
> 
>> There were some related discussions in Dots. If you are interested, I
>> could find them out later.
>>
>> _______________________________________________
>> nmlrg mailing list
>> nmlrg@irtf.org
>> https://www.irtf.org/mailman/listinfo/nmlrg
> _______________________________________________
> nmlrg mailing list
> nmlrg@irtf.org
> https://www.irtf.org/mailman/listinfo/nmlrg
>

v2.8.7 | Report a Bug | By Email