Machine Learning for Networking

Common reinforced concrete (RC) damage includes exposed rebars, spalling, and efflorescence, which not only affect the aesthetics of facilities but also cause structural degradation over time, setting the stage for further severe RC degradation that would reduce the strength and durability of the structure. Damage to RC facilities occurs because of their natural deterioration. Machine learning can be employed to effectively identify various damage areas, and the findings can serve as a reference to management units in the task of ensuring the structural safety of facilities. In this study, a damage image was used to evaluate image classification capabilities achievable through maximum likelihood and random forest supervised machine learning methods. With these methods, accuracies of 98.6% and 96% were achieved for RC damage classification, respectively. The results of this study demonstrate that the use of machine learning can yield favorable results for damage image classification.

In Software-Defined Networking (SDN), the controller plane is an essential component in managing network traffic because of its global knowledge of the network and its management applications. However, an attacker might attempt to direct malicious traffic towards the controller, paralyzing the entire network. In this work, a One-Dimensional Convolutional Neural Network (1D-CNN) is used to protect the controller evaluating entropy information. Therefore, the CICDDoS2019 dataset is used to investigate the proposed approach to train and evaluate the performance of the model and then examine the effectiveness of the proposal in the SDN environment. The experimental results manifest that the proposed approach achieves very high enhancements in terms of accuracy, precision, recall, F1 score, and Receiver Operating Characteristic (ROC) for the detection of Distributed Denial of Service (DDoS) attacks compared to one of the benchmarking state of the art approaches.

Simulations have shown multi-armed bandit (MAB) algorithms to be suitable for optimizing channel hopping in IEEE 802.15.4 networks. Thus far, however, there appears to be no practical implementation of this approach, presumably because typical IEEE 802.15.4 nodes lack both floating-point unit (FPUs) and big amounts of random-access memory (RAM). In this paper, we propose fixed-point arithmetic and implementation shortcuts to circumvent these constraints. We focus on two specific multi-armed bandit (MAB) algorithms, namely sliding-window upper confidence bound (SW-UCB) and its predecessor discounted UCB (D-UCB). SW-UCB is particularly promising since it requires only tractable fixed-point arithmetic, while yielding high packet delivery ratios (PDRs) according to prior work. D-UCB, on the other hand, additionally opens up an implementation shortcut that saves RAM. Our implementations of SW-UCB and D-UCB are integrated into Contiki-NG, yet can also be used out-of-tree in a simulation environment. We show our SW-UCB (resp. D-UCB) implementation to attain PDRs of 98.6% (resp. 99.2%) under appropriate parameter settings in the context of intra-body communication. Also, we demonstrate D-UCB to incur a moderate RAM, program memory, and processing overhead on CC2538 SoCs, whereas we find SW-UCB too RAM-consuming for these chips. Finally, using Monte Carlo simulations, we show our SW-UCB and D-UCB implementations to perform equally well as floating-point counterparts.

Dedicated network connections are being increasingly deployed in cloud, centralized and edge computing and data infrastructures, whose throughput profiles are critical indicators of the underlying data transfer performance. Due to the cost and disruptions to physical infrastructures, network emulators, such as Mininet, are often used to generate measurements needed to estimate throughput profiles, typically expressed as a function of the connection round trip time. The profiles estimated using measurements from such emulated networks are usually inaccurate for high bandwidth and high latency connections, since they do not accurately reflect the critical network transport dynamics mainly due to computing and memory constraints of the host. We present a machine learning (ML) method to estimate the throughput profiles using emulation measurements to closely match the testbed and production network profiles. In particular, we propose a micro Kernel Network (mKN) that provides baseline throughput measurements on the host running Mininet emulations, which are used to learn a regression map that converts them to the corresponding testbed measurement estimates. Once initially learned, this map is applied to measurements from subsequent network emulations on the same host. We present experimental measurements to illustrate this approach, and derive generalization equations for the proposed mKN-ML method. Using a four-site scenario emulation, we show the effectiveness of this method in providing accurate concave throughput profiles from inaccurate convex or non-smooth ones indicated by Mininet emulation.

Connected devices are penetrating markets with an unprecedented speed. Networks that carry Internet of Things (IoT) traffic need highly adaptable tools for traffic analysis to detect and suppress malicious agents. This has prompted researchers to explore the various benefits Machine Learning (ML) has to offer. By developing models to detect certain kinds of malicious traffic accurately, ML approach will allow for better detection capabilities if implemented in an Intrusion Detection System (IDS) or next-generation firewalls. This research paper focuses on harnessing features of ML in exploring the network traffic generated by infected IoT devices. The IoT-23 dataset was used and preprocessed into three different datasets for further exploration using various ML algorithms. This enhances the detection of malicious traffic, thereby improving the security in the IoT ecosystem. The ML algorithms implemented in this paper included: Logistic Regression, Decision Tree, Random Forest Classifier, XGBoost and Artificial Neural Network. This research was able to achieve almost 100% accuracy across all the three sub-datasets.

An Internet of Things (IoT) network is characterized by ad-hoc connectivity and varying traffic patterns where the routing topology evolves over time to account for mobility. In an IoT network, there can be an overwhelming number of massively connected devices, all of which must be able to communicate to each other with low latency to provide a positive user experience. Various protocols exist to allow for this connectivity, and are vulnerable to attack due to their simple nature. These attacks seek to disrupt or deny communications in the network by taking advantage of these vulnerabilities. These attacks include Blackhole, Grayhole, Flooding and Scheduling attacks. Intrusion Detection Systems (IDS) to prevent these routing attacks exist, and have begun to incorporate Deep Learning (DL) to bring near perfect accuracy of detection of attackers. The DL approach opens up the IDS to the possibility of being the victim of an Adversarial Machine Learning attack. We explore the case of a novel evasion attack applied to a Wireless Sensor Network (WSN) dataset for subversion of the IDS. Additionally, we explore possible mitigations for the proposed evasion attack, through adversarial example training, outlier detection, and a combination of the two. By using the combination, we are able to reduce the possible attack space by nearly two orders of magnitude.

Understanding flow changes in network traffic has great importance in designing and building robust networking infrastructure. Recent efforts from industry and academia have led to the development of monitoring tools that are capable of collecting real-time flow data, predicting future traffic patterns, and mirroring packet headers. These monitoring tools, however, require offline analysis of the data to understand the big versus small flows and recognize congestion hot spots in the network, which is still an unfilled gap in research. In this study, we proposed an innovative unsupervised clustering approach, DynamicDeepFlow, for network traffic pattern clustering. The DynamicDeepFlow can recognize unseen network traffic patterns based on the analysis of the rapid flow changes from the historical data. The proposed method consists of a deep learning model, variational autoencoder, and a shallow learning model, k-means++. The variational autoencoder is used to compress and extract the most useful features from the flow inputs. The compressed and extracted features then serve as input-output pairs to k-means++. The k-means++ explores the structure hidden in these features and then uses them to cluster the network traffic patterns. To the best of our knowledge, this is one of the first attempts to apply a real-time network clustering approach to monitor network operations. The real-world network flow data from Energy Sciences Network (a network serving the U.S. Department of Energy to support U.S. scientific research) was utilized to verify the performance of the proposed approach in network traffic pattern clustering. The verification results show that the proposed method is able to distinguish anomalous network traffic patterns from normal patterns, and thereby trigger an anomaly flag.

The activity and event network (AEN) is a new knowledge graph used to develop and maintain a model for a whole network under monitoring and the relationships between the different network entities as they change through time. In this paper, we show how the AEN graph model can be used for threat identification by introducing an unsupervised anomaly detection model that leverages the probabilistic characteristics of the graph and the bits of meta rarity metric. A series of statistical features and underlying distributions are computed based on the graphical model of network activity and events. The anomaly scores of events are calculated by applying the bits of meta rarity to the aforementioned feature model and underlying distributions. Experimental evaluation is conducted a public cloud-based IDS yielding encouraging performance results.

One of the key features in software-defined networking (SDN) with a multi-controller environment is the controller placement problem (CPP) that aims to find the number of controllers, controller placements and controller assignment. Solving the CPP in software-defined multihop wireless networking (SDMWN) has a significant impact on the generated control overhead. In SDMWN, devices use unreliable and shared multihop wireless communications without the help of any infrastructure, such as a base station or an access point. Various algorithms have been proposed to find near-optimal solutions for the CPP. Deep reinforcement learning (DRL) becomes popular in various fields and a few studies have also investigated using DRL for the CPP in wired networks and infrastructure-based wireless networks. However, DRL has not been researched for the CPP in SDMWN. Hence, in this paper, the potential of using DRL to the CPP in SDMWN for a given number of controllers is investigated to minimize the generated control overhead referred to as the network cost. The results show that the adapted DRL is able to find controller placements and assign the controllers to devices such that the obtained network cost and the average number of hops among devices and their assigned controllers, as well as the average number of hops among different controllers in the network, are close to those obtained from the optimal solutions.

Disasters like floods, avalanches, earthquakes are one of the main causes of death in human history. Search and rescue operations use drones and wireless communication techniques to scan and find the location of victims under rubble. Renowned for its resilience to the different causes of signal attenuation, LoRa wireless communication has been considered as the best candidate to employ for this type of operations. Thus, in this paper, we present a solution based on LoRa radio parameters and Artificial Neural Networks to estimate the distance between the rescue drone and the victim. By using real measurements that represent an actual search and rescue operation, we have achieved distance estimations (between 0 to 120 m) with less than 5% mean error. Add to this, our results, which are based on various LoRa radio parameters, show an improvement of 78% over the mechanisms that use RSSI as the only parameter.