Introduce the basic concept of networking model, including the OSI model and TCP/IP model.
Also introduce basic ideas/function in networking, such as routing, classification, security..etc
2. Who Am I
◦ Hung-Wei Chiu (hwchiu)
◦ MTS @ Open Networking Foundation
◦ Microsoft MVP
◦ Cloud and Datacenter Management
◦ Blog
◦ https://hwchiu.com
◦ Co-Organizer of SDNDS-TW/CNTUG
6. Outline
◦ Networking Model Introduction
◦ How AI and Networking work together ?
◦ Traffic Classification
◦ Network Security
◦ Performance
7.
8. Do You Know
◦ What happens when you key in `google.com` in browser
9. Simple Answer
◦ DNS request
◦ What is the IP address of google.com
◦ DNS reply
◦ Google.com is 172.217.160.110
◦ HTTP request
◦ Send HTTP request to 172.217.160.110
◦ HTTP reply
◦ Get HTTP reply from 172.217.160.110
14. Layer4
◦ TCP/UDP
◦ TCP
◦ Transmission Control Protocol
◦ Reliable Protocol
◦ TCP guarantees the recipient will receive the packets in order by numbering them.
◦ UDP
◦ User Datagram Protocol
◦ Throws all the error-checking stuff out
◦ Is used when speed is desirable and error correction is not necessary.
25. Laptop
Wifi
Router
Ptt.cc (Real World)
Request 1
Reply 1
Building
Gateway
CHT
Router
NTU
Gateway
CS Server PTT Server
Request 2 Request 3 Request n
Reply 1Reply 1Reply n
IP
MAC
IP
MAC
IP
MAC
IP
MAC
IP
MAC
IP
MAC
DATA
TCP
IP
MAC
DATA
TCP
31. AI & Networking
◦ What kind of the services/functions we used in the networking area ?
◦ Traffic Classification
◦ Security
◦ Performance
◦ Management
32. Traffic Classification
◦ Could We handle packet by its application?
◦ Layer7 (Apps)
◦ Difficult to identify
◦ No rules
◦ Maybe some pattern ?
35. Traffic Classification
◦ Payload-based traffic classification
◦ Higher Computation
◦ Storage Cost
◦ Encryption
◦ Host behavior-based traffic classification
◦ Point to the edge of the network and examining traffic between hosts
◦ How many hosts are contacted
◦ How many port different ports are involved
◦ Flow Feature-based traffic classification
◦ Consider a communication session, which consists of a pair of complete flows.
36. Paper Study
◦ QoS-aware Traffic Classification Architecture Using Machine Learning and Deep
Packet Inspection in SDNs
◦ MultiClassifier: A combination of DPI and ML for application-layer classification in SDN
◦ On Internet Traffic Classification: A Two-Phased Machine Learning Approach
◦ ...etc
37.
38. Security (Simple Approach)
◦ Rule-Based Rules
◦ Iptables (Linux)
◦ Based on packets header
◦ Layer2
◦ MAC address
◦ Layer3
◦ IPv4, IPv6
◦ Layer4
◦ TCP/UDP
◦ Port number
39. Simple Approach
◦ Drop all SSH connection (port 22)
◦ 22 is default, user can change
◦ Drop HTTP connection (port 80)
◦ 80 is default, user can change as well
◦ Drop source IP (1.2.3.4)
◦ User can change source IP by VPN/Proxy
◦ Drop destination IP
◦ Drop destination Port
41. Security
◦ Misuse-based intrusion detection
◦ Monitor the network and match the network activities against the expected behavior of an
attack
◦ Anomaly-based intrusion detection
◦ Flow feature-based
◦ Payload-based anomaly detection
◦ Deep and reinforcement learning for intrusion detection
◦ Hybrid intrusion detection
https://jisajournal.springeropen.com/articles/10.1186/s13174-018-0087-2#Sec49
42. Paper Study
◦ Artificial Neural Networks for Misuse Detection
◦ HYBRID NEURAL NETWORK AND C4.5 FOR MISUSE DETECTION
◦ Modeling intrusion detection system using hybrid intelligent systems
◦ Network Anomaly Detection by Cascading K-Means Clustering and C4.5 Decision Tree
algorithm
◦ …