IEEE ICNP Workshop on Machine Learning in Computer Networks (NetworkML 2016)
Nov. 8, 2016, Singapore.


Venue: Room - Evans, 2nd floor, Kent Ridge Guild House (KRGH), 9 Kent Ridge Drive, Singapore 119241

(8:30–8:45) Opening

(8:45–9:45) Keynote: Machine Learning and Network Threat Detection: Hype, Criticism, and Promise

Speaker: David McGrew (Cisco), Cisco Fellow.

Abstract: Can threats and malware be detected by applying machine learning to network data? There is much promise in this approach, but there is also skepticism from some parts of the research community and some security practitioners. In this presentation, we argue that the both the critics and the advocates of ML network threat detection are correct, in that naive applications of ML to this problem area have limited value, while at the same time, ML is ideally suited for many tasks in that area. For instance, (semi-)supervised learning is the appropriate theoretical setting for many instances in which one must generalize from threat intelligence to the detection of threats in data obtained from the real world. Several challenges must be met to make ML effective in practice: data features appropriate to the task must be found, data for training and validation must be collected, and the cost of false positives must be considered. Contextual data sometimes plays an important role. We highlight several results from the literature to support the points, and describe examples from our own experience.

Bio: David McGrew is a Fellow in the Security and Trust Organization at Cisco Systems, where he works to improve security through applied research, standards, and product engineering. David’s current interests include the detection of threats using network technologies and the development of more secure cryptographic systems. He also acts as an advisor in the areas of technology, business, and intellectual property.

David was instrumental in the development of several cryptographic algorithms and protocols, including industry standards such as the Galois/Counter Mode of operation for efficient and scalable authenticated encryption, and Secure RTP for encrypted voice and video. He has contributed to many research results, and to 50 U.S. patents. He was a founder and co-chair of the IRTF Crypto Forum Research Group, and was active in the IETF. Previously, David formed and managed Cisco’s Advanced Cryptography Development Group, which developed the technologies used in Cisco’s Dynamic Multipoint VPN and Group Encrypted Transport VPN products. He was a Cryptographic Scientist at Trusted Information Systems before joining Cisco in 1998. David holds a Ph.D. in Physics and lives in the Washington, D.C. area. Some of David’s technical publications are online at

(9:45–10:45) Session 1: Machine learning for network traffic/flow prediction

Session chair: Yung Yi, KAIST

Online Flow Size Prediction for Improved Network Routing

Pascal Poupart (University of Waterloo), Zhitang Chen (Huawei Technologies), Priyank Jaini (University of Waterloo), Yanhui Geng (Huawei Technologies), Li Chen, Kai Chen, and Hao Jin (HKUST)

Machine Learning in Software Defined Networks: Data Collection and Traffic Classification

Pedro Amaral (Instituto de Telecomunicações; Universidade Nova de Lisboa), João Dinis (Universidade Nova de Lisboa), Paulo Pinto, Luis Bernardo (Instituto de Telecomunicaçõ; Universidade Nova de Lisboa), João Tavares (Reditus Network Innovation, Portugal), and Henrique S. Mamede (Universidade Aberta; INESC TEC)

Predicting Future Traffic using Hidden Markov Models

Zhitang Chen (Huawei Technologies), Jiayao Wen (The University of Hong Kong), and Yanhui Geng (Huawei Technologies)

(10:45–11:00) Break

(11:00–11:30) Industry Talk: Network Mind: Huawei’s next-generation AI-based network control platform

Speaker: George Trimponias (Huawei)

Abstract: Software-defined networking (SDN) has emerged as the preferred networking approach for large datacenters. Despite its benefits, the rapidly changing traffic patterns and the dynamic nature of the network pose significant challenges to the decision-making process. To address this, George Trimponias will present in this talk the cutting-edge research from the Network Mind project in Huawei Noah’s Ark Lab in devising the new generation of data-driven SDN. The Network Mind architecture consists of components that employ online machine learning techniques to predict the traffic or infer the network state. These results are then used by a network policy module, which devises an optimal routing policy based on a reinforcement learning framework. The idea is to learn from the historical data the policies that maximize a desired objective, e.g., the flow completion time. Extensive experiments with a real SDN testbed demonstrate the effectiveness and feasibility of the self-learning SDN paradigm.

Bio: George Trimponias received his PhD from the Department of Computer Science and Engineering at the Hong Kong University of Science and Technology, under the supervision of Prof. Qiang Yang. Prior to that he obtained a five-year diploma in Electrical and Computer Engineering from the National Technical University of Athens, Greece, and worked as a research associate at the Institute of Applied Informatics and Formal Description Methods at KIT, Germany. He is currently a Researcher at Huawei Noah’s Ark Lab in Hong Kong. His research interests include network theory, game theory, machine learning theory, and combinatorial optimization.

(11:30–12:30) Session 2: Machine learning for anomaly detection

Session chair: Zhitang Chen, Huawei

Enhanced Telemetry for Encrypted Threat Analytics

David McGrew and Blake Anderson (Cisco)

MS-LSTM: A Multi-scale LSTM Model for BGP Anomaly Detection

Min Cheng, Qian Xu (City University of Hong Kong), Jianming Lv (South China University of Technology), Wenying Liu (Guangdong University of Technology), Qing Li, and Jianping Wang (City University of Hong Kong)

Estimating the Rumor Source with Anti-Rumor in Social Networks

Jaeyoung Choi, Sangwoo Moon, Jinwoo Shin, and Yung Yi (KAIST)