Neural Networks

From GEANT2-JRA1 Wiki

[edit]

Possibilities of the neural networks using

This page serves for my thoughts about the using of neural networks (shotly NN) during JRAx projects. For brief overview about NN, please, see e. g. [1] or [2]. Why should NNs be used in JRAx? There are many network parameters and activities, whose required monitoring. This text is closely related to the {text about "Key_Performance_Indicators"} , maybe some parts belong to JRA2). It is beyond human ability to control all network events on the fly and it is very difficult to exactly define conditions whose should be solved manualy.

NNs have many advantages:

  • NNs can learn from previous situations without need to explicitly define "what was wrong or special".
  • NNs can serve as filters (layers above parameters and activies) between many network events and user or administrator. When something strange happens, NN can ring alarm.
  • Every group / user / application differs in their needs. NNs can be tuned invidually.
  • NNs can be used as KPIs for "normal users", whose don't care about exact paramaters or activies at the network, but they cares about "Have I enough network resources for videoconference, or should I schedule it for later time ?"
  • Almost all network activities and demands repeat every day (week, moth, year). NN can predict this behavior. So, thay can serve for the estimation of future values of MPs.
  • NNs can be relatively easily configured for detection of network worms (also new ones). See the abstract of the article at the bottom.

Unfortunately, NNs have some potential drawbacks:

  • Invidually tuned NNs require experts for preparing them for users.
  • It is impractical to have NNs with very large number of inputs. Only the most important ones should be chosen(because learning time of NN grows significantly with the number of inputs) but it also reduce the sensitivity of NNs.
  • Every NN has some error in the classification (or prediction). Therefore a new generation of worms can prosper from this fact.
  • Inputs for NN should are MPs and MAs after the transformation in the appropriciate way.

Network traffic classification with back propagation network.

Abstract

Data was from IDS (Intrusion Detection System) Snort, it's system sniffing all packets on network and trying to compare with his huge database of possible problems or weird activities. When it finds some problem, it put packet and his signature do the database (MySQL, PostgreSQL, ...). Snort has also web interface named ACID (Analysis Console for Intrusion Databases). It uses adodb library for database abstraction and displays database data in quite well arranged way.

Problem is that snort produce by default huge amount of events and human operator doesn't like to going throw millions of events to find 1 or 2, which really interest him. So I decided to add neural network as second level of classification. First level must compare packets and signatures exactly, because very small difference from signature can ensure packet as correct.


--Ivan 14:27, 27 Jun 2005 (CEST)


Introduction to neural networks from Imperial College, London

Retrieved from "http://wiki.perfsonar.net/jra1-wiki/index.php/Neural_Networks"
Personal tools