Finally, got something which can be explored further. With big data coming around in the field of genetics and also, neuroscience, and lot of information network theory existing in these field, we have to explore how the computer networks can be applied for statistical information processing, because, without network, there will not be possibility of securing and transmission of data.
Machine learning, on the other hand, “is just math,” he says, and math requires models.
This is why machine learning is good at vision-based problems such as image processing or handwriting recognition. Vision can be studied in nature; there’s an entire body of theory that can be applied to make a machine behave like an eye.
“We’re trying to figure out if there’s some general way to think of a network,” Meyer says. “If such a thing doesn’t exist, then it’s possible that every network is a kind of one-off.”
That would be bad, because it would mean each network has to be “learned” separately. It wouldn’t play into one of the strengths of machine learning—namely, the ability to “take that trained neural network and add your own things to it, custom things,” Meyer says. “The data set and the way you interpret them have to be somewhere similar for you to be able to do that.”
Lack of a theoretical model is only one obstacle that machine learning faces in networking. The other is people. Machine learning and networking are different skills, and the pipeline of people well versed in both is thin.
“Either we [the networking people] are going to have to somehow work closely with people who know this stuff, or we’re going to have to learn it ourselves,” Meyer says. He’s banking on the latter approach.
What’s missing, he believes, is a theory of networking.
A rich body of academic work backs the networks we use today, certainly, but there is no unifying theory defining how a network, in an abstract sense, ought to behave, or how it ought to be structured. The networks that form the Internet certainly share some core principles, but they weren’t built from a central theory. They emerged through trial-and-error, “some good ideas and people telling each other how to do it,” Meyer says.
It'll absolutely have to be taught network by network since they can vary so vastly. Scada nets will behave in a very specific way that is independent of other scada networks even. You have to know what your traffic is supposed to look like. There are generalizations that can be made for typical Enterprise networks however. ExtraHop is trying this by pulling metadata from all of it's customers across the nation through a system they call Addy, and it seems to be quite effective. However sensitive networks that usually have to be air gapped will run so differently that they would need their own version of Addy to run on.