Abstract
Network Traffic Monitoring and Analysis (NTMA) applications strongly rely on the guidance and knowledge provided by a human network operator, limiting their ability for self-management. Critical NTMA applications such as the detection of network attacks, service anomalies and in general on-line monitoring tasks require fast mechanisms for on-line analysis of thousands of events per second, as well as efficient techniques for off-line analysis of massive historical data. The high-dimensionality of network data provided by current network monitoring systems opens the door to the massive application of machine learning approaches to improve the analysis of network measurements, but these higher dimensionality and data volume come with an extra data processing overhead. In this talk I will present and discuss multiple different approaches for enhanced network traffic monitoring and analysis based on the systematic application of different machine learning paradigms and techniques, from supervised to unsupervised models, from stream to batch processing approaches, from shallow to deep learning architectures, and from simple to ensemble learning techniques. I will focus on the development of machine-learning-based approaches for cyber security and 0-day attacks detection, capable of functioning with a limited guidance or previous knowledge. Finally, I will present and discuss Big-DAMA, a flexible big data analytics platform for network monitoring and analysis, capable to analyze and store big amounts of both structured and unstructured heterogeneous data sources, with both stream and batch processing capabilities.