Using AI-based deep packet inspection to power AI-driven networks

Sebastian Müller portrait

By Sebastian Müller
Published on: 15.10.2024

What is AI? AI, the most popular acronym in tech circles today, stands for artificial intelligence, a technology that allows humans to draw important insights from data and apply these insights in daily life. AI involves the use of advanced statistical models and machine learning algorithms, such as supervised or reinforcement learning. These algorithms are then applied and trained on huge datasets. An AI engine, via these models and algorithms, provides machine-driven intelligence that powers various use cases that were previously impossible due to the sheer volume of data and the complex interactions between them.

Two key techniques used in AI are machine learning (ML) and deep learning (DL). In ML, the machine runs correlations to learn the relationships between a given set of variables, while DL automates the detection of meaningful variables. Examples of ML techniques are linear regression, classification, random forests and support vector machines, and examples of DL techniques are neural networks and transformer models.

We can’t discuss AI without mentioning its far more glamourous cousin, GenAI. How does GenAI differ from AI? In GenAI, a prompt-based content generation software uses AI-based predictions to generate outputs such as recommendations, analysis, network configurations, imagery and text. GenAI merges predictions and re-creation to provide answers for humans as well as machines, simplifying tasks that would have required many man-hours of researching, analysis, thinking and drafting.

Introducing AI-powered predictive capabilities for today’s networks

As one of the biggest technological breakthroughs of the century, AI is fast redefining how networks are run and managed. Networks involve terabytes of data. This data traverses the network, and creates millions of traffic logs, which form the ‘big data’ that is fed into AI engines. By analyzing the data points in these logs, an AI engine is able to add predictive capabilities into the network. These predictive capabilities are especially important in automated decision-making. Prior to AI, automation was largely based on pre-programmed rules that correspond to past events.

In network traffic management, which involves processes such as traffic routing, duplication, load balancing and caching, AI-powered predictive capabilities equip devices such as routers or load balancers with forecasts of future events. These capabilities enable networking devices to align rules and policies to the predicted state, ensuring virtually zero policy lags, while removing potential over-corrections that are typical in automation frameworks. Where network decisions are based on a wider set of traffic parameters, AI self-learns how they impact each other, ensuring no KPIs are compromised.

Another area where AI is fast transforming network management is network performance monitoring, where AI lends intelligence to devices such as IP probes, SNMP analysis tools and Netflow monitors. Here, AI engines accurately predict the behavior of packets, flows and sessions. The predictions allow network administrators to identify network incidents, even before they take place. For example, an impending congestion or an anticipated network outage can be predicted from packet movement patterns against past traffic handling capacity of a network and a network node.

    Delivering next-level network intelligence via machine learning and deep learning

    A more interesting use case for AI in networking is its use in deep packet inspection (DPI), where it greatly augments traffic detection and filtering capabilities. Let’s take our own OEM DPI engine R&S®PACE 2, and its VPP-native counterpart, R&S®vPACE. Both next-gen DPI engines feature encrypted traffic intelligence (ETI), a technique which leverages ML algorithms (e.g. k-nearest neighbors (k-NN) and decision tree learning), DL algorithms (e.g. convolutional neural networks (CNN), recurrent neural networks (RNN) and long short-term memory (LSTM) networks) and high-dimensional data analysis, alongside advanced caching. The use of ETI reinstates visibility into flows that are encrypted, obfuscated or anonymized, tackling even the most stringent protocols such as TLS 1.3, QUIC, ESNI and DoX.

    Delivering transparency without impinging on data privacy and confidentiality

    In combination with advanced behavioral, statistical and heuristic analysis, ETI is able to identify protocols, applications and service types, without having to decrypt and re-encrypt traffic in-transit. This addresses decryption concerns such as data privacy, the exposure of critical business information and added latencies. Encrypted traffic intelligence enables users to classify, for example, encrypted video traffic by the underlying protocol (TCP/DASH), application (Netflix) and service type (video streaming), using thousands of application signatures indexed in our weekly updated libraries. Furthermore, leveraging metadata extraction, our DPI engines R&S®PACE 2 and R&S®vPACE can analyze each application by attributes such as speed, latency, jitter, time-to-first-byte and packet loss.

    AI for ETI, and ETI for AI

    Interestingly, AI-powered DPI can further enhance a network’s AI-driven predictive capabilities. How is this done? DPI analytics form fine-grained and real-time feeds that enable AI engines to keep abreast of network events. This can improve AI ‘learning’ as it provides sufficient training data for AI models within a selected vertical (e.g. telco network) or an application genre (e.g. video conferencing). A key consideration in today’s AI engines is the relevancy of past data inputs. ETI-powered DPI technology addresses this as it cuts through traffic masking techniques, and digs into every traffic attribute, without actually doing so. This allows AI engines to match traffic irregularities to specific threats and correlate certain applications to network outcomes, for example, the impact of Facebook live video streaming during the Olympics, on network QoS and user experience. ipoque additionally allows custom signatures, which enables users to capture feeds that are highly relevant to their business requirements.

    In our recent publication, we discussed how ipoque’s data repositories, collected over 20 years, circumvent the need for an extensive baselining exercise using an organization’s own data, especially sensitive data. This simply means that we are sufficiently equipped with high quality training and test data, acquired via frameworks such as the mobile automation framework (MAF). It also means that our next-gen DPI software has been perfected with time-tested AI models and algorithms.

    GenAI and beyond

    Beyond various engineering and modeling complexities, and beyond rigorous monitoring and retraining, AI continues to evolve to include breakthroughs such as generative adversarial networks, natural language processing, explainable AI and advanced GenAI platforms such as ChatGPT-4, Copilot and Gemini. Whether it is to recreate network instances, or generate traffic flows that mimic real world networks, each of these breakthroughs need granular, accurate inputs to ensure the quality of their outputs – be it understanding a text prompt, estimating additional bandwidth that is required during a sporting event, or providing a comprehensive cyber-attack mitigation plan.

    At ipoque, we are on the frontlines of AI, where we continuously research and update our traffic detection models, algorithms and processes to deliver real-time traffic visibility for any network function, enabling organizations of any size or in any industry to navigate the wonders and the possibilities, brought by AI.

    Learn how ETI drives transparency for large telecommunication networks in our latest Rohde & Schwarz News magazine.

    Sebastian Müller portrait

    Sebastian Müller

    Contact me on LinkedIn

    Sebastian is a passionate DPI thought leader guiding a cross-functional team to build the networks of the future with leading traffic analytics capabilities. He has over ten years of dedicated experience in the telecom and cybersecurity domain, providing him with deep understanding of market requirements and customer needs. When he’s not at work, you can either find him on his road bike or hiking in the mountains.

    Email: Seb.Mueller@rohde-schwarz.com
    ipoque blog - discover the latest news and trends in IP network analytics

    Sign up for the ipoque newsletter

    Stay informed about the latest advances and trends in
    deep packet inspection and network traffic visibility