Author Biographies xiiiPreface xvAcknowledgments xviiAcronyms xix1 Introduction 11.1 Introduction 11.2 Organization of the Book 31.3 Conclusion 6References 62 When Network and Security Management Meets AI and Machine Learning 92.1 Introduction 92.2 Architecture of Machine Learning-Empowered Network and Security Management 102.3 Supervised Learning 122.3.1 Classification 122.3.2 Regression 152.4 Semisupervised and Unsupervised Learning 152.4.1 Clustering 172.4.2 Dimension Reduction 172.4.3 Semisupervised Learning 182.5 Reinforcement Learning 182.5.1 Policy-Based 212.5.2 Value-Based 222.6 Industry Products on Network and Security Management 242.6.1 Network Management 242.6.1.1 Cisco DNA Center 242.6.1.2 Sophie 252.6.1.3 Juniper EX4400 Switch 252.6.1.4 Juniper SRX Series Services Gateway 252.6.1.5 H3C SeerAnalyzer 262.6.2 Security Management 272.6.2.1 SIEM, IBM QRadar Advisor with Watson 272.6.2.2 FortiSandbox 272.6.2.3 FortiSIEM 282.6.2.4 FortiEDR 282.6.2.5 FortiClient 292.6.2.6 H3C SecCenter CSAP 292.7 Standards on Network and Security Management 292.7.1 Network Management 292.7.1.1 Cognitive Network Management 302.7.1.2 End-to-End 5G and Beyond 302.7.1.3 Software-Defined Radio Access Network 322.7.1.4 Architectural Framework for ML in Future Networks 322.7.2 Security Management 332.7.2.1 Securing AI 332.8 Projects on Network and Security Management 342.8.1 Poseidon 342.8.2 NetworkML 352.8.3 Credential-Digger 362.8.4 Adversarial Robustness Toolbox 372.9 Proof-of-Concepts on Network and Security Management 382.9.1 Classification 382.9.1.1 Phishing URL Classification 382.9.1.2 Intrusion Detection 392.9.2 Active Learning 392.9.3 Concept Drift Detection 402.10 Conclusion 41References 423 Learning Network Intents for Autonomous Network Management 493.1 Introduction 493.2 Motivation 523.3 The Hierarchical Representation and Learning Framework for Intention Symbols Inference 533.3.1 Symbolic Semantic Learning (SSL) 533.3.1.1 Connectivity Intention 553.3.1.2 Deadlock Free Intention 563.3.1.3 Performance Intention 573.3.1.4 Discussion 573.3.2 Symbolic Structure Inferring (SSI) 573.4 Experiments 593.4.1 Datasets 593.4.2 Experiments on Symbolic Semantic Learning 603.4.3 Experiments on Symbolic Structure Inferring 623.4.4 Experiments on Symbolic Structure Transferring 643.5 Conclusion 66References 664 Virtual Network Embedding via Hierarchical Reinforcement Learning 694.1 Introduction 694.2 Motivation 704.3 Preliminaries and Notations 724.3.1 Virtual Network Embedding 724.3.1.1 Substrate Network and Virtual Network 724.3.1.2 The VNE Problem 724.3.1.3 Evaluation Metrics 734.3.2 Reinforcement Learning 744.3.3 Hierarchical Reinforcement Learning 754.4 The Framework of VNE-HRL 754.4.1 Overview 754.4.2 The High-level Agent 774.4.2.1 State Encoder for HEA 774.4.2.2 Estimated Long-term Cumulative Reward 784.4.2.3 Short-term High-level Reward 784.4.3 The Low-level Agent 784.4.3.1 State Encoder for LEA 794.4.3.2 Estimated Long-term Cumulative Reward 794.4.3.3 Short-term Low-level Reward 804.4.4 The Training Method 804.5 Case Study 804.5.1 Experiment Setup 804.5.2 Comparison Methods 814.5.3 Evaluation Results 814.5.3.1 Performance Over Time 814.5.3.2 Performance of Various VNRs with Diverse Resource Requirements 824.6 Related Work 844.6.1 Traditional Methods 844.6.2 ML-based Algorithms 844.7 Conclusion 85References 855 Concept Drift Detection for Network Traffic Classification 915.1 Related Concepts of Machine Learning in Data Stream Processing 915.1.1 Assumptions and Limitations 915.1.1.1 Availability of Learning Examples 915.1.1.2 Availability of the Model 925.1.1.3 Concept to be Learned 925.1.2 Concept Drift and Its Solution 925.2 Using an Active Approach to Solve Concept Drift in the Intrusion Detection Field 945.2.1 Application Background 945.2.2 System Workflow 955.3 Concept Drift Detector Based on CVAE 965.3.1 CVAE-based Drift Indicator 965.3.2 Drift Analyzer 975.3.3 The Performance of CVAE-based Concept Drift Detector 985.3.3.1 Comparison Drift Detectors 995.3.3.2 Experiment Settings 995.4 Deployment and Experiment in Real Networks 1015.4.1 Data Collection and Feature Extraction 1015.4.2 Data Analysis and Parameter Setting 1035.4.3 Result Analysis 1035.5 Future Research Challenges and Open Issues 1055.5.1 Adaptive Threshold m 1055.5.2 Computational Cost of Drift Detectors 1055.5.3 Active Learning 1055.6 Conclusion 105References 1066 Online Encrypted Traffic Classification Based on Lightweight Neural Networks 1096.1 Introduction 1096.2 Motivation 1096.3 Preliminaries 1106.3.1 Problem Definition 1106.3.2 Packet Interaction 1116.4 The Proposed Lightweight Model 1116.4.1 Preprocessing 1126.4.2 Feature Extraction 1126.4.2.1 Embedding 1126.4.2.2 Attention Encoder 1136.4.2.3 Fully Connected Layer 1156.5 Case Study 1156.5.1 Evaluation Metrics 1156.5.2 Baselines 1166.5.3 Datasets 1176.5.4 Evaluation on Datasets 1186.5.4.1 Evaluation on Dataset A 1186.5.4.2 Evaluation on Dataset B 1206.6 Related Work 1216.6.1 Encrypted Traffic Classification 1226.6.2 Packet-Based Methods 1226.6.3 Flow-Based Methods 1226.6.3.1 Traditional Machine Learning-Based Methods 1236.6.3.2 Deep Learning-Based Methods 1246.7 Conclusion 124References 1257 Context-Aware Learning for Robust Anomaly Detection 1297.1 Introduction 1297.2 Pronouns 1337.3 The Proposed Method - AllRobust 1357.3.1 Problem Statement 1357.3.2 Log Parsing 1357.3.3 Log Vectorization 1387.3.4 Anomaly Detection 1427.3.4.1 Implementation of SSL 1437.4 Experiments 1457.4.1 Datasets 1457.4.1.1 HDFS Dataset 1457.4.1.2 BGL Dataset 1467.4.1.3 Thunderbird Dataset 1467.4.2 Model Evaluation Indicators 1477.4.3 Supervised Deep Learning-based Log Anomaly Detection on Imbalanced Log Data 1487.4.3.1 Data Preprocessing 1487.4.3.2 Hyperparameters and Environmental Settings 1497.4.3.3 Training on Multiclass Imbalanced Log Data 1497.4.3.4 Training on Binary Imbalanced Log Data 1507.4.4 Semisupervised Deep Learning-based Log Anomaly Detection on Imbalanced Log Data 1527.4.4.1 The Methods of Enhancing Log Data 1527.4.4.2 Anomaly Detection with a Single Log 1537.4.4.3 Anomaly Detection with a Log-based Sequence 1567.5 Discussion 1577.6 Conclusion 158References 1598 Anomaly Classification with Unknown, Imbalanced and Few Labeled Log Data 1658.1 Introduction 1658.2 Examples 1678.2.1 The Feature Extraction of Log Analysis 1678.2.1.1 Statistical Feature Extraction 1688.2.1.2 Semantic Feature Extraction 1708.2.2 Few-Shot Problem 1708.3 Methodology 1728.3.1 Data Preprocessing 1728.3.1.1 Log Parsing 1728.3.1.2 Log Enhancement 1738.3.1.3 Log Vectorization 1748.3.2 The Architecture of OpenLog 1748.3.2.1 Encoder Module 1748.3.2.2 Prototypical Module 1778.3.2.3 Relation Module 1788.3.3 Training Procedure 1798.3.4 Objective Function 1808.4 Experimental Results and Analysis 1808.4.1 Experimental Design 1818.4.1.1 Baseline 1818.4.1.2 Evaluation Metrics 1818.4.2 Datasets 1838.4.2.1 Data Processing 1848.4.3 Experiments on the Unknown Class Data 1858.4.4 Experiments on the Imbalanced Data 1888.4.5 Experiments on the Few-shot Data 1888.5 Discussion 1908.6 Conclusion 191References 1929 Zero Trust Networks 1999.1 Introduction to Zero-Trust Networks 1999.1.1 Background 1999.1.2 Zero-Trust Networks 2009.2 Zero-Trust Network Solutions 2019.2.1 Zero-Trust Networks Based on Access Proxy 2019.2.2 Zero Trust Networks Based on SDP 2039.2.3 Zero-Trust Networks Based on Micro-Segmentation 2049.3 Machine Learning Powered Zero Trust Networks 2069.3.1 Information Fusion 2089.3.2 Decision Making 2109.4 Conclusion 212References 21210 Intelligent Network Management and Operation Systems 21510.1 Introduction 21510.2 Traditional Operation and Maintenance Systems 21510.2.1 Development of Operation and Maintenance Systems 21510.2.1.1 Manual Operation and Maintenance 21610.2.1.2 Tool-Based Operation and Maintenance 21610.2.1.3 Platform Operation and Maintenance 21710.2.1.4 DevOps 21710.2.1.5 AIOps 21810.2.2 Open-Source Operation and Maintenance Systems 21810.2.2.1 Nagios 21910.2.2.2 Zabbix 22110.2.2.3 Prometheus 22310.2.3 Summary 22410.3 Security Operation and Maintenance 22510.3.1 Introduction 22510.3.2 Open-Source Security Tools 22610.3.2.1 Access Control 22610.3.2.2 Security Audit and Intrusion Detection 22710.3.2.3 Penetration Testing 22710.3.2.4 Vulnerability Scanning 23110.3.2.5 CI/CD Security 23410.3.2.6 Deception 23410.3.2.7 Data Security 23410.3.3 Summary 23710.4 AIOps 23810.4.1 Introduction 23810.4.2 Open-Source AIOps and Algorithms 23910.4.2.1 Research Progress of Anomaly Detection 23910.4.2.2 Metis 24210.4.2.3 UAVStack 24410.4.2.4 Skyline 24410.4.3 Summary 24710.5 Machine Learning-Based Network Security Monitoring and Management Systems 24810.5.1 Architecture 24810.5.2 Physical Facility Layer 24810.5.3 Virtual Resource Layer 24910.5.4 Orchestrate Layer 25010.5.5 Policy Layer 25010.5.6 Semantic Description Layer 25110.5.7 Application Layer 25110.5.8 Center for Intelligent Analytics of Big Data 25110.5.9 Programmable Measurement and Auditing 25210.5.10 Overall Process 25210.5.11 Summary 25310.6 Conclusion 253References 25411 Conclusions, and Research Challenges and Open Issues 25711.1 Conclusions 25711.2 Research Challenges and Open Issues 25811.2.1 Autonomous Networks 25811.2.2 Reinforcement Learning Powered Solutions 25911.2.3 Traffic Classification 25911.2.4 Anomaly Detection 26011.2.5 Zero-Trust Networks 261References 262Index 263

Yulei Wu, is a Senior Lecturer with the Department of Computer Science, Faculty of Environment, Science and Economy, University of Exeter, UK. His research focuses on networking, Internet of Things, edge intelligence, information security, and ethical AI. He serves as an Associate Editor for IEEE Transactions on Network and Service Management, and IEEE Transactions on Network Science and Engineering, as well as an Editorial Board Member of Computer Networks, Future Generation Computer Systems, and Nature Scientific Reports at Nature Portfolio. He is a Senior Member of the IEEE and the ACM, and a Fellow of the HEA (Higher Education Academy).Jingguo Ge, is currently a Professor of the Institute of Information Engineering, Chinese Academy of Sciences (CAS), and also a Professor of School of Cyber Security, University of Chinese Academy of Sciences. His research focuses on Future Network Architecture, 5G/6G, Software-defined networking (SDN), Cloud Native networking, Zero Trust Architecture. He has published more than 60 research papers and is the holder of 28 patents. He participated in the formulation of 3 ITU standards on IMT2020.Tong Li, is currently a Senior Engineer of Institute of Information Engineering at the Chinese Academy of Sciences (CAS). His research and engineering focus on Computer Networks, Cloud Computing, Software-Defined Networking (SDN), and Distributed Network and Security Management. He participated 2 ITU standards on IMT2020 and developed many large-scale software systems on SDN, network management and orchestration.