Relationship Between Artificial Intelligence and Machine Learning in Network Monitoring

that

Artificial Intelligence and Machine Learning can have a close relationship. AI is a discipline that focuses on developing systems that can perform tasks that require human intelligence, where Machine Learning is one of the main branches of AI that deals with the development of algorithms and statistical models to analyze network data in real-time, identify patterns and behaviors and take appropriate actions, thereby strengthening the detection of security threats in the network through network traffic data analysis, ML algorithms can learn from normal traffic patterns and identify suspicious behavior in analyzing traffic data, ML algorithms can learn normal traffic patterns from users, devices, or applications. The anomaly detection method uses a different approach by training the model to recognize the usual patterns in the data and identifying data that differs from those patterns as anomalies. The purpose of this research is to improve security threat detection, analyze network performance efficiently, identify unusual behavior patterns and improve the effectiveness and efficiency of network monitoring with the results obtained are increased detection of security threats, more accurate identification of anomalies, recognition of new attack patterns, real-time network performance monitoring and reduction in the number of false positives.

361
(Palo Alto : "Monitoring network traffic and user activity is a critical step in ensuring effective network security. By monitoring traffic, you can detect unusual threats, analyze attack patterns, and take the necessary actions to protect your network." By monitoring network traffic and user activity, organizations can verify their compliance with these rules and take the necessary actions to protect personal data or sensitive information. In order to ensure optimal network security and performance, network monitoring is a must. According to (Imperva, 2020): "Network monitoring is a vital element in a modern security strategy. In an ever-evolving and complex world, it is not enough to have strong security controls. Network monitoring allows you to see what is happening on your network in real-time, identify threats that other security controls may have missed, and take swift action to protect your network." With real-time information about network traffic, user activity, and security threats, organizations can respond quickly, prevent losses, and maintain reliable system performance.
Artificial Intelligence (AI) and Machine Learning (ML) are two interrelated concepts in the field of computer and data science. AI refers to the intelligence exhibited by machines or computer systems. It involves the development of algorithms and techniques that allow machines to mimic or replicate human abilities to understand, learn, think, and make decisions. AI covers a wide range of technologies such as natural language processing, facial recognition, computer vision, robotics, and more. According to (Andrew Ng, 2020) an AI expert and founder of Coursera: "AI is a field of computer science that focuses on creating systems that can perform tasks that require human intelligence. Machine Learning is one approach in AI that allows systems to learn from data and experience to improve their performance." Machine Learning (ML) is a subfield of AI that focuses on developing systems that can learn and improve their performance independently from data without having to be explicitly programmed. ML uses algorithms and statistical models to analyze data, recognize patterns, and make predictions or decisions based on previous experience. ML allows machines to "learn" from existing data and adapt to new situations without constant human intervention. According to (Fei-Fei Li, 2020) professor at Stanford University: "AI and ML complement each other. ML is a powerful tool in the field of AI that allows systems to learn from data without having to be explicitly programmed. With ML, systems can recognize patterns, make predictions, and make decisions based on previous experience." In the context of AI, ML is an important tool used to achieve the goal of machine intelligence. ML allows systems to recognize patterns, make predictions, and make decisions based on observed data. As such, ML is one of the approaches used in the development of AI systems that are capable of learning and adapting. It is important to note that AI and ML are not separate entities, but ML is a branch of AI that allows machines to learn independently. ML is becoming a powerful tool in the development of AI systems that can learn and improve their performance over time. According to (Tom M. Mitchell, 2020) a professor at Carnegie Mellon University: "AI encompasses a variety of approaches, and one of them is Machine Learning. ML is a branch of AI that focuses on developing algorithms and techniques that allow machines to learn from data and improve their performance over time." From the three experts who provide opinions that between Artificial Intelligence (AI) and Machine Learning (ML) have systems that are able to provide development in the fields of computer and data science.
Artificial Intelligence (AI) and Machine Learning (ML) have significant relevance in network monitoring. There are several ways in which Artificial Intelligence (AI) and Machine Learning (ML) can be used in the context of network monitoring, such as Anomaly Detection in Machine Learning (ML) can be used to build models that can learn normal patterns of healthy network traffic. Then, the model can be used to detect anomalies or unusual behavior in network traffic, such as DDoS attacks or suspicious activity. According to (Tom M. Mitchell, 2021) a professor at Carnegie Mellon University: "Anomaly detection is one of the important applications of Machine Learning. By studying common patterns in normal data, ML can detect discrepancies or rare events in the data, providing an indication of anomalies that may require more attention." By utilizing Machine Learning (ML) capabilities, monitoring systems can automatically identify potential threats and alert network administrators. Then with performance prediction using Machine Learning (ML) techniques, the network monitoring system can learn network performance patterns from historical data. Thus, the system can make predictions about future network performance, identify trends or patterns that might lead to network quality degradation, and take proactive measures to prevent or address problems. Network Optimization on Artificial Intelligence (AI) can be used to optimize the use of network resources. According to (Raj Jain, 2019) a professor at Washington University: "AI can be used to optimize network resource usage by analyzing traffic data in real-time. By studying network usage patterns and predicting future needs, AI can provide recommendations to allocate resources efficiently and reduce unnecessary overhead." By monitoring and analyzing network traffic data in real-time, AI systems can identify inefficient usage patterns or applications that require additional resource allocation. Based on the analysis, the system can provide recommendations to optimize network resource allocation and improve overall performance. Automation and Self-Recovery using Artificial Intelligence (AI) can be used to build an intelligent and autonomous network monitoring system. According to (Bernard Marr, 2020) a technology expert and author: "AI enables the development of intelligent and autonomous network monitoring systems. Using techniques such as machine learning and natural language processing, these systems can automatically analyze network data, identify problems or threats, and take appropriate recovery actions with little or no human intervention." In the case of a network attack or failure, Artificial Intelligence (AI) systems can automatically take recovery actions, isolate the attack, or divert traffic to alternative paths. Using Machine Learning (ML) capabilities, it can learn from previous experiences and continuously improve its response to similar situations in the future. The use of Artificial Intelligence (AI) and Machine Learning (ML) in network monitoring provides significant advantages in detecting threats, optimizing performance, and improving network responsiveness. These technologies help network administrators to face complex challenges more effectively and ensure optimal security and performance in the network environment.

LITERATURE REVIEW
As a basis for research development, here the researcher who is used as a literature review in this study is research on the Relationship Between Artificial Intelligent and Machine Learning in Network Monitoring, namely: a. Zhang, H., Li, Q., & Li, Z. (2018)

METHODOLOGY
With anomaly detection methods using a different approach by training models to recognize the usual patterns in the data and identifying data that differs from these patterns as anomalies, with data collection techniques with anomaly detection methods involving retrieving data from various sources to understand normal patterns in the network. According to (Charu Aggarwal, 2019) a researcher at IBM T. J. Watson Research Center: "Machine Learning-based anomaly detection methods allow us to recognize familiar patterns in data and identify data that differs from those patterns as anomalies. Collecting data from multiple sources allows us to study the variations in the data and build models that can distinguish between normal and anomalous behavior." The data is then used to compare with the data being observed in order to detect unusual or anomalous behavior. With this method, the system can identify potential threats, network failures, or significant changes in network traffic. Data collection techniques with anomaly detection methods can be done with the Log and Event Data approach: Log and event data generated by network devices, operating systems, or applications can also be used as a data source for anomaly detection. Information such as login activity, unusual requests, or configuration changes can provide clues to anomalies in the network, according to (Xabier Ugarte-Pedrero, 2020), an information security expert: "Log and event data is a rich source of data for anomaly detection. In the detection of attacks or suspicious activity, log data analysis can help reveal previously undetected attack patterns and trigger rapid response actions." and Intrusion Detection System (IDS): can be used as a data source for anomaly detection. IDS will analyze network traffic and identify suspicious attack patterns. The data collected by IDS can assist in the detection of anomalies associated with attacks or suspicious activity on the network. According to (Albert Whale, 2020) a security expert and book author: "IDS has the ability to analyze network traffic in real-time and identify suspicious attack patterns. By applying anomaly detection techniques, IDS can compare the observed network traffic with previously studied normal patterns, so as to detect unusual or suspicious activity in the network." The anomaly detection method is an approach used to identify unusual or suspicious data in a system. Analysis with the anomaly detection method involves the following steps: 1. Data Collection: First of all, data from various sources is collected, such as network traffic, activity logs, or other parameters. This data reflects the normal behavior of the system or entity being observed. 2. Normal Pattern Modeling: Once the data is collected, the next step is to model the normal pattern of the data. This is done using various techniques, including statistical methods, machine learning, or other approaches. The goal is to learn the common patterns and normal behavior of the data. 3. Model Training: Once the normal patterns have been modeled, the model or algorithm is applied to the training data. The model is given data that reflects normal behavior as input, so that the model can learn and understand common patterns.

Anomaly
Detection: Once the model is trained, the next step is to apply the model to the observed or unknown data to detect anomalies. The model will compare the observed data with the previously learned normal pattern. If the observed data shows significant differences from the normal pattern, it will be considered an anomaly or suspicious behavior. 5. Response Action: Once an anomaly is detected, the next step is to take appropriate response actions. These actions may include alerting the user, terminating access, blocking the source of the anomaly, or other steps in accordance with established policies or procedures. 6. Model Evaluation and Update: It is important to regularly evaluate and update the anomaly detection model. The network environment and system behavior may change over time, so the model must be updated to ensure optimal effectiveness and accuracy. Through anomaly detection methods, analysis is performed by comparing observed data with normal patterns that have been studied. This method makes it possible to identify unusual or suspicious behavior in a system, including in the context of network monitoring. By applying techniques such as statistics or machine learning, the system can learn normal patterns from network data and detect anomalies that require response actions.

RESULTS
In network monitoring, Artificial Intelligence (AI) and Machine Learning (ML) are intertwined and complement each other in various ways. AI refers to the ability of computers to perform tasks that require human-like understanding, problem-solving, and decision-making. ML, on the other hand, is a subset of AI that focuses on developing algorithms that allow systems to learn from data without explicit programming. In the context of network monitoring, AI and ML are used to improve understanding of complex and fluctuating network data.
Here are some examples of the relationship between AI and ML in network monitoring: 1. Anomaly Identification: ML is used to learn the patterns and normal behavior of network data. Once the ML model is trained, it can identify anomalies or unusual behavior in the network data. AI is used to analyze and understand those anomalies, providing deeper insights into the source of the problem or potential attack. 2. Performance Prediction: Using ML, the system can learn historical patterns from network data and predict future network performance. AI is used to analyze the predicted data and provide appropriate recommendations or actions to optimize network performance. 3. Attack Detection: ML can be used to identify unusual attack patterns or security threats in network data. AI can be used to analyze and understand such attacks more holistically, helping in effective response and mitigation to attacks.
4. Automation and Customization: AI and ML are used to automate tasks in network monitoring. For example, ML can be used to identify peak network traffic patterns that occur periodically, while AI can be used to dynamically optimize network resource allocation based on such patterns. In practice, AI and ML often work together in network monitoring systems to provide a better understanding of network data, detect anomalies, optimize performance, and improve overall network security. As a research material that covers AI and ML's ability to detect security threats, analyze network performance, and identify suspicious behavior patterns, using ExtraHop as an application in network monitoring and has an interrelated and complementary role. ExtraHop is an AI-based network monitoring platform that uses ML for real-time data analysis. It can detect anomalies, identify performance issues, and provide a deep understanding of network traffic. Menuerut (Gartner, 2019) included ExtraHop in the "Visionary" category in the Magic Quadrant for network monitoring in 2019. They recognized the ExtraHop Platform's excellence in real-time analytics, end-to-end monitoring, and ability to detect and respond to rapid changes in the network environment. AI refers to the ability of computer systems to mimic human intelligence in specific tasks. Meanwhile, ML is a subfield of AI that focuses on developing algorithms that allow systems to learn from data and make decisions or perform tasks without the need for explicit programming. In network monitoring, ExtraHop uses a combination of AI and ML to collect and analyze network data in real-time. AI is used to gain a deeper understanding of complex and unstructured network data. AI can help identify patterns, trends, anomalies, and network issues that may be difficult to detect manually. ML is used to study patterns and normal behavior of fluctuating network data. By utilizing ML algorithms, ExtraHop can build predictive models that can identify unusual network anomalies or attacks. Over time, the ExtraHop system can continue to learn and adapt to changes in the network environment, thereby improving detection and response capabilities to newly emerging threats. ExtraHop works together to provide smarter and more proactive network monitoring. AI assists in understanding complex network data, while ML enables the system to learn and adapt to changes in the network environment. With this combination, ExtraHop can provide better insights, detect threats faster, and improve overall network security and performance. Onthe ExtraHop dashboard we can see that in detecting security threats, analyzing network performance, and identifying suspicious behavior patterns we can monitor through the time interval that has been set in determining Detections, Assets, Records and Packets.

Figure 1. ExtraHop Main View
ExtraHop works in detecting security threats, analyzing network performance, and identifying suspicious behavior patterns by combining Artificial Intelligence (AI) and Machine Learning (ML) in the Platform. The following is an explanation of how ExtraHop works in the area: Security Threat Detection a. ExtraHop real-time analyzes network traffic and uses Machine Learning to learn normal patterns of legitimate network activity. b. Through this learning, ExtraHop can detect suspicious anomalies or unusual activity in network traffic. c. The platform can identify attacks such as malware, ransomware, DDoS attacks, and data theft attempts. d. ExtraHop also provides SSL/TLS monitoring and analysis to detect security threats hidden in encrypted traffic. Network Performance Analysis a. ExtraHop continuously monitors network traffic and analyzes performance metrics, such as latency, bandwidth, and throughput. a. Using AI and ML technology, the platform can understand normal traffic patterns and predict expected performance levels. b. If there is a significant change or degradation in performance, ExtraHop will identify and alert network administrators. c. In addition, ExtraHop can provide deep insights into applications, users, and devices in the network, assisting in troubleshooting and performance optimization.
Identification of Suspicious Behavior Patterns a. ExtraHop uses behavior analysis techniques to identify suspicious behavior patterns in network traffic. b. By thoroughly analyzing traffic patterns, ExtraHop can recognize inappropriate activity, such as unauthorized access attempts, unauthorized configuration changes, or suspicious activity from specific devices or users. With AI and ML capabilities, ExtraHop can continuously update its understanding of normal behavior patterns and identify suspicious changes automatically.

DISCUSSION
The ExtraHop system applies Machine Learning techniques and rule-based monitoring on cable data to identify unusual behavior and potential risks to network security and performance. Users should be granted privileges to view detections, see identified anomalous behavior, ExtraHop system generated detections and display data and available options. Controls on the Detections page help categorize, filter, and sort the display of detections, allowing for quick triage of network issues. Using detections can help protect the network in the following ways: a. Collecting high-quality, actionable data to find the root cause of problems on the network. b. Finding unknown problems with performance, security, or infrastructure. c. Identifying malicious behavior associated with different categories of attacks. d. Viewing related detections or creating own investigations to categorize detections and track potential attacks. e. Flag suspicious IP addresses, hostnames, and URLs identified by as threats.
In Each detection card identifies, it shows the cause of detection against several categories and the time of detection on the victim and perpetrator with security detection including risk score. a. the likelihood, complexity, and business impact of a security detection. This score provides a factor-based estimate of the frequency and availability of specific attack vectors against the level of skill required from potential hackers and the consequences of a successful attack. Icons are color-coded based on their severity, i.e. red (80-99), orange (31-79), or yellow (1-30). b. Participants by hostname or IP address. When categorizing detections it will show detections that break down detections by perpetrator and victim and thus allow applying filters quickly. c.
Identifies how long an unusual behavior was detected or displays an ongoing if the behavior is occurring. Detections that display perpetrator activity are displayed with two dates: the first time and the last time the detection was identified. d. Metric Da associated with a specific metric or key. If metric data is not available for detection, the anomalous protocol activity type will appear. By looking at the detection details figure we can find out how big the security risk is for an attack that accesses the network, so that we can group detections by detection type (such as a spike in an SSH session) or by detection source (hostname or IP address of the perpetrator or victim), and we can filter an attack that occurs with network attacks tending to follow a familiar pattern or phase. All security detections are assigned an attack category that corresponds to one of the phases already implemented.
We can then perform attack detection by attack or operation detection, or can select more specific categories to further refine the appearance of the Detection page. When clicking on the category filter, most of the categories listed under the all attack categories and all operations categories options are sorted by the number of detections in that category. ExtraHop provides powerful capabilities in detecting attacks and suspicious activity on the network, but most often we are concerned that in doing security detection, we must also be able to understand how it works, because it is often the case that Malware identification, ExtraHop is able to analyze behavior to identify malware activity on the network. By studying known malware behavior patterns, ExtraHop can detect and provide alerts about suspicious activities that can indicate the presence of malware on the network and even frequent detection of data theft attempts by analyzing network traffic, ExtraHop can identify data theft attempts such as unauthorized data extraction or unauthorized access attempts to systems or servers. The platform can provide alerts when suspicious activity occurs that indicates an attempt to steal data, so this is where anomaly detection theory, which involves identifying unusual patterns or abnormalities in data, comes in. In network monitoring, this theory can be applied using ML techniques to identify anomalies in network traffic that could indicate suspicious activity or security attacks. Research results can relate anomaly detection theory to the use of ML models that study normal patterns of network traffic and identify suspicious significant differences. The use of Artificial Intelligence (AI) and Machine Learning (ML) in network monitoring provides a variety of significant benefits. Here is a deeper understanding of the benefits of using AI and ML in network monitoring: 1. Detection of Security Anomalies and Attacks: AI and ML enable pattern recognition and anomaly detection that are difficult to detect manually. By studying normal patterns of network traffic, ML models can identify unusual changes or activities that could indicate an attack or security breach. This enables a rapid response to threats and protects the network from potentially damaging attacks. 2. Network Performance Monitoring: AI and ML help in network performance monitoring by analyzing traffic data in real-time. By understanding normal performance patterns and trends, ML models can predict expected performance levels and provide alerts in case of significant drops or deviations. This enables IT teams to take proactive measures in fixing issues and optimizing network performance. 3. Automated Troubleshooting and Repair: AI and ML can automate the troubleshooting process in network monitoring. ML models can identify the causes of problems, predict their impact, and provide appropriate troubleshooting recommendations. In addition, by using advanced ML algorithms, the system can perform automated repair actions, reducing the time required to respond to and fix network problems. 4. Capacity Prediction and Planning: By utilizing ML techniques, network monitoring platforms can analyze historical and current data to predict future network capacity requirements. This helps organizations to perform more effective planning, optimize resource usage, and avoid unexpected network outages. 5. Improved Efficiency and Productivity: The use of AI and ML in network monitoring can reduce reliance on time-consuming manual monitoring and allow IT professionals to focus on more strategic tasks. With automated analysis and accurate alerts, the time spent analyzing and responding to network issues can be reduced, improving the operational efficiency and productivity of IT teams. 6. Continuous Learning: With AI and ML, network monitoring systems can continuously learn and improve from new experiences and data. ML models can be automatically updated to recognize new patterns and behaviors in network traffic, enabling more accurate detection of new attacks and anomalies that arise. Overall, the use of AI and ML in network monitoring provides benefits in terms of better security threat detection, efficient performance monitoring, automatic repairs, proper capacity planning, increased efficiency, and continuous learning. This helps organizations maintain optimal reliability, security, and performance of their networks. d. Development of Efficient ML Algorithms: Efficient ML algorithms are essential in dealing with large-scale network traffic data. Further research can be done to develop faster and more efficient ML algorithms, so that they can process data in real-time and provide accurate results with fast response times. e. Paying Attention to Data Privacy and Security: In the use of AI and ML, it is important to consider the privacy and security of the data being processed. Proper security measures should be implemented to protect sensitive data and avoid misuse or breach of privacy. f. Collaboration and Information Exchange: In the face of evolving security attacks, collaboration between organizations, researchers, and industry is essential. The exchange of information on newly discovered threats and attack patterns can help in the development of better solutions and protection. With these implications and recommendations in mind, further developments in the use of AI and ML in network monitoring can lead to more effective and advanced solutions in protecting networks from security attacks and ensuring optimal performance.

FURTHER STUDY
Further studies that can serve as further references from researchers regarding the relationship between AI and ML in network monitoring. Here are some examples of additional studies that can be considered: a. Deng, J., Dong, W., Socher, R., Li, L. J., Li, K., & Fei-Fei, L. (2009). ImageNet: A large-scale hierarchical image database. In CVPR 2009 (pp. 248-255). IEEE. b. This study describes the construction of ImageNet, a large-scale image database that is the foundation for the development of Deep Learning algorithms. ImageNet has been used in many studies and inspired significant advances in the fields of image recognition and computer vision. The application of Deep Learning techniques in network monitoring can refer to the methods developed in this study. c. Hu, J., Shen, W., & Sun, G. (2018). Squeeze-and-Excitation Networks. In CVPR 2018 (pp. 7132-7141). IEEE. d. This study introduces a neural network architecture known as Squeeze-and-Excitation Networks (SENet). SENet uses an adaptive mechanism to learn the relevance of different feature channels in the network. This approach has proven to be effective in various image recognition tasks. This adaptive concept can be applied in network monitoring to highlight the most relevant information in anomaly analysis and detection. e. Liu, Y., Chen, Y., Liu, C., Han, Z., & Cao, J. (2020). AI-Driven Edge Computing for Internet of Things: A Survey. IEEE Internet of Things Journal, 7(9), 8366-8381.
f. This article provides a comprehensive review of the application of AI in edge computing for the Internet of Things (IoT). Edge computing is an approach that enables data processing and analysis to be performed in a distributed manner on the network side, near IoT devices. The application of AI in edge computing can strengthen real-time network monitoring and analysis capabilities, by optimizing network performance and detecting anomalies. g. Khan, M. K., Liu, X., & Soh, Y. C. (2019). Machine Learning for Wireless Networks with Artificial Intelligence: A Comprehensive Survey. IEEE Communications Surveys & Tutorials, 21(4), 3936-3969. This study presents a comprehensive review of the application of ML and AI in wireless networks. The article discusses various ML and AI techniques used in different aspects of wireless networks, including network monitoring, resource management, performance optimization, and security. The study presents a broad overview of how AI and ML can enhance wireless network monitoring. The above studies offer deeper insights and guidance on the application of AI and ML in network monitoring. Through this research, a more detailed understanding of the latest algorithms, architectures, and techniques used to enhance network monitoring and security capabilities can be gained.