Abstract: A computer-implemented, machine learning method for preprocessing code for performance portability includes extracting performance critical code segments from an application and obtaining input data. Ground truth data is generated based on the input data and the application. Original code of the application is transpiled using a large language model (LLM) into a tensor computation language (TCL) candidate. Correctness of an implementation of the TCL candidate is verified using the ground truth data. The method has applications including, but not limited to, use cases in medicine/healthcare, and other artificial intelligence applications for preprocessing and optimizing code for performance portability.

Abstract: A computer-implemented method for extracting and mapping structured information to a data model includes obtaining text data from one or more unstructured data sources. Rephrased text data is determined using a Large Language Model (LLM), a preprocessing prompt, and the text data. Extracted data is determined using the LLM, an extraction prompt, the data model, and the rephrased text data. The extracted data is mapped to the data model. The method can be applied, for example, to medical use cases or cyberthreat detection, among others, to improve the data models and support decision making.

Abstract: A method for learning vector representations of network traffic data offline includes: receiving historical network traffic data and a domain classification list; generating a unique domain names list based on the historical network traffic data; generating a bad domains list based on the unique domain names list and the domain classification list; modifying the unique domain names list by replacing each entry of the unique domain names list that appears in the bad domains list by a common classification label; and learning a respective vector representation for each entry of the modified unique domain names list.

Abstract: A method for operating a network is provided, where an occupation level of at least one switch queue of at least one network switch is estimated. Data regarding an association between at least one path delay and a corresponding switch queue occupation level of the at least one switch queue is provided or collected. The data is fed to a machine learning model associated with the at least one switch queue. The machine learning model is trained on the basis of the at least one path delay or the data to predict a switch queue occupation level of the at least one switch queue. Information resulting from the trained machine learning model or the predicted switch queue occupation level is used for making a real-time traffic steering decision for load balancing between network paths.

Abstract: A method searches and tests for performance optima in an operating system (OS) configuration space. The method includes generating a plurality of OS configurations. For at least a first OS configuration, of the generated OS configurations, the method further includes: fetching a plurality of OS modules based on the first OS configuration; building a first OS image from the fetched OS modules; and testing the first OS image to determine a first value of a performance metric.

Abstract: A method adapts network intrusion detection. The method includes: a) deploying a network traffic capture system and collecting network packet traces; b) using a network audit tool, extracting features from the collected network packet traces; c) feeding the extracted features as unlabeled data into a representation function, and, utilizing the representation function as an unsupervised feature learning algorithm, learning a new representation of the unlabeled data; d) providing a labeled training set capturing examples of malicious network traffic, and, using the learned new representation of the unlabeled data, modifying the labeled training set to obtain a new training set; and e) using the new training set, training a traffic classification machine learning model.

Abstract: For providing an efficient network use and resource allocation within the network a method for operating a network is provided, wherein user network traffic is controlled by an operator, comprising the following steps: a) monitoring user network traffic data on a per user basis, b) using said network traffic data in a learning process for providing a prediction of user network traffic on a per user basis, and c) controlling user network traffic under consideration of said prediction, including allocating network resources under consideration of said prediction to one or more users, preferably for providing a definable Quality of Service, QoS, per at least ne of said one or more users and/or per at least one other user. Further, a corresponding network is claimed.

Abstract: For providing an efficient network use and resource allocation within the network a method for operating a network is provided, wherein user network traffic is controlled by an operator, comprising the following steps: a) monitoring user network traffic data on a per user basis, b) using said network traffic data in a learning process for providing a prediction of user network traffic on a per user basis, and c) controlling user network traffic under consideration of said prediction, including allocating network resources under consideration of said prediction to one or more users, preferably for providing a definable Quality of Service, QoS, per at least ne of said one or more users and/or per at least one other user. Further, a corresponding network is claimed.

Abstract: A stateful packet processing system includes: a first stateful stage including a first state table and a first finite state machine (“FSM”) table; and a second stateful stage including a second state table and a second FSM table. The system performs a distribution operation defining when a flow is processed by the first and/or the second stateful stage. The first and/or second FSM table is extended with states and transitions that support the distribution operation. The first and/or second stateful stage executes an evaluation operation that executes the distribution operation. The evaluation operation provides a criterion for moving a particular flow from one of the first or second stateful stage to the other stateful stage. The first and second stateful stages are included in a software-defined networking (“SDN”) switch. The distribution operation operates within defined capabilities of a software and/or hardware pipeline of the SDN switch.

Abstract: A method searches and tests for performance optima in an operating system (OS) configuration space. The method includes generating a plurality of OS configurations. For at least a first OS configuration, of the generated OS configurations, the method further includes: fetching a plurality of OS modules based on the first OS configuration; building a first OS image from the fetched OS modules; and testing the first OS image to determine a first value of a performance metric.

Abstract: A method for executing a binarized neural network (BNN) using a switching chip includes describing an artificial neural network application in a binarized form to provide the BNN; configuring a parser of the switching chip to encode an input vector of the BNN in a packet header; configuring a plurality of match-action tables (MATs) of the switching chip to execute, on the input vector encoded in the packet header, one or more of the operations including XNOR, bit counting, and sign operations such that the plurality of MATs are configured to: implement a bitwise XNOR operation between the input vector and a weights matrix to produce a plurality of first stage vectors, implement an algorithm for counting a number of bits set to 1 in the plurality of first stage vectors to produce a plurality of second stage vectors, and implement a sign operation on the second stage vectors.

Abstract: A method adapts network intrusion detection. The method includes: a) deploying a network traffic capture system and collecting network packet traces; b) using a network audit tool, extracting features from the collected network packet traces; c) feeding the extracted features as unlabeled data into a representation function, and, utilizing the representation function as an unsupervised feature learning algorithm, learning a new representation of the unlabeled data; d) providing a labeled training set capturing examples of malicious network traffic, and, using the learned new representation of the unlabeled data, modifying the labeled training set to obtain a new training set; and e) using the new training set, training a traffic classification machine learning model.

Abstract: A method for service function chaining in a network includes defining, for a flow of packets, a chain of selected network service functions (NSFs) to be traversed by the flow. Each of the selected NSFs is associated with a programmable switch. The method also includes generating a chain establishment packet (CEP) that contains network identifier information (NII) about the selected NSFs and that is configured as a regular network packet to be delivered to the destination node along a network path that includes the programmable switches to which the selected NSFs is associated. Each programmable switch, upon receipt of the CEP and based on the NII about the selected NSFs contained in the CEP, performs installation of packet forwarding rules for the flow together with network address and port translation operations, and selects, on behalf of the respective NSF, socket parameters for use by the NSF for processing the flow.

Abstract: A method for controlling a network. The network includes a plurality of forwarding elements (FE) connected with each other, one or more end hosts (EH) connected to one or more of the FE, and a controller for controlling the FE. The method includes installing packet processing rules for end-host control protocols (ECP) on the FE. When an ECP Request (ECPRQ) is received by an FE and the ECPRQ was not processed by the controller, the ECPRQ is provided to the controller and an ECP response is computed by the receiving FE based on extracted information from the ECPRQ mapped onto forwarding information based on mapping information if provided, otherwise if the ECPRQ was processed by the controller, the ECPRQ is forwarded according to forwarding information of the ECPRQ. When an ECP response (ECPR) is received by an FE, the ECPR is forwarded according to forwarding information.

Abstract: A method for learning vector representations of network traffic data offline includes: receiving historical network traffic data and a domain classification list; generating a unique domain names list based on the historical network traffic data; generating a bad domains list based on the unique domain names list and the domain classification list; modifying the unique domain names list by replacing each entry of the unique domain names list that appears in the bad domains list by a common classification label; and learning a respective vector representation for each entry of the modified unique domain names list.

Abstract: A method for service function chaining within an end-to-end path of a network connection between a source and destination node includes: executing, for a defined service function chain including an ordered sequence of network service functions, an address resolution process that translates names of the network service functions of the defined service function chain into their corresponding IP addresses. The address resolution process is performed at a name server of the destination node by a sequence of name server queries sent in succession to respective name servers of each of the selected network service functions of the defined service function chain in accordance with their order. Each of the name server queries is answered by a response from a name server of the respective network service function that includes IP addresses of selected instances of a respective network service function chosen by the respective name server according to predefined criteria.

Abstract: A method for classifying network traffic data includes: selecting a subset of network destinations from the network traffic data to be evaluated to determine whether to classify the subset of network destinations with a common classification label, the common classification label corresponding to a common classification class; determining a list of vector representations for the subset of the network destinations contained in the network traffic data and a vector representation for the common classification label; computing a distance between a vector representation for a network domain and the vector representation of the classification label, the vector representation for the network domain being determined from the list of vector representations; classifying the subset of the network destinations as belonging to the common classification class based on the distance being less than a predefined threshold.

Abstract: A method for flow rule installation in a flow-based programmable network device, includes obtaining packet flow information that includes information about times and intervals of packet flow transmissions from data transmitting devices, programming, by a controller entity, forwarding rules into a flow table based on the packet flow information, and triggering activation of a forwarding rule programmed for a particular packet flow just-in-time before actual transmission of the particular packet flow. The flow-based programmable network device comprises input/output ports, a flow table including forwarding rules that map packet flows from data transmitting devices in the network, received on an input port, to an output port based on a packet flow matching a rule in the forwarding rules, and a state table including state entries that specify states of the packet flows.

Abstract: A stateful packet processing system includes: a first stateful stage including a first state table and a first finite state machine (“FSM”) table; and a second stateful stage including a second state table and a second FSM table. The system performs a distribution operation defining when a flow is processed by the first and/or the second stateful stage. The first and/or second FSM table is extended with states and transitions that support the distribution operation. The first and/or second stateful stage executes an evaluation operation that executes the distribution operation. The evaluation operation provides a criterion for moving a particular flow from one of the first or second stateful stage to the other stateful stage. The first and second stateful stages are included in a software-defined networking (“SDN”) switch. The distribution operation operates within defined capabilities of a software and/or hardware pipeline of the SDN switch.

Abstract: A stateful network packet processing system includes first and second stateful stages and a distribution mechanism. The first stateful stage includes a first state table and a first FSM table. The second stateful stage includes a second state table and a second FSM table. The distribution mechanism defines when a flow should be processed by either the first stateful stage or the second stateful stage or by a combination of the first stateful stage and the second stateful stage. At least one of the first or second FSM tables is extended with states and transitions that support the distribution mechanism.