NativeNI 2022

The 1st International Workshop on Native Network Intelligence
Co-located with ACM CoNEXT

December 9th, Rome, Italy


Keynote Speakers

Paul Patras
Associate Professor / Co-founder and CEO
University of Edinburgh / Net AI
Sujata Banerjee
Vice president of research

Program schedule

13:30 - 14:30 Keynote #1 : Paul Patras

The AI Imperative in Mobile Networking and How to Use It in a Principled Way
Abstract The network traffic landscape is becoming increasingly complex and the infrastructure that needs to support the applications that continue to emerge is increasingly virtualized. At this point, the adoption of artificial intelligence to effectively manage and monetize (mobile) networks is therefore not only inevitable, but essential. However, employing off-the-shelf neural models, which were originally designed for areas such as image recognition and natural language processing, in order to tackle problems in the network domain is questionable, given the unique characteristics of network architectures, protocols, and traffic. In this talk, I will discuss how to harness the power of AI in an principled way, to devise practical solutions for a range of non-trivial network analytics, security and control tasks. I will also talk about data processing requirements and training considerations, explain how network intelligence can be deployed in current and future networks, and how ongoing standardization efforts may facilitate this. Finally, I will highlight a number of challenges that lie on the path to successful native NI. Bio Paul Patras is a co-founder and the CEO of Net AI, a pioneering network intelligence company based in Scotland, whose mission is to create a market leading platform for deep traffic analysis across 5G and beyond 5G mobile networks. He is also an Associate Professor in the School of Informatics at the University of Edinburgh, where he leads the Mobile Intelligence Lab. Dr Patras has spearheaded the use of deep learning to solve several problems in the mobile networking domain, which were previously considered intractable. He held visiting research positions at the University of Brescia, Northeastern University, Technical University of Darmstadt, and Rice University. He serves as an associate editor of Computer Communications, co-chaired the first Workshop on Machine Learning and Systems (EuroMLSys), and advised the ITU-T Focus Group on Machine Learning for Future Networks including 5G.

14:30 - 15:10 Session 1: In-Network ML

Henna: Hierarchical Machine Learning Inference in Programmable Switches
Aristide Tanyi-Jong Akem (IMDEA Networks Institute and Universidad Carlos III de Madrid), Beyza Bütün (IMDEA Networks Institute and Universidad Carlos III de Madrid), Michele Gucciardo (IMDEA Networks Institute), Marco Fiore (IMDEA Networks Institute)


The recent proliferation of programmable network equipment has opened up new possibilities for embedding intelligence into the data plane. Deploying models directly in the data plane promises to achieve high throughput and low latency inference capabilities that cannot be attained with traditional closed loops involving control-plane operations. Recent efforts have paved the way for the integration of trained machine learning models in resource-constrained programmable switches, yet current solutions have significant limitations that translate into performance barriers when coping with complex inference tasks. In this paper, we present Henna, a first in-switch implementation of a hierarchical classification system. The concept underpinning our solution is that of splitting a difficult classification task into easier cascaded decisions, which can then be addressed with separated and resource-efficient tree-based classifiers. We propose a design of Henna that aligns with the internal organization of the Protocol Independent Switch Architecture (PISA), and integrates state-of-the-art strategies for mapping decision trees to switch hardware. We then implement Henna into a real testbed with off-the-shelf Intel Tofino programmable switches using the P4 language. Experiments with a complex 21-category classification task based on measurement data demonstrate how Henna improves the F1 score of an advanced single-stage model by 21%, while keeping usage of switch resources at 8% on average.

The Case for Native Multi-Node In-Network Machine Learning
Lorenzo Bracciale (University of Rome Tor Vergata), Tushar Swamy (Stanford University), Muhammad Shahbaz (Purdue University), Pierpaolo Loreti (University of Rome Tor Vergata), Stefano Salsano (University of Rome Tor Vergata), Hesham Elbakoury (Consultant)


It is now possible to run per-packet Machine Learning (ML) inference tasks in the data plane at line-rate with dedicated hardware in programmable network switches. We refer to this approach as per-packet ML. Existing work in this area focuses on a single node setup, where the incoming packets are processed by the switch pipeline to extract features at different levels of granularity: packet-level, flow-level, cross-flow level, while also considering device-level features. The extracted features are then processed by an ML inference fabric inside the same switch. In this position paper, we propose to extend and enhance this model from a single node to a collection of nodes (including switches and servers). In fact, there are several scenarios where it is impossible for a single node to perform both feature processing (e.g., due to lack of or limited access to data) and the ML inference operations. In a multi-node setup, a node can extract ML features and encode them in packets as metadata, which are then processed by another node (e.g., switch) to execute native inference tasks. We make a case for a standard model of extracting, encoding, and forwarding features between nodes to carryout distributed, native ML inference inside networks; discuss the applicability and versatility of the proposed model; and illustrate the various open research issues and design implications.

15:10 - 15:30 Coffee break

15:30 - 16:30 Session 2: ML on network data

Native Network Intelligence, Fast and Slow
Dario Rossi (Huawei Technologies, co. Ltd), Liang Zhang (Huawei Technologies, co. Ltd)


As networks have historically been built around connectivity, #architectural features concerning quality of service, mobility, security and privacy have been added as afterthoughts -- with consequent well known architectural headaches for their later integration. Despite Artificial Intelligence (AI) is more a means to an end, that an architectural feature itself, this is not completely different from what concerns its integration: in particular, while Cloud and Edge computing paradigms made it possible to use AI techniques to relieve part of network operation, however AI is currently little more than an additional tool. This paper describes a vision of future networks, where AI becomes a first class commodity: its founding principle lays around the concept of ``fast and slow'' type of AI reasoning, each of which offers different types of AI capabilities to process network data. We next outline how these building blocks naturally maps to different network segments, and discuss emerging AI-to-AI communication patterns as we move to more intelligent networks.

On Using Pretext Tasks to Learn Representations from Network Logs
Matteo Boffa (Politecnico di Torino), Giulia Milan (Huawei Technologies Co. Ltd), Luca Vassio, Idilio Drago (University of Turin), Marco Mellia, Zied Ben Houidi (Huawei Technologies Co. Ltd), Dario Rossi (Huawei Technologies Co. Ltd)


Learning meaningful representations from network data is critical to ease the adoption of AI as a cornerstone to process network logs. Since a large portion of such data is textual, Natural Language Processing (NLP) appears as an obvious candidate to learn their representations. Indeed, the literature proposes impressive applications of NLP applied to textual network data. However, in the absence of labels, objectively evaluating the goodness of the learned representations is still an open problem. We call for a systematic adoption of domain-specific pretext tasks to select the best representation from network data. Relying on such tasks enables us to evaluate different representations on side machine learning problems and, ultimately, unveiling the best candidate representations for the more interesting downstream tasks for which labels are scarce or unavailable. We apply pretext tasks in the analysis of logs collected from SSH honeypots. Here, a cumbersome downstream task is to cluster events that exhibit a similar attack pattern. We propose the following pipeline: first, we represent the input data using a classic NLP-based approach. Then, we design pretext tasks to objectively evaluate the representation goodness and to select the best one. Finally, we use the best representation to solve the unsupervised task, which uncovers interesting behaviours and attack patterns. All in all, our proposal can be generalized to other text-based network logs beyond honeypots.

AI-based Detection of DNS Misuse for Network Security
Irina Chiscop (TNO Netherlands Organisation for Applied Scientific Research), Francesca Soro (AIT Austrian Institute of Technology), Paul Smith (AIT Austrian Institute of Technology)


Threat hunting and malware prediction are critical activities to ensure network and system security. These tasks are difficult due to increasing numbers of sophisticated malware families. Automatically detecting anomalous Domain Name System (DNS) queries in operational traffic facilitates the detection of new malware infections, significantly contributing to the work of security practitioners. In this paper, we present two AI-based Domain Generation Algorithm (DGA) detection and classification techniques - a feature-based one, leveraging classic Machine Learning algorithms and a featureless one, based on Deep Learning - specifically intended to aid in this task. Both techniques are designed to be integrated in operational environments, dealing with hundreds of thousands to millions of new malware samples per day. We report the implementation details, the classification performance, the advantages and shortcomings for both techniques, as well as experiences from the deployment of this system in an industrial environment. We show that both techniques reach more than the 90% accuracy in the case of binary DGA detection, with a slight degradation in performance in the multi-class classification case, in which the results strongly depend on the malware type.

16:30 - 17:30 Keynote #2 : Sujata Banerjee

Data-Driven Networking for Edge-to-Cloud Infrastructure
Abstract Networking research and products have seen a rapid pace of innovation in the last decade. This has resulted in many networks that are intent-driven, programmable, verifiable, and able to provide guaranteed performance, in-network compute capabilities and software-based network functions. As exciting as these advances have been, some fundamental technical and operational challenges still remain and are getting more critical in order to support real time applications in distributed heterogeneous edge-to-cloud infrastructures. The next set of innovations to address these challenges will come in part from data-driven network operations and the ability to efficiently support advanced analytics workloads. This talk will focus on some of the emerging approaches and the associated research problems. Bio Sujata Banerjee leads the VMware Research Group (VRG) whose mission is to create novel technologies and unique differentiation for VMware’s technology portfolio, and advance the state of the field through external impact on the research community. Sujata’s research has spanned software defined networking, network function virtualization, network energy efficiency and measurement. She is a member of the Computing Community Consortium (CCC) Council of the Computing Research Association (CRA) and is on the scientific advisory committee of the FABRIC programmable research infrastructure. In 2020, she served in the AI working group of the FCC’s Technology Advisory Council and was the vice-chair of ACM SIGCOMM (2019-2021). She has over 40 US patents, is a recipient of the U.S. National Science Foundation (NSF) CAREER award in networking research and is a Fellow of the IEEE. Prior to VMware, she was a director and distinguished technologist at Hewlett Packard Enterprise Labs, leading research on enterprise, service provider and datacenter networks. Before her industrial research career, she held a tenured Associate Professor position at the University of Pittsburgh


Call for papers

In recent years we witnessed a growing interest towards leveraging Artificial Intelligence (AI) tools to innovate network operations at all layers, domains and planes. Yet, if, what and where we need to integrate intelligence in networks and how to (re)design networks for the native support of AI is still largely under debate. This is due to the multi-faceted nature of the challenges behind such integration: on the one hand, network architectures must be updated to accommodate AI models and their lifecycle by design (e.g., collecting and provisioning data in real-time, balancing centralized versus distributed computing approaches, empowering low latency requirements for fast closed-loop decision-making and network function automation); on the other hand, the design of AI models shall improve to better align with the myriad of requirements of production network systems (e.g., inference latency, computational complexity, trustworthiness of AI decisions); finally, operational procedures in research must be enhanced for verifiabilty, reproducibility and real-world deployment (e.g., establishing reference datasets, sharing trained models without sacrificing models explainability, robustness or safety).

Pragmatic answers to all these points are paramount to enable a transition of the current large body of literature on AI for networking from academic exercises to solutions integrated in production systems.

This workshop aims to bringing together researchers from academia and industry who are committed to making AI in networks a reality. We call for contributions from researchers working in the areas of network systems, applied machine learning and data science. We seek contributions that range from visionary position papers to promising ideas and prototypes, all the way to fully deployed solutions. All submissions should contribute to the common goal of making AI a viable and native technology for networks.

Topics of interest include (but are not limited to):

  • Network architectures and infrastructures for native AI support
  • AI requirements for integration in network environments
  • Network traffic data collection and analysis for AI support
  • Low-latency AI for networks
  • Compute-prudent AI for networks
  • Tailored AI models for network management and orchestration
  • Data availability for data-driven research and development
  • Ethics in AI for networking
  • On-device, cloud-driven or off-line application of AI for networking
  • Centralized or distributed computational paradigm to support AI models
  • AutoML and AI automation for networking
  • Meta-learning for networking
  • AI for Intent-Based Networking
  • Explainability, robustness, safety of AI model deployments in networks
  • Open-access datasets for the training and testing of AI models for networks
  • Open-source tools for the assessment of AI models for networks
  • Experimental deployments of AI in network systems.

Submission instructions

Authors should submit only original work that has not been published before and is no under submission to any other venue.

All submitted papers will be assessed through a double-blind review process. This means that the authors do not see who are the reviewers and the reviewers do not see who are the authors.

As an author, you should do your best to ensure that your paper submission does not directly or indirectly reveal the authors’ identities. These following steps are minimal requirements for a double-blind submission:

  • Remove all personal information about the authors from the paper (e.g., names, affiliations).
  • Remove acknowledgements to organizations and/or people.
  • Referring to your previous work should be done similarly to any other work, as if your are not an author of that work.
  • Do not add references to external repositories or technical reports that can be used to identify any of the authors or institutions/organization.
  • Uploading a version of the paper to a non-peer-reviewed location (e.g., ArXiv) is acceptable. However, authors need to avoid advertising the paper on popular mailing list and social media until after the review process closes.

As reviewers, PC members should not actively try to de-anonymize the authors’ identities. Any violation of the double-blind reviewing process should be reported to the PC chais.

Submissions should be six pages maximum, plus one page for references, in 2-column 10pt ACM format. When using Latex, please download the style and templates from here.

Uncompress the zip file and look for sample-sigconf.tex in the /sample subdirectory. The file can be used as a starting point, or the confiation can be copied to your own file if one exists. In any case, your text file should use the following class


We encourage authors to share code/data at either submission time or at the camera ready.

Papers should be submitted at


Abstract registration September 23rd, 2022
Submission September 30th, 2022
Extended Submission October 3rd, 2022 (11:59pm AoE)
Notification October 21st, 2022
Camera ready November 1st, 2022 (hard deadline)
Workshop Event December 9th, 2022



Alessandro Finamore Huawei Technologies, France
Marco Fiore IMDEA Networks
Carlee Joe-Wong Carnegie Mellon University

TPC Members

Albert Cabellos Universitat Politecnica de Catalunya
Amedeo Sapio Intel
Andra Lutu Telefonica
Bo Ji Virginia Tech
Chen Tian Nanjing University
Chuan Wu University of Hong Kong
Chuanxiong Guo Bytedance
George Iosifidis Delft University of Technology
Gianni Antichi Queen Mary University of London
Ilias Leontiadis Meta
John Chi Shing Lui Chinese University of Hong Kong
Junchen Jiang University of Chicago
Kyunghan Lee Seoul National university
Marco Canini King Abdullah University of Science and Technology
Marco Gramaglia Universidad Carlos III de Madrid
Roberto González NEC Laboratories Europe
Tao Han New Jersey Institute of Technology
Tian Lan George Washington University
Vaneet Aggarwal Purdue University
Xiaoxi Zhang Sun Yat-Sen University
Zied Ben Houidi Huawei Technologies France
Zinan Lin Carnegie Mellon University


For any questions please reach out to the chairs Alessandro Finamore, Marco Fiore and Carlee Joe-Wong