Next‐Generation Network Management: Harnessing AI to Automate Operations

Vieira, Gabriel Madeira

http://hdl.handle.net/10400.8/14727

Use this identifier to reference this record.

Name:	Description:	Size:	Format:
Dissertation__Next_Generation_Network_Management.pdf		11.86 MB	Adobe PDF	Download

Send Feedback

Authors

Vieira, Gabriel Madeira

Advisor(s)

Fuentes, Daniel Alexandre Lopes

Frazão, Luís Alexandre Lopes

Correia, Luís Filipe Jesus

Costa, Nuno Alexandre Ribeiro da

Pereira, António Manuel de Jesus

Abstract(s)

Cybersecurity infrastructures face constant challenges, including increasingly sophisticated threats, the rising costs of Security Operations Centres (SOCs), and a growing shortage of skilled professionals. To address these issues, this dissertation proposes an AI-based architectural framework designed to automate network security and enhance threat mitigation. The proposed framework integrates Software-Defined Networking (SDN) and Security Information and Event Management (SIEM) with AI-driven Intrusion Detection and Prevention Systems (IDS/IPS). It incorporates a lightweight Large Language Model (LLM) under 4GB, trained on MikroTik documentation to translate user intent into network commands. In addition, several machine learning models are trained and evaluated for real-time threat detection, supported by a digital twin and a sandbox for configuration testing. Three specialised datasets from scraped documentation and available APIs—pretraining, QA, and reasoning—were developed, totalling 74,482 records. A web interface and REST APIs provide accessibility. Experimental results show that the AI models achieve a 74% LLM generated command execution success rate, substantially surpassing the 8% untrained baseline, and the selected machine learning classifier attains a 94.84% F1-score for threat detection, thereby supporting the validity of the proposed approach. This proposed architecture demonstrates how AI-driven automation can offer organisations a scalable, cost-effective, and practical alternative to traditional SOCs, which are often resource-intensive and require specialized personnel, strengthening resilience against contemporary cybersecurity threats and enabling multi-vendor support through adaptable data sources.