Peregrine: ML-based Malicious Traffic Detection for Terabit Networks
Authors:
João Romeiras Amado,
Francisco Pereira,
David Pissarra,
Salvatore Signorello,
Miguel Correia,
Fernando M. V. Ramos
Abstract:
Malicious traffic detectors leveraging machine learning (ML), namely those incorporating deep learning techniques, exhibit impressive detection capabilities across multiple attacks. However, their effectiveness becomes compromised when deployed in networks handling Terabit-speed traffic. In practice, these systems require substantial traffic sampling to reconcile the high data plane packet rates w…
▽ More
Malicious traffic detectors leveraging machine learning (ML), namely those incorporating deep learning techniques, exhibit impressive detection capabilities across multiple attacks. However, their effectiveness becomes compromised when deployed in networks handling Terabit-speed traffic. In practice, these systems require substantial traffic sampling to reconcile the high data plane packet rates with the comparatively slower processing speeds of ML detection. As sampling significantly reduces traffic observability, it fundamentally undermines their detection capability.
We present Peregrine, an ML-based malicious traffic detector for Terabit networks. The key idea is to run the detection process partially in the network data plane. Specifically, we offload the detector's ML feature computation to a commodity switch. The Peregrine switch processes a diversity of features per-packet, at Tbps line rates - three orders of magnitude higher than the fastest detector - to feed the ML-based component in the control plane. Our offloading approach presents a distinct advantage. While, in practice, current systems sample raw traffic, in Peregrine sampling occurs after feature computation. This essential trait enables computing features over all traffic, significantly enhancing detection performance. The Peregrine detector is not only effective for Terabit networks, but it is also energy- and cost-efficient. Further, by shifting a compute-heavy component to the switch, it saves precious CPU cycles and improves detection throughput.
△ Less
Submitted 27 March, 2024;
originally announced March 2024.
Random Linear Network Coding on Programmable Switches
Authors:
Diogo Gonçalves,
Salvatore Signorello,
Fernando M. V. Ramos,
Muriel Médard
Abstract:
By extending the traditional store-and-forward mechanism, network coding has the capability to improve a network's throughput, robustness, and security. Given the fundamentally different packet processing required by this new paradigm and the inflexibility of hardware, existing solutions are based on software. As a result, they have limited performance and scalability, creating a barrier to its wi…
▽ More
By extending the traditional store-and-forward mechanism, network coding has the capability to improve a network's throughput, robustness, and security. Given the fundamentally different packet processing required by this new paradigm and the inflexibility of hardware, existing solutions are based on software. As a result, they have limited performance and scalability, creating a barrier to its wide-spread adoption. By leveraging the recent advances in programmable networking hardware, in this paper we propose a random linear network coding data plane written in P4, as a first step towards a production-level platform. Our solution includes the ability to combine the payload of multiple packets and of executing the required Galois field operations, and shows promise to be practical even under the strict memory and processing constraints of switching hardware.
△ Less
Submitted 5 September, 2019;
originally announced September 2019.