Loading [MathJax]/extensions/MathMenu.js
HALIDS: a Hardware-Assisted Machine Learning IDS for in-Network Monitoring | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2024 8th Network Traffic Meas...

HALIDS: a Hardware-Assisted Machine Learning IDS for in-Network Monitoring

PDF
B. Brandino; E. Grampin; K. Dietz; N. Wehner; M. Seufert; T. Hoßfeld
All Authors

Abstract:

Early decision-making at the network device level is crucial for network security. This entails moving beyond traditional forwarding functions towards more intelligent ne...Show More

Metadata

Abstract:

Early decision-making at the network device level is crucial for network security. This entails moving beyond traditional forwarding functions towards more intelligent network devices. Integrating Machine Learning (ML) models into the data plane enables quicker processing and reduced reliance on the control plane. This paper explores the development of a ML-driven Intrusion Detection System (IDS) where network devices autonomously make security decisions or defer to an expert Oracle, relying on in-band and off-band traffic analysis. Programmable devices, such as those using P4, are essential to enable these functionalities and allow for network device re-training to adapt to changing traffic patterns. We introduce HALIDS, a prototype for in-band ML-IDS using P4, complemented with off-band Oracles which support in-network ML-driven classification with more confident classifications, targeting an active learning logic for more accurate in-band analysis. We implement HALIDS using the open source software switch BMv2, and show its operation with real traffic traces publicly available.
Published in: 2024 8th Network Traffic Measurement and Analysis Conference (TMA)
Date of Conference: 21-24 May 2024
Date Added to IEEE Xplore: 20 June 2024
ISBN Information:
DOI: 10.23919/TMA62044.2024.10559083
Conference Location: Dresden, Germany

Funding Agency:

Contents

I. Introduction

The ever-growing volume of traffic in modern networks motivates the utilization of machine learning (ML) in networking [1]. When it comes to network monitoring for cybersecurity, a promising idea is to do traffic classification as early as possible, directly within network devices. Resources in network devices have been traditionally constrained, encompassing limitations in terms of memory, processing capacity, available operations, and more. Consequently, these devices are traditionally treated as “dumb” from a traffic monitoring perspective, performing only the essential functions required for the network to operate. The emergence of new data plane architectures raises the hope that network devices will perform functions beyond simple traffic forwarding. By doing so, the burden on the control and management planes is alleviated, and a portion of the processing is decentralized. Additionally, processing within the network device occurs more expeditiously, reducing the need for offloading to the control plane. Network programmability entails the ability to specify and modify algorithms in both the control and the data plane [2].

Contact IEEE to Subscribe
More Like This
Prototype 160-Gbit/s/port Optical Packet Switch Based on Optical Code Label Processing and Related Technologies

IEEE Journal of Selected Topics in Quantum Electronics

Published: 2007

Real-Time Anomaly Detection in SDN Architecture Using Integrated SIEM and Machine Learning for Enhancing Network Security

GLOBECOM 2023 - 2023 IEEE Global Communications Conference

Published: 2023

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.