HALIDS: a Hardware-Assisted Machine Learning IDS for in-Network Monitoring

Belén Brandino; Eduardo Grampin; Katharina Dietz; Nikolas Wehner; Michael Seufert; Tobias Hoßfeld; Pedro Casas-Hernandez

doi:10.23919/TMA62044.2024.10559083

HALIDS: a Hardware-Assisted Machine Learning IDS for in-Network Monitoring

Belén Brandino, Eduardo Grampin, Katharina Dietz, Nikolas Wehner, Michael Seufert, Tobias Hoßfeld, Pedro Casas-Hernandez (Autor:in und Vortragende:r)

Data Science & Artifical Intelligence

Publikation: Beitrag in Buch oder Tagungsband › Beitrag in Tagungsband mit Posterpräsentation › Begutachtung

Abstract

Early decision-making at the network device level is crucial for network security. This entails moving beyond traditional forwarding functions towards more intelligent network devices. Integrating Machine Learning (ML) models into the data plane enables quicker processing and reduced reliance on the control plane. This paper explores the development of a ML-driven Intrusion Detection System (IDS) where network devices autonomously make security decisions or defer to an expert Oracle, relying on in-band and off-band traffic analysis. Programmable devices, such as those using P4, are essential to enable these functionalities and allow for network device re-training to adapt to changing traffic patterns. We introduce HALIDS, a prototype for in-band ML-IDS using P4, complemented with off-band Oracles which support in-network ML-driven classification with more confident classifications, targeting an active learning logic for more accurate in-band analysis. We implement HALIDS using the open source software switch BMv2, and show its operation with real traffic traces publicly available.

Originalsprache	Englisch
Titel	2024 8th Network Traffic Measurement and Analysis Conference (TMA)
Seiten	1-4
Seitenumfang	4
ISBN (elektronisch)	978-3-903176-64-5
DOIs	https://doi.org/10.23919/TMA62044.2024.10559083
Publikationsstatus	Veröffentlicht - 20 Juni 2024
Veranstaltung	2024 8th Network Traffic Measurement and Analysis Conference (TMA) - Dresden, Dresden, Deutschland Dauer: 21 Mai 2024 → 24 Mai 2024

Konferenz

Konferenz	2024 8th Network Traffic Measurement and Analysis Conference (TMA)
Land/Gebiet	Deutschland
Stadt	Dresden
Zeitraum	21/05/24 → 24/05/24

Research Field

Multimodal Analytics

Zugriff auf Dokument

10.23919/TMA62044.2024.10559083Lizenz: Nicht angegeben

Diese Publikation zitieren

@inbook{f481de350bba4350805d9cd9839250d4,

title = "HALIDS: a Hardware-Assisted Machine Learning IDS for in-Network Monitoring",

abstract = "Early decision-making at the network device level is crucial for network security. This entails moving beyond traditional forwarding functions towards more intelligent network devices. Integrating Machine Learning (ML) models into the data plane enables quicker processing and reduced reliance on the control plane. This paper explores the development of a ML-driven Intrusion Detection System (IDS) where network devices autonomously make security decisions or defer to an expert Oracle, relying on in-band and off-band traffic analysis. Programmable devices, such as those using P4, are essential to enable these functionalities and allow for network device re-training to adapt to changing traffic patterns. We introduce HALIDS, a prototype for in-band ML-IDS using P4, complemented with off-band Oracles which support in-network ML-driven classification with more confident classifications, targeting an active learning logic for more accurate in-band analysis. We implement HALIDS using the open source software switch BMv2, and show its operation with real traffic traces publicly available.",

author = "Bel{\'e}n Brandino and Eduardo Grampin and Katharina Dietz and Nikolas Wehner and Michael Seufert and Tobias Ho{\ss}feld and Pedro Casas-Hernandez",

year = "2024",

month = jun,

day = "20",

doi = "10.23919/TMA62044.2024.10559083",

language = "English",

isbn = "979-8-3503-7888-7",

pages = "1--4",

booktitle = "2024 8th Network Traffic Measurement and Analysis Conference (TMA)",

note = "2024 8th Network Traffic Measurement and Analysis Conference (TMA) ; Conference date: 21-05-2024 Through 24-05-2024",

}

Brandino, B, Grampin, E, Dietz, K, Wehner, N, Seufert, M, Hoßfeld, T & Casas-Hernandez, P 2024, HALIDS: a Hardware-Assisted Machine Learning IDS for in-Network Monitoring. in 2024 8th Network Traffic Measurement and Analysis Conference (TMA). S. 1-4, 2024 8th Network Traffic Measurement and Analysis Conference (TMA), Dresden, Sachsen, Deutschland, 21/05/24. https://doi.org/10.23919/TMA62044.2024.10559083

TY - CHAP

T1 - HALIDS: a Hardware-Assisted Machine Learning IDS for in-Network Monitoring

AU - Brandino, Belén

AU - Grampin, Eduardo

AU - Dietz, Katharina

AU - Wehner, Nikolas

AU - Seufert, Michael

AU - Hoßfeld, Tobias

A2 - Casas-Hernandez, Pedro

PY - 2024/6/20

Y1 - 2024/6/20

N2 - Early decision-making at the network device level is crucial for network security. This entails moving beyond traditional forwarding functions towards more intelligent network devices. Integrating Machine Learning (ML) models into the data plane enables quicker processing and reduced reliance on the control plane. This paper explores the development of a ML-driven Intrusion Detection System (IDS) where network devices autonomously make security decisions or defer to an expert Oracle, relying on in-band and off-band traffic analysis. Programmable devices, such as those using P4, are essential to enable these functionalities and allow for network device re-training to adapt to changing traffic patterns. We introduce HALIDS, a prototype for in-band ML-IDS using P4, complemented with off-band Oracles which support in-network ML-driven classification with more confident classifications, targeting an active learning logic for more accurate in-band analysis. We implement HALIDS using the open source software switch BMv2, and show its operation with real traffic traces publicly available.

AB - Early decision-making at the network device level is crucial for network security. This entails moving beyond traditional forwarding functions towards more intelligent network devices. Integrating Machine Learning (ML) models into the data plane enables quicker processing and reduced reliance on the control plane. This paper explores the development of a ML-driven Intrusion Detection System (IDS) where network devices autonomously make security decisions or defer to an expert Oracle, relying on in-band and off-band traffic analysis. Programmable devices, such as those using P4, are essential to enable these functionalities and allow for network device re-training to adapt to changing traffic patterns. We introduce HALIDS, a prototype for in-band ML-IDS using P4, complemented with off-band Oracles which support in-network ML-driven classification with more confident classifications, targeting an active learning logic for more accurate in-band analysis. We implement HALIDS using the open source software switch BMv2, and show its operation with real traffic traces publicly available.

U2 - 10.23919/TMA62044.2024.10559083

DO - 10.23919/TMA62044.2024.10559083

M3 - Conference Proceedings with Poster Presentation

SN - 979-8-3503-7888-7

SP - 1

EP - 4

BT - 2024 8th Network Traffic Measurement and Analysis Conference (TMA)

T2 - 2024 8th Network Traffic Measurement and Analysis Conference (TMA)

Y2 - 21 May 2024 through 24 May 2024

ER -

HALIDS: a Hardware-Assisted Machine Learning IDS for in-Network Monitoring

Abstract

Konferenz

Research Field

Zugriff auf Dokument

Fingerprint

Diese Publikation zitieren