Soter: Deep Learning Enhanced In-Network Attack Detection Based on Programmable Switches

2022 41st International Symposium on Reliable Distributed Systems (SRDS) Pub Date : 2022-09-01 DOI:10.1109/SRDS55811.2022.00029

Guorui Xie, Qing Li, Chupeng Cui, Peican Zhu, Dan Zhao, Wanxin Shi, Zhuyun Qi, Yong Jiang, Xianni Xiao

{"title":"Soter: Deep Learning Enhanced In-Network Attack Detection Based on Programmable Switches","authors":"Guorui Xie, Qing Li, Chupeng Cui, Peican Zhu, Dan Zhao, Wanxin Shi, Zhuyun Qi, Yong Jiang, Xianni Xiao","doi":"10.1109/SRDS55811.2022.00029","DOIUrl":null,"url":null,"abstract":"Though several deep learning (DL) detectors have been proposed for the network attack detection and achieved high accuracy, they are computationally expensive and struggle to satisfy the real-time detection for high-speed networks. Recently, programmable switches exhibit a remarkable throughput efficiency on production networks, indicating a possible deployment of the timely detector. Therefore, we present Soter, a DL enhanced in-network framework for the accurate real-time detection. Soter consists of two phases. One is filtering packets by a rule-based decision tree running on the Tofino ASIC. The other is executing a well-designed lightweight neural network for the thorough inspection of the suspicious packets on the CPU. Experiments on the commodity switch demonstrate that Soter behaves stably in ten network scenarios of different traffic rates and fulfills per-flow detection in 0.03s. Moreover, Soter naturally adapts to the distributed deployment among multiple switches, guaranteeing a higher total throughput for large data centers and cloud networks.","PeriodicalId":143115,"journal":{"name":"2022 41st International Symposium on Reliable Distributed Systems (SRDS)","volume":"82 8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 41st International Symposium on Reliable Distributed Systems (SRDS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SRDS55811.2022.00029","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Though several deep learning (DL) detectors have been proposed for the network attack detection and achieved high accuracy, they are computationally expensive and struggle to satisfy the real-time detection for high-speed networks. Recently, programmable switches exhibit a remarkable throughput efficiency on production networks, indicating a possible deployment of the timely detector. Therefore, we present Soter, a DL enhanced in-network framework for the accurate real-time detection. Soter consists of two phases. One is filtering packets by a rule-based decision tree running on the Tofino ASIC. The other is executing a well-designed lightweight neural network for the thorough inspection of the suspicious packets on the CPU. Experiments on the commodity switch demonstrate that Soter behaves stably in ten network scenarios of different traffic rates and fulfills per-flow detection in 0.03s. Moreover, Soter naturally adapts to the distributed deployment among multiple switches, guaranteeing a higher total throughput for large data centers and cloud networks.

查看原文本刊更多论文

Soter:基于可编程交换机的深度学习增强网络攻击检测

虽然已有几种深度学习检测器用于网络攻击检测，并取得了较高的准确率，但它们计算量大，难以满足高速网络的实时检测。最近，可编程交换机在生产网络上表现出显着的吞吐量效率，表明可能部署及时检测器。因此，我们提出了Soter，一个用于精确实时检测的DL增强网络框架。Soter由两个阶段组成。一种是通过运行在Tofino ASIC上的基于规则的决策树来过滤数据包。另一个是执行一个精心设计的轻量级神经网络，以彻底检查CPU上的可疑数据包。在商品交换机上的实验表明，Soter在10种不同流量速率的网络场景下表现稳定，并在0.03s内完成每流检测。此外，Soter自然适应多台交换机之间的分布式部署，保证了大型数据中心和云网络的更高总吞吐量。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 41st International Symposium on Reliable Distributed Systems (SRDS)

自引率

0.00%

发文量