PS-IPS: Deploying Intrusion Prevention System with machine learning on programmable switch
Future Generation Computer Systems(2024)
摘要
Intrusion prevention is significant to avoid device damage and financial losses. Researchers have proposed various Intrusion Prevention Systems (IPS) to prevent malware, including traditional and SDN-based IPS. However, existing IPSs suffer from low throughput problems caused by detection and rule-installation delays. Here, we propose a programmable switch-base IPS (named PS-IPS), which utilizes the switch CPU and pipeline to detect malware. PS-IPS consists of four main components: (1) parser, (2) flow filter, (3) recirculation director, and (4) malware detector. According to the experiment, PS-IPS achieves a 183X throughput than the SDN-based IPS. The response time of PS-IPS is also reduced by 99.99%, showing that PS-IPS effectively prevents malware with a single programmable switch.
更多查看译文
关键词
deploying intrusion prevention system,prevention system,machine learning,ps-ips
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要