CyberSentinel: Efficient Anomaly Detection in Programmable Switch using Knowledge Distillation
- URL: http://arxiv.org/abs/2412.16693v1
- Date: Sat, 21 Dec 2024 16:35:44 GMT
- Title: CyberSentinel: Efficient Anomaly Detection in Programmable Switch using Knowledge Distillation
- Authors: Sankalp Mittal,
- Abstract summary: CyberSentinel is a high throughput and accurate anomaly detection system deployed entirely in the programmable switch data plane.
To detect unseen network attacks, CyberSentinel uses a novel knowledge distillation scheme that incorporates "learned" knowledge of deep unsupervised ML models.
We implement a prototype of CyberSentinel on a testbed with an Intel Tofino switch and evaluate it on various real-world use cases.
- Score: 0.0
- License:
- Abstract: The increasing volume of traffic (especially from IoT devices) is posing a challenge to the current anomaly detection systems. Existing systems are forced to take the support of the control plane for a more thorough and accurate detection of malicious traffic (anomalies). This introduces latency in making decisions regarding fast incoming traffic and therefore, existing systems are unable to scale to such growing rates of traffic. In this paper, we propose CyberSentinel, a high throughput and accurate anomaly detection system deployed entirely in the programmable switch data plane; making it the first work to accurately detect anomalies at line speed. To detect unseen network attacks, CyberSentinel uses a novel knowledge distillation scheme that incorporates "learned" knowledge of deep unsupervised ML models (\textit{e.g.}, autoencoders) to develop an iForest model that is then installed in the data plane in the form of whitelist rules. We implement a prototype of CyberSentinel on a testbed with an Intel Tofino switch and evaluate it on various real-world use cases. CyberSentinel yields similar detection performance compared to the state-of-the-art control plane solutions but with an increase in packet-processing throughput by $66.47\%$ on a $40$ Gbps link, and a reduction in average per-packet latency by $50\%$.
Related papers
- Self-adaptive Traffic Anomaly Detection System for IoT Smart Home Environments [0.664115309304513]
This paper proposes a self-adaptive anomaly detection system for IoT traffic, including unknown attacks.
The proposed system can adapt to unknown attacks to reflect pattern changes in anomalous traffic based on real-time captured traffic.
arXiv Detail & Related papers (2024-03-05T07:58:02Z) - Exploring Highly Quantised Neural Networks for Intrusion Detection in
Automotive CAN [13.581341206178525]
Machine learning-based intrusion detection models have been shown to successfully detect multiple targeted attack vectors.
In this paper, we present a case for custom-quantised literature (CQMLP) as a multi-class classification model.
We show that the 2-bit CQMLP model, when integrated as the IDS, can detect malicious attack messages with a very high accuracy of 99.9%.
arXiv Detail & Related papers (2024-01-19T21:11:02Z) - A Lightweight Multi-Attack CAN Intrusion Detection System on Hybrid
FPGAs [13.581341206178525]
Intrusion detection and mitigation approaches have shown promising results in detecting multiple attack vectors in Controller Area Network (CAN)
We present a lightweight multi-attack quantised machine learning model that is deployed using Xilinx's Deep Learning Processing Unit IP on a Zynq Ultrascale+ (XCZU3EG) FPGA.
The model detects denial of service and fuzzing attacks with an accuracy of above 99 % and a false positive rate of 0.07%, which are comparable to the state-of-the-art techniques in the literature.
arXiv Detail & Related papers (2024-01-19T13:39:05Z) - Global Context Aggregation Network for Lightweight Saliency Detection of
Surface Defects [70.48554424894728]
We develop a Global Context Aggregation Network (GCANet) for lightweight saliency detection of surface defects on the encoder-decoder structure.
First, we introduce a novel transformer encoder on the top layer of the lightweight backbone, which captures global context information through a novel Depth-wise Self-Attention (DSA) module.
The experimental results on three public defect datasets demonstrate that the proposed network achieves a better trade-off between accuracy and running efficiency compared with other 17 state-of-the-art methods.
arXiv Detail & Related papers (2023-09-22T06:19:11Z) - A Robust and Explainable Data-Driven Anomaly Detection Approach For
Power Electronics [56.86150790999639]
We present two anomaly detection and classification approaches, namely the Matrix Profile algorithm and anomaly transformer.
The Matrix Profile algorithm is shown to be well suited as a generalizable approach for detecting real-time anomalies in streaming time-series data.
A series of custom filters is created and added to the detector to tune its sensitivity, recall, and detection accuracy.
arXiv Detail & Related papers (2022-09-23T06:09:35Z) - ARCADE: Adversarially Regularized Convolutional Autoencoder for Network
Anomaly Detection [0.0]
unsupervised anomaly-based deep learning detection system called ARCADE.
A convolutional Autoencoder (AE) is proposed that suits online detection in resource-constrained environments.
arXiv Detail & Related papers (2022-05-03T11:47:36Z) - AVTPnet: Convolutional Autoencoder for AVTP anomaly detection in
Automotive Ethernet Networks [2.415997479508991]
In this paper, we propose a convolutional autoencoder (CAE) for offline detection of anomalies on the Audio Video Transport Protocol (AVTP)
Our proposed approach is evaluated on the recently published " Automotive Ethernet Intrusion dataset"
arXiv Detail & Related papers (2022-01-31T19:13:20Z) - DAE : Discriminatory Auto-Encoder for multivariate time-series anomaly
detection in air transportation [68.8204255655161]
We propose a novel anomaly detection model called Discriminatory Auto-Encoder (DAE)
It uses the baseline of a regular LSTM-based auto-encoder but with several decoders, each getting data of a specific flight phase.
Results show that the DAE achieves better results in both accuracy and speed of detection.
arXiv Detail & Related papers (2021-09-08T14:07:55Z) - Adaptive Anomaly Detection for Internet of Things in Hierarchical Edge
Computing: A Contextual-Bandit Approach [81.5261621619557]
We propose an adaptive anomaly detection scheme with hierarchical edge computing (HEC)
We first construct multiple anomaly detection DNN models with increasing complexity, and associate each of them to a corresponding HEC layer.
Then, we design an adaptive model selection scheme that is formulated as a contextual-bandit problem and solved by using a reinforcement learning policy network.
arXiv Detail & Related papers (2021-08-09T08:45:47Z) - Contextual-Bandit Anomaly Detection for IoT Data in Distributed
Hierarchical Edge Computing [65.78881372074983]
IoT devices can hardly afford complex deep neural networks (DNN) models, and offloading anomaly detection tasks to the cloud incurs long delay.
We propose and build a demo for an adaptive anomaly detection approach for distributed hierarchical edge computing (HEC) systems.
We show that our proposed approach significantly reduces detection delay without sacrificing accuracy, as compared to offloading detection tasks to the cloud.
arXiv Detail & Related papers (2020-04-15T06:13:33Z) - Adaptive Anomaly Detection for IoT Data in Hierarchical Edge Computing [71.86955275376604]
We propose an adaptive anomaly detection approach for hierarchical edge computing (HEC) systems to solve this problem.
We design an adaptive scheme to select one of the models based on the contextual information extracted from input data, to perform anomaly detection.
We evaluate our proposed approach using a real IoT dataset, and demonstrate that it reduces detection delay by 84% while maintaining almost the same accuracy as compared to offloading detection tasks to the cloud.
arXiv Detail & Related papers (2020-01-10T05:29:17Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.