PS-IPS: Deploying Intrusion Prevention System with machine learning on programmable switch

Alan Y.P. Lee; Michael I.C. Wang; Chi Hsiang Hung; Charles H.P. Wen

doi:10.1016/j.future.2023.11.011

PS-IPS: Deploying Intrusion Prevention System with machine learning on programmable switch

Alan Y.P. Lee, Michael I.C. Wang, Chi Hsiang Hung^*, Charles H.P. Wen

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

1 Scopus citations

Abstract

Intrusion prevention is significant to avoid device damage and financial losses. Researchers have proposed various Intrusion Prevention Systems (IPS) to prevent malware, including traditional and SDN-based IPS. However, existing IPSs suffer from low throughput problems caused by detection and rule-installation delays. Here, we propose a programmable switch-base IPS (named PS-IPS), which utilizes the switch CPU and pipeline to detect malware. PS-IPS consists of four main components: (1) parser, (2) flow filter, (3) recirculation director, and (4) malware detector. According to the experiment, PS-IPS achieves a 183X throughput than the SDN-based IPS. The response time of PS-IPS is also reduced by 99.99%, showing that PS-IPS effectively prevents malware with a single programmable switch.

Original language	English
Pages (from-to)	333-342
Number of pages	10
Journal	Future Generation Computer Systems
Volume	152
DOIs	https://doi.org/10.1016/j.future.2023.11.011
State	Published - Mar 2024

Keywords

Intrusion prevention system
Machine learning
Network security
P4
Programmable switch
Software defined networks

Access to Document

10.1016/j.future.2023.11.011

Cite this

@article{3f8878da840342248ab6aef6d6d4e717,

title = "PS-IPS: Deploying Intrusion Prevention System with machine learning on programmable switch",

abstract = "Intrusion prevention is significant to avoid device damage and financial losses. Researchers have proposed various Intrusion Prevention Systems (IPS) to prevent malware, including traditional and SDN-based IPS. However, existing IPSs suffer from low throughput problems caused by detection and rule-installation delays. Here, we propose a programmable switch-base IPS (named PS-IPS), which utilizes the switch CPU and pipeline to detect malware. PS-IPS consists of four main components: (1) parser, (2) flow filter, (3) recirculation director, and (4) malware detector. According to the experiment, PS-IPS achieves a 183X throughput than the SDN-based IPS. The response time of PS-IPS is also reduced by 99.99%, showing that PS-IPS effectively prevents malware with a single programmable switch.",

keywords = "Intrusion prevention system, Machine learning, Network security, P4, Programmable switch, Software defined networks",

author = "Lee, {Alan Y.P.} and Wang, {Michael I.C.} and Hung, {Chi Hsiang} and Wen, {Charles H.P.}",

note = "Publisher Copyright: {\textcopyright} 2023",

year = "2024",

month = mar,

doi = "10.1016/j.future.2023.11.011",

language = "English",

volume = "152",

pages = "333--342",

journal = "Future Generation Computer Systems",

issn = "0167-739X",

publisher = "Elsevier B.V.",

}

TY - JOUR

T1 - PS-IPS

T2 - Deploying Intrusion Prevention System with machine learning on programmable switch

AU - Lee, Alan Y.P.

AU - Wang, Michael I.C.

AU - Hung, Chi Hsiang

AU - Wen, Charles H.P.

PY - 2024/3

Y1 - 2024/3

N2 - Intrusion prevention is significant to avoid device damage and financial losses. Researchers have proposed various Intrusion Prevention Systems (IPS) to prevent malware, including traditional and SDN-based IPS. However, existing IPSs suffer from low throughput problems caused by detection and rule-installation delays. Here, we propose a programmable switch-base IPS (named PS-IPS), which utilizes the switch CPU and pipeline to detect malware. PS-IPS consists of four main components: (1) parser, (2) flow filter, (3) recirculation director, and (4) malware detector. According to the experiment, PS-IPS achieves a 183X throughput than the SDN-based IPS. The response time of PS-IPS is also reduced by 99.99%, showing that PS-IPS effectively prevents malware with a single programmable switch.

AB - Intrusion prevention is significant to avoid device damage and financial losses. Researchers have proposed various Intrusion Prevention Systems (IPS) to prevent malware, including traditional and SDN-based IPS. However, existing IPSs suffer from low throughput problems caused by detection and rule-installation delays. Here, we propose a programmable switch-base IPS (named PS-IPS), which utilizes the switch CPU and pipeline to detect malware. PS-IPS consists of four main components: (1) parser, (2) flow filter, (3) recirculation director, and (4) malware detector. According to the experiment, PS-IPS achieves a 183X throughput than the SDN-based IPS. The response time of PS-IPS is also reduced by 99.99%, showing that PS-IPS effectively prevents malware with a single programmable switch.

KW - Intrusion prevention system

KW - Machine learning

KW - Network security

KW - P4

KW - Programmable switch

KW - Software defined networks

UR - http://www.scopus.com/inward/record.url?scp=85177975360&partnerID=8YFLogxK

U2 - 10.1016/j.future.2023.11.011

DO - 10.1016/j.future.2023.11.011

M3 - Article

AN - SCOPUS:85177975360

SN - 0167-739X

VL - 152

SP - 333

EP - 342

JO - Future Generation Computer Systems

JF - Future Generation Computer Systems

ER -

PS-IPS: Deploying Intrusion Prevention System with machine learning on programmable switch

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this