TY - GEN
T1 - Enabling Malware Detection with Machine Learning on Programmable Switch
AU - Chang, Hsin Fu
AU - Wang, Michael I.C.
AU - Hung, Chi Hsiang
AU - Wen, Charles H.P.
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Malware detection is an important issue for network security, especially for the Internet of Things (IoT) network. Traditional network intrusion detection system (NIDS), running on external host servers, are not scalable for ever-increasing IoT traffic and waste time on transmitting data back and forth. Here, we propose a novel architecture called on-switch malware detector that utilizes the programmable switch and the machine-learning technique to achieve better performance on detecting malicious flows in the network. The on-switch malware detector mainly consists of four components: (1) packet forwarder, (2) feature extractor, (3) flow director, and (4) neural-network detector. According to the experimental results, the on-switch malware detection has a 99.57% shorter response time than a conventional signature-based NIDS; meanwhile its processing capacity increases by 800 times. As a result, the on-switch malware detector efficiently overcomes the shortcomings of conventional NIDSs, making it a better fit for the IoT network.
AB - Malware detection is an important issue for network security, especially for the Internet of Things (IoT) network. Traditional network intrusion detection system (NIDS), running on external host servers, are not scalable for ever-increasing IoT traffic and waste time on transmitting data back and forth. Here, we propose a novel architecture called on-switch malware detector that utilizes the programmable switch and the machine-learning technique to achieve better performance on detecting malicious flows in the network. The on-switch malware detector mainly consists of four components: (1) packet forwarder, (2) feature extractor, (3) flow director, and (4) neural-network detector. According to the experimental results, the on-switch malware detection has a 99.57% shorter response time than a conventional signature-based NIDS; meanwhile its processing capacity increases by 800 times. As a result, the on-switch malware detector efficiently overcomes the shortcomings of conventional NIDSs, making it a better fit for the IoT network.
UR - http://www.scopus.com/inward/record.url?scp=85133181907&partnerID=8YFLogxK
U2 - 10.1109/NOMS54207.2022.9789939
DO - 10.1109/NOMS54207.2022.9789939
M3 - Conference contribution
AN - SCOPUS:85133181907
T3 - Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022: Network and Service Management in the Era of Cloudification, Softwarization and Artificial Intelligence, NOMS 2022
BT - Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022
A2 - Varga, Pal
A2 - Granville, Lisandro Zambenedetti
A2 - Galis, Alex
A2 - Godor, Istvan
A2 - Limam, Noura
A2 - Chemouil, Prosper
A2 - Francois, Jerome
A2 - Pahl, Marc-Oliver
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2022 IEEE/IFIP Network Operations and Management Symposium, NOMS 2022
Y2 - 25 April 2022 through 29 April 2022
ER -