[2411.18384] Optimal In-Network Distribution of Learning Functions for a Secure-by-Design Programmable Data Plane of Next-Generation Networks

View a PDF of the paper titled Optimal In-Network Distribution of Learning Functions for a Secure-by-Design Programmable Data Plane of Next-Generation Networks, by Mattia Giovanni Spina and 4 other authors

View PDF
HTML (experimental)

Abstract:The rise of programmable data plane (PDP) and in-network computing (INC) paradigms paves the way for the development of network devices (switches, network interface cards, etc.) capable of performing advanced processing tasks. This allows running various types of algorithms, including machine learning, within the network itself to support user and network services. In particular, this paper delves into the deployment of in-network learning models with the aim of implementing fully distributed intrusion detection systems (IDS) or intrusion prevention systems (IPS). Specifically, a model is proposed for the optimal distribution of the IDS/IPS workload among data plane devices with the aim of ensuring complete network security without excessively burdening the normal operations of the devices. Furthermore, a meta-heuristic approach is proposed to reduce the long computation time required by the exact solution provided by the mathematical model and its performance is evaluated. The analysis conducted and the results obtained demonstrate the enormous potential of the proposed new approach for the creation of intelligent data planes that act effectively and autonomously as the first line of defense against cyber attacks, with minimal additional workload on the network devices involved.