BG-IDPS: Real-Time Intrusion Detection and Prevention on eBPF Switches with Berkeley Packet Filter and GRASP-FS Metaheuristic
Abstract
Modern intrusion detection systems commonly employ machine learning algorithms and feature selection. However, their relatively high computational cost is an impediment to real-time intrusion prevention. In this work, we propose an architecture for real-time detection and prevention of intrusions within eBPF switches based on asynchronously optimized models through the GRASP-FS metaheuristics. As a proof of concept, we build a model from a computer that is periodically updated to an eBPF switch. Our results reveal that the proposed solution is capable of detecting and preventing intrusions in real-time with a low overhead in the assessed scenarios.
Keywords:
Real-Time, Intrusion Detection, Feature Selection
References
Accenture (2021). O estágio atual da resiliência cibernética. https://www.accenture.com/br-pt/insights/security/invest-cyber-resilience. Acessed: 13-06-2022.
Agman, Y. and Hendler, D. (2021). BPFroid: Robust Real Time Android Malware Detection Framework. arXiv preprint arXiv:2105.14344.
Bachl, M., Fabini, J., and Zseby, T. (2021). A flow-based IDS using Machine Learning in eBPF. arXiv preprint arXiv:2102.09980.
Deri, L., Sabella, S., Mainardi, S., Degano, P., and Zunino, R. (2019). Combining System Visibility and Security Using eBPF. In ITASEC.
Díez-Pastor, J.-F., García-Osorio, C., and Rodríguez, J. J. (2014). Tree ensemble construction using a GRASP-based heuristic and annealed randomness. Information Fusion, 20:189–202.
Diez-Pastor, J. F., García-Osorio, C., Rodríguez, J. J., and Bustillo, A. (2011). GRASP Forest: A New Ensemble Method for Trees. In Int. Workshop on Multiple Classifier Systems, pages 66–75. Springer.
Esseghir, M. A. (2010). Effective wrapper-filter hybridization through GRASP schemata. In Feature Selection in Data Mining, pages 45–54.
Feo, T. A. and Resende, M. G. (1989). A probabilistic heuristic for a computationally difficult set covering problem. Operations research letters, 8(2):67–71.
Foundation, T. L. (2022). eBPF . https://ebpf.io/. Acessado: em Junho/2022.
Guo, G., Wang, H., Bell, D., Bi, Y., and Greer, K. (2003). KNN model-based approach in classification. In OTM Confederated International Conferences, pages 986–996. Springer.
Kanakarajan, N. K. and Muniasamy, K. (2016). Improving the Accuracy of Intrusion Detection Using GAR-Forest with Feature Selection. In Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA), pages 539–547. Springer.
Kostopoulos, N., Korentis, S., Kalogeras, D., and Maglaris, V. (2021). Mitigation of DNS Water Torture Attacks within the Data Plane via XDP-Based Naive Bayes Classifiers. In 2021 IEEE 10th International Conference on Cloud Networking (CloudNet), pages 133–139.
Mahdavisharif, M., Jamali, S., and Fotohi, R. (2021). Big Data-Aware Intrusion Detection System in Communication Networks: a Deep Learning Approach. Journal of Grid Computing, 19(4):1–28.
McCanne, S. and Jacobson, V. (1993). The BSD Packet Filter: A New Architecture for User-level Packet Capture. In USENIX winter, volume 46.
Naghibi, T., Hoffmann, S., and Pfister, B. (2013). Convex approximation of the NP-hard search problem in feature subset selection. In 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, pages 3273–3277. IEEE.
Nakariyakul, S. and Casasent, D. P. (2009). An improvement on floating search algorithms for feature subset selection. Pattern Recognition, 42(9):1932–1940.
O’Neillarchive, P. H. (2022). Russian hackers tried to bring down Ukraine’s power grid to help the invasion. [link]. Acessed: 05-09-2022.
Quincozes, S. E., Mossé, D., Passos, D., Albuquerque, C., Ochi, L. S., and dos Santos, V. F. (2021). On the Performance of GRASP-Based Feature Selection for CPS Intrusion Detection. IEEE Trans. on Net. and Service Management.
Quincozes, S. E., Passos, D., Albuquerque, C., Ochi, L. S., and Mossé, D. (2020). GRASP-based Feature Selection for Intrusion Detection in CPS Perception Layer. In 2020 4th Conference on cloud and internet of things (CIoT), pages 41–48. IEEE.
Rodrigues, C. (2022). Preparado para o próximo ciberataque? https://revista.consumidormoderno.com.br/preparado-para-proximo-ciberataque. 13-06-2022.
Scholz, D., Raumer, D., Emmerich, P., Kurtz, A., Lesiak, K., and Carle, G. (2018). Performance Implications of Packet Filtering with Linux eBPF. In International Teletraffic Congress, pages 209–217.
Shiraishi, T., Noro, M., Kondo, R., Takano, Y., and Oguchi, N. (2020). Real-time Monitoring System for Container Networks in the Era of Microservices. In 2020 21st Asia-Pacific Network Operations and Management Symposium (APNOMS), pages 161–166.
Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the kdd cup 99 data set. In 2009 IEEE symposium on computational intelligence for security and defense applications,pages 1–6.
Van Tu, N., Yoo, J.-H., and Hong, J. W.-K. (2021). PPTMon: Real-Time and Fine-Grained Packet Processing Time Monitoring in Virtual Network Functions. IEEE TNSM, 18(4):4324–4336.
Vieira, M. A., Pacífico, R. D., Castanho, M. S., Santos, E. R., Júnior, E. P. C., and Vieira, L. F. (2019). Processamento Rápido de Pacotes com eBPF e XDP. Sociedade Brasileira de Computação.
Wang, S.-Y. and Chang, J.-C. (2022). Design and implementation of an intrusion detection system by using Extended BPF in the Linux kernel. Journal of Network and Computer Applications, 198:103283.
Witten, I. H., Frank, E., and Hall, M. A. (2011). Data Mining: Practical machine learning tools and techniques. Morgan Kaufmann Publishers (Elsevier), 3 edition.
Yusta, S. C. (2009). Different metaheuristic strategies to solve the feature selection problem. Pattern Recognition Letters, 30(5):525–534.
Zhang, X., Liu, Z., and Bai, J. (2021). Linux Network Situation Prediction Model Based on eBPF and LSTM. In 2021 16th International Conference on Intelligent Systems and Knowledge Engineering, pages 551–556.
Agman, Y. and Hendler, D. (2021). BPFroid: Robust Real Time Android Malware Detection Framework. arXiv preprint arXiv:2105.14344.
Bachl, M., Fabini, J., and Zseby, T. (2021). A flow-based IDS using Machine Learning in eBPF. arXiv preprint arXiv:2102.09980.
Deri, L., Sabella, S., Mainardi, S., Degano, P., and Zunino, R. (2019). Combining System Visibility and Security Using eBPF. In ITASEC.
Díez-Pastor, J.-F., García-Osorio, C., and Rodríguez, J. J. (2014). Tree ensemble construction using a GRASP-based heuristic and annealed randomness. Information Fusion, 20:189–202.
Diez-Pastor, J. F., García-Osorio, C., Rodríguez, J. J., and Bustillo, A. (2011). GRASP Forest: A New Ensemble Method for Trees. In Int. Workshop on Multiple Classifier Systems, pages 66–75. Springer.
Esseghir, M. A. (2010). Effective wrapper-filter hybridization through GRASP schemata. In Feature Selection in Data Mining, pages 45–54.
Feo, T. A. and Resende, M. G. (1989). A probabilistic heuristic for a computationally difficult set covering problem. Operations research letters, 8(2):67–71.
Foundation, T. L. (2022). eBPF . https://ebpf.io/. Acessado: em Junho/2022.
Guo, G., Wang, H., Bell, D., Bi, Y., and Greer, K. (2003). KNN model-based approach in classification. In OTM Confederated International Conferences, pages 986–996. Springer.
Kanakarajan, N. K. and Muniasamy, K. (2016). Improving the Accuracy of Intrusion Detection Using GAR-Forest with Feature Selection. In Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA), pages 539–547. Springer.
Kostopoulos, N., Korentis, S., Kalogeras, D., and Maglaris, V. (2021). Mitigation of DNS Water Torture Attacks within the Data Plane via XDP-Based Naive Bayes Classifiers. In 2021 IEEE 10th International Conference on Cloud Networking (CloudNet), pages 133–139.
Mahdavisharif, M., Jamali, S., and Fotohi, R. (2021). Big Data-Aware Intrusion Detection System in Communication Networks: a Deep Learning Approach. Journal of Grid Computing, 19(4):1–28.
McCanne, S. and Jacobson, V. (1993). The BSD Packet Filter: A New Architecture for User-level Packet Capture. In USENIX winter, volume 46.
Naghibi, T., Hoffmann, S., and Pfister, B. (2013). Convex approximation of the NP-hard search problem in feature subset selection. In 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, pages 3273–3277. IEEE.
Nakariyakul, S. and Casasent, D. P. (2009). An improvement on floating search algorithms for feature subset selection. Pattern Recognition, 42(9):1932–1940.
O’Neillarchive, P. H. (2022). Russian hackers tried to bring down Ukraine’s power grid to help the invasion. [link]. Acessed: 05-09-2022.
Quincozes, S. E., Mossé, D., Passos, D., Albuquerque, C., Ochi, L. S., and dos Santos, V. F. (2021). On the Performance of GRASP-Based Feature Selection for CPS Intrusion Detection. IEEE Trans. on Net. and Service Management.
Quincozes, S. E., Passos, D., Albuquerque, C., Ochi, L. S., and Mossé, D. (2020). GRASP-based Feature Selection for Intrusion Detection in CPS Perception Layer. In 2020 4th Conference on cloud and internet of things (CIoT), pages 41–48. IEEE.
Rodrigues, C. (2022). Preparado para o próximo ciberataque? https://revista.consumidormoderno.com.br/preparado-para-proximo-ciberataque. 13-06-2022.
Scholz, D., Raumer, D., Emmerich, P., Kurtz, A., Lesiak, K., and Carle, G. (2018). Performance Implications of Packet Filtering with Linux eBPF. In International Teletraffic Congress, pages 209–217.
Shiraishi, T., Noro, M., Kondo, R., Takano, Y., and Oguchi, N. (2020). Real-time Monitoring System for Container Networks in the Era of Microservices. In 2020 21st Asia-Pacific Network Operations and Management Symposium (APNOMS), pages 161–166.
Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the kdd cup 99 data set. In 2009 IEEE symposium on computational intelligence for security and defense applications,pages 1–6.
Van Tu, N., Yoo, J.-H., and Hong, J. W.-K. (2021). PPTMon: Real-Time and Fine-Grained Packet Processing Time Monitoring in Virtual Network Functions. IEEE TNSM, 18(4):4324–4336.
Vieira, M. A., Pacífico, R. D., Castanho, M. S., Santos, E. R., Júnior, E. P. C., and Vieira, L. F. (2019). Processamento Rápido de Pacotes com eBPF e XDP. Sociedade Brasileira de Computação.
Wang, S.-Y. and Chang, J.-C. (2022). Design and implementation of an intrusion detection system by using Extended BPF in the Linux kernel. Journal of Network and Computer Applications, 198:103283.
Witten, I. H., Frank, E., and Hall, M. A. (2011). Data Mining: Practical machine learning tools and techniques. Morgan Kaufmann Publishers (Elsevier), 3 edition.
Yusta, S. C. (2009). Different metaheuristic strategies to solve the feature selection problem. Pattern Recognition Letters, 30(5):525–534.
Zhang, X., Liu, Z., and Bai, J. (2021). Linux Network Situation Prediction Model Based on eBPF and LSTM. In 2021 16th International Conference on Intelligent Systems and Knowledge Engineering, pages 551–556.
Published
2022-09-12
How to Cite
CARVALHO, Diego; QUINCOZES, Vagner E.; QUINCOZES, Silvio E.; KAZIENKO, Juliano F.; SANTOS, Carlos Raniery Paula dos.
BG-IDPS: Real-Time Intrusion Detection and Prevention on eBPF Switches with Berkeley Packet Filter and GRASP-FS Metaheuristic. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 139-152.
DOI: https://doi.org/10.5753/sbseg.2022.225326.
