NetNN: Neural Intrusion Detection System in Programmable Networks

TL;DR

NetNN is a P4-based neural intrusion detection system that operates entirely in the network data plane, achieving low latency and high accuracy for real-time network security.

Contribution

It introduces a novel approach to run DNNs directly in programmable switches, eliminating the need for feature engineering and reducing detection latency.

Findings

Achieves 99% intrusion detection accuracy

Operates entirely in the network data plane

Meets real-time processing requirements

Abstract

The rise of deep learning has led to various successful attempts to apply deep neural networks (DNNs) for important networking tasks such as intrusion detection. Yet, running DNNs in the network control plane, as typically done in existing proposals, suffers from high latency that impedes the practicality of such approaches. This paper introduces NetNN, a novel DNN-based intrusion detection system that runs completely in the network data plane to achieve low latency. NetNN adopts raw packet information as input, avoiding complicated feature engineering. NetNN mimics the DNN dataflow execution by mapping DNN parts to a network of programmable switches, executing partial DNN computations on individual switches, and generating packets carrying intermediate execution results between these switches. We implement NetNN in P4 and demonstrate the feasibility of such an approach. Experimental results show that NetNN can improve the intrusion detection accuracy to 99\% while meeting the real-time requirement.