ONLAD-IDS: ONLAD-Based Intrusion Detection System Using SmartNIC
This paper proposes an on-device sequential learning semi-supervised anomaly detector-based intrusion detection system (ONLAD-IDS) using smart interface network cards (NICs) to address challenges of real-time developments of the Internet of Things.
Abstract
Machine learning- or neural network-based intrusion detection systems (IDSs) demonstrate the state-of-the-art performance and confidence in current threat detection. However, due to the increasing sophistication of today's network attacks and the growing cost of obtaining attack labels for network traffic, updating an IDS model with labeled data requires significant effort. Furthermore, in real-time developments of the Internet of Things (IoT), network flow input and large-size deep learning models impose additional latency and low throughput due to the hardware resource, bandwidth, and programming cost. To this end, this paper proposes an on-device sequential learning semi-supervised anomaly detector-based intrusion detection system (ONLAD-IDS) using smart interface network cards (NICs) to address these challenges. The ONLAD- IDS consists of packet sniffing, feature extractor, feature selection with analysis of variance (ANOVA), and an ONLAD model. Moreover, the real-time throughput ONLAD-IDS is developed by the Nvidia Bluefield DPU with smartNICs without programming cost. Experiments show that ONLAD-IDS achieves a throughput of 1486.095 packet/ms and a detection rate of 0.7523 on DPU with a 25Gb/s transmission throughput while maintaining high detection performance.