Skip to content

DTuan2016/xdp-program

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

623 Commits
common
common
 
 
lib
lib
 
 
setup-testlab
setup-testlab
 
 
testenv
testenv
 
 
xdp_prog
xdp_prog
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
configure
configure
 
 
setup_dependencies.org
setup_dependencies.org
 
 

Repository files navigation

XDP-based Network Anomaly Detection System

1. Setup dependencies:

We start by cloning this repository:

git clone --recurse-submodules https://github.com/DTuan2016/xdp-program

Note: If you missed the -recurse-submodules option in the previous step or you already cloned it earlier without the submodules you can use the following command:

git submodule update --init --recursive

Dependencies:

On Debian and Ubuntu installations, install the dependencies like this:

sudo apt install clang llvm libelf-dev libpcap-dev build-essential libc6-dev-i386 m4

To install the 'perf' utility, run this:

sudo apt install linux-tools-$(uname -r)

Kernel headers dependency:

sudo apt install linux-headers-$(uname -r)

Extra tools:

Starting from Ubuntu 19.10, bpftool can be installed with:

sudo apt install linux-tools-common linux-tools-generic sudo apt install tcpdump

Install FlameGraph. You can see more instructions in this Link:

cd .. git clone https://github.com/brendangregg/FlameGraph

2. Description of this Reporitories:

Our work primarily focuses on addressing the question of how to deploy machine-learning-based alogorithms into the kernel so that they can be attached to network interface and perform inference directly at the data plane. The algorithms implemented in our system include:

  • Vallina : A baseline variant that performs no inference, it simply recieves packets and forwards them unchanged.
  • Random Forest: An implementation that performs real-time inference of a Random Forest classifier within the kernel context.
  • QuickXDP: An optimized variant of Random Forest inference designed to achieve significantly higher throughput and low latency, thereby improving performance over the standard implementation.
  • SVM: A kernel-level inference engine for Support Vector Machine (SVM) classification.
  • KNN_threshold: This module implements inference based on a K-Nearest Neighbors (KNN) classifier using a threshold-based decision mechanism. The current implementation focuses primarily on functional correctness; performance optimizations have not yet been applied.
  • Supervised_LOF: This component performs anomaly detection using a Supervised Local Outlier Factor (LOF) model. The LOF algorithm is trained offline, and the resulting model is subsequently deployed to the kernel for real-time inference.
  • Userspace: This module aggregates features extracted from packet-level events and stores them in BPF maps. A userspace daemon periodically (every one second) retrieves these features and performs inference across multiple algorithms, enabling flexible integration of higher-level or computationally intensive models.

I will include the usage instructions for each branch within its respective branch!

About

XDP tutorial

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • C 65.2%
  • Shell 23.8%
  • Makefile 11.0%