AI/ML-empowered in-Kernel Packet Processing

eBerkeley Packet Filter (eBPF) and eXpress Data Path (XDP) enable fast in-kernel packet processing without passing packets to the user space. Several studies pointed out the possibility of eBPF to realize intrusion detection systems (IDSs) empowered by simple machine learning (ML) algorithms, e.g., Decision Tree, in the kernel space. To ensure the kernel stability and safety, the eBPF constraints has strict constraints. e.g., violating the floating-point number, which makes it difficult to implement a neural network (NN), widely used in machine learning, in the kernel space. In this research, we aims at investigating the potential of eBPF/XDP-based packet processing empowered by the NN ¹. More specifically, we first train the floating-point NN and quantize it to the fixed-point NN with 8-bit integer values in the user space. We then implement the lightweight NN in the eBPF/XDP program, which is running on the kernel space. In the kernel space, the eBPF/XDP program performs the in-kernel inference with integer-only-arithmetic and achieve fast packet processing.