The rise of deep learning has led to various successful attempts to apply deep neural networks (DNNs) for important networking tasks such as intrusion detection. Yet, running DNNs in the network control plane, as typically done in existing proposals, suffers from high latency that impedes the practicality of such approaches. This paper introduces NetNN, a novel DNN-based intrusion detection system that runs completely in the network data plane to achieve low latency. NetNN adopts raw packet information as input, avoiding complicated feature engineering. NetNN mimics the DNN dataflow execution by mapping DNN parts to a network of programmable switches, executing partial DNN computations on individual switches, and generating packets carrying intermediate execution results between these switches. We implement NetNN in P4 and demonstrate the feasibility of such an approach. Experimental results show that NetNN can improve the intrusion detection accuracy to 99\% while meeting the real-time requirement.

翻译：深度学习的兴起促使人们成功尝试将深度神经网络应用于入侵检测等关键网络任务。然而，现有方案通常将深度神经网络部署于网络控制平面，其高延迟问题阻碍了此类方法的实际应用。本文提出NetNN，一种完全在网络数据平面运行的新型基于深度神经网络的入侵检测系统，以实现低延迟检测。NetNN采用原始数据包信息作为输入，避免了复杂的特征工程。该系统通过将深度神经网络组件映射至可编程交换机组网，在各交换机上执行部分深度神经网络计算，并生成携带中间执行结果的数据包在交换机间传递，从而模拟深度神经网络的数据流执行过程。我们在P4中实现了NetNN，验证了该方法的可行性。实验结果表明，NetNN在满足实时性要求的同时，能将入侵检测准确率提升至99%。