Genos: General In-Network Unsupervised Intrusion Detection by Rule Extraction

arXiv:2403.19248v1 Announce Type: new
Abstract: Anomaly-based network intrusion detection systems (A-NIDS) use unsupervised models to detect unforeseen attacks. However, existing A-NIDS solutions suffer from low throughput, lack of interpretability, and high maintenance costs. Recent in-network intelligence (INI) exploits programmable switches to offer line-rate deployment of NIDS. Nevertheless, current in-network NIDS are either model-specific or only apply to supervised models. In this paper, we propose Genos, a general in-network framework for unsupervised A-NIDS by rule extraction, which consists of a Model …

arxiv attacks cs.cr current deployment detect detection exploits extraction general high intelligence intrusion intrusion detection line low maintenance network network intrusion nids offer rate solutions switches systems