隨著網路攻擊的變得頻繁，網路安全也成了一個重要的議題，其中偵測網路攻擊需要持續對封包做檢查，這帶來了兩個問題，(1 偵測網路攻擊會佔用額外的 CPU 資源來做資料處理及運算，(2 現在網路防禦的 work 開始使用深度學習模型來幫助偵測惡意攻擊，但是 CPU 並不適合需要大量平行計算的工作。因此需要新的 processing units 來幫助在 network prevention 所遇到的問題。Converged accelerator 結合了 DPU (data processing units) 跟 GPU (graphic processing units)，帶來的好處是不僅能減少消耗在資料處理上的 CPU 資源，同時也可以利用 GPU 運行 deep learning models 來檢測惡意攻擊，然而我們觀察到 converged accelerator 會有 overloading 情況，無法對所有封包做檢測。因此在這篇 work 中，我們針對需要使用 DL model 來偵測惡意攻擊的情境，提出一個在 converged accelerator 上運行的 framework 來對封包進行檢測。並且設計一個機制在防止 converged accelerator overloading 情況下，盡可能檢測出惡意攻擊。

As network attacks become more frequent, network security has become an important issue. Detecting network attacks requires continuous inspection of packets, which brings about two problems: (1) Detecting network attacks consumes additional CPU resources for data processing and computation, and (2) current network defense work has started using deep learning models to help detect malicious attacks, but CPUs are not suitable for tasks that require extensive parallel computing. Therefore, new processing units are needed to address the issues encountered in network prevention. The converged accelerator, which combines Data Processing Units (DPUs) and Graphics Processing Units (GPUs), offers the advantage of reducing the CPU resources consumed in data processing and utilizing GPUs to run deep learning models to detect malicious attacks. However, we have observed that the converged accelerator can become overloaded and unable to inspect all packets. In this work, we propose a framework that runs on the converged accelerator to inspect packets in scenarios where deep learning models are needed to detect malicious attacks. Additionally, we design a mechanism to maximize the detection of malicious attacks while preventing overloading of the converged accelerator.

[1] Burstein, I. Nvidia data center processing unit (dpu) architecture. In 2021
IEEE Hot Chips 33 Symposium (HCS) (2021), IEEE, pp. 1–20.
[2] Du, M., Li, F., Zheng, G., and Srikumar, V. Deeplog: Anomaly detection and
diagnosis from system logs through deep learning. In Proceedings of the 2017
ACM SIGSAC conference on computer and communications security (2017),
pp. 1285–1298.
[3] Gupta, A., and Sharma, L. S. Performance evaluation of snort and suricata
intrusion detection systems on ubuntu server. In Proceedings of ICRIC 2019:
Recent Innovations in Computing (2020), Springer, pp. 811–821.
[4] Hwang, R.-H., Peng, M.-C., Huang, C.-W., Lin, P.-C., and Nguyen, V.-L. An
unsupervised deep learning model for early network traffic anomaly detection.
IEEE Access 8 (2020), 30387–30399.
[5] Macas, M., Wu, C., and Fuertes, W. A survey on deep learning for cybersecu-
rity: Progress, challenges, and opportunities. Computer Networks 212 (2022),
109032.
[6] Miano, S., Doriguzzi-Corin, R., Risso, F., Siracusa, D., and Sommese, R. In-
troducing smartnics in server-based data plane processing: The ddos mitiga-
tion use case. IEEE Access 7 (2019), 107161–107170.
[7] Miano, S., Lettieri, G., Antichi, G., and Procissi, G. Accelerating network
analytics with an on-nic streaming engine. Computer Networks 241 (2024),
110231.
[8] NVIDIA. Morpheus. https://developer.nvidia.com/morpheus-cybersecurity.
[9] Panda, S., Feng, Y., Kulkarni, S. G., Ramakrishnan, K., Duffield, N., and
Bhuyan, L. N. Smartwatch: Accurate traffic analysis and flow-state tracking
for intrusion prevention using smartnics. In Proceedings of the 17th Inter-
national Conference on Emerging Networking EXperiments and Technologies
(2021), pp. 60–75.
[10] Vasiliadis, G., Koromilas, L., Polychronakis, M., and Ioannidis, S. Design and
implementation of a stateful network packet processing framework for gpus.
IEEE/ACM Transactions on Networking 25, 1 (2016), 610–623.
[11] Wang, F., Zhao, G., Zhang, Q., Xu, H., Yue, W., and Xie, L. Oxdp: Offloading
xdp to smartnic for accelerating packet processing. In 2022 IEEE 28th Inter-
national Conference on Parallel and Distributed Systems (ICPADS) (2023),
IEEE, pp. 754–761.