Watching Smartly from the Bottom: Intrusion Detection revamped through Programmable Networks and Artificial Intelligence

The advent of Programmable Data Planes represents an outstanding evolution and complete revolution of the Software- Defined Networking paradigm. The capacity to define the entire behavior of forwarding devices by controlling the packet parsing procedures and executing custom operations enables offloading functionalities traditionally performed at the control plane. A recent research line has explored the possibility of even offloading to the data plane part of Artificial Intelligence algorithms, and more specifically, Machine Learning ones, to increase their accuracy and responsiveness (by having more detailed visibility of the traffic). This introduces a significant opportunity for evolution in the critical field of Intrusion Detection. However, offloading functionalities to the data plane is not a straightforward task. In this paper, we discuss how Programmable Data Planes might complement different stages of an Intrusion Detection System based on Machine Learning. We present two use cases that make evident the feasibility of this approach and highlight aspects that must be considered when addressing the challenge of deploying solutions leveraging data-plane functionalities.