An In-Network cache that is implemented in the data plane for intrusion detection of flow-based attacks.
Control Plane: contains control plane logic to initialize AdaFlow cache at the very beginning.
Data Plane: contains 4 prototypes to handle attacks based on packet length and IPD distributions, and based on CIC-IDS2017 dataset. Also, it contains Strawman version of Push and Pull Designs.
ML Models: contains 3 types of ML models generated to be deployed on the data plane - Single ML Model, Sequential Multiphase ML Model and Aggregated Multiphase ML Models. All these models are Tree-Based.
Remote Server: contains profiler to derive configurations for various training dataset. Also contains a complex ML classifier to classify flows in the server.
Simulations: contains simulations of AdaFlow, NetBeacon and *Flow.
- Make sure you have Tofino 2 and Tofino 1 models/hardware running. Follow this tutorial.
- Make sure you have basic python3 libraries like
sklearnandhyperoptup and running.
- Collect required PCAP traces in the
Datasetfolder. - Obtain trained ML classifier from
Remote Server/classifier.py. - Obtained pruned feature set and optimal
bin widthfromRemote Server/profiler.py. - On this obtained configuration, train Aggregated Multiphase ML Model (make sure it is the same type as a remote classifier),
ML Models/agg_model.py. - Initialize AdaFlow Cache with this
agg_model.pklusingControl Plane/controller.py. - Connect a Tofino Switch to two (preferably) linux servers.
- Run the prototype given in
Data Planefolder. - Send traffic to the switch (or PCAP traces in test set using
tcpreplay). - Obtain the output packets on another server and process the packets to obtain flow features, or directly check classification results obtain on data plane.
- That is it!
Please go to For AEC folder and follow the instructions there!
The repository is still incomplete!