TinyML for Anomaly Detection using Programmable Data Planes in Software Defined Networking Architecture

To improve the security of software-defined networks, one of the most widely used approaches has been the development of intrusion detection systems (IDS) based on machine learning (ML) and deep learning (DL) models that are deployed at the level of control. However, given the way this approach operates, which is reactive and depends on sending information from data plane devices to the control plane, there are limitations in the scalability of the solution.

Despite the advantages offered by data plane programmability for anomaly detection using ML/DL models, the implementation of this approach is not trivial. Programmable switches face challenges due to their memory and processing and storage capacity constraints. For this reason, models implemented in the data plane must meet the condition of having low computational resource consumption, while maintaining high accuracy in anomaly detection. As an approach to address the challenges represented by these limitations, the use of so-called Tiny Machine Learning – TinyML has recently been proposed. TinyML is a paradigm that facilitates the use of ML on devices with limited processing and low memory capacity.

This project proposes the implementation of compressed ML/DL techniques developed using TinyML for the detection of DoS and DDoS attacks in programmable switches in a software-defined network. The objective is to validate the operation of these ML/DL techniques in the data plane, comparing metrics such as the accuracy in the detection of anomalies, and the consumption of resources in the switches.