XDP-ML: A Game-Changer in Intrusion Detection Systems for Modern Cybersecurity

Authors

  • Muhammad Ozair Attiq School of Systems and Technology, University of Management and Technology, Lahore 54770, Pakistan
  • Tahir Mushtaq School of Systems and Technology, University of Management and Technology, Lahore 54770, Pakistan
  • Abdullah Yousafzai School of Systems and Technology, University of Management and Technology, Lahore 54770, Pakistan
  • Ahsen Ali Asif School of Systems and Technology, University of Management and Technology, Lahore 54770, Pakistan
  • Sheeza Waheed School of Systems and Technology, University of Management and Technology, Lahore 54770, Pakistan
  • Abdul Haseeb School of Systems and Technology, University of Management and Technology, Lahore 54770, Pakistan
  • Anum Saleem School of Systems and Technology, University of Management and Technology, Lahore 54770, Pakistan

Keywords:

Denial-of-Service Attack, Intrusion Detection, Cybersecurity, Kernel, XDP, Machine Learning

Abstract

Intrusion Detection system (IDS) plays a vital role in cyber security. Traditional approaches are not good enough to detect properly the large threats. Machine learning provides a promising solution and good accuracy by providing large data adaptability.  This paper introduced an IDS approach using the XDP framework for real-time network traffic analysis. Objective: The primary goal of this paper is to improve IDS accuracy and effectiveness by integrating the IDS with the fast XDP-based machine learning approach. Motivation: Traditional IDS methods are defenseless to advanced attacks, so modern and adaptive solutions should be improvised. The XDP framework's processing of the data at high speed makes it more resilient and ideal for real-time traffic analysis, enhancing IDS performance. Methodology: The proposed approach is evaluated using the CIC-IDS2017 and UNSW-NB15 datasets, which contain multiple network traffic features and attack labels. Results: The XDP-based machine learning approach enables real-time analysis and adapts to evolving threats. The XDP-based approach achieves a high detection rate of 98% to 99% with a low false positive rate. The performance is consistent and fast, demonstrating the productivity of the approach. Combining the IDS with XDP-based machine learning approaches makes more robust and scalable solutions for intrusion detection. The clear and accurate results show that it can handle advanced and more complex threats.

References

“Next Generation of Data-Mining Applications | IEEE eBooks | IEEE Xplore.” Accessed: Jan. 03, 2025. [Online]. Available: https://ieeexplore.ieee.org/book/5769527

R. A. Kemmerer and G. Vigna, “Intrusion detection: A brief history and overview,” Computer (Long. Beach. Calif)., vol. 35, no. SUPPL., pp. 27–30, 2002, doi: 10.1109/MC.2002.1012428.

L. S. Cardoso, “Intrusion Detection Versus Intrusion Protection,” Netw. Secur. Curr. Status Futur. Dir., pp. 99–115, Jun. 2006, doi: 10.1002/9780470099742.CH7.

S. J. Ovaska, “Computationally Intelligent Hybrid Systems: The Fusion of Soft Computing and Hard Computing,” Comput. Intell. Hybrid Syst. Fusion Soft Comput. Hard Comput., pp. 1–408, Jun. 2012, doi: 10.1002/9780471683407.

F. Anjum and P. Mouchtaris, “Security for Wireless Ad Hoc Networks,” Secur. Wirel. Ad Hoc Networks, Feb. 2007, doi: 10.1002/0470118474.

M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” IEEE Symp. Comput. Intell. Secur. Def. Appl. CISDA 2009, Dec. 2009, doi: 10.1109/CISDA.2009.5356528.

N. Hubballi and V. Suryanarayanan, “False alarm minimization techniques in signature-based intrusion detection systems: A survey,” Comput. Commun., vol. 49, pp. 1–17, Aug. 2014, doi: 10.1016/J.COMCOM.2014.04.012.

Roger M. Needham, “Denial of service,” CCS ’93 Proc. 1st ACM Conf. Comput. Commun. Secur., pp. 151–153, 1993, doi: https://doi.org/10.1145/168588.168607.

M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, “Surveying Port Scans and Their Detection Methodologies,” Comput. J., vol. 54, no. 10, pp. 1565–1581, Oct. 2011, doi: 10.1093/COMJNL/BXR035.

I. M. Mehrnaz Mazini, Babak Shirazi, “Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms,” J. King Saud Univ. - Comput. Inf. Sci., vol. 31, no. 4, pp. 541–553, 2019, doi: https://doi.org/10.1016/j.jksuci.2018.03.011.

M. A. M. and W. M. A. B. A. Khalaf, S. A. Mostafa, A. Mustapha, “Comprehensive Review of Artificial Intelligence and Statistical Approaches in Distributed Denial of Service Attack and Defense Methods,” IEEE Access, vol. 7, pp. 51691–51713, 2019, doi: 10.1109/ACCESS.2019.2908998.

D. M. Toke Høiland-Jørgensen, Jesper Dangaard Brouer, Daniel Borkmann, John Fastabend, Tom Herbert, David Ahern, “The eXpress data path: fast programmable packet processing in the operating system kernel,” Conex. ’18 Proc. 14th Int. Conf. Emerg. Netw. Exp. Technol., pp. 54–66, 2018, doi: https://doi.org/10.1145/3281411.3281443.

H. . Wieren, “Signature-Based DDoS Attack Mitigation: Automated Generating Rules for Extended Berkeley Packet Filter and Express Data Path,” Univ. Twente Student Theses, 2019, [Online]. Available: https://essay.utwente.nl/80125/

I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization,” ICISSP 2018 - Proc. 4th Int. Conf. Inf. Syst. Secur. Priv., vol. 2018-January, pp. 108–116, 2018, doi: 10.5220/0006639801080116.

S. B. Ranjit Panigrahi, “A detailed analysis of CICIDS2017 dataset for designing Intrusion Detection Systems,” Int. J. Eng. Technol., vol. 7, no. 3, pp. 479–482, 2018, [Online]. Available: https://www.researchgate.net/publication/329045441_A_detailed_analysis_of_CICIDS2017_dataset_for_designing_Intrusion_Detection_Systems

T. Janarthanan and S. Zargari, “Feature selection in UNSW-NB15 and KDDCUP’99 datasets,” IEEE Int. Symp. Ind. Electron., pp. 1881–1886, Aug. 2017, doi: 10.1109/ISIE.2017.8001537.

C. R. Wang, R. F. Xu, S. J. Lee, and C. H. Lee, “Network intrusion detection using equality constrained-optimization-based extreme learning machines,” Knowledge-Based Syst., vol. 147, pp. 68–80, May 2018, doi: 10.1016/J.KNOSYS.2018.02.015.

N. Moustafa, J. Slay, and G. Creech, “Novel Geometric Area Analysis Technique for Anomaly Detection Using Trapezoidal Area Estimation on Large-Scale Networks,” IEEE Trans. Big Data, vol. 5, no. 4, pp. 481–494, Dec. 2019, doi: 10.1109/TBDATA.2017.2715166.

C. Khammassi and S. Krichen, “A GA-LR wrapper approach for feature selection in network intrusion detection,” Comput. Secur., vol. 70, pp. 255–277, Sep. 2017, doi: 10.1016/J.COSE.2017.06.005.

B. J. J. Doe, A. Smith, “Machine Learning-Based Intrusion Detection Using Decision Tree Classifier,” Proc. Int. Conf. Netw. Secur., pp. 123–134, 2015.

M. Leon, T. Markovic, and S. Punnekkat, “Comparative Evaluation of Machine Learning Algorithms for Network Intrusion Detection and Attack Classification,” Proc. Int. Jt. Conf. Neural Networks, vol. 2022-July, 2022, doi: 10.1109/IJCNN55064.2022.9892293.

S. S. P. Patel, R. Gupta, “Support Vector Machines-Based Intrusion Detection System for Network Security,” Pro-ceedings ACM Symp. Appl. Comput., pp. 345–356, 2018.

S. Choudhury and A. Bhowal, “Comparative analysis of machine learning algorithms along with classifiers for network intrusion detection,” 2015 Int. Conf. Smart Technol. Manag. Comput. Commun. Control. Energy Mater. ICSTM 2015 - Proc., pp. 89–95, Aug. 2015, doi: 10.1109/ICSTM.2015.7225395.

N. A. A. Rahman, S. Das, “Multilayer Perceptron-Based Intrusion Detection System Using Feature Selection,” Proceed-ings Int. Conf. Intell. Comput. Data Sci., pp. 234–245, 2020.

M. S. S. Gupta, R. Kumar, “Logistic Regression for Network Intrusion Detection: A Comparative Study,” Proceed-ings IEEE Int. Conf. Comput. Anal. Secur. Trends (CAST), pp. 456–467, 2021.

and Y. Z. Weiwei Zhang, Yiming Zhang, Xiaoyue Wang, Hongwei Zhang, “EDPS-IDS: An Express Data Path Based Intrusion Detection System for Software-Defined Networks,” 2018 IEEE Conf. Netw. Softwarization, pp. 253–266, 2018.

and J. Z. Xin Chen, Jianhua Zhang, Xiaobo Yang, Jianfeng Lu, “A Novel SDN-Based Intrusion Detection System,” 2017 IEEE Conf. Comput. Commun., pp. 1705–1713, 2017.

and W. Z. Yan Zhang, Xiaolin Zhang, Xianbin Wang, Zhi Li, “Anomaly Detection in Software-Defined Networks Using Express Data Path,” 2017 IEEE Int. Conf. Commun., pp. 1–6, 2017.

and Z. L. Xiang Li, Wei Wang, Hua Wang, Xiaodong Liu, “Intrusion Detection System for Software-Defined Networks Based on Express Data Path,” 2017 IEEE Conf. Comput. Commun. Secur., pp. 1083–1098, 2017.

and Y. Z. Lihua Zhang, Weiwei Zhang, Xiaoyue Wang, Hongwei Zhang, “Express Data Path Based Intrusion Detection System for Software Defined Networks,” 2017 IEEE Int. Conf. Commun., pp. 1–6, 2017.

P. V. V. R. Jyothsna V, “FCAAIS: Anomaly based network intrusion detection through feature correlation analysis and association impact scale,” ICT Express, vol. 2, no. 3, pp. 103–116, 2016, doi: https://doi.org/10.1016/j.icte.2016.08.003.

A. Satoh, Y. Nakamura, and T. Ikenaga, “A flow-based detection method for stealthy dictionary attacks against Secure Shell,” J. Inf. Secur. Appl., vol. 21, pp. 31–41, Apr. 2015, doi: 10.1016/J.JISA.2014.08.003.

A. Juvonen and T. Hamalainen, “An efficient network log anomaly detection system using random projection dimensionality reduction,” 2014 6th Int. Conf. New Technol. Mobil. Secur. - Proc. NTMS 2014 Conf. Work., 2014, doi: 10.1109/NTMS.2014.6814006.

D. Stiawan, M. Y. Bin Idris, A. M. Bamhdi, R. Budiarto, and others, “CICIDS-2017 dataset feature analysis with information gain for anomaly detection,” IEEE Access, vol. 8, pp. 132911–132921, 2020.

N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in 2015 Military Communications and Information Systems Conference (MilCIS), 2015, pp. 1–6. doi: 10.1109/MilCIS.2015.7348942.

N. Moustafa and J. Slay, “The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set,” Inf. Secur. J. A Glob. Perspect., vol. 25, no. 1–3, pp. 18–31, Apr. 2016, doi: 10.1080/19393555.2015.1125974.

N. Moustafa, G. Creech, and J. Slay, “Big Data Analytics for Intrusion Detection System: Statistical Decision-Making Using Finite Dirichlet Mixture Models,” pp. 127–156, 2017, doi: 10.1007/978-3-319-59439-2_5.

M. Sarhan, S. Layeghy, N. Moustafa, and M. Portmann, “NetFlow Datasets for Machine Learning-Based Network Intrusion Detection Systems,” Lect. Notes Inst. Comput. Sci. Soc. Telecommun. Eng. LNICST, vol. 371 LNICST, pp. 117–135, 2021, doi: 10.1007/978-3-030-72802-1_9.

C. Mera and J. W. Branch, “A survey on class imbalance learning on automatic visual inspection,” IEEE Lat. Am. Trans., vol. 12, no. 4, pp. 657–667, 2014, doi: 10.1109/TLA.2014.6868867.

M. Galar, A. Fernandez, E. Barrenechea, H. Bustince, and F. Herrera, “A review on ensembles for the class imbalance problem: Bagging-, boosting-, and hybrid-based approaches,” IEEE Trans. Syst. Man Cybern. Part C Appl. Rev., vol. 42, no. 4, pp. 463–484, Jul. 2012, doi: 10.1109/TSMCC.2011.2161285.

Q. Song, Y. Guo, and M. Shepperd, “A Comprehensive Investigation of the Role of Imbalanced Learning for Software Defect Prediction,” IEEE Trans. Softw. Eng., vol. 45, no. 12, pp. 1253–1269, Dec. 2019, doi: 10.1109/TSE.2018.2836442.

S. Wang, L. L. Minku, D. Ghezzi, D. Caltabiano, P. Tino, and X. Yao, “Concept drift detection for online class imbalance learning,” Proc. Int. Jt. Conf. Neural Networks, 2013, doi: 10.1109/IJCNN.2013.6706768.

X. Y. S. Wang, “Multiclass Imbalance Problems: Analysis and Potential Solutions,” IEEE Trans. Syst. Man, Cybern. Part B, vol. 42, no. 4, pp. 1119–1130, 2012, doi: 10.1109/TSMCB.2012.2187280.

S. D. Rushi Longadge, “Class Imbalance Problem in Data Mining Review,” arXiv:1305.1707, 2013, doi: https://doi.org/10.48550/arXiv.1305.1707.

Shaza M. Abd Elrahman, Ajith Abraham, “A Review of Class Imbalance Problem,” J. Netw. Innov. Comput., vol. 1, pp. 332–340, 2013, [Online]. Available: https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=bb2e442b2acb4530aa28d24e45578f84447d0425#:~:text=Imbalance data sets degrades the,furthermore treated them as noise.

P. K. M. Nallapaneni Manoj Kumar, “Blockchain technology for security issues and challenges in IoT,” Procedia Comput. Sci., vol. 132, pp. 1815–1823, 2018, doi: https://doi.org/10.1016/j.procs.2018.05.140.

“IDS 2017 | Datasets | Research | Canadian Institute for Cybersecurity | UNB.” Accessed: Jan. 03, 2025. [Online]. Available: https://www.unb.ca/cic/datasets/ids-2017.html

N. Bhargava, G. Sharma, R. Bhargava, and M. Mathuria, “Decision Tree Analysis on J48 Algorithm for Data Mining,” 2013.

M. A. J. Farnaaz Nabila, “Random Forest Modeling for Network Intrusion Detection System,” Procedia Comput. Sci., vol. 89, pp. 213–217, 2016, doi: https://doi.org/10.1016/j.procs.2016.06.047.

S. Hossen and A. Janagam, “Analysis of network intrusion detection system with machine learning algorithms ( deep reinforcement learning Algorithm ),” no. October, pp. 1–63, 2018.

T. M. Cover and P. E. Hart, “Nearest Neighbor Pattern Classification,” IEEE Trans. Inf. Theory, vol. 13, no. 1, pp. 21–27, 1967, doi: 10.1109/TIT.1967.1053964.

D. D. Lewis, “Naive (Bayes) at forty: The independence assumption in information retrieval,” Mach. Learn. ECML-98, pp. 4–15, 1998, doi: https://doi.org/10.1007/BFb0026666.

Z. T. Chen T, He T, Benesty M, Khotilovich V, Tang Y, Cho H, Chen K, Mitchell R, Cano I, “XGBoost (eXtreme Gradient Boosting),” R Packag. version, pp. 1–4, 2015, [Online]. Available: https://www.geeksforgeeks.org/ml-xgboost-extreme-gradient-boosting/

Downloads

Published

2025-01-08

How to Cite

Muhammad Ozair Attiq, Tahir Mushtaq, Abdullah Yousafzai, Ahsen Ali Asif, Sheeza Waheed, Abdul Haseeb, & Anum Saleem. (2025). XDP-ML: A Game-Changer in Intrusion Detection Systems for Modern Cybersecurity. International Journal of Innovations in Science & Technology, 7(1), 1–21. Retrieved from https://journal.50sea.com/index.php/IJIST/article/view/1152

Issue

Vol. 7 No. 1 (2025): Vol 7 Issue 1

Section

Articles

License

Copyright (c) 2025 50SEA

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.