On Practicality of Kernel Packet Processing Empowered by Lightweight Neural Network and Decision Tree

Kernel packet processing such as extended Berkeley Packet Filter (eBPF) and eXpress Data Path (XDP) is a promising framework that can speedily/efficiently process packets without passing them to conventional packet processing software running on the user space. Several studies pointed out the possibility of eBPF empowered by simple machine learning techniques (e.g., decision tree (DT)) to realize intelligent packet processing (e.g., intrusion detection) in the kernel space. Note that the quantitative evaluation of both packet processing and detection performance has not been conducted sufficiently. In addition, to ensure the kernel stability and safety, the eBPF program must process packets under strict constraints such as prohibition of floating-point number, which is usually used in neural networks (NNs). In this paper, we examine the possibility of NN-empowered eBPF/XDP based packet processing. More specifically, we first train a floating-point NN and quantize it as a fixed-point NN using 8-bit integers in the user space. Then, we implement the lightweight NN in the eBPF/XDP program to achieve fast packet processing with integer-arithmetic-only inference in the kernel space. Experimental results show that (1) the integer-arithmetic-only NN (resp. DT) classifier can drastically reduce the inference time to 15.3% (resp. 1.6%) while suppressing degradation of classification performance, (2) the lightweight NN classifier can improve the inference performance in case of multi-class classification, and (3) the kernel-based method with NN (resp. DT) classifier can process received packets in a real-time manner under a certain transmission rate, i.e., 300,000 pps (resp. 450,000 pps).