-
A Comprehensive Survey on SmartNICs: Architectures, Development Models, Applications, and Research Directions
Authors:
Elie Kfoury,
Samia Choueiri,
Ali Mazloum,
Ali AlSabeh,
Jose Gomez,
Jorge Crichigno
Abstract:
The end of Moore's Law and Dennard Scaling has slowed processor improvements in the past decade. While multi-core processors have improved performance, they are limited by the application's level of parallelism, as prescribed by Amdahl's Law. This has led to the emergence of domain-specific processors that specialize in a narrow range of functions. Smart Network Interface Cards (SmartNICs) can be…
▽ More
The end of Moore's Law and Dennard Scaling has slowed processor improvements in the past decade. While multi-core processors have improved performance, they are limited by the application's level of parallelism, as prescribed by Amdahl's Law. This has led to the emergence of domain-specific processors that specialize in a narrow range of functions. Smart Network Interface Cards (SmartNICs) can be seen as an evolutionary technology that combines heterogeneous domain-specific processors and general-purpose cores to offload infrastructure tasks. Despite the impressive advantages of SmartNICs and their importance in modern networks, the literature has been missing a comprehensive survey. To this end, this paper provides a background encompassing an overview of the evolution of NICs from basic to SmartNICs, describing their architectures, development environments, and advantages over legacy NICs. The paper then presents a comprehensive taxonomy of applications offloaded to SmartNICs, covering network, security, storage, and machine learning functions. Challenges associated with SmartNIC development and deployment are discussed, along with current initiatives and open research issues.
△ Less
Submitted 15 May, 2024;
originally announced May 2024.
-
Federated Learning Approach for Distributed Ransomware Analysis
Authors:
Aldin Vehabovic,
Hadi Zanddizari,
Farook Shaikh,
Nasir Ghani,
Morteza Safaei Pour,
Elias Bou-Harb,
Jorge Crichigno
Abstract:
Researchers have proposed a wide range of ransomware detection and analysis schemes. However, most of these efforts have focused on older families targeting Windows 7/8 systems. Hence there is a critical need to develop efficient solutions to tackle the latest threats, many of which may have relatively fewer samples to analyze. This paper presents a machine learning (ML) framework for early ransom…
▽ More
Researchers have proposed a wide range of ransomware detection and analysis schemes. However, most of these efforts have focused on older families targeting Windows 7/8 systems. Hence there is a critical need to develop efficient solutions to tackle the latest threats, many of which may have relatively fewer samples to analyze. This paper presents a machine learning (ML) framework for early ransomware detection and attribution. The solution pursues a data-centric approach which uses a minimalist ransomware dataset and implements static analysis using portable executable (PE) files. Results for several ML classifiers confirm strong performance in terms of accuracy and zero-day threat detection.
△ Less
Submitted 24 June, 2023;
originally announced June 2023.
-
IoT Threat Detection Testbed Using Generative Adversarial Networks
Authors:
Farooq Shaikh,
Elias Bou-Harb,
Aldin Vehabovic,
Jorge Crichigno,
Aysegul Yayimli,
Nasir Ghani
Abstract:
The Internet of Things(IoT) paradigm provides persistent sensing and data collection capabilities and is becoming increasingly prevalent across many market sectors. However, most IoT devices emphasize usability and function over security, making them very vulnerable to malicious exploits. This concern is evidenced by the increased use of compromised IoT devices in large scale bot networks (botnets…
▽ More
The Internet of Things(IoT) paradigm provides persistent sensing and data collection capabilities and is becoming increasingly prevalent across many market sectors. However, most IoT devices emphasize usability and function over security, making them very vulnerable to malicious exploits. This concern is evidenced by the increased use of compromised IoT devices in large scale bot networks (botnets) to launch distributed denial of service(DDoS) attacks against high value targets. Unsecured IoT systems can also provide entry points to private networks, allowing adversaries relatively easy access to valuable resources and services. Indeed, these evolving IoT threat vectors (ranging from brute force attacks to remote code execution exploits) are posing key challenges. Moreover, many traditional security mechanisms are not amenable for deployment on smaller resource-constrained IoT platforms. As a result, researchers have been developing a range of methods for IoT security, with many strategies using advanced machine learning(ML) techniques. Along these lines, this paper presents a novel generative adversarial network(GAN) solution to detect threats from malicious IoT devices both inside and outside a network. This model is trained using both benign IoT traffic and global darknet data and further evaluated in a testbed with real IoT devices and malware threats.
△ Less
Submitted 24 May, 2023;
originally announced May 2023.
-
Data-Centric Machine Learning Approach for Early Ransomware Detection and Attribution
Authors:
Aldin Vehabovic,
Hadi Zanddizari,
Nasir Ghani,
Farooq Shaikh,
Elias Bou-Harb,
Morteza Safaei Pour,
Jorge Crichigno
Abstract:
Researchers have proposed a wide range of ransomware detection and analysis schemes. However, most of these efforts have focused on older families targeting Windows 7/8 systems. Hence there is a critical need to develop efficient solutions to tackle the latest threats, many of which may have relatively fewer samples to analyze. This paper presents a machine learning(ML) framework for early ransomw…
▽ More
Researchers have proposed a wide range of ransomware detection and analysis schemes. However, most of these efforts have focused on older families targeting Windows 7/8 systems. Hence there is a critical need to develop efficient solutions to tackle the latest threats, many of which may have relatively fewer samples to analyze. This paper presents a machine learning(ML) framework for early ransomware detection and attribution. The solution pursues a data-centric approach which uses a minimalist ransomware dataset and implements static analysis using portable executable(PE) files. Results for several ML classifiers confirm strong performance in terms of accuracy and zero-day threat detection.
△ Less
Submitted 22 May, 2023;
originally announced May 2023.
-
Ransomware Detection and Classification Strategies
Authors:
Aldin Vehabovic,
Nasir Ghani,
Elias Bou-Harb,
Jorge Crichigno,
Aysegul Yayimli
Abstract:
Ransomware uses encryption methods to make data inaccessible to legitimate users. To date a wide range of ransomware families have been developed and deployed, causing immense damage to governments, corporations, and private users. As these cyberthreats multiply, researchers have proposed a range of ransomware detection and classification schemes. Most of these methods use advanced machine learnin…
▽ More
Ransomware uses encryption methods to make data inaccessible to legitimate users. To date a wide range of ransomware families have been developed and deployed, causing immense damage to governments, corporations, and private users. As these cyberthreats multiply, researchers have proposed a range of ransomware detection and classification schemes. Most of these methods use advanced machine learning techniques to process and analyze real-world ransomware binaries and action sequences. Hence this paper presents a survey of this critical space and classifies existing solutions into several categories, i.e., including network-based, host-based, forensic characterization, and authorship attribution. Key facilities and tools for ransomware analysis are also presented along with open challenges.
△ Less
Submitted 10 April, 2023;
originally announced April 2023.
-
An Exhaustive Survey on P4 Programmable Data Plane Switches: Taxonomy, Applications, Challenges, and Future Trends
Authors:
Elie F. Kfoury,
Jorge Crichigno,
Elias Bou-Harb
Abstract:
Traditionally, the data plane has been designed with fixed functions to forward packets using a small set of protocols. This closed-design paradigm has limited the capability of the switches to proprietary implementations which are hardcoded by vendors, inducing a lengthy, costly, and inflexible process. Recently, data plane programmability has attracted significant attention from both the researc…
▽ More
Traditionally, the data plane has been designed with fixed functions to forward packets using a small set of protocols. This closed-design paradigm has limited the capability of the switches to proprietary implementations which are hardcoded by vendors, inducing a lengthy, costly, and inflexible process. Recently, data plane programmability has attracted significant attention from both the research community and the industry, permitting operators and programmers in general to run customized packet processing function. This open-design paradigm is paving the way for an unprecedented wave of innovation and experimentation by reducing the time of designing, testing, and adopting new protocols; enabling a customized, top-down approach to develop network applications; providing granular visibility of packet events defined by the programmer; reducing complexity and enhancing resource utilization of the programmable switches; and drastically improving the performance of applications that are offloaded to the data plane. Despite the impressive advantages of programmable data plane switches and their importance in modern networks, the literature has been missing a comprehensive survey. To this end, this paper provides a background encompassing an overview of the evolution of networks from legacy to programmable, describing the essentials of programmable switches, and summarizing their advantages over Software-defined Networking (SDN) and legacy devices. The paper then presents a unique, comprehensive taxonomy of applications developed with P4 language; surveying, classifying, and analyzing more than 150 articles; discussing challenges and considerations; and presenting future perspectives and open research issues.
△ Less
Submitted 7 June, 2021; v1 submitted 1 February, 2021;
originally announced February 2021.
-
Green Communication with Geolocation
Authors:
Gautam Srivastava,
Andrew Fisher,
Robert Bryce,
Jorge Crichigno
Abstract:
Green communications is the practice of selecting energy efficient communications, networking technologies and products. This process is followed by minimizing resource use whenever possible in all branches of communications. In this day and age, green communication is vital to the footprint we leave on this planet as we move into a completely digital age. One such communication tool is Message Qu…
▽ More
Green communications is the practice of selecting energy efficient communications, networking technologies and products. This process is followed by minimizing resource use whenever possible in all branches of communications. In this day and age, green communication is vital to the footprint we leave on this planet as we move into a completely digital age. One such communication tool is Message Queue Transport Telemetry or MQTT which is an open source publisher/subscriber standard for M2M (Machine to Machine) communication. It is well known for its low energy and bandwidth footprint and thus makes it highly suitable for Green Internet of Things (IoT) messaging situations where power usage is at a premium or in mobile devices such as phones, embedded computers or microcontrollers. It is a perfect tool for the green communication age upon us and more specifically Green IoT. One problem however with the original MQTT protocol is that it is lacking the ability to broadcast geolocation. In today's age of IoT however, it has become more pertinent to have geolocation as part of the protocol. In this paper, we add geolocation to the MQTT protocol and offer a revised version, which we call MQTTg. We describe the protocol here and show where we are able to embed geolocation successfully. We also offer a glimpse into an Android OS application we are developing for Open Source use.
△ Less
Submitted 23 November, 2018;
originally announced November 2018.
-
Route Distribution Incentives
Authors:
Joud Khoury,
Chaouki T. Abdallah,
Kate Krause,
Jorge Crichigno
Abstract:
We present an incentive model for route distribution in the context of path vector routing protocols and we focus on the Border Gateway Protocol (BGP). BGP is the de-facto protocol for interdomain routing on the Internet. We model BGP route distribution and computation using a game in which a BGP speaker advertises its prefix to its direct neighbors promising them a reward for further distributi…
▽ More
We present an incentive model for route distribution in the context of path vector routing protocols and we focus on the Border Gateway Protocol (BGP). BGP is the de-facto protocol for interdomain routing on the Internet. We model BGP route distribution and computation using a game in which a BGP speaker advertises its prefix to its direct neighbors promising them a reward for further distributing the route deeper into the network, the neighbors do the same thing with their neighbors, and so on. The result of this cascaded route distribution is an advertised prefix and hence reachability of the BGP speaker. We first study the convergence of BGP protocol dynamics to a unique outcome tree in the defined game. We then proceed to study the existence of equilibria in the full information game considering competition dynamics. We focus our work on the simplest two classes of graphs: 1) the line (and the tree) graphs which involve no competition, and 2) the ring graph which involves competition.
△ Less
Submitted 19 September, 2009;
originally announced September 2009.
