This is a Hackathon 2020 project that explores (and confirms) the possibility of evaluating machine learning models inside the Linux kernel. In this hack, we use PyTorch to train a binary classifier to distinguish between malicious and benign IP traffic and translate this model into eBPF-based XDP packet filter.
To reproduce the results:
- Collect some positive and negative data samples in PCAP format (e.g., using tcpdump).
This repo has some sample packets in
data/
directory. - Train your classifier (run
model/model.py
script). - Copy the quantized weights of your model into array
w
and biasb
inxdp/xdp.c
. (Yeah, we should've generated a source file instead).. - Compile your C code and install the eBPF module by running
xdp/compile_attach.sh
script. - To uninstall the packet filter, run
xdp/remove.sh
.
Please note that this project is merely a proof-of-concept hack and is not supported by the developers. Feel free to fork and move it forward, and we'll send you our kudos and PRs!