Full Program
Summary:
Modern cybersecurity relies on Intrusion Detection and Prevention Systems (IDPS) to detect and mitigate malicious network activity. This study proposes eIDPS, a packet-level IDPS leveraging Machine Learning and the extended Berkeley Packet Filter (eBPF) for real-time threat detection within the kernel. Unlike a flow-based approach, which analyzes aggregated network flows, eIDPS operates at the packet level, enabling faster decision-making while it does not drop entire flows when a malicious packet is detected, allowing for more precise threat mitigation. Experimental evaluation using CIC-IDS2017, a benchmark intrusion detection dataset, demonstrates that eIDPS achieves higher precision and F1-score compared to a flow-based solution identified in the literature, while still operating in real time. This comparison highlights the trade-offs between packet-level and flow-based intrusion detection, offering insights into the deployment of eBPF-based security solutions.Author(s):
Stamatios Kostopoulos
Hellenic Mediterranean University
Greece
Dimitra Papatsaroucha
Hellenic Mediterranean University
Greece
Ioannis Kefaloukos
Hellenic Mediterranean University
Greece
Evangelos K Markakis
Hellenic Mediterranean University
Greece