NVIDIA Corporation
HEADER-BASED PACKET FILTERING AND INFERENCING TO IDENTIFY MALICIOUS NETWORK TRAFFIC USING NEURAL NETWORKS

Abstract:

In various examples, a first network interface duplicates received network traffic and forwards a first set of network traffic data to a central processing unit (CPU) and a second set of identical network traffic to one or more parallel processing units (PPUs). In an embodiment, the one or more PPUs analyze the second set of network traffic to identify whether the second set of network traffic is malicious. First, the one or more PPUs filter and classify the second set of network traffic into flows, or logical groupings or subsets of the second set of network traffic. Second, the one or more PPUs sort the network packets within each flow and extract features of interest specific to each flow. Using the extracted features of interest, one or more deep learning techniques infer a status indicating whether each flow is malicious (mal) or good. The one or more PPUs then forward the status for each flow to the CPU for use in determining which network traffic from the first set of network traffic is to be forwarded to a second network interface.