SwitchTree: in-network computing and traffic analyses with Random Forests

The success of machine learning in different domains is also finding applications in networking. However, this may need real-time analyses of network data which is challenging. The challenge is caused by the big data size and the need for bandwidth to transfer network data to a central location hosting the analyses server. In order to address that challenge, the in-network computing paradigm is gaining popularity with the advances in programmable data plane solutions. In this paper, we perform in-network analysis of the network data by exploiting the power of programmable data plane. We propose SwitchTree which embeds Random Forest algorithm inside a programmable switch such that the Random Forest is configurable and re-configurable at runtime. We show how some flow level stateful features can be estimated, such as the round-trip time and bitrate of each flow. We evaluate the performance of SwitchTree using system level experiments and network traces. Results show that SwitchTree is able to detect network attacks at line speed with high accuracy.