xgr19 / SAM-for-Traffic-Classification

Self-attentive deep learning method for online traffic classification and its interpretability (CN21 & NetAI20)
GNU General Public License v3.0
36 stars 14 forks source link

Some questions about online detection traffic in this article #3

Open banzhuanle opened 1 year ago

banzhuanle commented 1 year ago

What does "packet" specifically refer to here? What does this "packet" specifically refer to? Is it representing each packet displayed when opening a pcap file using Wireshark? If that's the case, then a 1GB pcap file would have millions of lines representing packets. With each packet taking 2ms, it would take several thousand seconds to analyze a 1GB pcap file. Could you please clarify if my understanding of the above is incorrect? I sincerely look forward to your response.

banzhuanle commented 1 year ago

Considering certain user scenarios where the data traffic of this size can be generated in just one minute, but it takes more than ten minutes to output the detection results, it feels like the real-time detection effect described in the article cannot be achieved in such cases.

xgr19 commented 5 months ago

Sorry for the late reply.

A packet is as it in wireshark pcap.

This paper is a GPU-enhanced deep learning solution, which can be fed hundreds of packets per time and consumes a classification time like one packet.

Even though, the bottleneck could be the capability of the used GPU. If you want more fast, data plane processing (e.g., P4 and Tofino switch) is desired, and you may be interested in our recent paper: Mousika: enable general in-network intelligence in programmable switches by knowledge distillation (INFOCOM22).