XFAST Framework for Network Traffic Feature Selection

This technical report presents XFAST, a novel framework designed for efficient feature extraction and selection in high-performance network traffic analysis, utilizing eBPF/XDP and Genetic Algorithms. The report outlines the critical role of Intrusion Detection Systems (IDS) in identifying anomalies in network traffic, emphasizing the need for effective feature selection to enhance detection capabilities. Traditional methods of feature selection are often computationally intensive, which limits their application in real-time scenarios. XFAST addresses these challenges by performing feature extraction and selection within the Linux kernel, thereby reducing latency and resource consumption. The framework employs a lightweight, tail-call-based execution model for Genetic Algorithms, optimizing feature subsets through a hit-based fitness function. Evaluation results indicate that XFAST significantly improves the F1-score of an Isolation Forest model while maintaining low CPU and memory overhead, making it suitable for deployment in edge and cloud-native environments. The document further discusses the architecture, design goals, and challenges associated with implementing XFAST.