On Sat, 6 Jul 2002, Seth Arnold wrote: > On Sat, Jul 06, 2002 at 01:35:52PM +0100, Lars Olsson wrote: > > I'm implementing a neural network (executing in kernel > > space because of performance reasons) > > I've heard "performance reasons" meaning things should be implemented in > the kernel over and over again, and just once, I'd like to try to find > out _why_ implementing something in the kernel will improve your > application's performance. What I am doing is an intrusion detection system (I'm doing research into artificial immune systems) and for each system call I train/use this network (Elman network) to learn how programs normally behave (I have also used another algorithm only using integers with good results). If they start behaving differently, say a buffer overflow attack, this system will react. My goal is that the system should be reactive and respond directly by slowing down the abnormally behaving process. All system calls are hijacked (I know this is ugly:-), but I wanted to do this as modules and not a patch, even though I have also implemented it as a patch), and I then call my train/respond function before the real syscall is executed. Thus, I need to implement at least a part of this system as a part of the kernel and hence I thought it would be better idea (performance wise) to do everything in the kernel. But, the inital training and stuff like that is still done as a regular user land process. Then there is also security reasons for keeping everything in the kernel. Please correct me if any of you have better ideas, I'm just a poor lonesome kernel newbie...:-) > Why move NN into the kernel? See above. thanks for all answers, lars -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
