Enhancing XDP eBPF Firewall Performance and Accuracy with Large Language Models and Symbolic Execution
Jeffrey Lyu
Affiliation: The Affiliated High School of South China Normal University
IJSCAR Vol. 2, Issue 2 (2025) · pp. 4–7
Abstract
Firewalls are foundational to computer network security yet managing large and complex eXpress Data Path (XDP) extended Berkeley Packet Filter (eBPF) rule sets often results in performance inefficiencies and configuration errors. This paper investigates how large language models (LLMs) can enhance the performance and maintain correctness of XDP eBPF-based firewalls by applying AI-guided rule optimization in conjunction with formal equivalence verification using symbolic execution and Satisfiability Modulo Theories (SMT) solvers. We propose a dual-phase workflow: first LLMs optimize rule sets by reordering and pruning redundant entries; second symbolic reasoning verifies functional equivalence with the original policy. Our evaluation across 12 firewalls ranging from basic to complex functionalities demonstrates a verified success rate of 83.3%. We conclude that LLM optimization when combined with formal checking offers a practical and scalable approach to maintaining accurate and efficient firewall configurations.
Keywords: Firewall, XDP eBPF, Large Language Models, Symbolic Execution, Satisfiability Modulo Theories