security · keiwall

KeiWall — a machine-learning firewall under 5 KB.

A web-application firewall built from small int8 models — feature extraction, rule matching, and traffic normalization — designed to run inline at the kernel boundary instead of as a heavyweight userspace proxy.

What it does

KeiWall inspects traffic through three small, purpose-built models instead of one large classifier: feature extraction turns raw traffic into a compact representation, a rule-matching model flags known-bad shapes, and a normalization step cleans the traffic before it reaches an application. Each model is small enough — under 5 KB — to run inline without becoming the bottleneck itself.

Why small models, not one big one

A WAF sits on the hot path of every request. A multi-megabyte classifier is a latency and memory tax on every packet; three sub-5-KB models composed together give the lab room to run filtering inline, including inside the kernel, rather than as a separate heavyweight service.

Where it stands

The three model kubiks are built and already exercised in the lab's own MAX-OS driver builds. Full integration into the kernel network path is in progress, tracked alongside the lab's broader MAX-OS network work.