Distributed SIP DDoS Defense with P4

Febro, Aldo; Xiao, Hannan; Spring, Joseph

doi:10.1109/wcnc.2019.8885926

Cited by 19 publications

(16 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Broadly, defense schemes can be grouped into two main categories: attack-specific and generic. Attack-specific category consists of the work that address a specific attack (e.g., NETHCF for IP spoofing, [211] for SIP DDoS, etc. ), while the generic category aims at addressing various types of attacks (e.g., FastFlex for various availability attacks, Ripple for link flooding attacks, etc.…”

Section: ) Defense Schemes Comparison Discussion and Limitationsmentioning

confidence: 99%

An Exhaustive Survey on P4 Programmable Data Plane Switches: Taxonomy, Applications, Challenges, and Future Trends

2021

View full text Add to dashboard Cite

Traditionally, the data plane has been designed with fixed functions to forward packets using a small set of protocols. This closed-design paradigm has limited the capability of the switches to proprietary implementations which are hard-coded by vendors, inducing a lengthy, costly, and inflexible process. Recently, data plane programmability has attracted significant attention from both the research community and the industry, permitting operators and programmers in general to run customized packet processing functions. This open-design paradigm is paving the way for an unprecedented wave of innovation and experimentation by reducing the time of designing, testing, and adopting new protocols; enabling a customized, top-down approach to develop network applications; providing granular visibility of packet events defined by the programmer; reducing complexity and enhancing resource utilization of the programmable switches; and drastically improving the performance of applications that are offloaded to the data plane. Despite the impressive advantages of programmable data plane switches and their importance in modern networks, the literature has been missing a comprehensive survey. To this end, this paper provides a background encompassing an overview of the evolution of networks from legacy to programmable, describing the essentials of programmable switches, and summarizing their advantages over Softwaredefined Networking (SDN) and legacy devices. The paper then presents a unique, comprehensive taxonomy of applications developed with P4 language; surveying, classifying, and analyzing more than 200 articles; discussing challenges and considerations; and presenting future perspectives and open research issues.

show abstract

Section: ) Defense Schemes Comparison Discussion and Limitationsmentioning

confidence: 99%

An Exhaustive Survey on P4 Programmable Data Plane Switches: Taxonomy, Applications, Challenges, and Future Trends

2021

View full text Add to dashboard Cite

show abstract

“…-As containers are individually connected to the P4 switch interfaces, different kinds of telemetry information, like the amount of traffic that is being transferred via a specific interface, or the time of entering of a packet to that interface can be tracked in P4 [16,17]. This will help for managing the traffic preventing different kinds of attacks [18][19][20] to improve security. -The P4 program can be run on SmartNICs [21,22].…”

Section: Containerized P4-based Ddmmentioning

confidence: 99%

“…When a packet leaves the P4 switch toward the other domain the source IP address of the packet is changed to the public address of the local server: these are the ser-ver_send (lines 11-15) and client_send (lines [16][17][18][19] actions.…”

Section: Listing 3 P4 Actions Associated With the P4program Tablesmentioning

confidence: 99%

Multi-domain network infrastructure based on P4 programmable devices for Digital Data Marketplaces

2022

View full text Add to dashboard Cite

There are many organizations interested in sharing data with others, and they can do this only if a multi-domain secure platform is available. Such platforms, often referred to as Digital Data Marketplaces (DDMs), require that all the transactions follow the pre-defined policies that are established by the participating parties i.e, domains. However, building a multi-domain network infrastructure in which each domain can manage its own connectivity while at the same time all of the transactions follow the sharing agreements is still a challenge. In this paper, we introduce a multi-domain containerized DDM that is built upon a P4-based network. It can handle the communication of multiple domains and guarantee that the operation of transactions is based on the pre-defined policies. We also studied the setup performance by defining a model which we demonstrated follows the real measurements, and we can use for decision making. The results also show the low overhead of using P4 switch in network setup time. In addition, we conducted a security evaluation which showed that our P4-based network setup is secure against most types of attacks.

show abstract

“…Similarly, in [39], authors implemented a P4 strategy to contrast TCP flood port scan attacks and evaluated this strategy in both a P4-enabled software switch and a FPGA. Authors in [40] and performed attack detection in P4-programmable Ethernet switches, focusing on SIP attacks. Furthermore, authors of [41], data plane programmability is exploited to mitigate DDoS attacks of different types, such as SYN flood, DNS amplification, HTTP flood, when traffic characteristics change over time, by adopting threshold-based defense mechanisms.…”

Section: Related Workmentioning

confidence: 99%

Machine-Learning-Enabled DDoS Attacks Detection in P4 Programmable Networks

et al. 2021

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks represent a major concern in modern Software Defined Networking (SDN), as SDN controllers are sensitive points of failures in the whole SDN architecture. Recently, research on DDoS attacks detection in SDN has focused on investigation of how to leverage data plane programmability, enabled by P4 language, to detect attacks directly in network switches, with marginal involvement of SDN controllers. In order to effectively address cybersecurity management in SDN architectures, we investigate the potential of Artificial Intelligence and Machine Learning (ML) algorithms to perform automated DDoS Attacks Detection (DAD), specifically focusing on Transmission Control Protocol SYN flood attacks. We compare two different DAD architectures, called Standalone and Correlated DAD, where traffic features collection and attack detection are performed locally at network switches or in a single entity (e.g., in SDN controller), respectively. We combine the capability of ML and P4-enabled data planes to implement real-time DAD. Illustrative numerical results show that, for all tested ML algorithms, accuracy, precision, recall and F1-score are above 98% in most cases, and classification time is in the order of few hundreds of $$\upmu \text {s}$$ μ s in the worst case. Considering real-time DAD implementation, significant latency reduction is obtained when features are extracted at the data plane by using P4 language. Graphic Abstract

show abstract

Distributed SIP DDoS Defense with P4

Cited by 19 publications

References 10 publications

An Exhaustive Survey on P4 Programmable Data Plane Switches: Taxonomy, Applications, Challenges, and Future Trends

An Exhaustive Survey on P4 Programmable Data Plane Switches: Taxonomy, Applications, Challenges, and Future Trends

Multi-domain network infrastructure based on P4 programmable devices for Digital Data Marketplaces

Machine-Learning-Enabled DDoS Attacks Detection in P4 Programmable Networks

Contact Info

Product

Resources

About