Introducing SmartNICs in Server-Based Data Plane Processing: The DDoS Mitigation Use Case

Miano, Sebastiano; Doriguzzi-Corin, Roberto; Risso, Fulvio; Siracusa, Domenico; Sommese, Raffaele

doi:10.1109/access.2019.2933491

Cited by 40 publications

(23 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, in contrast to cloud highperformance servers, edge nodes cannot exploit sophisticated solutions against DDoS attacks, due to their limited computing and memory resources. Although recent research efforts have demonstrated that the mitigation of DDoS attacks is feasible even by means of commodity computers [72], [73], edge computing-based DDoS detection is still at an early stage.…”

Section: Use-case: Ddos Detection At the Edgementioning

confidence: 99%

Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Doriguzzi-Corin

Millar

Scott-Hayward

et al. 2020

IEEE Trans. Netw. Serv. Manage.

Self Cite

250

105

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks are one of the most harmful threats in today's Internet, disrupting the availability of essential services. The challenge of DDoS detection is the combination of attack approaches coupled with the volume of live traffic to be analysed. In this paper, we present a practical, lightweight deep learning DDoS detection system called LUCID, which exploits the properties of Convolutional Neural Networks (CNNs) to classify traffic flows as either malicious or benign. We make four main contributions; (1) an innovative application of a CNN to detect DDoS traffic with low processing overhead, (2) a dataset-agnostic preprocessing mechanism to produce traffic observations for online attack detection, (3) an activation analysis to explain LUCID's DDoS classification, and (4) an empirical validation of the solution on a resource-constrained hardware platform. Using the latest datasets, LUCID matches existing stateof-the-art detection accuracy whilst presenting a 40x reduction in processing time, as compared to the state-of-the-art. With our evaluation results, we prove that the proposed approach is suitable for effective DDoS detection in resource-constrained operational environments.

show abstract

Section: Use-case: Ddos Detection At the Edgementioning

confidence: 99%

Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Doriguzzi-Corin

Millar

Scott-Hayward

et al. 2020

IEEE Trans. Netw. Serv. Manage.

Self Cite

250

105

View full text Add to dashboard Cite

show abstract

“…The virtualization overhead, the utilization level of the servers and the techniques adopted to implement the VSNFs are the most significant contributors to the performance degradation. To mitigate the problem, recent approaches propose to either adopt kernel bypass technologies such as the Data Plane Development Kit (DPDK) [122], Netmap [123] or Vectorized Packet Processing (VPP) [124], or to move the software packet processing in kernel space using eBPF/XDP [125].…”

Section: Threat Detection and Mitigationmentioning

confidence: 99%

Hybrid SDN evolution: A comprehensive survey of the state-of-the-art

et al. 2021

Self Cite

View full text Add to dashboard Cite

Software-Defined Networking (SDN) is an evolutionary networking paradigm which has been adopted by large network and cloud providers, among which are Tech Giants. However, embracing a new and futuristic paradigm as an alternative to well-established and mature legacy networking paradigm requires a lot of time along with considerable financial resources and technical expertise. Consequently, many enterprises can not afford it. A compromise solution then is a hybrid networking environment (a.k.a. Hybrid SDN (hSDN)) in which SDN functionalities are leveraged while existing traditional network infrastructures are acknowledged.Recently, hSDN has been seen as a viable networking solution for a diverse range of businesses and organizations. Accordingly, the body of literature on hSDN research has improved remarkably. On this account, we present this paper as a comprehensive state-of-the-art survey which expands upon hSDN from many different perspectives.

show abstract

“…eBPF programs can be attached even before packet enter PREROUTING chain of Netfilter. eBPF based program XDP provides possibility to process packets before TCP/IP stack achieving higher performance of packet processing (Miano et al, 2019b). Location of Netfilter's chains, most popular tables and eBPF hooks are shown in Figure 1.…”

Section: Packet Flow In Netfilter and Ebpfmentioning

confidence: 99%

Analysis of Linux Os Security Tools for Packet Filtering and Processing

Melkov

Paulikas

2021

Science - Future of Lithuania

View full text Add to dashboard Cite

Open-source software and its components are widely used in various products, solutions, and applications, even in closed-source. Majority of them are made on Linux or Unix based systems. Netfilter framework is one of the examples. It is used for packet filtering, load-balancing, and many other manipulations with network traffic. Netfilter based packet filter iptables has been most common firewall tool for Linux systems for more than two decades. Successor of iptables – nftables was introduced in 2014. It was designed to overcome various iptables limitations. However, it hasn’t received wide popularity and transition is still ongoing. In recent years researchers and developers around the world are searching for solution to increase performance of packet processing tools. For that purpose, many of them trying to utilize eBPF (Extended Berkeley Packet Filter) with XDP (Express Data Path) data path. This paper focused on analyzing Linux OS packet filters and comparing their performances in different scenarios.

show abstract

Introducing SmartNICs in Server-Based Data Plane Processing: The DDoS Mitigation Use Case

Cited by 40 publications

References 18 publications

Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Hybrid SDN evolution: A comprehensive survey of the state-of-the-art

Analysis of Linux Os Security Tools for Packet Filtering and Processing

Contact Info

Product

Resources

About