New Programmable Data Plane Architecture Based on P4 OpenFlow Agent

Carvalho, Ranyelson Neres; Costa, Lucas Rodrigues; Bordim, Jacir Luiz; Alchieri, Eduardo

doi:10.1007/978-3-030-44041-1_115

Cited by 4 publications

(7 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The above techniques have been designed to work at the control plane, thus imposing an additional burden on the controller. To cope with this problem, DDoS attack‐detection solutions implemented at the data plane have been proposed 11,12,15 . Lapolli et al 15 proposed a solution using data plane programmability provided by the P4 language 21 to design a traffic inspection mechanism for real‐time DDoS attack detection.…”

Section: Related Workmentioning

confidence: 99%

“…The proposed mechanism is reported to provide lower latency, while keeping the device resource usage low. Likewise, Carvalho et al 11 proposed an architecture that implements a DDoS‐detection solution on the data plane. The suggested architecture uses an additional component to allow the P4 switch to handle more sophisticated operations.…”

Section: Related Workmentioning

confidence: 99%

“…Clearly, the prevention and mitigation of DoS and DDoS incidents are of major importance since they can disrupt network operations, reduce performance, and risk service availability. Detecting and mitigating DoS and DDoS attacks in SDN environments involves employing robust security measures that may include (

i

) traffic monitoring and analysis, (

ii

) rate limiting and traffic shaping, (

iii

) flow‐based anomaly detection, (

iv

) blacklisting and whitelisting, and (

v

) collaborative defense 3,4,11,12 . In traffic monitoring, the SDN controllers and switches monitor network traffic patterns to detect anomalous behavior, such as an abnormally high number of packets from a single source.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

DDoS attack detection in SDN: Enhancing entropy‐based detection with machine learning

Santos‐Neto,

Bordim,

Alchieri

et al. 2024

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

SummarySoftware defined network (SDN) has emerged as a new paradigm in terms of network architecture, providing flexibility, agility, and programmability to network management. These benefits boosted the SDN adoption, bringing new challenges mainly related to security, in particular, those related to Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. The detection, prevention, and mitigation of these attacks are important since they can affect the entire network. Many current security measures use statistical techniques, as entropy, or machine learning (ML) algorithms to detect DoS and DDoS attacks. While the definition of a threshold to determine whether a traffic is an attack is not trivial in statistical techniques, ML solutions may provide better accuracy but require considerable computational resources and time to converge to a model able to detect these attacks. Trying to circumvent these limitations, current hybrid approaches either use the results from entropy as input in ML algorithms (EntropyML) or use entropy as a filter and ML algorithms to identify attacks. This work goes one step ahead and combines these techniques in a three‐step approach (EntropyMLEntropy), called ML‐Entropy, which inherits the intelligence of ML algorithms to adjust the threshold used by entropy. The proposed solution was implemented and evaluated in two datasets, the well‐known synthetic DARPA dataset and a dataset composed by traffic collected from a real‐corporate environment. Experimental results show that, in general, ML‐Entropy presents an accuracy above 99%, similar to support vector machine (SVC) and random forest (RF) algorithms, being able to converge to a detection model up to and faster than RF and SVC, respectively.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

i

) traffic monitoring and analysis, (

ii

) rate limiting and traffic shaping, (

iii

) flow‐based anomaly detection, (

iv

) blacklisting and whitelisting, and (

v

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

DDoS attack detection in SDN: Enhancing entropy‐based detection with machine learning

Santos‐Neto,

Bordim,

Alchieri

et al. 2024

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

show abstract

“…For instance, in Reference 9, an entropy‐based (statistical technique) DDoS attack detection mechanism was proposed to act at the data plane. Additionally, data plane solutions are able to detect DDoS attacks faster than solutions implemented at the controller 11 …”

Section: Introductionmentioning

confidence: 99%

“…Additionally, data plane solutions are able to detect DDoS attacks faster than solutions implemented at the controller. 11 Compared to statistical techniques, ML alternatives have been widely adopted to detect attacks in SDN networks. 1 Although ML techniques usually present better attack detection accuracy, they are yet to be implemented on the data plane.…”

Section: Introductionmentioning

confidence: 99%

DataPlane‐ML: An integrated attack detection and mitigation solution for software defined networks

Carvalho

Costa

Bordim

et al. 2022

Concurrency and Computation

View full text Add to dashboard Cite

Summary Software defined network (SDN) is a paradigm that emphasizes the separation of the control plane from the data plane, offering advantages such as flexibility and programmability. However, from a security perspective, SDN also introduces new vulnerabilities due to the communication required between these planes. SYN Flood attacks are typical distributed denial‐of‐service (DDoS) attacks that especially challenge network administrators since they produce a large volume of semi‐open TCP connections to a target, compromising its availability. Most of the current solutions to detect and mitigate these attacks are designed to operate at the control plane, imposing an additional overhead on controller functions. Moreover, traffic‐blocking mechanisms, a widely used alternative to protect network resources, have the drawback of restricting legitimate traffic. This work proposes DataPlane‐ML, an integrated solution to detect and mitigate DDoS attacks on SDN, acting directly in the data plane. DataPlane‐ML uses machine learning techniques for attack detection and a mitigation solution based on the node's reputation to avoid blocking legitimate traffic during an attack. Experimental results show that DataPlane‐ML is prefix≈26%$$ \approx 26\% $$ faster than statistical‐based solutions for attack detection while presenting better accuracy. Moreover, the DataPlane‐ML mitigation solution can preserve more than 95%$$ 95\% $$ of legitimate traffic during an attack.

show abstract