TL;DR
This paper introduces two novel P4-compatible methods for estimating network traffic entropy and flow cardinality, enabling effective DDoS detection directly within programmable switches, thus reducing detection latency and network overhead.
Contribution
It presents the first P4-supported algorithms for traffic entropy and flow cardinality estimation with low error, facilitating in-data-plane DDoS detection.
Findings
Achieves high detection accuracy comparable to state-of-the-art methods.
Enables DDoS detection entirely within the data plane, reducing delays.
Provides low-error, P4-compatible entropy estimation algorithms.
Abstract
Distributed Denial-of-Service (DDoS) attacks represent a persistent threat to modern telecommunications networks: detecting and counteracting them is still a crucial unresolved challenge for network operators. DDoS attack detection is usually carried out in one or more central nodes that collect significant amounts of monitoring data from networking devices, potentially creating issues related to network overload or delay in detection. The dawn of programmable data planes in Software-Defined Networks can help mitigate this issue, opening the door to the detection of DDoS attacks directly in the data plane of the switches. However, the most widely-adopted data plane programming language, namely P4, lacks supporting many arithmetic operations, therefore, some of the advanced network monitoring functionalities needed for DDoS detection cannot be straightforwardly implemented in P4. This…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
