Stats 101 in P4: Towards In-Switch Anomaly Detection

被引：7

作者：

Gao, Sam ^{[1
]}

Handley, Mark ^{[1
]}

Vissicchio, Stefano ^{[1
]}

机构：

[1] UCL, London, England

来源：

PROCEEDINGS OF THE THE 20TH ACM WORKSHOP ON HOT TOPICS IN NETWORKS, HOTNETS 2021 | 2021年

关键词：

D O I：

10.1145/3484266.3487370

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

Data plane programmability is greatly improving network monitoring. Most new proposals rely on controllers pulling information (e.g., sketches or packets) from the data plane. This architecture is not a good fit for tasks requiring high reactivity, such as failure recovery, attack mitigation, and so on. Focusing on these tasks, we argue for a different architecture, where the data plane autonomously detects anomalies and pushes alerts to the controller. As a first step, we demonstrate that statistical checks can be implemented in P4 by revisiting definition and online computation of statistical measures. We collect our techniques in a P4 library, and showcase how they enable in-switch anomaly detection.

引用

页码：84 / 90

页数：7

共 29 条

[1] [Anonymous], 2017, P S SDN RES, DOI DOI 10.1145/3050220.3050228
[2] Programming Protocol-Independent Packet Processors
Bosshart, Pat
Daly, Dan
Gibb, Glen
Izzard, Martin
McKeown, Nick
Rexford, Jennifer
Schlesinger, Cole
Talayco, Dan
Vahdat, Amin
Varghese, George
Walker, David
[J]. ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2014, 44 (03) : 87 - 95
[3] Forwarding Metamorphosis: Fast Programmable Match-Action Processing in Hardware for SDN
Bosshart, Pat
Gibb, Glen
Kim, Hun-Seok
Varghese, George
McKeown, Nick
Izzard, Martin
Mujica, Fernando
Horowitz, Mark
[J]. ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2013, 43 (04) : 99 - 110
[4] Bryant S., 2015, RFC 7490
[5] Fine-Grained Queue Measurement in the Data Plane
Chen, Xiaoqi
Feibish, Shir Landau
Koral, Yaron
Rexford, Jennifer
Rottenstreich, Ori
Monetti, Steven A.
Wang, Tzuu-Yi
[J]. PROCEEDINGS OF THE 15TH INTERNATIONAL CONFERENCE ON EMERGING NETWORKING EXPERIMENTS AND TECHNOLOGIES (CONEXT '19), 2019, : 15 - 29
[6] Claise B., 2004, Cisco systems netflow services export version 9, DOI [10.17487/rfc3954, DOI 10.17487/RFC3954]
[7] Cloudflare blog, 2020, Famous DDoS attacks
[8] Estimating Logarithmic and Exponential Functions to Track Network Traffic Entropy in P4
Ding, Damu
Savi, Marco
Siracusa, Domenico
[J]. NOMS 2020 - PROCEEDINGS OF THE 2020 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM 2020: MANAGEMENT IN THE AGE OF SOFTWARIZATION AND ARTIFICIAL INTELLIGENCE, 2020,
[9] Gao Sam, 2021, Stat4 repository
[10] Gurevich Vladimir, 2017, Talk at P4 Developers Day

← 1 2 3 →