Detection and Mitigation Mechanisms for Attacks in Programmable Data Planes

Bachelor Thesis (2022)
Author(s)

F.R.F. Broy (TU Delft - Electrical Engineering, Mathematics and Computer Science)

Contributor(s)

C. Ji – Mentor (TU Delft - Embedded Systems)

F.A. Kuipers – Mentor (TU Delft - Embedded Systems)

M.L. Molenaar – Graduation committee member (TU Delft - Computer Graphics and Visualisation)

Faculty
Electrical Engineering, Mathematics and Computer Science
Copyright
© 2022 Frank Broy
More Info
expand_more
Publication Year
2022
Language
English
Copyright
© 2022 Frank Broy
Graduation Date
22-06-2022
Awarding Institution
Delft University of Technology
Project
CSE3000 Research Project
Programme
Computer Science and Engineering
Faculty
Electrical Engineering, Mathematics and Computer Science
Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

DDoS attacks are becoming more common and sophisticated. Only recently, in 2017, Google claims they have mitigated an attack which sent 2.54 Tbps of traffic to their servers. In order to prevent these attacks, more and more robust defence mechanisms need to be put in place to withstand the malicious traffic and secure the networks. Programmable data planes allow the users to specify which rules the headers of a packet need to follow and what happens if they are different. With this freedom, achieving more secure networks becomes possible. The use of the programming language P4 makes it easy to modify the functionality of the switches and limit the behaviour of the network in order to reduce the attack surface.
This paper describes certain attacks and mitigation techniques for them, such as DoS attacks and SYN-flood attacks. The paper will list existing defence techniques and enumerate their advantages and drawbacks. There will be two proof of concept detection and mitigation techniques in P4, and these implementations will be compared to already existing ones. The P4 implementations will be provided as well as comparison and performance graphs.

Files

License info not available