Detection and Mitigation Mechanisms for Attacks in Programmable Data Planes

Broy, F.R.F.

Detection and Mitigation Mechanisms for Attacks in Programmable Data Planes

Bachelor thesis (2022)

Authors

F.R.F. Broy Electrical Engineering, Mathematics and Computer Science

Contributors

C. Ji Embedded Systems (mentor)

Fernando A. Kuipers Embedded Systems (mentor)

M. Molenaar Computer Graphics and Visualisation (graduation committee member)

Faculty

Electrical Engineering, Mathematics and Computer Science, Electrical Engineering, Mathematics and Computer Science

Networks P4 Programmable Data Planes DDoS SYN-flood

To reference this document use:

http://resolver.tudelft.nl/uuid:76392c28-1e44-4284-bbe4-306503cac0bb

More Info

expand_more

Published Date

22-06-2022

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

DDoS attacks are becoming more common and sophisticated. Only recently, in 2017, Google claims they have mitigated an attack which sent 2.54 Tbps of traffic to their servers. In order to prevent these attacks, more and more robust defence mechanisms need to be put in place to withstand the malicious traffic and secure the networks. Programmable data planes allow the users to specify which rules the headers of a packet need to follow and what happens if they are different. With this freedom, achieving more secure networks becomes possible. The use of the programming language P4 makes it easy to modify the functionality of the switches and limit the behaviour of the network in order to reduce the attack surface.
This paper describes certain attacks and mitigation techniques for them, such as DoS attacks and SYN-flood attacks. The paper will list existing defence techniques and enumerate their advantages and drawbacks. There will be two proof of concept detection and mitigation techniques in P4, and these implementations will be compared to already existing ones. The P4 implementations will be provided as well as comparison and performance graphs.

Files

Detection_and_Mitigation_Mecha... (pdf)

(pdf | 2.86 Mb)

License info not available