Early detection of DDOS attacks in networks leveraging data plane programming

Abstract

Distributed Denial of Service (DDoS) attacks are one of the most commonly used techniques to disrupt network services today. These attacks have grown in size and frequency over the past decade and commonly target DNS infrastructure and Software as a Service (SaaS) solutions hosted on the cloud. Traditional methods for DDoS attack mitigation mostly utilize external network infrastructure to monitor traffic and detect suspicious activity. These methods however are of ten subject to issues of high latency and large memory footprint. With the rise in popularity of Software Defined Networking (SDN) and data plane programmability, these issues can be tackled as network traffic can be examined at line-rate within the forwarding devices itself. This report aims to explore the P4 data plane programming language and utilize its primitives to design an in-line traffic inspection mechanism to detect an ongoing DDoS attack. The current scheme of this implementation would be to perform an Entropy calculation of the traffic at the data plane, followed by implementing a gossip protocol to disseminate entropy information to other switches. Finally, a decision making algorithm will be used to detect the DDoS attack.