scholarly journals A Review of P4 Programmable Data Planes for Network Security

2021 ◽  
Vol 2021 ◽  
pp. 1-24
Author(s):  
Ya Gao ◽  
Zhenling Wang
Keyword(s):  
Network Security ◽  
Detailed Comparison ◽  
Workflow Model ◽  
Research Papers ◽  
Network Attacks ◽  
Active Defense ◽  
Security Research ◽  
Data Plane ◽  
Network Switch ◽  
Attack Intensity

Network attacks show a trend of increased attack intensity, enhanced diversity, and more concealed attack methods, which put forward higher requirements for the performance of network security equipment. Unlike the SDN (software defined network) switch with a fixed-function data plane, switches with programmable data planes can help users realize more network protocols. Programming Protocol-independent Packet Processors (P4) is proposed to define the operations of the data plane and to implement user’s applications, e.g., data center networks, security, or 5G. This paper provides a review of research papers on solving network security problems with P4-based programmable data plane. The work can be organized into two parts. In the first part, the programming language P4, P4 program, architectures, P4 compilers, P4 Runtime, and P4 target are introduced according to the workflow model. The advantages of P4-based programmable switching in solving network security are analyzed. In the second part, the existing network security research papers are divided into four parts according to the perspectives of passive defense, active defense, and combination of multiple technologies. The schemes in each category are compared, and the core ideas and limitations are clarified. In addition, a detailed comparison is made for the research on the performance of P4 targets. Finally, trends and challenges related to the P4-based programmable data plane are discussed.

Evaluating Network Security and Optimal Active Defense Based on Attack-Defense Game Model

2009 ◽  
Vol 32 (4) ◽  
pp. 817-827 ◽  
Author(s):  
Wei JIANG ◽  
Bin-Xing FANG ◽  
Zhi-Hong TIAN ◽  
Hong-Li ZHANG
Keyword(s):  
Network Security ◽  
Game Model ◽  
Active Defense

scholarly journals The Challenges of Effectively Anonymizing Network Data

2013 ◽  
pp. 15-22
Author(s):  
Ch. Himabindu
Keyword(s):  
Network Security ◽  
Information Security ◽  
Data Collection ◽  
Network Data ◽  
Sensitive Information ◽  
Security Testing ◽  
The Past ◽  
Technical Leadership ◽  
Security Research ◽  
Privacy Issues

The availability of realistic network data plays a significant role in fostering collaboration and ensuring U.S. technical leadership in network security research. Unfortunately, a host of technical, legal, policy, and privacy issues limit the ability of operators to produce datasets for information security testing. In an effort to help overcome these limitations, several data collection efforts (e.g., CRAWDAD[14], PREDICT [34]) have been established in the past few years. The key principle used in all of these efforts to assure low-risk, high-value data is that of trace anonymization—the process of sanitizing data before release so that potentially sensitive information cannot be extracted.

scholarly journals Adaptive method of detecting traffic anomalies in high-speed multi-service communication networks

2020 ◽  
Vol 157 ◽  
pp. 04027 ◽  
Author(s):  
Sergey Ageev ◽  
Vladimir Karetnikov ◽  
Evgeny Ol’khovik ◽  
Andrey Privalov
Keyword(s):  
Network Security ◽  
Real Time ◽  
Communication Networks ◽  
High Speed ◽  
High Efficiency ◽  
Adaptive Methods ◽  
Adaptive Method ◽  
Anomalous Behavior ◽  
Preliminary Training ◽  
Network Attacks

In the paper, an adaptive hybrid heuristic (behavioral) method for detecting small traffic anomalies in high-speed multiservice communication networks, which operates in real time, is proposed and investigated. The relevance of this study is determined by the fact that network security management processes in high-speed multiservice communication networks need to be implemented in a mode close to real-time mode, as well as identifying possible network security threats in the early stages of the implementation of possible network attacks. The proposed method and algorithm belong to the class of adaptive methods and algorithms with preliminary training. The average relative error in estimating the evaluated traffic parameters does not exceed 10%, which is sufficient for the implementation of operational network management tasks. Anomalies of the expectation of traffic intensity and its dispersion are identified if their valuesexceed the normal values by 15% or more, which makes it possible to detect possible network attacks in the early phases of their implementation, for example, at the stage of scanning ports and interfaces of the attacked system. The procedure for detecting anomalous traffic behavior is implemented based on the Mamdani’s method of hierarchical fuzzy logical inference. A study of the proposed method for detecting anomalous behavior of network traffic showed its high efficiency.

Active Defense Technology in Network Security Based on Non-Cooperative Dynamic Game Theory

2014 ◽  
Vol 687-691 ◽  
pp. 1892-1895
Author(s):  
Shuang Ping Li
Keyword(s):  
Game Theory ◽  
Network Security ◽  
Cooperative Game ◽  
Cooperative Game Theory ◽  
Preventive Measures ◽  
Rapid Development ◽  
Dynamic Game ◽  
Network Technology ◽  
Active Defense ◽  
Defense Technology

With the rapid development of network technology, the network security related threats are more and more serious at present. To guarantee the security of the network, now the main defense technology is static, but the static defense technology don’t change with the corresponding preventive measures change and unable to attack intention and attack strategies. Based on the analysis of the current situation, this paper mainly analyses the dynamic non cooperative game theory, and applied the theory to network security prevention, and achieved good results.

An Intelligent Detection Method for Network Security

2014 ◽  
Vol 530-531 ◽  
pp. 646-649
Author(s):  
Ling Qiu ◽  
Cai Ming Liu
Keyword(s):  
Network Security ◽  
Immune Cells ◽  
Detection Method ◽  
Network Data ◽  
Network Attacks ◽  
Detection Ability ◽  
Intelligent Detection ◽  
Network Administrators ◽  
Ip Packets

To dynamically discover network attacks hidden in network data, an intelligent detection method for network security is proposed. Biological immune principles and mechanisms are adopted to judge whether network data contain illegal network packets. Signature library of network attacks and section library of attack signatures are constructed. They store attack signatures and signature sections, respectively. They are used to make the initial detection ability of proposed method. Detectors are defined to simulate immune cells. They evolve dynamically to adapt the network security. Signatures of network data are extracted from IP packets. Detectors match network data's signatures which mean some attacks. Warning information is formed and sent to network administrators according to recognized attacks.

scholarly journals Analisis Rogue DHCP Packets Menggunakan Wireshark Network Protocol Analyzer

2015 ◽  
Vol 2 (2) ◽  
pp. 165
Author(s):  
Muamar Kadafi ◽  
Khusnawi Khusnawi
Keyword(s):  
Network Security ◽  
Security System ◽  
Network Protocol ◽  
Network Attacks ◽  
Man In The Middle ◽  
Before And After ◽  
Protocol Analyzer ◽  
Network Security System

Rogue DHCP server adalah salah satu pemanfaatan celah keamanan pada mekanisme konfigurasi alamat jaringan menggunakan DHCP. Rogue DHCP server memberikan konfigurasi alamat jaringan yang salah kepada client yang tergabung di dalam jaringan dengan tujuan menciptakan serangan jaringan berupa man in the middle, sehingga dapat menimbulkan ancaman terhadap privasi client yang tergabung di dalam jaringan.Penelitian difokuskan pada analisis DHCP packets seperti DHCPDISCOVER, DHCPREQUEST, DHCPOFFER, DHCPACK yang melewati sebuah Bridge Mikrotik menggunakan aplikasi Wireshark Network Protocol Analyzer sebelum dan setelah adanya Rogue DHCP server di dalam jaringan DHCP, sehingga dapat diamati bagaimana DHCP server asli dan Rogue DHCP server saling bertukar paket DHCP dengan DHCP client yang selanjutnya dilakukan analisis terhadap Rogue DHCP packets.Dari hasil analisis didapatkan informasi parameter-parameter yang terkandung di dalam Rogue DHCP Packets yang difungsikan untuk membangun sistem keamanan jaringan DHCP berupa monitoring dan pencegahan terhadap Rogue DHCP Server menggunakan DHCP Alert yang dikombinasikan dengan Firewall Filter Rule pada sebuah Bridge Mikrotik, dengan diperoleh hasil bahwa sistem dapat mendeteksi dan mencegah adanya Rogue DHCP Server di dalam jaringan DHCP berbasis IPv4.Rogue DHCP server is one of exploiting security holes in the mechanism of configuration the network address using DHCP. Rogue DHCP server provides incorrect configuration network address to a client who joined in the network with the aim of creating a network attacks such as “man in the middle”, so it can pose a threat to client privacy who joined in the network.The research focused on the analysis of DHCP packets such as DHCPDISCOVER, DHCPREQUEST, DHCPOFFER, DHCPACK which passes through a Bridge Mikrotik using Wireshark Network Protocol Analyzer application before and after the Rogue DHCP server in the DHCP network, so it can be observed how the original DHCP server and Rogue DHCP Server exchanging packets with a DHCP Client and then make an analysis of the Rogue DHCP packets.The result of analysis obtained information of parameters that contained in the Rogue DHCP Packets that enabled to build a DHCP network security system in the form of monitoring and prevention of Rogue DHCP server using DHCP Alert combined with Firewall Filter Rule on a Bridge Mikrotik, with result that the system can detect and prevent existence of Rogue DHCP Server in the DHCP based IPv4 network.

Sign in / Sign up

Export Citation Format

Share Document