Busca avançada
Ano de início
Entree


BACKORDERS: Using Random Forests to Detect DDoS Attacks in Programmable Data Planes

Texto completo
Autor(es):
Coelho, Bruno ; Schaeffer-Filho, Alberto ; ACM
Número total de Autores: 3
Tipo de documento: Artigo Científico
Fonte: PROCEEDINGS OF THE 5TH INTERNATIONAL WORKSHOP ON P4 IN EUROPE, EUROP4 2022; v. N/A, p. 7-pg., 2022-01-01.
Resumo

Networks and the services they support form the communication backbone of our society, and it is important that potential Distributed Denial of Service (DDoS) attacks are detected quickly, in order to avoid or minimize the impact they may have on the availability of services. Recent technological advances in programmable networks - specifically the programmability of data planes in switches and routers, have made available new ways of detecting such attacks. By relying on this newfound possibility, this paper proposes the utilization of a Random Forest (RF) to aid in quickly and accurately detecting DDoS attacks in a programmable switch. Random forests utilize several classification trees, each of them for independently classifying an input as one of a set of classes. Here, each decision tree will classify a network flow as potentially malicious, i.e. part of a DDoS attack, or a legitimate user flow. Despite utilizing multiple classification trees to improve accuracy, random forests are relatively lightweight, with each tree requiring few and simple computations to arrive at a classification. Our results show that even small RFs, requiring as few as 63 match+action table entries, can achieve F1-Scores of over 90%. (AU)

Processo FAPESP: 20/05152-7 - PROFISSA: internet do futuro programável para arquiteturas e softwares seguros
Beneficiário:Lisandro Zambenedetti Granville
Modalidade de apoio: Auxílio à Pesquisa - Temático
Processo FAPESP: 15/24494-8 - Comunicação e processamento de big data em nuvens e névoas computacionais
Beneficiário:Nelson Luis Saldanha da Fonseca
Modalidade de apoio: Auxílio à Pesquisa - Temático