Abstract
The evolving computer network landscape has enabled programmability in various network aspects, including Software-defined Networking (SDN) for control plane programmability and the introduction of the Programming Protocol-independent Packet Processors (P4). P4, a vendor-independent protocol, allows programmability on the data plane, offering flexibility for new services and applications. However, this flexibility introduces the need for automated solutions to monitor and manage the security of evolving networks and services. In this work, we propose FEVER, a framework utilizing P4-based telemetry and network device (switch) resource consumption to create fingerprints of network and P4 application behaviors. FEVER provides a comprehensive approach to identifying network anomalies through various metrics. The framework was evaluated in a virtualized scenario using unsupervised Machine Learning (ML) algorithms to detect diverse P4 program behaviors and traffic overload, demonstrating its potential for early detection of malicious activities in programmable networks. The results indicate high accuracy in identifying misbehavior and detecting sudden changes in P4 programs affecting the network.
This is a preview of subscription content, log in via an institution to check access.
References
Badotra, S., Panda, S.N.: Software-defined networking: a novel approach to networks. In: Gupta, B., Perez, G., Agrawal, D., Gupta, D. (eds.) Handbook of Computer Networks and Cyber Security: Principles and Paradigms, pp. 313–339. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-22277-2_13
Bai, S., Kim, H., Rexford, J.: Passive OS fingerprinting on commodity switches. In: IEEE 8th International Conference on Network Softwarization (NetSoft), pp. 264–268 (2022)
Bondan, L., et al.: FENDE: marketplace-based distribution, execution, and life cycle management of VNFs. IEEE Commun. Mag. 57(1), 13–19 (2019)
Bosshart, P., et al.: P4: programming protocol-independent packet processors. SIGCOMM Comput. Commun. Rev. 44(3), 87–95 (2014)
Ding, D., Savi, M., Siracusa, D.: Tracking normalized network traffic entropy to detect DDoS attacks in P4. Trans. Dependable Secure Comput. 19(6), 4019–4031 (2021)
Dumitrescu, D., Stoenescu, R., Negreanu, L., Raiciu, C.: BF4: towards bug-free P4 programs. In: SIGCOMM 2020, Virtually, USA, pp. 571–585 (2020)
Goswami, B., Kulkarni, M., Paulose, J.: A survey on P4 challenges in software defined networks: P4 programming. IEEE Access 11, 54373–54387 (2023)
Hauser, F., et al.: A survey on data plane programming with P4: fundamentals, advances, and applied research. J. Netw. Comput. Appl. 212, 103561 (2023)
Li, G., et al.: NETHCF: enabling line-rate and adaptive spoofed IP traffic filtering. In: IEEE 27th International Conference on Network Protocols (ICNP 2019), Chicago, USA, pp. 1–12 (2019)
Saueressig, M., Franco, M.F.: FEVER-P4 repository (2024). https://github.com/ComputerNetworks-UFRGS/FEVER-P4
Saueressig, M., Franco, M.F., Scheid, E.J., Granville, L.Z.: An approach for behavioral fingerprinting of P4 programmable switches. In: XX Escola Regional de Redes de Computadores (ERRC 2023), Porto Alegre, Brazil, pp. 22–60 (2023)
Musumeci, F., Ionata, V., Paolucci, F., Cugini, F., Tornatore, M.: Machine-learning-assisted DDoS attack detection with P4 language. In: IEEE International Conference on Communications (ICC 2020), Virtually, pp. 1–6 (2020)
Nunes, B.A.A., Mendonca, M., Nguyen, X.N., Obraczka, K., Turletti, T.: A survey of software-defined networking: past, present, and future of programmable networks. IEEE Commun. Surv. Tutor. 16(3), 1617–1634 (2014)
Open Networking Foundation: P4Language (2023). https://github.com/p4lang
Sánchez, P.M.S., Valero, J.M.J., Celdrán, A.H., Bovet, G., Pérez, M.G., Pérez, G.M.: A survey on device behavior fingerprinting: data sources, techniques, application scenarios, and datasets. IEEE Commun. Surv. Tutor. 23(2), 1048–1077 (2021)
Tan, L., et al.: In-band network telemetry: a survey. Comput. Netw. 186, 107763 (2021)
Teng, L., Hung, C.H., Wen, C.H.P.: P4SF: a high-performance stateful firewall on commodity P4-programmable switch. In: IEEE/IFIP Network Operations and Management Symposium (NOMS 2022), Budapest, Hungary, pp. 1–5 (2022)
Usama, M., et al.: Unsupervised machine learning for networking: techniques, applications and research challenges. IEEE Access 7, 65579–65615 (2019)
Wang, Q., Pan, M., Wang, S., Doenges, R., Beringer, L., Appel, A.W.: Foundational verification of stateful P4 packet processing. In: 14th International Conference on Interactive Theorem Proving (ITP 2023). Schloss-Dagstuhl-Leibniz Zentrum für Informatik, pp. 1–32 (2023)
Acknowledgements
This work was supported by The São Paulo Research Foundation (FAPESP) under the grant number 2020/05152-7, the PROFISSA project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Saueressig, M. et al. (2024). FEVER: Intelligent Behavioral Fingerprinting for Anomaly Detection in P4-Based Programmable Networks. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2024. Lecture Notes on Data Engineering and Communications Technologies, vol 201. Springer, Cham. https://doi.org/10.1007/978-3-031-57870-0_32
Download citation
DOI: https://doi.org/10.1007/978-3-031-57870-0_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57869-4
Online ISBN: 978-3-031-57870-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)