可编程数据平面系统异常检测系统的设计与实现

摘要/Abstract

摘要： 可编程数据平面为实现快速、准确和数据驱动的控制回路决策提供了令人兴奋的机会，很多研究者已经提出了许多数据平面系统来实时地处理网络动态（例如，拥塞、故障），这些系统的核心是具有数据包处理的数据平面算法，可连续监控流量并自动响应。尽管有诸多好处，但对网络事件的自动响应会导致潜在输入源的增加，从而增加了攻击面。本文设计了一个异常检测系统，用于在运行时检测此类攻击，系统对合理的预期行为进行建模，并使用该模型作为参考来检查系统是否受到攻击，实验证明：所提议的异常检测系统在对抗性攻防方面是可行性的，也是有效的。

关键词: 可编程数据平面, 网络攻击, 网络监控, 安全与隐私, 入侵检测系统, 拒绝服务攻击

Abstract: Programmable data plane to achieve rapid and accurate decision-making and data-driven control circuit provides exciting opportunities, many researchers have proposed many graphic system to real-time processing network dynamic data (for example, congestion, fault), the core of these systems is a data plane algorithm with packet processing, can be continuous automatic monitoring traffic and response. Despite its benefits, automatic response to network events increases the attack surface by increasing potential input sources. In this paper, an anomaly detection system is designed to detect such attacks at runtime. The system models the reasonable expected behavior and uses the model as a reference to check whether the system is attacked or not. Experiments show that the proposed anomaly detection system is feasible and effective in antagonistic attack and defense.

Key words: Programmable data plane, Network attack, Network monitoring, Security and privacy, Intrusion detection system, Denial of service attack

陈立军, 张屹, 陈孝如, . 可编程数据平面系统异常检测系统的设计与实现[J]. 信息安全研究, 2022, 8(2): 135-.

参考文献

[1]Bosshart P, Gibb G, Kim H S, et al. Forwarding metamorphosis: Fast programmable match-action processing in hardware for SDN [J]. ACM SIGCOMM Computer Communication Review, New York, USA, ACM, 2013, 43(4): 99-110.

[2] Nate Foster，Rob Harrison，Michael J. Freedman and Christopher Monsanto 2021. Network Programming Language [OL].2021, https://nplang.org/.

[3] Nick McKeown,P4语言[OL]，2021. https://p4.org/.

[4] Katta N, Hira M, and Kim C, et al. Hula: Scalable load balancing using programmable data planes[C]//Proceedings of the Symposium on SDN Research. 2016: 1-12.

[5] Hsu K F, Beckett R, Chen A, et al. Contra: A programmable system for performance-aware routing[C]//17th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 20). 2020: 701-721.

[6] Holterbach T, Molero E C, Apostolaki M, et al. Blink: Fast connectivity recovery entirely in the data plane[C]//16th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 19). 2019: 161-176.

[7] Jin X, Li X, and Zhang H, et al. Netcache: Balancing key-value stores with fast in-network caching[C]//Proceedings of the 26th Symposium on Operating Systems Principles. 2017: 121-136.

[8] Kang Q, Xing J, Chen A. Automated attack discovery in data plane systems[C]//12th {USENIX} Workshop on Cyber Security Experimentation and Test ({CSET} 19). 2019.

[9] Meier R, Holterbach T, Keck S, et al. (Self) Driving Under the Influence: Intoxicating Adversarial Network Inputs[C]//Proceedings of the 18th ACM Workshop on Hot Topics in Networks. 2019: 34-42.

[10] Kodeswaran S, Arashloo M T, Tammana P, et al. Tracking P4 program execution in the data plane[C]//Proceedings of the Symposium on SDN Research. 2020: 117-122.

[11] Chi-squared test — Wikipedia, The Free Encyclopedia [OL]. https:// en.wikipedia.org/wiki/Pearson%27s_chi-squared_test. 2021.

[12]李健,江昊,罗威,杜渂.基于可编程数据平面的状态防火墙技术[J/OL].武汉大学学报(工学版):1-8[2021-09-25].http://kns.cnki.net/kcms/detail/42.1675.T.20210416.1425.002.html.

[13]耿俊杰,颜金尧.基于可编程数据平面的PFC算法实现[J].计算机技术与发展,2021,31(01):116-121.

[14]吕娜,潘武,陈柯帆,张彦晖.控制器故障下的软件定义机载网络数据平面迁移策略[J].航空学报,2021,42(03):349-358.

[15]肖如良,曾智霞,肖晨凯,张仕.基于局部敏感布隆过滤器的工业物联网隐性异常检测[J/OL].计算机应用:1-7[2021-10-20].http://kns.cnki.net/kcms/detail/51.1307.TP.20210923.1626.005.html.

[16] [1]吕浩,易鹏飞,刘瑞,周东生,张强,魏小鹏.用于视频异常检测的时序多尺度自编码器[J/OL].图学学报:1-8[2021-10-20].http://kns.cnki.net/kcms/detail/10.1034.t.20210917.0946.004.html.

[17]靳晓琪,卢金奇,李林城.基于信息熵的网络异常检测及入侵防御系统设计[J].电子设计工程,2021,29(18):152-156.

[18] Kang Q, Xing J, Qiu Y, et al. Probabilistic profiling of stateful data planes for adversarial testing[C]//Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. 2021: 286-301.

[19] Liu J, Hallahan W, and Schlesinger C, et al. P4v: Practical verification for programmable data planes[C]//Proceedings of the 2018 Conference of the ACM Special Interest Group on data communication. 2018: 490-503.

[20] Nötzli A, Khan J, and Fingerhut A, et al. P4pktgen: Automated test case generation for p4 programs[C]//Proceedings of the Symposium on SDN Research. NY, USA, ACM, 2018: 1-7.

[21] Stoenescu R, Dumitrescu D, Popovici M, et al. Debugging P4 programs with Vera[C]//Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication. 2018: 518-532.

[22] Kang Q, Xue L, Morrison A, et al. Programmable In-Network Security for Context-aware {BYOD} Policies[C]//29th {USENIX} Security Symposium ({USENIX} Security 20). 2020: 595-612.

[23] Miao R, Zeng H, and Kim C, et al. Silkroad: Making stateful layer-4 load balancing fast and cheap using switching asics[C]//Proceedings of the Conference of the ACM Special Interest Group on Data Communication. 2017: 15-28.

[24] Holterbach T, Molero E C, Apostolaki M, et al. Blink: Fast connectivity recovery entirely in the data plane[C]//16th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 19). 2019: 161-176.

[25] Li G, Zhang M, Liu C, et al. Nethcf: Enabling line-rate and adaptive spoofed ip traffic filtering[C]//2019 IEEE 27th international conference on network protocols (ICNP). IEEE, 2019: 1-12.

[26] Li Y, Miao R, and Kim C, et al. Flowradar: A better netflow for data centers[C]//13th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 16). 2016: 311-324.

[27] Li Y, Miao R, and Kim C, et al. Lossradar: Fast detection of lost packets in data center networks[C]//Proceedings of the 12th International on Conference on emerging Networking EXperiments and Technologies. Connecticut, USA, ACM, 2016: 481-495.

[28] Liu Z, Manousis A, Vorsanger G, et al. One sketch to rule them all: Rethinking network flow monitoring with univmon[C]//Proceedings of the 2016 ACM SIGCOMM Conference. 2016: 101-114.

[29] Duet: Cloud Scale Load Balancing with Hardware and Software [J]. Computer Communication Review: A Quarterly Publication of the Special Interest Group on Data Communication, 2014, 44(4):27-38.

[30] Gerbet T, Kumar A, Lauradoux C. The Power of Evil Choices in Bloom Filters[C]// IEEE/IFIP International Conference on Dependable Systems & Networks. IEEE, 2015.

[31] Ball T, Larus J R. Efficient path profiling[C]//Proceedings of the 29th Annual IEEE/ACM International Symposium on Microarchitecture. MICRO 29. IEEE, 1996: 46-57.

[32] Workload Analysis of a Large-Scale Key-Value Store [J]. Performance Evaluation Review, 2012, 40(1):53-64.