P4Filter: A two level defensive mechanism against attacks in SDN using P4

by   Ananya Saxena, et al.

The advancements in networking technologies have led to a new paradigm of controlling networks, with data plane programmability as a basis. This facility opens up many advantages, such as flexibility in packet processing and better network management, which leads to better security in the network. However, the current literature lacks network security solutions concerning authentication and preventing unauthorized access. In this work, our goal is to avoid attacks in a two level defense mechanism (P4Filter). The first level is a dynamic firewall logic, which blocks packets generated from an unauthorized source. The second level is an authentication mechanism based on dynamic port knocking. The two security levels were tested in a virtual environment with P4 based switches. The packets arriving at the switch from unknown hosts are sent to the controller. The controller maintains an ACL using which it assigns rules for both the levels to allow or drop the packets. For port knocking a new random sequence is generated for every new host. Hosts can only connect using the correct sequence assigned to them.The tests conducted show this approach performs better than the previous P4 based firewall approaches due to two security levels. Moreover, it is successful in mitigating specific security attacks by blocking unauthorized access to the network.


page 1

page 3

page 5

page 6


SDFW: SDN-based Stateful Distributed Firewall

SDN provides a programmable command and control networking system in a m...

Defending SDN against packet injection attacks using deep learning

The (logically) centralised architecture of the software-defined network...

SDN-based Runtime Security Enforcement Approach for Privacy Preservation of Dynamic Web Service Composition

Aiming at the privacy preservation of dynamic Web service composition, t...

Programmable In-Network Security for Context-aware BYOD Policies

Bring Your Own Device (BYOD) has become the new norm in enterprise netwo...

Patterns and Interactions in Network Security

Networks play a central role in cyber-security: networks deliver securit...

A trust-based security mechanism for nomadic users in pervasive systems

The emergence of network technologies and the appearance of new varied a...

Lattice Structural Analysis on Sniffing to Denial of Service Attacks

Sniffing is one of the most prominent causes for most of the attacks in ...

Please sign up or login with your details

Forgot password? Click here to reset