Skip to content

dissect-project/p4SD

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 

Repository files navigation

p4SD

p4SD is a lightweight anomaly detection system designed for software-defined networks (SDNs), implemented on the data plane to address the unique demands of network security at high throughput levels. Its primary function is to detect anomalies caused by port scan activity, a commonly employed technique during the initial stages of cyberattacks to gather information about a target. The system's anomaly detection extends to multiple types of port scans by considering target multiplicity and operating independently of specific protocol headers. One of the system’s key strengths is its focus on detecting slow port scans. These types of scans are typically challenging to detect, as they can evade traditional detection due to their prolonged nature, especially within data planes where memory resources are constrained.

The developed solution achieves a throughput close to the line rate of the Netronome Agilio SmartNIC, maintaining a high detection ratio and scalability. Furthermore, despite its focus on slow port scanning, deviations caused by port scan probes do not require long periods to be identified. As such, detection occurs practically in real-time, ensuring that actions against imminent threats can be taken with minimal delay.


Implementations

p4SD offers two distinct implementations, both located in the implementations directory:

  • Software-Based Prototype: A proof-of-concept implementation designed for the BMv2 software switch, enabling straightforward testing and development. For details, see implementations/bmv2.
  • Hardware Deployment: An optimized version running on the Netronome Agilio SmartNIC, providing accelerated, hardware-based processing. For details, see implementations/netronome.

Authors

About

A lightweight anomaly detection system designed for software-defined networks (SDNs)

Topics

Resources

Contributing

Security policy

Stars

Watchers

Forks

Contributors