Stochastic Pre-classification for SDN Data Plane Matching
作者: Luke McHale , Jasson Casey , Paul V. Gratz , Alex Sprintson
DOI: 10.1109/ICNP.2014.95
关键词:
摘要: The Software Defined Networking (SDN) approach has numerous advantages, including the ability to program network through simple abstractions, provide a centralized view of state, and respond changing conditions. One main challenges in designing SDN enabled switches is efficient packet classification data plane. As complexity applications increases, plane becomes more susceptible Denial Service (DoS) attacks, which can result increased delays loss. Accordingly, there strong need for architectures that operate efficiently presence malicious traffic. In particular, protect authorized flows from DoS attacks. this work we utilize probabilistic structure pre-classify traffic with aim decoupling likely legitimate by leveraging locality flows. We validate our examining fundamental application: software defined firewall. For application, architecture dramatically reduces impact unknown/malicious on established/legitimate explore effect stochastic pre-classification prioritizing classification. show how be used increase effective Quality (QoS) established reduce adversarial
sci-hub.se 参考文章(9)
George Varghese, Network Algorithmics-An Interdisciplinary Approach to Designing Fast Networked Devices ,(2014)
I.L. Chvets, M.H. MacGregor, Multi-zone caches for accelerating IP routing table lookups high performance switching and routing. pp. 121- 126 ,(2002) , 10.1109/HPSR.2002.1024220
Kang Li, F. Chang, D. Berger, Wu-chang Feng, Architectures for packet classification caching international conference on networks. pp. 111- 117 ,(2003) , 10.1109/ICON.2003.1266176
Pritha Ghoshal, C. Jasson Casey, Paul V. Gratz, Alex Sprintson, Stochastic Pre-Classification for Software Defined Firewalls international conference on computer communications and networks. pp. 1- 8 ,(2013) , 10.1109/ICCCN.2013.6614198
Andrei Broder, Michael Mitzenmacher, Network Applications of Bloom Filters: A Survey Internet Mathematics. ,vol. 1, pp. 485- 509 ,(2004) , 10.1080/15427951.2004.10129096
P. Gupta, N. McKeown, Classifying packets with hierarchical intelligent cuttings IEEE Micro. ,vol. 20, pp. 34- 41 ,(2000) , 10.1109/40.820051
Pat Bosshart, Glen Gibb, Hun-Seok Kim, George Varghese, Nick McKeown, Martin Izzard, Fernando Mujica, Mark Horowitz, Forwarding metamorphosis: fast programmable match-action processing in hardware for SDN acm special interest group on data communication. ,vol. 43, pp. 99- 110 ,(2013) , 10.1145/2486001.2486011
P. Gupta, N. McKeown, Algorithms for packet classification IEEE Network. ,vol. 15, pp. 24- 32 ,(2001) , 10.1109/65.912717
V. Srinivasan, S. Suri, G. Varghese, Packet classification using tuple space search Computer Communication Review. ,(1999) , 10.1145/316194.316216