Abstract | ||
---|---|---|
This article proposes a new approach for detecting and mitigating the impact of misbehaving TCP end-hosts, specifically the Optimistic ACK attack, and Explicit Congestion Notification (ECN) abuse. In contrast to the state-of-the-art, we show that it is possible to mitigate such misbehavior leveraging emerging programmable data planes while not requiring any end-host or protocol modifications. A key challenge in doing so is to implement expressive, complex and stateful functions in the data plane within its restricted programming model. In this regard, we propose a security monitoring function that uses Extended Finite State Machine (EFSM) abstraction for monitoring stateful protocols in the data plane. We also design a mechanism for mapping a protocol's EFSM to programmable data plane primitives. Our evaluation results demonstrate that our approach can fully or partially restore the throughput loss caused by misbehaving end-hosts that manipulate TCP congestion control through misinformation. |
Year | DOI | Venue |
---|---|---|
2021 | 10.1109/TNSM.2021.3054528 | IEEE Transactions on Network and Service Management |
Keywords | DocType | Volume |
SDN,P4,programmable data plane,security,monitoring,EFSM,ECN,optimistic ACK | Journal | 18 |
Issue | ISSN | Citations |
1 | 1932-4537 | 0 |
PageRank | References | Authors |
0.34 | 0 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Abir Laraba | 1 | 0 | 0.34 |
Jorome Francois | 2 | 0 | 0.34 |
Shihabur Rahman Chowdhury | 3 | 310 | 23.02 |
Isabelle Chrisment | 4 | 225 | 25.75 |
Raouf Boutaba | 5 | 6453 | 404.30 |