LANTERN: Layered Adaptive Network Telemetry Collection for Programmable Dataplanes
Pages 1 - 7
Abstract
Managing next-generation enterprise networks requires collecting and analyzing enormous volumes (tens of Tbps) of network traffic data in real time to detect potential anomalies, classify attacks, identify root causes, and rapidly deploy effective mitigations. Conducting robust and scalable analysis on such traffic volumes is a daunting ''haystack'' problem that demands intelligent strategies to winnow traffic to extract and pinpoint ''needles'' of interest. Recent advances in software-defined networking and programmable dataplanes, that enable dynamic reconfiguration of switching hardware to adapt to changing traffic conditions, provide a foundational building block. However, they lack the resources and programming primitives for complex computational models.
Toward that end, we present LANTERN, a layered and adaptive network telemetry system that facilitates joint collection and analysis of network traffic at multiple resolutions in coordination with the controller. Our design offloads complex machine-learning analysis to the controller, while still enabling proactive telemetry refinement and reactive mitigation triggers at the data-plane level. We evaluate our layered approach by replaying a labeled CIC-IDS attack dataset through both software and hardware P4 switches. LANTERN is able to detect most anomalies, accurately classify them, and introduces negligible switching overhead (1% latency).
References
[1]
Enrico Cambiaso, Gianluca Papaleo, Giovanni Chiola, and Maurizio Aiello. 2013. Slow DoS attacks: definition and categorisation. International Journal of Trust Management in Computing and Communications 1, 3--4 (2013), 300--319.
[2]
Misa Chris, OĆonnor Walt, Durairajan Ramakrishnan, Rejaie Reza, and Willinger Walter. 2022. Dynamic Scheduling of Approximate Telemetry Queries. In 19th USENIX Symposium on Networked Systems Design and Implementation (NSDI).
[3]
Scott A Crosby and Dan S Wallach. 2003. Denial of Service via Algorithmic Complexity Attacks. In USENIX Security Symposium. 29--44.
[4]
Sam Gao, Mark Handley, and Stefano Vissicchio. 2021. Stats 101 in P4: Towards In-Switch Anomaly Detection. In Proceedings of the Twentieth ACM Workshop on Hot Topics in Networks. 84--90.
[5]
Arpit Gupta, Rob Harrison, Marco Canini, Nick Feamster, Jennifer Rexford, and Walter Willinger. 2018. Sonata: Query-driven streaming network telemetry. In Proceedings of ACM SIGCOMM. 357--371.
[6]
Nikita Ivkin, Zhuolong Yu, Vladimir Braverman, and Xin Jin. 2019. Qpipe: Quantiles sketch fully in the data plane. In Proceedings of the 15th International Conference on Emerging Networking Experiments And Technologies. 285--291.
[7]
Min Suk Kang, Soo Bum Lee, and Virgil D Gligor. 2013. The crossfire attack. In 2013 IEEE symposium on security and privacy. IEEE, 127--141.
[8]
Diederik P Kingma and Max Welling. 2013. Auto-encoding variational bayes. arXiv preprint arXiv:1312.6114 (2013).
[9]
Zaoxing Liu, Hun Namkung, Georgios Nikolaidis, Jeongkeun Lee, Changhoon Kim, Xin Jin, Vladimir Braverman, Minlan Yu, and Vyas Sekar. 2021. Jaqen: A High-Performance Switch-Native Approach for Detecting and Mitigating Volumetric DDoS Attacks with Programmable Switches. In 30th USENIX Security Symposium.
[10]
Xiapu Luo and Rocky KC Chang. 2005. On a new class of pulsing denial-of-service attacks and the defense. In NDSS.
[11]
Michael O Rabin. 1981. Fingerprinting by random polynomials. Technical report (1981).
[12]
Ryan Rasti, Mukul Murthy, Nicholas Weaver, and Vern Paxson. 2015. Temporal lensing and its application in pulsing denial-of-service attacks. In 2015 IEEE Symposium on Security and Privacy. IEEE, 187--198.
[13]
Christian Rossow. 2014. Amplification Hell: Revisiting Network Protocols for DDoS Abuse. In NDSS. 1--15.
[14]
Iman Sharafaldin, Arash Habibi Lashkari, and Ali A Ghorbani. 2018. Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1 (2018), 108--116.
[15]
Sumeet Singh, Cristian Estan, George Varghese, and Stefan Savage. 2004. Automated Worm Fingerprinting. In Proc. 6th USENIX OSDI. San Francisco, CA.
[16]
Kun Yang, Samory Kpotufe, and Nick Feamster. 2020. Feature Extraction for Novelty Detection in Network Traffic. arXiv preprint arXiv:2006.16993 (2020).
[17]
Menghao Zhang, Guanyu Li, Shicheng Wang, Chang Liu, Ang Chen, Hongxin Hu, Guofei Gu, Qianqian Li, Mingwei Xu, and Jianping Wu. 2020. Poseidon: Mitigating volumetric ddos attacks with programmable switches. In the 27th Network and Distributed System Security Symposium (NDSS). io
Index Terms
- LANTERN: Layered Adaptive Network Telemetry Collection for Programmable Dataplanes
Recommendations
Precise Time-synchronization in the Data-Plane using Programmable Switching ASICs
SOSR '19: Proceedings of the 2019 ACM Symposium on SDN ResearchCurrent implementations of time synchronization protocols (e.g. PTP) in standard industry-grade switches handle the protocol stack in the slow-path (control-plane). With new use cases of in-network computing using programmable switching ASICs, global ...
A high-performance framework for a network programmable packet processor using P4 and FPGA
AbstractThe emergence of new network technologies and users' ever-increasing demand necessitates the introduction of highly programmable hardware with high flexibility and performance at the network data plane. The switches at the data plane ...
Highlights- High-performance framework for a network programmable packet processor.
- ...
MARS: Fault Localization in Programmable Networking Systems with Low-cost In-Band Network Telemetry
ICPP '23: Proceedings of the 52nd International Conference on Parallel ProcessingRecently, the adoption of Software Defined Networking (SDN) as a network infrastructure has gained significant popularity. Although the openness and programmability of SDN ease the construction of large complex networks, it is still challenging to ...
Comments
Information & Contributors
Information
Published In
December 2023
74 pages
ISBN:9798400704468
DOI:10.1145/3630047
- General Chairs:
- Fernando Ramos,
- Muhammad Shahbaz,
- Program Chairs:
- Vladimir Gurevich,
- Salvatore Signorello
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 06 December 2023
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
CoNEXT 2023
Sponsor:
CoNEXT 2023: The 19th International Conference on emerging Networking EXperiments and Technologies
December 8, 2023
Paris, France
Upcoming Conference
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 83Total Downloads
- Downloads (Last 12 months)83
- Downloads (Last 6 weeks)4
Reflects downloads up to 15 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in