@article{ding2021tracking,
title={Tracking Normalized Network Traffic Entropy to Detect DDoS Attacks in P4},
author={Ding, Damu and Savi, Marco and Siracusa, Domenico},
journal={IEEE Transactions on Dependable and Secure Computing},
year={2021},
publisher={IEEE}
}
-
Install docker if you don't already have it.
-
Clone the repository to local
git clone https://github.com/DINGDAMU/P4NEntropy.git
-
cd P4Entropy
-
If you want, put the
p4app
script somewhere in your path. For example:cp p4app /usr/local/bin
I have already modified the default docker image to dingdamu/p4app-ddos:nwhhd, so
p4app
script can be used directly.
-
After this step you'll see the terminal of mininet
./p4app run p4nentropy.p4app
- Forwarding at least 10 packets in mininet
Check the difference of normalized entropy between
pingall
pingall
and
h1 ping h2 -c 12 -i 0.1
- Enter p4nentropy.p4app folder
cd p4nentropy.p4app
- Check the result by reading the register
./read_registers1.sh ./read_registers2.sh ./read_registers3.sh
Register1-4
is Count Sketch
Register queryResult[0:3]
is the queried packet count of last incoming flow in Count Sketch, and queryResult[4]
is the median value of queryResult[0:3]
Register SUM
is the result of Sum
Register S
is total number of packets
In register finalResults
, finalResults[0]
is finalResults[1]
is finalResults[2]
is finalResults[3]
is the Entropy estimation, and finalResults[4]
is the final normalized entropy estimation. All results in this register are amplified