@article{ding2021tracking,
title={Tracking Normalized Network Traffic Entropy to Detect DDoS Attacks in P4},
author={Ding, Damu and Savi, Marco and Siracusa, Domenico},
journal={IEEE Transactions on Dependable and Secure Computing},
year={2021},
publisher={IEEE}
}
-
Install docker if you don't already have it.
-
Clone the repository to local
git clone https://github.com/DINGDAMU/P4NEntropy.git -
cd P4Entropy -
If you want, put the
p4appscript somewhere in your path. For example:cp p4app /usr/local/binI have already modified the default docker image to dingdamu/p4app-ddos:nwhhd, so
p4appscript can be used directly.
-
After this step you'll see the terminal of mininet
./p4app run p4nentropy.p4app - Forwarding at least 10 packets in mininet
Check the difference of normalized entropy between
pingall
pingall
and
h1 ping h2 -c 12 -i 0.1
- Enter p4nentropy.p4app folder
cd p4nentropy.p4app - Check the result by reading the register
./read_registers1.sh ./read_registers2.sh ./read_registers3.sh
Register1-4 is Count Sketch
Register queryResult[0:3] is the queried packet count of last incoming flow in Count Sketch, and queryResult[4] is the median value of queryResult[0:3]
Register SUM is the result of Sum
Register S is total number of packets
In register finalResults, finalResults[0] is finalResults[1] is finalResults[2] is finalResults[3] is the Entropy estimation, and finalResults[4] is the final normalized entropy estimation. All results in this register are amplified