NetHCF : Filtering Spoofed IP Traffic With Programmable Switches
IEEE Transactions on Dependable and Secure Computing(2023)
摘要
In this paper, we identify the opportunity of using programmable switches to improve the state of the art in spoofed IP traffic filtering, and propose
NetHCF
, a line-rate in-network system to filter spoofed traffic. One key challenge in the design of
NetHCF
is to handle the restrictions stemmed from the limited computational model and memory resources of programmable switches. We address this by decomposing the HCF scheme into two complementary parts, by aggregating the IP-to-Hop-Count (IP2HC) mapping table for efficient memory usage, and by designing adaptive mechanisms to handle routing changes, IP popularity changes, and network activity dynamics. We implement an open-source prototype of
NetHCF
, and conduct extensive evaluations. The evaluation results demonstrate that
NetHCF
is able to process most legitimate traffic in 1
$\mu$
s, filter spoofed IP traffic effectively under network dynamics, with less than 30% of switch resource occupation.
更多查看译文
关键词
Hop-count filtering,programmable switches,spoofed IP traffic
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要