| Title | NETHCF: Enabling Line-rate and Adaptive Spoofed IP Traffic Filtering |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Li, Guanyu, Zhang, Menghao, Liu, Chang, Kong, Xiao, Chen, Ang, Gu, Guofei, Duan, Haixin |
| Conference Name | 2019 IEEE 27th International Conference on Network Protocols (ICNP) |
| Keywords | adaptive filtering, adaptive filters, adaptive spoofed IP traffic filtering, Bandwidth, computer network security, design adaptive mechanisms, end-to-end routing, HCF system, in-network system, Internet, IP networks, IP popularity, IP-to-Hop-Count mapping table, IP2HC, Kernel, memory resources, memory usage, Metrics, NETHCF, Pipelines, programmable switches, pubcrawl, Resiliency, Scalability, Servers, Switches, telecommunication network routing, telecommunication switching, telecommunication traffic, Tofino switch |
| Abstract | In this paper, we design NETHCF, a line-rate in-network system for filtering spoofed traffic. NETHCF leverages the opportunity provided by programmable switches to design a novel defense against spoofed IP traffic, and it is highly efficient and adaptive. One key challenge stems from the restrictions of the computational model and memory resources of programmable switches. We address this by decomposing the HCF system into two complementary components-one component for the data plane and another for the control plane. We also aggregate the IP-to-Hop-Count (IP2HC) mapping table for efficient memory usage, and design adaptive mechanisms to handle end-to-end routing changes, IP popularity changes, and network activity dynamics. We have built a prototype on a hardware Tofino switch, and our evaluation demonstrates that NETHCF can achieve line-rate and adaptive traffic filtering with low overheads. |
| DOI | 10.1109/ICNP.2019.8888057 |
| Citation Key | li_nethcf_2019 |
NETHCF: Enabling Line-rate and Adaptive Spoofed IP Traffic Filtering