Options
Flow classification for network security using P4-based Programmable Data Plane switches
Date Issued
01-01-2023
Author(s)
Krishnan, Aniswar S.
Indian Institute of Technology, Madras
Shami, Gauravdeep
Lyonnais, Marc
Wilson, Rodney
Abstract
This paper deals with programmable data plane switches that perform flow classification using machine learning (ML) algorithms. This paper describes the implementation-based study of an existing ML-based packet marking scheme called FlowLens. The core algorithm, written in the P4 language, generates features, called flow markers, while processing packets. These flow markers are an efficient formulation of the packet length distribution of a particular flow. Secondly, a controller responsible for configuring the switch, extracting the features periodically, and applying machine learning algorithms for flow classification, is implemented in Python. The generation of flow markers is evaluated using flows in a tree-based topology in Mininet using the P4-enab1ed BMv2 packet switch on the mininet emulator. Classification is performed for the detection of two different types of network attacks: Active Wiretap and Mirai Botnet. In both cases, we obtain a 30-fold reduction in memory footprint with no loss in accuracy demonstrating the potential of running P4-based ML algorithms in packet switches.