@article{ding2021tracking,
title={Tracking Normalized Network Traffic Entropy to Detect DDoS Attacks in P4},
author={Ding, Damu and Savi, Marco and Siracusa, Domenico},
journal={IEEE Transactions on Dependable and Secure Computing},
year={2021},
publisher={IEEE}
}
-
Install docker if you don't already have it.
-
Clone the repository to local
git clone https://github.com/DINGDAMU/P4DDoS.git
-
cd P4DDoS
-
If you want, put the
p4app
script somewhere in your path. For example:cp p4app /usr/local/bin
I have already modified the default docker image to dingdamu/p4app-ddos:nwhhd, so
p4app
script can be used directly.
-
./p4app run p4ddos.p4app
After this step you'll see the terminal of mininet
-
Forwarding at least 1 packets in mininet
pingall pingall
or
h1 ping h2 -c 12 -i 0.1
- Enter p4ddos.p4app folder
cd p4ddos.p4app
- Check the result by reading the register
./read_registers1.sh ./read_registers2.sh ./read_registers3.sh
Register thresholdReg[0]
is threshold for normalized entropy
Register ewmaReg[0]
is the current expoenential weighter moving average of normalized entropy.
Note that all values are amplified 1024 times
The DDoS pcap flow traces called booter
are available on (https://www.simpleweb.org/wiki/index.php/Traces.html#Booters_-_An_analysis_of_DDoS-as-a-Service_Attacks).