Improving scanner data collection in P4-based SDN

Yun Zhan Cai, Chih Hao Lai, Yu Ting Wang, Meng Hsun Tsai

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

8 Scopus citations

Abstract

Port scanning is a well-known behavior when a botnet searches target devices. To detect port scanning accurately, data with high discriminatory power are indispensable. Most related works, however, focus on data analysis methods but neglect storage limitations of switches, which makes their methods impractical. Therefore, we propose a new data collection method for collecting network information of port scanning in P4-based SDN named 0-replacement. Through simulations, we compare the 0-replacement method with two classic data collection methods. Results show that the 0-replacement method improves the true positive ratio by at least 25 percentage points but only consumes 0.36% memory space.

Original languageEnglish
Title of host publicationAPNOMS 2020 - 2020 21st Asia-Pacific Network Operations and Management Symposium
Subtitle of host publicationTowards Service and Networking Intelligence for Humanity
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages126-131
Number of pages6
ISBN (Electronic)9788995004388
DOIs
StatePublished - Sep 2020
Event21st Asia-Pacific Network Operations and Management Symposium, APNOMS 2020 - Daegu, Korea, Republic of
Duration: 22 Sep 202025 Sep 2020

Publication series

NameAPNOMS 2020 - 2020 21st Asia-Pacific Network Operations and Management Symposium: Towards Service and Networking Intelligence for Humanity

Conference

Conference21st Asia-Pacific Network Operations and Management Symposium, APNOMS 2020
Country/TerritoryKorea, Republic of
CityDaegu
Period22/09/2025/09/20

Keywords

  • Data collection
  • P4
  • Port scanning
  • SDN

Fingerprint

Dive into the research topics of 'Improving scanner data collection in P4-based SDN'. Together they form a unique fingerprint.

Cite this