Presentation
Leveraging In-band Network Telemetry for Automated DDoS Detection in Production Programmable Networks: The AmLight Use Case
SessionThe 11th Annual International Workshop on Innovating the Network for Data Intensive Science - INDIS
DescriptionProgrammable data planes have provided great flexibility in defining the behaviors of packet forwarding switches, routers, and network interface cards (NICs). The In-band
Network Telemetry (INT) technology further increased network operators’ potential to manage packet flows by enabling realtime and customizable monitoring of packets without creating much overhead on the network. These recent advancements in networking technology have generated significant research interest and activity, including studies on INT-based DDoS detection and mitigation mechanisms. However, in practice, INT technology has not been fully realized yet, especially in detecting network anomalies in real-time. In this paper, we aim to implement a holistic real-time INT-based DDoS detection mechanism. The proposed mechanism will retrieve INT data from the network, analyze it using machine learning (ML) models in real-time, and send the information to the control plane. We will also compare the performance of using INT to detect DDoS attacks against sFlow-based detection.
Network Telemetry (INT) technology further increased network operators’ potential to manage packet flows by enabling realtime and customizable monitoring of packets without creating much overhead on the network. These recent advancements in networking technology have generated significant research interest and activity, including studies on INT-based DDoS detection and mitigation mechanisms. However, in practice, INT technology has not been fully realized yet, especially in detecting network anomalies in real-time. In this paper, we aim to implement a holistic real-time INT-based DDoS detection mechanism. The proposed mechanism will retrieve INT data from the network, analyze it using machine learning (ML) models in real-time, and send the information to the control plane. We will also compare the performance of using INT to detect DDoS attacks against sFlow-based detection.