-
P4-baesd IPS-Charles H.-P. Wen
Abstract IoT security is important nowadays. The number of IoTs connected to the Internet is growing rapidly. IPS provides abilities of detecting and blocking malware packets. In addition to hardware IPSs, another approach is conducted by SDN with VNF technique which is deploying software (e.g., Zeek) in VM or server. However, existing SDN-based IPS methods…
-
Using a P4 Hardware Switch to Block Trackers and Ads for All Devices on an Edge Network-Shie-Yuan Wang
Abstract Nowadays, when a user downloads a web page, many unwanted advertisements are embedded into the downloaded web page. To solve these problems, in this paper we design and implement a method inside a P4 hardware switch to block trackers and advertisements. Our method is to be deployed at a switch that connects an edge…
-
Enhancing the Security of a Private Network by Using A Multi-level Hierarchical NAT Scheme-Shie-Yuan Wang
Motivation and Objective In this work, we exploit NATs and propose a multi-level hierarchical NAT scheme to protect and enhance the security of a private network. We have implemented NAT in P4 hardware switches and cascaded them together so that protected hosts can hide behind multi-level NATs. Based on the mechanism of NAT, our scheme…
-
Longer Stay Less Priority: Flow Length Approximation Used in Information-Agnostic Traffic Scheduling in Data Center Networks-Chien Chen
Abstract Numerous scheduling approaches have been proposed to improve user experiences in a data center network(DCN) by reducing flow completion time (FCT). Mimicking the shortest job first (SJF) has been proved to be the prominent way to improve FCT. To do so, some approaches require flow size or completion time information in advance, which is…
-
Neural-Network Based Malware Detection on P4 Switch-Charles H.-P. Wen
Introduction The traditional IDS(Intrusion Detection System) costs too much time and bandwidth, so we use machine learning and P4 switch to improve the efficiency of malware detection. Fig. 1: IDS and P4-IDS P4 Malware Detection Machine Learning model identifies malware faster than traditional IDS. P4 Switch is a programmable switch, so we can define the…
-
A Novel Per-Hop Per-Flow Flow Control Scheme-Shie-Yuan Wang
Abstract Performing flow control inside a network can effectively avoid packet loss due to buffer overflow in switches. IEEE 802.1Qbb Priority-based Flow Control (PFC) exercises a scheme to achieve this goal. But it still suffers from several serious problems such as congestion spreading, deadlock, and packet loss. In this work, we propose a Per-hop per-Flow…
-
Aggregating and Disaggregating Packets with Various Sizes of Payload in P4 Switches at 100 Gbps Line Rate-Shie-Yuan Wang
Project Description Aggregating multiple small packets into a large packet provides many advantages. For example, multiple small packets can share a single copy of common Ethernet/IP/UDP headers to reduce the percentage of network bandwidth spent on transmitting headers. In the past, packet aggregation and disaggregation were done by a server CPU or a switch CPU,…