Improving scanner data collection in P4-based SDN

Yun Zhan Cai, Chih Hao Lai, Yu Ting Wang, Meng Hsun Tsai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Port scanning is a well-known behavior when a botnet searches target devices. To detect port scanning accurately, data with high discriminatory power are indispensable. Most related works, however, focus on data analysis methods but neglect storage limitations of switches, which makes their methods impractical. Therefore, we propose a new data collection method for collecting network information of port scanning in P4-based SDN named 0-replacement. Through simulations, we compare the 0-replacement method with two classic data collection methods. Results show that the 0-replacement method improves the true positive ratio by at least 25 percentage points but only consumes 0.36% memory space.

Original languageEnglish
Title of host publicationAPNOMS 2020 - 2020 21st Asia-Pacific Network Operations and Management Symposium
Subtitle of host publicationTowards Service and Networking Intelligence for Humanity
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages126-131
Number of pages6
ISBN (Electronic)9788995004388
DOIs
Publication statusPublished - 2020 Sep
Event21st Asia-Pacific Network Operations and Management Symposium, APNOMS 2020 - Daegu, Korea, Republic of
Duration: 2020 Sep 222020 Sep 25

Publication series

NameAPNOMS 2020 - 2020 21st Asia-Pacific Network Operations and Management Symposium: Towards Service and Networking Intelligence for Humanity

Conference

Conference21st Asia-Pacific Network Operations and Management Symposium, APNOMS 2020
Country/TerritoryKorea, Republic of
CityDaegu
Period20-09-2220-09-25

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Improving scanner data collection in P4-based SDN'. Together they form a unique fingerprint.

Cite this