FAPM: A Fake Amplification Phenomenon Monitor to Filter DRDoS Attacks With P4 Data Plane
Distributed Reflection Denial-of-Service (DRDoS) attacks have caused significant destructive effects by virtue of emerging protocol vulnerabilities and amplification advantages, and their intensity is increasing. The emergence of programmable data plane supporting line-rate forwarding provides a new...
Saved in:
| Published in | IEEE eTransactions on network and service management Vol. 21; no. 6; pp. 6703 - 6715 |
|---|---|
| Main Authors | , , , , , |
| Format | Journal Article |
| Language | English |
| Published |
New York
IEEE
01.12.2024
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Subjects | |
| Online Access | Get full text |
| ISSN | 1932-4537 1932-4537 |
| DOI | 10.1109/TNSM.2024.3449889 |
Cover
| Abstract | Distributed Reflection Denial-of-Service (DRDoS) attacks have caused significant destructive effects by virtue of emerging protocol vulnerabilities and amplification advantages, and their intensity is increasing. The emergence of programmable data plane supporting line-rate forwarding provides a new opportunity for fine-grained and efficient attack detection. This paper proposed a light-weight DRDoS attack detection and mitigation system called FAPM, which is deployed at the victim end with the intention of detecting the amplification behavior caused by the attack. It places the work of collecting and calculating reflection features on the data plane operated by "latter window assisting former window" mechanism, and arranges complex identification and regulation logic on the control plane. This approach avoids the hardware constraints of the programmable switch while leveraging their per-packet processing capability. Also, it reduces communication traffic significantly through feature compression and state transitions. Experiments show that FAPM has (1) fast response capability within seconds (2) a memory footprint at the KB level and communication overhead of 1 Kbps, and (3) good robustness. |
|---|---|
| AbstractList | Distributed Reflection Denial-of-Service (DRDoS) attacks have caused significant destructive effects by virtue of emerging protocol vulnerabilities and amplification advantages, and their intensity is increasing. The emergence of programmable data plane supporting line-rate forwarding provides a new opportunity for fine-grained and efficient attack detection. This paper proposed a light-weight DRDoS attack detection and mitigation system called FAPM, which is deployed at the victim end with the intention of detecting the amplification behavior caused by the attack. It places the work of collecting and calculating reflection features on the data plane operated by “latter window assisting former window” mechanism, and arranges complex identification and regulation logic on the control plane. This approach avoids the hardware constraints of the programmable switch while leveraging their per-packet processing capability. Also, it reduces communication traffic significantly through feature compression and state transitions. Experiments show that FAPM has (1) fast response capability within seconds (2) a memory footprint at the KB level and communication overhead of 1 Kbps, and (3) good robustness. |
| Author | Li, Keqin Wang, Xiaocai Zhang, Jiliang Tang, Dan Yin, Chao Liang, Wei |
| Author_xml | – sequence: 1 givenname: Dan orcidid: 0000-0002-0062-0213 surname: Tang fullname: Tang, Dan email: Dtang@hnu.edu.cn organization: College of Computer Science and Electronic Engineering, Hunan University, Changsha, China – sequence: 2 givenname: Xiaocai orcidid: 0009-0006-7435-5367 surname: Wang fullname: Wang, Xiaocai email: xiaocaiwang@hnu.edu.cn organization: College of Computer Science and Electronic Engineering, Hunan University, Changsha, China – sequence: 3 givenname: Keqin orcidid: 0000-0001-5224-4048 surname: Li fullname: Li, Keqin email: lik@newpaltz.edu organization: Department of Computer Science, State University of New York, New York, NY, USA – sequence: 4 givenname: Chao orcidid: 0000-0003-1915-1901 surname: Yin fullname: Yin, Chao email: david_yin@jju.edu.cn organization: School of Computer and Big Data Science, Jiujiang University, Jiujiang, China – sequence: 5 givenname: Wei orcidid: 0000-0002-5074-1363 surname: Liang fullname: Liang, Wei email: wliang@hnust.edu.cn organization: School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan, China – sequence: 6 givenname: Jiliang orcidid: 0000-0001-8712-2964 surname: Zhang fullname: Zhang, Jiliang email: zhangjiliang@hnu.edu.cn organization: College of Semiconductors (College of Integrated Circuits), Hunan University, Changsha, China |
| BookMark | eNp9kE1PwjAYxxuDiYB-ABMPTTwP-7aXelvAqQnoIhi9LV1pQ2Gs2JWD395NOBAPHpqnh__vefkNQK-2tQLgGqMRxojfLV7msxFBhI0oYzxJ-BnoY05JwEIa907-F2DQNGuEwgRz0gefWZrP7mEKM7FRMN3uKqONFN7YGuYrVdtt-2o4s7Xx1kFvYWYqrxycvE3sHKbeC7lp4IfxK5gzOBFewLwStboE51pUjbo61iF4zx4W46dg-vr4PE6ngSSc-SDpdqIaL1VIOI5oxLVaSqZEImNelgLrJUlkSJGMNOOaRriUNIpLRJCgGiV0CG4PfXfOfu1V44u13bu6HVlQzOKQIMRom4oPKels0zilC2n875XeCVMVGBWdxqLTWHQai6PGlsR_yJ0zW-G-_2VuDoxRSp3kI5bwOKQ_hSl92Q |
| CODEN | ITNSC4 |
| CitedBy_id | crossref_primary_10_1109_ACCESS_2025_3535943 |
| Cites_doi | 10.5220/0006639801080116 10.1145/3289602.3293924 10.1109/TDSC.2021.3131531 10.1145/2774993.2775007 10.1109/NOMS47738.2020.9110257 10.1016/j.eswa.2024.124356 10.1016/j.jalgor.2003.12.001 10.1109/TDSC.2022.3161015 10.1109/JIOT.2018.2874473 10.1145/2534169.2486011 10.3837/tiis.2014.05.013 10.1007/s10922-022-09714-z 10.1109/CCST.2019.8888419 10.1109/JSAC.2021.3126053 10.1109/INFOCOM.2016.7524364 10.1109/TIFS.2023.3275768 10.1007/978-3-642-04898-2_327 10.1109/NetSoft48620.2020.9165488 10.1145/948109.948116 10.1109/TNSM.2020.3048265 10.1145/3452296.3472892 10.1109/TNSM.2020.3045467 10.1016/j.jnca.2019.06.007 10.1109/CCCS.2018.8586810 10.1145/3386367.3432729 10.1137/1118101 10.1016/j.comnet.2023.110162 10.14722/ndss.2020.24007 10.1587/transinf.2018EDL8020 10.1109/JSYST.2020.2991168 10.1145/2656877.2656890 10.1109/ICDMW.2010.18 10.1109/TNSM.2020.3014870 10.1109/TSC.2023.3266757 |
| ContentType | Journal Article |
| Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2024 |
| Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2024 |
| DBID | 97E RIA RIE AAYXX CITATION |
| DOI | 10.1109/TNSM.2024.3449889 |
| DatabaseName | IEEE All-Society Periodicals Package (ASPP) 2005–Present IEEE All-Society Periodicals Package (ASPP) 1998–Present IEL(IEEE/IET Electronic Library ) CrossRef |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISSN | 1932-4537 |
| EndPage | 6715 |
| ExternalDocumentID | 10_1109_TNSM_2024_3449889 10648975 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: Science and Technology Key Projects of Changsha City grantid: #kq2208038 – fundername: YueLuShan Center Industrial Innovation Project grantid: #2023YCII0115 – fundername: National Natural Science Foundation of China grantid: #62472153 funderid: 10.13039/501100001809 |
| GroupedDBID | 0R~ 4.4 5VS 6IK 97E AAJGR AARMG AASAJ AAWTH ABAZT ABJNI ABQJQ ABVLG ACGFO ACIWK AENEX AETIX AGQYO AGSQL AHBIQ AIBXA AKJIK AKQYR ALMA_UNASSIGNED_HOLDINGS ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ CS3 EBS EJD HZ~ IES IFIPE IPLJI JAVBF LAI M43 O9- OCL P2P RIA RIE AAYXX CITATION |
| ID | FETCH-LOGICAL-c294t-845373f1de52916369fedc4ea8c79bba1fd28c530c6f49f361bc367b020a3f083 |
| IEDL.DBID | RIE |
| ISSN | 1932-4537 |
| IngestDate | Mon Jun 30 13:31:12 EDT 2025 Wed Oct 01 02:39:36 EDT 2025 Thu Apr 24 23:02:07 EDT 2025 Wed Aug 27 01:57:01 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 6 |
| Language | English |
| License | https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html https://doi.org/10.15223/policy-029 https://doi.org/10.15223/policy-037 |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c294t-845373f1de52916369fedc4ea8c79bba1fd28c530c6f49f361bc367b020a3f083 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0009-0006-7435-5367 0000-0002-5074-1363 0000-0002-0062-0213 0000-0001-5224-4048 0000-0003-1915-1901 0000-0001-8712-2964 |
| PQID | 3147520043 |
| PQPubID | 85504 |
| PageCount | 13 |
| ParticipantIDs | proquest_journals_3147520043 crossref_primary_10_1109_TNSM_2024_3449889 crossref_citationtrail_10_1109_TNSM_2024_3449889 ieee_primary_10648975 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2024-12-01 |
| PublicationDateYYYYMMDD | 2024-12-01 |
| PublicationDate_xml | – month: 12 year: 2024 text: 2024-12-01 day: 01 |
| PublicationDecade | 2020 |
| PublicationPlace | New York |
| PublicationPlace_xml | – name: New York |
| PublicationTitle | IEEE eTransactions on network and service management |
| PublicationTitleAbbrev | T-NSM |
| PublicationYear | 2024 |
| Publisher | IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | ref13 ref35 Yang (ref46) 2006; 3 ref12 ref34 ref15 Li (ref1) 2011; 8 ref14 ref31 ref11 ref10 ref32 ref2 ref17 ref19 ref18 Sharma (ref26) Yan (ref38) Priya (ref8) 2014; 13 ref24 Liu (ref39) ref23 ref45 Zheng (ref36) 2022 ref25 ref20 ref42 ref41 ref22 ref44 ref21 ref43 ref28 ref27 ref29 Zhou (ref37) ref7 (ref30) 2022 ref9 Krupp (ref3) ref4 ref6 ref5 (ref16) 2022 Matusevych (ref33) 2012 ref40 |
| References_xml | – ident: ref23 doi: 10.5220/0006639801080116 – volume: 3 start-page: 1 issue: 8 year: 2006 ident: ref46 article-title: The detection and orientation method to DRDoS attack based on fuzzy association rules publication-title: J. Commun. Comput. – ident: ref20 doi: 10.1145/3289602.3293924 – start-page: 67 volume-title: Proc. NSDI ident: ref26 article-title: Evaluating the power of flexible packet processing for network resource allocation – ident: ref12 doi: 10.1109/TDSC.2021.3131531 – ident: ref22 doi: 10.1145/2774993.2775007 – ident: ref27 doi: 10.1109/NOMS47738.2020.9110257 – ident: ref18 doi: 10.1016/j.eswa.2024.124356 – ident: ref25 doi: 10.1016/j.jalgor.2003.12.001 – start-page: 1043 volume-title: Proc. 31st USENIX Secur. Symp. (USENIX Secur.) ident: ref3 article-title: AmpFuzz: Fuzzing for amplification DDoS vulnerabilities – ident: ref14 doi: 10.1109/TDSC.2022.3161015 – start-page: 419 volume-title: Proc. 21st USENIX Symp. Netw. Syst. Design Implement. (NSDI) ident: ref38 article-title: Brain-on-switch: Towards advanced intelligent network data plane via NN-driven traffic analysis at line-speed – ident: ref7 doi: 10.1109/JIOT.2018.2874473 – ident: ref21 doi: 10.1145/2534169.2486011 – ident: ref10 doi: 10.3837/tiis.2014.05.013 – ident: ref41 doi: 10.1007/s10922-022-09714-z – ident: ref24 doi: 10.1109/CCST.2019.8888419 – ident: ref6 doi: 10.1109/JSAC.2021.3126053 – ident: ref34 doi: 10.1109/INFOCOM.2016.7524364 – year: 2022 ident: ref36 article-title: Automating in-network machine learning publication-title: arXiv:2205.08824 – start-page: 3829 volume-title: Proc. 30th USENIX Secur. Symp. (USENIX Secur.) ident: ref39 article-title: Jaqen: A high-performance switch-native approach for detecting and mitigating volumetric DDoS attacks with programmable switches – ident: ref17 doi: 10.1109/TIFS.2023.3275768 – ident: ref28 doi: 10.1007/978-3-642-04898-2_327 – volume: 8 start-page: 94 issue: 1 year: 2011 ident: ref1 article-title: Traceback DRDoS attacks publication-title: J. Inf. Comput. Sci. – ident: ref15 doi: 10.1109/NetSoft48620.2020.9165488 – volume: 13 start-page: 538 year: 2014 ident: ref8 article-title: Detecting DRDoS attack by log file based IP pairing mechanism publication-title: WSEAS Trans. Comput. – ident: ref11 doi: 10.1145/948109.948116 – ident: ref43 doi: 10.1109/TNSM.2020.3048265 – volume-title: Behavioral model version 2. year: 2022 ident: ref16 – ident: ref32 doi: 10.1145/3452296.3472892 – ident: ref5 doi: 10.1109/TNSM.2020.3045467 – ident: ref45 doi: 10.1016/j.jnca.2019.06.007 – ident: ref2 doi: 10.1109/CCCS.2018.8586810 – ident: ref31 doi: 10.1145/3386367.3432729 – volume-title: Mininet. year: 2022 ident: ref30 – ident: ref29 doi: 10.1137/1118101 – ident: ref42 doi: 10.1016/j.comnet.2023.110162 – year: 2012 ident: ref33 article-title: Hokusai-sketching streams in real time publication-title: arXiv:1210.4891 – ident: ref40 doi: 10.14722/ndss.2020.24007 – ident: ref44 doi: 10.1587/transinf.2018EDL8020 – ident: ref4 doi: 10.1109/JSYST.2020.2991168 – ident: ref19 doi: 10.1145/2656877.2656890 – ident: ref35 doi: 10.1109/ICDMW.2010.18 – ident: ref9 doi: 10.1109/TNSM.2020.3014870 – start-page: 6203 volume-title: Proc. 32nd USENIX Security Symp. (USENIX Secur.) ident: ref37 article-title: An efficient design of intelligent network data plane – ident: ref13 doi: 10.1109/TSC.2023.3266757 |
| SSID | ssj0058192 |
| Score | 2.3531396 |
| Snippet | Distributed Reflection Denial-of-Service (DRDoS) attacks have caused significant destructive effects by virtue of emerging protocol vulnerabilities and... |
| SourceID | proquest crossref ieee |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 6703 |
| SubjectTerms | Attack mitigation Communications traffic Denial of service attacks distributed reflection denial-of-service fake amplification phenomenon IP networks Light reflection Logic Luminous intensity Pipelines Prevention and mitigation Protocols Servers Switches |
| Title | FAPM: A Fake Amplification Phenomenon Monitor to Filter DRDoS Attacks With P4 Data Plane |
| URI | https://ieeexplore.ieee.org/document/10648975 https://www.proquest.com/docview/3147520043 |
| Volume | 21 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVIEE databaseName: IEEE Electronic Library (IEL) customDbUrl: eissn: 1932-4537 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0058192 issn: 1932-4537 databaseCode: RIE dateStart: 20040101 isFulltext: true titleUrlDefault: https://ieeexplore.ieee.org/ providerName: IEEE |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3dT9wwDI8GT-NhsI1px8eUhz1N6q1tnDThreJWoUl3Og3Q7q1KU0cgEIcg98JfT9z2phMT097yEEeWHSeOY__M2FdojNdtAYmL2k7AGpNoSVUgFltTSLQ5UhxyOlNnl_BzIRdDsXpXC4OIXfIZjmnY_eW3S7eiUFm0cAU6rrDFtgqt-mKt9bErCdlr-LbMUvP9YnY-jc-_HMYCwGhq475x8XSdVP46frs7pdplszU3fSrJzXgVmrF7egHU-N_s7rF3g3fJy347vGdv8O4D29nAHPzIFlU5n57wklf2BnlJCeV-iNvx-RXeESJDHPa2_sDDklfX9KPOJ78my3NehkBV-fz3dbjic-ATGyynzke4zy6rHxenZ8nQXiFxuYGQaJCiED5rUebRSRTKeGwdoNWuME1jM9_m2kmROuXBeKGyxglVNNHBtMJH1-0T244M4WfGi-j4tULpTEkHWauNTo1PhVcyUgKqEUvXsq_dgD1OLTBu6-4Nkpqa1FWTuupBXSP27Q_JfQ-88a_J-yT-jYm95EfsaK3herDNx1pkUBDYFIiDV8gO2Vtavc9aOWLb4WGFx9H3CM2Xbs89A3X904Q |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1Lb9QwEB5BOQCH8mrFlgI-cELKksRjx-YWsY0W6K5WdCv2FjmOrVZFXVS8F349niSLVkUgbj7YyWjGY4_n8Q3AG2y0V22BiY3STtBonShBVSDGtboQzuSO_JCzuZye46eVWA3F6l0tjHOuSz5zYxp2sfx2bTfkKosaLlHFL9yFewIRRV-utT14BWF7DYHLLNXvlvOzWXwA5jjmiFpRI_edq6frpfLHAdzdKtUjmG_p6ZNJrsab0Iztz1tQjf9N8GPYH-xLVvYb4gnccddP4eEO6uAzWFXlYvaelawyV46VlFLuB88dW1y4a8JkiMNe229YWLPqkmLqbPJlsj5jZQhUl8--XoYLtkA2McEw6n3kDuC8Oll-mCZDg4XE5hpDolDwgvusdSKPZiKX2rvWojPKFrppTObbXFnBUys9as9l1lguiyaamIb7aLwdwl4kyD0HVkTTr-VSZVJYzFqlVap9yr0UcSU6OYJ0y_vaDujj1ATjW929QlJdk7hqElc9iGsEb38v-d5Db_xr8gGxf2diz_kRHG8lXA_a-aPmGRYEN4X86C_LXsP96XJ2Wp9-nH9-AQ_oT30OyzHshZuNexktkdC86vbfL7Wx1tE |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=FAPM%3A+A+Fake+Amplification+Phenomenon+Monitor+to+Filter+DRDoS+Attacks+With+P4+Data+Plane&rft.jtitle=IEEE+eTransactions+on+network+and+service+management&rft.au=Tang%2C+Dan&rft.au=Wang%2C+Xiaocai&rft.au=Li%2C+Keqin&rft.au=Yin%2C+Chao&rft.date=2024-12-01&rft.pub=IEEE&rft.eissn=1932-4537&rft.volume=21&rft.issue=6&rft.spage=6703&rft.epage=6715&rft_id=info:doi/10.1109%2FTNSM.2024.3449889&rft.externalDocID=10648975 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1932-4537&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1932-4537&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1932-4537&client=summon |