Al Sadi, Amir
(2025)
Evolving intrusion detection and prevention with programmable data planes, [Dissertation thesis], Alma Mater Studiorum Università di Bologna.
Dottorato di ricerca in
Computer science and engineering, 37 Ciclo. DOI 10.48676/unibo/amsdottorato/12313.
Documenti full-text disponibili:
![[thumbnail of Al Sadi_Amir_tesi.pdf]](https://amsdottorato.unibo.it/style/images/fileicons/application_pdf.png "Al Sadi_Amir_tesi.pdf") |
Documento PDF (English)
- Richiede un lettore di PDF come Xpdf o Adobe Acrobat Reader
Disponibile con Licenza: Salvo eventuali più ampie autorizzazioni dell'autore, la tesi può essere liberamente consultata e può essere effettuato il salvataggio e la stampa di una copia per fini strettamente personali di studio, di ricerca e di insegnamento, con espresso divieto di qualunque utilizzo direttamente o indirettamente commerciale. Ogni altro diritto sul materiale è riservato.
Download (5MB)
|
Abstract
Network monitoring has traditionally been constrained by the infrastructure’s inherent limitations, including diverse device capabilities, legacy systems, and the physical separation between data generation and monitoring. These constraints delay threat detection and response, providing adversaries opportunities to exploit network vulnerabilities and exhaust resources. While Software-Defined Networking (SDN) has introduced tools for enriched network visibility, its centralized nature imposes latency, limiting real-time threat mitigation. This thesis explores the potential of fully programmable P4 data planes to transform network threat detection. By enabling line-rate packet processing and custom pipelines, P4 empowers network engineers to proactively detect threats and react with unprecedented speed. Our work demonstrates the versatility of P4 through frameworks addressing diverse challenges. In Part II, we introduce P4RTHENON, which combines a simple data plane anomaly detection algorithm with control plane refinement to detect and mitigate DDoS attacks. Building on this, we propose an adaptive anomaly detection framework leveraging active learning to iteratively refine machine learning models, seamlessly integrating them into P4 pipelines. Part III investigates Distributed Ledger Technologies (DLTs) for tamper-proof alert dissemination, presenting P-IOTA, a framework linking P4-enabled switches directly to IOTA’s ledger, bypassing intermediaries and enhancing trust in alert systems. Part IV explores P4’s applications in IIoT networks, presenting use cases such as edge-assisted in-network computing with data integrity and industrial tunneling mechanisms, showcasing P4’s ability to secure legacy and resource-constrained systems. Concluding, the thesis outlines open challenges, such as balancing real-time detection with resource efficiency and extending P4’s capabilities for broader system integration, emphasizing its role as a cornerstone for future secure networks.
Abstract
Network monitoring has traditionally been constrained by the infrastructure’s inherent limitations, including diverse device capabilities, legacy systems, and the physical separation between data generation and monitoring. These constraints delay threat detection and response, providing adversaries opportunities to exploit network vulnerabilities and exhaust resources. While Software-Defined Networking (SDN) has introduced tools for enriched network visibility, its centralized nature imposes latency, limiting real-time threat mitigation. This thesis explores the potential of fully programmable P4 data planes to transform network threat detection. By enabling line-rate packet processing and custom pipelines, P4 empowers network engineers to proactively detect threats and react with unprecedented speed. Our work demonstrates the versatility of P4 through frameworks addressing diverse challenges. In Part II, we introduce P4RTHENON, which combines a simple data plane anomaly detection algorithm with control plane refinement to detect and mitigate DDoS attacks. Building on this, we propose an adaptive anomaly detection framework leveraging active learning to iteratively refine machine learning models, seamlessly integrating them into P4 pipelines. Part III investigates Distributed Ledger Technologies (DLTs) for tamper-proof alert dissemination, presenting P-IOTA, a framework linking P4-enabled switches directly to IOTA’s ledger, bypassing intermediaries and enhancing trust in alert systems. Part IV explores P4’s applications in IIoT networks, presenting use cases such as edge-assisted in-network computing with data integrity and industrial tunneling mechanisms, showcasing P4’s ability to secure legacy and resource-constrained systems. Concluding, the thesis outlines open challenges, such as balancing real-time detection with resource efficiency and extending P4’s capabilities for broader system integration, emphasizing its role as a cornerstone for future secure networks.
Tipologia del documento
Tesi di dottorato
Autore
Al Sadi, Amir
Supervisore
Dottorato di ricerca
Ciclo
37
Coordinatore
Settore disciplinare
Settore concorsuale
Parole chiave
Networking, Security, Software-Defined Networks, Anomaly Detection, Network Monitoring, Data Plane Programmability.
DOI
10.48676/unibo/amsdottorato/12313
Data di discussione
3 Giugno 2025
URI
Altri metadati
Tipologia del documento
Tesi di dottorato
Autore
Al Sadi, Amir
Supervisore
Dottorato di ricerca
Ciclo
37
Coordinatore
Settore disciplinare
Settore concorsuale
Parole chiave
Networking, Security, Software-Defined Networks, Anomaly Detection, Network Monitoring, Data Plane Programmability.
DOI
10.48676/unibo/amsdottorato/12313
Data di discussione
3 Giugno 2025
URI
Statistica sui download
Gestione del documento:
Login