P4Drop：用于过滤可编程交换机上的TCP欺骗报文的轻量级安全功能

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-08-09 DOI:10.1016/j.cose.2025.104601

Junbi Xiao , Zhaoyu Yin , Yuhao Zhou , Kai Liu , Jian Wang , Peiying Zhang

{"title":"P4Drop：用于过滤可编程交换机上的TCP欺骗报文的轻量级安全功能","authors":"Junbi Xiao , Zhaoyu Yin , Yuhao Zhou , Kai Liu , Jian Wang , Peiying Zhang","doi":"10.1016/j.cose.2025.104601","DOIUrl":null,"url":null,"abstract":"<div><div>TCP spoofing is a network attack technique in which attackers forge the source IP address of packets to impersonate trusted sources, commonly employed in denial-of-service attacks and session hijacking. Traditional defense methods, whether host-based or SDN-based, suffer from deployment challenges, latency issues, or high overhead on the control plane. To address these shortcomings, we propose P4Drop, a lightweight function on the P4 programmable data plane that operates without the involvement of the control plane. This method effectively defends against source address spoofing attacks based on the TCP protocol. Experimental results demonstrate that P4Drop can rapidly establish a trust mechanism and filter spoofing TCP traffic after receiving a small number of packets. Compared with existing solutions, the IP Spoofing detection method deployed on the data plane, the false negative rate was reduced by roughly 6% for the same memory consumption. We demonstrated P4Drop’s ability to detect and defend attacks quickly with low latency.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104601"},"PeriodicalIF":5.4000,"publicationDate":"2025-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"P4Drop: A lightweight security function for filtering TCP spoofing packets on programmable switches\",\"authors\":\"Junbi Xiao , Zhaoyu Yin , Yuhao Zhou , Kai Liu , Jian Wang , Peiying Zhang\",\"doi\":\"10.1016/j.cose.2025.104601\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>TCP spoofing is a network attack technique in which attackers forge the source IP address of packets to impersonate trusted sources, commonly employed in denial-of-service attacks and session hijacking. Traditional defense methods, whether host-based or SDN-based, suffer from deployment challenges, latency issues, or high overhead on the control plane. To address these shortcomings, we propose P4Drop, a lightweight function on the P4 programmable data plane that operates without the involvement of the control plane. This method effectively defends against source address spoofing attacks based on the TCP protocol. Experimental results demonstrate that P4Drop can rapidly establish a trust mechanism and filter spoofing TCP traffic after receiving a small number of packets. Compared with existing solutions, the IP Spoofing detection method deployed on the data plane, the false negative rate was reduced by roughly 6% for the same memory consumption. We demonstrated P4Drop’s ability to detect and defend attacks quickly with low latency.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"157 \",\"pages\":\"Article 104601\"},\"PeriodicalIF\":5.4000,\"publicationDate\":\"2025-08-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404825002901\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825002901","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

TCP欺骗是一种网络攻击技术，攻击者伪造数据包的源IP地址来冒充可信源，通常用于拒绝服务攻击和会话劫持。传统的防御方法，无论是基于主机的还是基于sdn的，都面临部署挑战、延迟问题或控制平面的高开销。为了解决这些缺点，我们提出了P4Drop，这是P4可编程数据平面上的轻量级功能，无需控制平面参与即可运行。该方法可以有效防御基于TCP协议的源地址欺骗攻击。实验结果表明，P4Drop可以快速建立信任机制，并在收到少量数据包后过滤欺骗TCP流量。与现有解决方案相比，将IP Spoofing检测方法部署在数据平面，在相同内存消耗的情况下，误报率降低了约6%。我们展示了P4Drop快速检测和防御攻击的低延迟能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

P4Drop: A lightweight security function for filtering TCP spoofing packets on programmable switches

TCP spoofing is a network attack technique in which attackers forge the source IP address of packets to impersonate trusted sources, commonly employed in denial-of-service attacks and session hijacking. Traditional defense methods, whether host-based or SDN-based, suffer from deployment challenges, latency issues, or high overhead on the control plane. To address these shortcomings, we propose P4Drop, a lightweight function on the P4 programmable data plane that operates without the involvement of the control plane. This method effectively defends against source address spoofing attacks based on the TCP protocol. Experimental results demonstrate that P4Drop can rapidly establish a trust mechanism and filter spoofing TCP traffic after receiving a small number of packets. Compared with existing solutions, the IP Spoofing detection method deployed on the data plane, the false negative rate was reduced by roughly 6% for the same memory consumption. We demonstrated P4Drop’s ability to detect and defend attacks quickly with low latency.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.