P4-DVPF: Dynamic Verification of Packets Forwarding Based on P4 for SDN

In software-defined networking (SDN), the data plane consists of only many forwarding devices, so it is very vulnerable to illegal attacks by attackers to damage the data plane or even the entire network. There is a problem in the detection of these attacks in traditional SDN. Packet forwarding needs to send the Packet_in request forwarding path to the controller, which undoubtedly increases the packet forwarding delay. The emergence of programmable data plane brings a new idea to this problem. In this paper, P4 language is used to implement programmable data plane, and P4-DVPF (Dynamic Verification of Packets Forwarding based on P4) framework is proposed to detect and defend against New Stream attack and Hijacking attack in data plane in real time. In order to further reduce system overhead, dynamic verification algorithm is proposed to dynamically adjust detection frequency. Simulation results show that P4-DVPF achieves more than 98.5% verification accuracy with low delay.