Detecting DoS attacks utilizing random forests in programmable data planes ; Detectando ataques DoS utilizando florestas aleatórias em planos de dados programáveis

Nowadays, most services rely on an Internet connection to be accessed by their clients. Ergo, even a brief disruption of connection can cause considerable loss, monetary or otherwise. Therefore, it is important that potential denial of service (DoS) attacks are detected quickly, in order to avoid or minimize the impact they may have on the availability and quality of services. Recent technological advances in programmable networks – specifically the programmability of data planes in switches and routers, have made available new ways of detecting such attacks. Utilizing this newfound possibility, this work proposes the utilization of Random Forests, a Machine Learning technique, to aid in quickly and accurately detecting DoS attacks in a programmable switch. Random forests utilize several procedurally generated classification trees, each of them independently classifying an input as one of a set of classes. Here, each decision tree will classify a network flow as potentially malicious, i.e. part of a DoS attack, or a legitimate user flow. Despite utilizing multiple classification trees to improve accuracy, random forests are relatively light-weight, with each tree requiring few and simple computations to arrive at a classification. The simplicity of the operations executed in each tree makes this technique a good candidate for use in programmable switches, since they have limited resources and require fast processing to operate at line rate. ; Hoje em dia, a maioria dos serviços dependem de uma conexão com a Internet para serem acessados pelos seus clientes. Portanto, mesmo breves disrupções de conexão podem causar perdas consideráveis, monetária ou de outros tipos. Assim, é importante que possíveis ataques de negação de serviço (DoS) sejam detectados rapidamente, a fim de evitar ou minimizar o impacto que possam causar à disponibilidade e qualidade de serviços. Avanços tecnológicos recentes em redes programáveis - especificamente a programabilidade de planos de dados em switches e roteadores, tornaram ...