Lewis, Benjamin and Race, Nicholas and Broadbent, Matthew (2024) Enhancing and Protecting Intrusion Detection Systems Using P4-Enabled Data Planes. PhD thesis, Lancaster University.
Abstract
As computer networks have evolved to form the Internet, there has been an ever-growing attack surface, ready to be exploited by malicious actors. Computer networks are fundamental to daily life, with dependence on them further increasing every single day. The Internet is used to facilitate manufacturing, finance, critical infrastructure and global communication. Networks also serve as a fundamental attack surface, exposing users and devices to malicious actors, internally and externally. The cost of weak security can now prove to be enormous, in terms of material costs, as well as outages to service and production. With the evolution of the uses of computer networks, with networks becoming more pervasive, there has been a need for more flexible and dynamic network management. To this end, the concept of Software-Defined Networking has evolved, taking the historically rigid realm of network management into open specifications and protocols. This paradigm shift from fixed-function to programmable platforms —referred to as softwarisation— has enabled innovation in both the management of networks, and how network devices process traffic. Network hardware can be involved not only in forwarding traffic, but also in actively determining how traffic is forwarded. In this thesis, we explore the intersection of programmable control with pro- grammable hardware. We examine how we can not only leverage existing technologies, but combine them to harness the benefits of distinct approaches. Building on this concept, we present a framework and prototype implementation to facilitate this combination with existing platforms. With the 4MIDable framework, we demonstrate how we can integrate existing network security appliances into emerging network architectures, disseminating their capability deeper into the network. We also show how programmable network infrastructure can be used to protect the network itself.