A Security Monitoring Architecture based on Data Plane Programmability

Software Defined Networking has put the accent on the implementation of effective, sophisticated algorithms for the control plane, running on centralized devices. Pure centralization, however, also introduces inefficiencies and limitations in many scenarios, often negatively affecting security. Network applications could benefit from data plane programmability, e.g. implementing the increasingly popular P4 language. In this paper, we show that P4-enabled switches can run simple yet significant tasks that enhance the cooperation with the control plane, improving traffic analysis functionalities of practical relevance for security monitoring purposes. We also show how this P4-based solutions can be integrated into an SDN architecture acting as an Intrusion Detection System.