P4NIPS: P4 Network Intrusion Prevention System
Resumo
An IPS must be deployed in line with the network traffic to be able to drop or accept packets according to evaluations done. Due to this, traditional IPS usage typically has an adverse effect on the network’s latency and throughput. To mitigate the efficiency problem, we propose P4NIPS, an IPS built with P4 intended to run on a programmable switch. Its viability is demonstrated in a simulated environment, where the architecture of the Tofino 2 chip is used.Referências
Abdulganiyu, O. H., Ait Tchakoucht, T., and Saheed, Y. K. (2023). A systematic literature review for network intrusion detection system (ids). Int. J. Inf. Secur., 22(5):1125–1162.
Ahad, A., Bakar, R. A., Arslan, M., and Ali, M. H. (2023). Dpidns: a deep packet inspection based ips for security of p4 network data plane. In 2023 International Conference on Smart Computing and Application (ICSCA), pages 1–8. IEEE.
Aho, A. V. and Corasick, M. J. (1975). Efficient string matching: an aid to bibliographic search. Commun. ACM, 18(6):333–340.
Benzekki, K., El Fergougui, A., and Elbelrhiti Elalaoui, A. (2016). Software-defined networking (SDN): a survey. Security and communication networks, 9(18):5803–5833.
Brandino, B., Grampin, E., Dietz, K., Wehner, N., Seufert, M., Hoßfeld, T., and Casas, P. (2024). Halids: a hardware-assisted machine learning ids for in-network monitoring. In 2024 8th Network Traffic Measurement and Analysis Conference (TMA), pages 1–4.
Castanheira, L., Parizotto, R., and Schaeffer-Filho, A. E. (2019). Flowstalker: Comprehensive traffic flow monitoring on the data plane using p4. In ICC 2019 - 2019 IEEE International Conference on Communications (ICC), pages 1–6.
Chen, Y., Layeghy, S., Manocchio, L., and Portmann, M. (2024). P4-nids: High-performance network monitoring and intrusion detection in p4.
Faucet (2025). Faucet SDN Controller. [link]. Accessed: 2025-05-16.
Hau, B., Lee, T., and Homan, J. (2015). SYNful Knock - A Cisco router implant - Part I. [link]. Accessed: 2025-05-16.
Intel (2021). Open Tofino. [link]. Accessed: 2025-05-16.
Lee, A. Y.-P., Wang, M. I.-C., Hung, C.-H., and Wen, C. H.-P. (2024). Ps-ips: Deploying intrusion prevention system with machine learning on programmable switch. Future Generation Computer Systems, 152:333–342.
Lewis, B., Broadbent, M., and Race, N. (2019). P4id: P4 enhanced intrusion detection. In 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pages 1–4.
Pei, J., Hu, Y., Tian, L., Pei, X., and Wang, Z. (2025). Dynamic anomaly detection using in-band network telemetry and gcn for cloud–edge collaborative networks. Computers & Security, 154:104422.
Peterson, L., Cascone, C., O’Connor, B., Vachuska, T., and Davie, B. (2022). Software-defined networks: A systems approach. [link]. Accessed: 2025-05-16.
Sahin, H., Bezerra, J., Brito, I., Frez, R., Chergarova, V., Lopez, L. F., and Ibarra, J. (2024). Leveraging in-band network telemetry for automated ddos detection in production programmable networks: The amlight use case. In SC24-W: Workshops of the International Conference for High Performance Computing, Networking, Storage and Analysis, pages 793–802. IEEE.
Snort (2025). Snort: The open source network intrusion detection system. [link]. Accessed: 2025-05-13.
Suricata (2025). Suricata. [link]. Accessed: 2025-06-01.
Wang, W., Jiang, W., Zhang, B., Zhu, Q., and Liao, C. (2025). A real network environment dataset for traffic analysis. Scientific Data, 12(1):1–12.
Zeek (2025). The Network Security Monitor. [link]. Accessed: 2025-06-09.
Zolfaghari, H., Rossi, D., Cerroni, W., Okuhara, H., Raffaelli, C., and Nurmi, J. (2020). Flexible software-defined packet processing using low-area hardware. IEEE Access, 8:98929–98945.
Ahad, A., Bakar, R. A., Arslan, M., and Ali, M. H. (2023). Dpidns: a deep packet inspection based ips for security of p4 network data plane. In 2023 International Conference on Smart Computing and Application (ICSCA), pages 1–8. IEEE.
Aho, A. V. and Corasick, M. J. (1975). Efficient string matching: an aid to bibliographic search. Commun. ACM, 18(6):333–340.
Benzekki, K., El Fergougui, A., and Elbelrhiti Elalaoui, A. (2016). Software-defined networking (SDN): a survey. Security and communication networks, 9(18):5803–5833.
Brandino, B., Grampin, E., Dietz, K., Wehner, N., Seufert, M., Hoßfeld, T., and Casas, P. (2024). Halids: a hardware-assisted machine learning ids for in-network monitoring. In 2024 8th Network Traffic Measurement and Analysis Conference (TMA), pages 1–4.
Castanheira, L., Parizotto, R., and Schaeffer-Filho, A. E. (2019). Flowstalker: Comprehensive traffic flow monitoring on the data plane using p4. In ICC 2019 - 2019 IEEE International Conference on Communications (ICC), pages 1–6.
Chen, Y., Layeghy, S., Manocchio, L., and Portmann, M. (2024). P4-nids: High-performance network monitoring and intrusion detection in p4.
Faucet (2025). Faucet SDN Controller. [link]. Accessed: 2025-05-16.
Hau, B., Lee, T., and Homan, J. (2015). SYNful Knock - A Cisco router implant - Part I. [link]. Accessed: 2025-05-16.
Intel (2021). Open Tofino. [link]. Accessed: 2025-05-16.
Lee, A. Y.-P., Wang, M. I.-C., Hung, C.-H., and Wen, C. H.-P. (2024). Ps-ips: Deploying intrusion prevention system with machine learning on programmable switch. Future Generation Computer Systems, 152:333–342.
Lewis, B., Broadbent, M., and Race, N. (2019). P4id: P4 enhanced intrusion detection. In 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pages 1–4.
Pei, J., Hu, Y., Tian, L., Pei, X., and Wang, Z. (2025). Dynamic anomaly detection using in-band network telemetry and gcn for cloud–edge collaborative networks. Computers & Security, 154:104422.
Peterson, L., Cascone, C., O’Connor, B., Vachuska, T., and Davie, B. (2022). Software-defined networks: A systems approach. [link]. Accessed: 2025-05-16.
Sahin, H., Bezerra, J., Brito, I., Frez, R., Chergarova, V., Lopez, L. F., and Ibarra, J. (2024). Leveraging in-band network telemetry for automated ddos detection in production programmable networks: The amlight use case. In SC24-W: Workshops of the International Conference for High Performance Computing, Networking, Storage and Analysis, pages 793–802. IEEE.
Snort (2025). Snort: The open source network intrusion detection system. [link]. Accessed: 2025-05-13.
Suricata (2025). Suricata. [link]. Accessed: 2025-06-01.
Wang, W., Jiang, W., Zhang, B., Zhu, Q., and Liao, C. (2025). A real network environment dataset for traffic analysis. Scientific Data, 12(1):1–12.
Zeek (2025). The Network Security Monitor. [link]. Accessed: 2025-06-09.
Zolfaghari, H., Rossi, D., Cerroni, W., Okuhara, H., Raffaelli, C., and Nurmi, J. (2020). Flexible software-defined packet processing using low-area hardware. IEEE Access, 8:98929–98945.
Publicado
01/09/2025
Como Citar
SENOSKI, Eduardo Vudala; ANDREOTII, João Ribeiro; MACHNICKI, Raphael Kaviak; CORREIA, Jorge Pires; FULBER-GARCIA, Vinicius.
P4NIPS: P4 Network Intrusion Prevention System. In: SALÃO DE FERRAMENTAS - SIMPÓSIO BRASILEIRO DE CIBERSEGURANÇA (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 75-84.
DOI: https://doi.org/10.5753/sbseg_estendido.2025.12079.
