Empowering Network Security With Programmable Switches: A Comprehensive Survey

IF 34.4 1区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS IEEE Communications Surveys and Tutorials Pub Date : 2023-04-10 DOI:10.1109/COMST.2023.3265984
Xiang Chen;Chunming Wu;Xuan Liu;Qun Huang;Dong Zhang;Haifeng Zhou;Qiang Yang;Muhammad Khurram Khan
{"title":"Empowering Network Security With Programmable Switches: A Comprehensive Survey","authors":"Xiang Chen;Chunming Wu;Xuan Liu;Qun Huang;Dong Zhang;Haifeng Zhou;Qiang Yang;Muhammad Khurram Khan","doi":"10.1109/COMST.2023.3265984","DOIUrl":null,"url":null,"abstract":"With the growth of network applications such as 5G and artificial intelligence, network security techniques, i.e., the techniques that detect various attacks (e.g., well-known denial-of-service (DDoS) attacks) and prevent production networks (e.g., data center networks) from being attacked, become increasingly essential for network management and have gained great popularity in the networking community. Generally, these techniques are built on proprietary hardware appliances, i.e., middleboxes, or the paradigm that combines both software-defined networking (SDN) and network function virtualization (NFV) to implement security functions. However, the techniques built on middleboxes are proven to be hard-to-manage, costly, and inflexible, thereby making them an out-of-date choice in network security. For the techniques built on SDN and NFV, they virtualize and softwarize security functions on commodity servers, leading to non-trivial performance degradation. Fortunately, the recent emergence of programmable switches brings new opportunities of empowering network security techniques with the characteristics of easy-to-manage, low cost, high flexibility, and Tbps-level performance. In this survey, we focus on this promising trend in network security. More precisely, this survey first presents the preliminaries of programmable switches, which are the primary driver of next-generation network security techniques. Next, we comprehensively review existing techniques built on programmable switches, classify these techniques, and discuss their background, motivation, design, implementation, and limitations case-by-case. Finally, we summarize open issues and future research directions in this promising research topic of network security.","PeriodicalId":55029,"journal":{"name":"IEEE Communications Surveys and Tutorials","volume":"25 3","pages":"1653-1704"},"PeriodicalIF":34.4000,"publicationDate":"2023-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Communications Surveys and Tutorials","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10098550/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 1

Abstract

With the growth of network applications such as 5G and artificial intelligence, network security techniques, i.e., the techniques that detect various attacks (e.g., well-known denial-of-service (DDoS) attacks) and prevent production networks (e.g., data center networks) from being attacked, become increasingly essential for network management and have gained great popularity in the networking community. Generally, these techniques are built on proprietary hardware appliances, i.e., middleboxes, or the paradigm that combines both software-defined networking (SDN) and network function virtualization (NFV) to implement security functions. However, the techniques built on middleboxes are proven to be hard-to-manage, costly, and inflexible, thereby making them an out-of-date choice in network security. For the techniques built on SDN and NFV, they virtualize and softwarize security functions on commodity servers, leading to non-trivial performance degradation. Fortunately, the recent emergence of programmable switches brings new opportunities of empowering network security techniques with the characteristics of easy-to-manage, low cost, high flexibility, and Tbps-level performance. In this survey, we focus on this promising trend in network security. More precisely, this survey first presents the preliminaries of programmable switches, which are the primary driver of next-generation network security techniques. Next, we comprehensively review existing techniques built on programmable switches, classify these techniques, and discuss their background, motivation, design, implementation, and limitations case-by-case. Finally, we summarize open issues and future research directions in this promising research topic of network security.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
赋予网络安全与可编程交换机:一个全面的调查
随着5G和人工智能等网络应用的发展,网络安全技术,即检测各种攻击(如众所周知的拒绝服务(DDoS)攻击)和防止生产网络(如数据中心网络)受到攻击的技术,变得对网络管理越来越重要,并且在网络社区中获得了极大的流行。通常,这些技术建立在专有硬件设备上,即中间盒,或结合软件定义网络(SDN)和网络功能虚拟化(NFV)来实现安全功能的范例。然而,基于中盒的技术已被证明难以管理、成本高昂且不灵活,从而使其成为网络安全领域的过时选择。对于建立在SDN和NFV上的技术,它们将商品服务器上的安全功能虚拟化和软件化,从而导致非微不足道的性能下降。幸运的是,最近出现的可编程交换机带来了新的机会,使网络安全技术具有易于管理、低成本、高灵活性和Tbps级性能的特点。在这项调查中,我们关注的是网络安全的这一充满希望的趋势。更准确地说,这项调查首先介绍了可编程交换机的初步情况,可编程交换机是下一代网络安全技术的主要驱动因素。接下来,我们将全面回顾基于可编程交换机的现有技术,对这些技术进行分类,并逐一讨论它们的背景、动机、设计、实现和局限性。最后,我们总结了这一有前景的网络安全研究课题中存在的问题和未来的研究方向。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
IEEE Communications Surveys and Tutorials
IEEE Communications Surveys and Tutorials COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS
CiteScore
80.20
自引率
2.50%
发文量
84
审稿时长
6 months
期刊介绍: IEEE Communications Surveys & Tutorials is an online journal published by the IEEE Communications Society for tutorials and surveys covering all aspects of the communications field. Telecommunications technology is progressing at a rapid pace, and the IEEE Communications Society is committed to providing researchers and other professionals the information and tools to stay abreast. IEEE Communications Surveys and Tutorials focuses on integrating and adding understanding to the existing literature on communications, putting results in context. Whether searching for in-depth information about a familiar area or an introduction into a new area, IEEE Communications Surveys & Tutorials aims to be the premier source of peer-reviewed, comprehensive tutorials and surveys, and pointers to further sources. IEEE Communications Surveys & Tutorials publishes only articles exclusively written for IEEE Communications Surveys & Tutorials and go through a rigorous review process before their publication in the quarterly issues. A tutorial article in the IEEE Communications Surveys & Tutorials should be designed to help the reader to become familiar with and learn something specific about a chosen topic. In contrast, the term survey, as applied here, is defined to mean a survey of the literature. A survey article in IEEE Communications Surveys & Tutorials should provide a comprehensive review of developments in a selected area, covering its development from its inception to its current state and beyond, and illustrating its development through liberal citations from the literature. Both tutorials and surveys should be tutorial in nature and should be written in a style comprehensible to readers outside the specialty of the article.
期刊最新文献
Table of Contents Editorial: Third Quarter 2024 IEEE Communications Surveys and Tutorials Evolution of RAN Architectures Toward 6G: Motivation, Development, and Enabling Technologies A Human-Centric Metaverse Enabled by Brain-Computer Interface: A Survey Wireless Access for V2X Communications: Research, Challenges and Opportunities
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1