@article{MTMT:34563318, title = {IoT Anomaly Detection with 1D CNN Using P4 Capabilities}, url = {https://m2.mtmt.hu/api/publication/34563318}, author = {Altangerel, Gereltsetseg and Tejfel, Máté and Tsogbaatar, Enkhtur}, doi = {10.2478/aei-2023-0006}, journal-iso = {ACTA ELECTROTECH INF}, journal = {ACTA ELECTROTECHNICA ET INFORMATICA}, volume = {23}, unique-id = {34563318}, issn = {1335-8243}, abstract = {Although the Internet of Things (IoT) is a rapidly developing technology, it also brings a number of security challenges, such as IoT attacks. Currently, research on IoT anomaly detection in Software-Defined Networking (SDN) relies only on the control plane. In this study, we aim to detect IoT anomalies by covering the advantages of the control and data plane. First, we collected real-time network telemetry data from the data plane based on the capabilities of the P4. Then, using this telemetry data, we built different anomaly detection models and compared their performance. Among them, the one-Dimensional Convolutional Neural Network (1D CNN) model classified our data best and showed the highest performance, so we proposed this model for IoT anomaly detection on the control plane. To our knowledge, our approach is the first solution that integrates the control plane and data plane for IoT anomaly detection. Finally, when evaluating the performance of our proposed 1D CNN model, the accuracy, F1 score, and Matthews correlation coefficient (MCC) are the same or better than existing studies.}, year = {2023}, eissn = {1338-3957}, pages = {3-12}, orcid-numbers = {Altangerel, Gereltsetseg/0000-0002-1594-8158; Tejfel, Máté/0000-0001-8982-1398} } @article{MTMT:34434848, title = {Chatbot-Based Querying of IoT Devices in EdgeX}, url = {https://m2.mtmt.hu/api/publication/34434848}, author = {Alwahab, Dhulfiqar Zoltán and Pataki, Norbert and Tejfel, Máté}, journal-iso = {CEUR WORKSHOP PROC}, journal = {CEUR WORKSHOP PROCEEDINGS}, volume = {3588}, unique-id = {34434848}, abstract = {The increasing number of IoT devices connected to EdgeX makes it challenging to retrieve data from these devices efficiently. In this paper, we propose a chatbot-based solution for querying IoT devices connected to EdgeX. The chatbot utilizes natural language processing (NLP) techniques to understand user queries and retrieve relevant data from the EdgeX database. Our solution offers an easy-to-use interface for nontechnical users to retrieve data from IoT devices, enabling them to quickly and easily access information about their devices. Our results demonstrate that our chatbot-based solution is efficient and effective in retrieving data from IoT devices, offering a more user-friendly approach for querying EdgeX databases. The proposed chatbot-based solution has the potential to improve the accessibility and efficiency of data retrieval from IoT devices in EdgeX.}, year = {2023}, eissn = {1613-0073}, pages = {104-113}, orcid-numbers = {Alwahab, Dhulfiqar Zoltán/0000-0002-7893-6250; Pataki, Norbert/0000-0002-7519-3367; Tejfel, Máté/0000-0001-8982-1398} } @article{MTMT:34130949, title = {In-network DDoS detection and mitigation using INT data for IoT ecosystem}, url = {https://m2.mtmt.hu/api/publication/34130949}, author = {Altangerel, Gereltsetseg and Tejfel, Máté}, doi = {10.36244/ICJ.2023.5.8}, journal-iso = {INFOCOMM J}, journal = {INFOCOMMUNICATIONS JOURNAL}, volume = {15}, unique-id = {34130949}, issn = {2061-2079}, abstract = {Due to the limited capabilities and diversity of Internet of Things (IoT) devices, it is challenging to implement robust and unified security standards for these devices. Additionally, the fact that vulnerable IoT devices are beyond the network’s control makes them susceptible to being compromised and used as bots or part of botnets, leading to a surge in attacks involving these devices in recent times. We proposed a real-time IoT anomaly detection and mitigation solution at the programmable data plane in a Software-Defined Networking (SDN) environment using Inband Network telemetry (INT) data to address this issue. As far as we know, it is the first experiment in which INT data is used to detect IoT attacks in the programmable data plane. Based on our performance evaluation, the detection delay of our proposed approach is much lower than the results of previous Distributed Denial-of-Service (DDoS) research, and the detection accuracy is similarly high.}, year = {2023}, eissn = {2061-2125}, pages = {49-54}, orcid-numbers = {Tejfel, Máté/0000-0001-8982-1398} } @CONFERENCE{MTMT:34130323, title = {In-network DDoS detection and mitigation using INT data for IoT ecosystem}, url = {https://m2.mtmt.hu/api/publication/34130323}, author = {Altangerel, Gereltsetseg and Tejfel, Máté}, booktitle = {12th International Conference on Applied Informatics (ICAI 2023)}, unique-id = {34130323}, year = {2023}, pages = {1-3}, orcid-numbers = {Tejfel, Máté/0000-0001-8982-1398} } @CONFERENCE{MTMT:34122640, title = {P4 Specific Refactoring Steps}, url = {https://m2.mtmt.hu/api/publication/34122640}, author = {Tejfel, Máté and Lukács, Dániel and Péter, Hegyi}, booktitle = {12th International Conference on Applied Informatics (ICAI 2023)}, unique-id = {34122640}, year = {2023}, pages = {1-3}, orcid-numbers = {Tejfel, Máté/0000-0001-8982-1398; Lukács, Dániel/0000-0001-9738-1134} } @article{MTMT:34009519, title = {P4Query: Static analyser framework for P4}, url = {https://m2.mtmt.hu/api/publication/34009519}, author = {Lukács, Dániel and Tóth, Gabriella and Tejfel, Máté}, doi = {10.33039/ami.2023.03.002}, journal-iso = {ANN MATH INFORM}, journal = {ANNALES MATHEMATICAE ET INFORMATICAE}, volume = {57}, unique-id = {34009519}, issn = {1787-5021}, abstract = {There are many important tasks in a conventional software development process which can be supported by different analysis techniques. P4 is a high level domain-specific language for describing the data plane layer of packet processing algorithms. It has several uncommon language elements and concepts that often make the analysis of P4 programs a laborious task. The paper presents P4Query, an analysis framework for the P4 language that enables the specification of different P4-related analysis methods in a generic and data-centric way. The framework uses an internal graph representation which contains the results of applied analysis methods too. In this way, the framework supports the rapid implementation of new analysis methods in a way where the results will be also easily reusable by other methods.}, keywords = {Static analysis; P4 language; ANALYSIS FRAMEWORK}, year = {2023}, eissn = {1787-6117}, pages = {49-64}, orcid-numbers = {Lukács, Dániel/0000-0001-9738-1134; Tejfel, Máté/0000-0001-8982-1398} } @inproceedings{MTMT:33267353, title = {A 1D CNN-based model for IoT anomaly detection using INT data}, url = {https://m2.mtmt.hu/api/publication/33267353}, author = {Altangerel, Gereltsetseg and Tejfel, Máté and Enkhtur, Tsogbaatar}, booktitle = {2022 IEEE 16th International Scientific Conference on Informatics - Proceedings}, doi = {10.1109/Informatics57926.2022.10083469}, unique-id = {33267353}, abstract = {Due to the limited capacity and versatility of Internet of Things (IoT) devices, it isn’t easy to implement advanced security mechanisms and adhere to common security standards on IoT devices. Our study proposes a network-based solution to address these issues in the IoT environment. This solution leverages the advantages of a programmable data plane, Software-Defined Networking (SDN), and machine learning. In-Band Network Telemetry (INT) is a novel monitoring application developed using a programmable data plane to collect network characteristics (INT data) in real time without affecting network performance. We aim to detect IoT attacks based on INT data using a 1D CNN-based deep learning model. As far as we know, this model is the first attempt to use INT data to detect IoT attacks. We created an SDN network infrastructure in a simulation environment and collected INT data from IoT devices in the event of an attack or non-attack. Our proposed 1D CNN-based model using INT data can detect IoT attacks with approximately 99.63% accuracy. Our solution is relatively cost-effective and performs well compared to other competing models.}, year = {2022}, pages = {106-113}, orcid-numbers = {Tejfel, Máté/0000-0001-8982-1398} } @CONFERENCE{MTMT:33108392, title = {Overlaying control flow graphs on P4 syntax trees with Gremlin.}, url = {https://m2.mtmt.hu/api/publication/33108392}, author = {Lukács, Dániel and Tejfel, Máté}, booktitle = {The 13th Conference of PhD Students in Computer Science}, unique-id = {33108392}, year = {2022}, pages = {50-54}, orcid-numbers = {Lukács, Dániel/0000-0001-9738-1134; Tejfel, Máté/0000-0001-8982-1398} } @article{MTMT:33108365, title = {Model Checking-Based Performance Prediction for P4}, url = {https://m2.mtmt.hu/api/publication/33108365}, author = {Lukács, Dániel and Pongrácz, Gergely and Tejfel, Máté}, doi = {10.3390/electronics11142117}, journal = {ELECTRONICS (SWITZ)}, volume = {11}, unique-id = {33108365}, abstract = {Next-generation networks focus on scale and scope at the price of increasing complexity, leading to difficulties in network design and planning. As a result, anticipating all hardware- and software-related factors of network performance requires time-consuming and expensive benchmarking. This work presents a framework and software tool for automatically inferring the performance of P4 programmable network switches based on the P4 source code and probabilistic models of the execution environment with the hope of eliminating the requirement of the costly set-up of networked hardware and conducting benchmarks. We designed the framework using a top-down approach. First, we transform high-level P4 programs into a representation that can be refined incrementally by adding probabilistic environment models of increasing levels of complexity in order to improve the estimation precision. Then, we use the PRISM probabilistic model checker to perform the heavy weight calculations involved in static performance prediction. We present a formalization of the performance estimation problem, detail our solution, and illustrate its usage and validation through a case study conducted using a small P4 program and the P4C-BM reference switch. We show that the framework is already capable of performing estimation, and it can be extended with more concrete information to yield better estimates.}, year = {2022}, eissn = {2079-9292}, orcid-numbers = {Lukács, Dániel/0000-0001-9738-1134; Tejfel, Máté/0000-0001-8982-1398} } @article{MTMT:32799829, title = {Study on Emerging Applications on Data Plane and Optimization Possibilities}, url = {https://m2.mtmt.hu/api/publication/32799829}, author = {Altangerel, Gereltsetseg and Tejfel, Máté}, doi = {10.5121/ijdps.2022.13101}, journal-iso = {IJDPS}, journal = {INTERNATIONAL JOURNAL OF DISTRIBUTED AND PARALLEL SYSTEMS}, volume = {13}, unique-id = {32799829}, issn = {2229-3957}, year = {2022}, eissn = {0976-9757}, pages = {1-11}, orcid-numbers = {Tejfel, Máté/0000-0001-8982-1398} }