This paper presents a high-performance, scalable network monitoring and intrusion detection system (IDS) implemented in P4. The proposed solution is designed for high-performance environments such as cloud data centers, where ultra-low latency, high bandwidth, and resilient infrastructure are essential. Existing state-of-the-art (SoA) solutions, which rely on traditional out-of-band monitoring and intrusion detection techniques, often struggle to achieve the necessary latency and scalability in large-scale, high-speed networks. Unlike these approaches, our in-band solution provides a more efficient, scalable alternative that meets the performance needs of Terabit networks. Our monitoring component captures extended NetFlow v9 features at wire speed, while the in-band IDS achieves high-accuracy detection without compromising on performance. In evaluations on real-world P4 hardware, both the NetFlow monitoring and IDS components maintain negligible impact on throughput, even at traffic rates up to 8 million packets per second (mpps). This performance surpasses SoA in terms of accuracy and throughput efficiency, ensuring that our solution meets the requirements of large-scale, high-performance environments.

翻译：本文提出了一种基于P4实现的高性能、可扩展网络监控与入侵检测系统（IDS）。该方案专为云数据中心等高性能环境设计，这些环境对超低延迟、高带宽和弹性基础设施有严格要求。现有最先进的解决方案依赖于传统的带外监控与入侵检测技术，在大规模高速网络中往往难以实现所需的延迟和可扩展性。与这些方法不同，我们的带内解决方案提供了一种更高效、可扩展的替代方案，能够满足太比特网络的性能需求。我们的监控组件以线速捕获扩展的NetFlow v9特征，而带内IDS在保持高性能的同时实现了高精度检测。在实际P4硬件上的评估表明，即使在高达每秒800万数据包的流量速率下，NetFlow监控与IDS组件对吞吐量的影响均可忽略不计。该方案在检测精度与吞吐效率方面均超越了现有最先进技术，确保其能够满足大规模高性能环境的需求。