immUNITY: Detecting and Mitigating Low Volume & Slow Attacks with Programmable Switches and SmartNICs

Our analysis of recent Internet traces shows that up to 71% of flows contain suspicious behaviors indicative of low-volume network attacks such as port scans. However, distinguishing anomalous traffic in real time is challenging as each attack flow may comprise only a few packets. We extend prior work that tracks heavy hitter flows to also detect low-volume and slow attacks by combining the capabilities of both switches and SmartNICs. We flip the usual design approach by proposing an efficient filter data structure used to quickly route traffic marked as benign towards destination end-systems. We make careful use of limited programmable switch memory and pipeline stages, and complement them with SmartNIC resources to analyze the remaining traffic that may be anomalous. Using machine learning classifiers and intrusion detection rules deployed on the SmartNIC, we identify malicious source IPs, which then undergo more detailed forensics for attack mitigation. Finally, we develop a dataplane based protocol to rapidly coordinate data structure updates between these devices. We implement immUNITY in a testbed with Tofino v1 switch and Bluefield 3 SmartNIC, demonstrating its high accuracy, while minimizing traffic that’s analyzed outside the switch.

💡 Research Summary

The paper presents immUNITY, a novel in‑network filtering framework that combines programmable switches and SmartNICs to detect and mitigate low‑volume, low‑rate attacks such as port scans, Slowloris, SSH/FTP brute‑forcing, and distributed SYN floods. Motivated by an analysis of MAWI and CAIDA traces showing that up to 71 % of flows (and a substantial fraction of packets) exhibit suspicious behavior, the authors argue that traditional scrubbing appliances and switch‑only solutions cannot efficiently handle the “mouse” flows that consist of only a few packets each.

immUNITY’s design follows a “benign‑first” philosophy. At the switch level, a memory‑efficient approximate data structure—similar to a Bloom filter—is implemented within the limited SRAM (≈ 6.9 MB per pipeline) of a Tofino v1 device. This structure uses early‑packet header features (5‑tuple, SYN/FIN flags, packet size, inter‑arrival time) to quickly classify traffic as benign. Benign flows are immediately forwarded to the destination, freeing switch resources. Flows flagged as suspicious are marked and a small metadata record is sent to a BlueField 3 SmartNIC for deeper inspection.

The SmartNIC, equipped with 32 GB DRAM and two 200 Gbps ports, runs a lightweight machine‑learning classifier (e.g., LightGBM decision trees) that operates on header‑only features, allowing it to keep per‑packet processing latency low. In parallel, a set of Zeek‑style intrusion‑detection rules is applied to identify scanning patterns, slow‑loris style partial HTTP requests, credential‑guessing attempts, and coordinated SYN floods. When a source IP is deemed malicious, immUNITY injects a blacklist entry into the switch’s filter, ensuring that subsequent packets from that IP are dropped at line rate without involving the SmartNIC again.

A custom data‑plane protocol synchronizes state between the switch and the SmartNIC. Updates are batched to avoid pipeline stalls, and the number of TCAM entries is kept minimal. Cross‑flow analysis aggregates multiple short flows from the same source, improving detection confidence for attacks that spread their activity across many tiny connections.

Evaluation is performed both via trace‑driven simulation and a physical testbed comprising a Tofino v1 switch and a BlueField 3 DP U. With a single SmartNIC core handling a 100 Gbps port, the system achieves an end‑to‑end throughput of 96 Gbps while only 0.14 Gbps of traffic is forwarded to the SmartNIC. Scaling the ingress traffic to 1.5 Tbps increases SmartNIC load to merely 2.24 Gbps, demonstrating good scalability. On the CAIDA trace, immUNITY correctly identifies 99 % of scanning attacker IPs, delivering orders‑of‑magnitude fewer false positives than the state‑of‑the‑art NetBeacon system.

In summary, immUNITY leverages the high‑speed forwarding and deterministic pipeline of programmable switches together with the larger memory and flexible compute of SmartNICs to isolate and analyze the “needle‑in‑the‑haystack” of low‑volume attacks at terabit line rates. The authors release the source code and plan to publish the labeled traces, paving the way for further research on multi‑SmartNIC coordination, more sophisticated deep‑learning models, and automated policy distribution in cloud‑edge environments.