Abstract：Router security has become more important with the increasing number of programmable routers. This paper presents a pattern router that codes the modularized dataplane and pre-combines the result to monitor and regulate the dynamic actions in the dataplane. This method uses an action identifier (AID) for each action in the dataplane and puts the normal AID into a regulated action table (RAT) before running the router. When the router is working, all the dynamic actions are verified by the RAT to secure the honesty of each action. The pattern router was implemented in a Click router and in a data plane development kit (DPDK) router with tests showing that the pattern router occupies only 2 MB and uses less than 10% of the bandwidth to capture all the abnormal actions in the dataplane.
 YANG T, XIE G G, LI Y B, et al. Guarantee IP lookup performance with FIB explosion[C]//Proceedings of the 2014 ACM SIGCOMM Conference. Chicago, USA:ACM, 2014:39-50.  APPENZELLER G, KESLASSY I, MCKEOWN N. Sizing router buffers[C]//Proceedings of the 2004 ACM SIGCOMM Conference. Portland, USA:ACM, 2004:281-292.  MALTZ D A, XIE G, ZHAN J, et al. Routing design in operational networks:A look from the inside[C]//Proceedings of the 2004 ACM SIGCOMM Conference. Portland, USA:ACM, 2004:27-40.  PAXSON V. End-to-end routing behavior in the Internet[J]. IEEE/ACM Transactions on Networking, 1997, 5(5):601-615.  XU K, CHEN W L, LIN C, et al. Towards practical reconfigurable router:A software component development approach[J]. IEEE Network, 2014, 28(5):74-80.  NSA/CSSM 1-52. Prism project[Z/OL].[2018-01-15]. https://nsa.gov1.info/dni/prism.html.  MALTZ D A, ZHAN J, XIE G, et al. Structure preserving anonymization of router configuration data[C]//Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement. Taormina:ACM, 2004:239-244.  ZHANG Y, PAXSON V. Detecting backdoors[C]//Proceedings of the 9th Conference on USENIX Security Symposium. Denver:USENIX Association Berkeley, 2000:12-12.  SPARKS S, EMBLETON S, ZOU C C. A chipset level network backdoor:Bypassing host-based firewall & IDS[C]//Proceedings of the 4th International Symposium on Information, Computer, and Communications Security. Sydney:ACM, 2009:125-134.  MOJO66. Backdoor found in arcadyan-based Wi-Fi routers[Z/OL].[2018-01-15]. http://it.slashdot.org/story/12/04/26/1411229/backdoor-found-in-arcadyan-based-wifi-routers.  JC. RuggedCom-backdoor accounts in my SCADA network? you don't say…[Z/OL].[2018-01-15]. http://seclists.org/fulldisclosure/2012/Apr/277.  COSTIN A, ZADDACH J, FRANCILLON A, et al. A Large-scale analysis of the security of embedded firmwares[C]//Proceedings of the 23rd USENIX Conference on Security Symposium. San Diego:USENIX Association Berkeley, 2014:95-110.  GOODIN D. Malicious cisco router backdoor found on 79 more devices, 25 in the US[Z/OL].[2018-01-15]. https://arstechnica.com/information-technology/2015/09/malicious-cisco-router-backdoor-found-on-79-more-devices-25-in-the-us/.  GOODIN D. Cisco routers in at least 4 countries infected by highly stealthy backdoor[Z/OL].[2018-01-15]. https://arstechnica.com/information-technology/2015/09/attackers-install-highly-stealthy-backdoors-in-cisco-routers/.  HIGGINS P, KRISHNAN R. DEFCON router hacking contest reveals 15 major vulnerabilities[Z/OL].[2018-01-15]. https://www.eff.org/ru/node/82002.  DOBRESCU M, ARGYRAKI K. Software dataplane verification[C]//Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation. Seattle:USENIX Association Berkeley, 2014:101-114.  KIM T H, BASESCU C, JIA L, et al. Lightweight source authentication and path validation[C]//ACM SIGCOMM. Chicago:ACM New York, 2014:271-282.  Spirent. Spirent packet generator[Z/OL].[2018-01-15]. http://www.spirent.com/Products/TestCenter.  DUGA J, ELLIOTT S, MAH B A, et al. Iperf[Z/OL].[2018-01-15]. https://iperf.fr/.  ABADI M, BUDIU M, ERLINGSSON U, et al. Control-flow integrity[C]//Proceedings of the 12th ACM Conference on Computer and Communications Security. Alexandria:ACM New York, 2005:340-353.