Collaborative P4-SDN DDoS Detection and Mitigation with Early-Exit Neural Networks
By: Ouassim Karrakchou , Alaa Zniber , Anass Sebbar and more
Potential Business Impact:
Stops internet attacks faster using smart computer chips.
Distributed Denial of Service (DDoS) attacks pose a persistent threat to network security, requiring timely and scalable mitigation strategies. In this paper, we propose a novel collaborative architecture that integrates a P4-programmable data plane with an SDN control plane to enable real-time DDoS detection and response. At the core of our approach is a split early-exit neural network that performs partial inference in the data plane using a quantized Convolutional Neural Network (CNN), while deferring uncertain cases to a Gated Recurrent Unit (GRU) module in the control plane. This design enables high-speed classification at line rate with the ability to escalate more complex flows for deeper analysis. Experimental evaluation using real-world DDoS datasets demonstrates that our approach achieves high detection accuracy with significantly reduced inference latency and control plane overhead. These results highlight the potential of tightly coupled ML-P4-SDN systems for efficient, adaptive, and low-latency DDoS defense.
Similar Papers
Proactive DDoS Detection and Mitigation in Decentralized Software-Defined Networking via Port-Level Monitoring and Zero-Training Large Language Models
Cryptography and Security
Stops internet attacks by blocking bad traffic early.
Enhancing Network Security: A Hybrid Approach for Detection and Mitigation of Distributed Denial-of-Service Attacks Using Machine Learning
Cryptography and Security
Stops websites from crashing when attacked.
Robust DDoS-Attack Classification with 3D CNNs Against Adversarial Methods
Cryptography and Security
Finds hidden internet attacks faster and better.