Abstract:Software Defined Networks (SDNs) offer a comprehensive network view by separating the control plane from the data plane. However, SDNs are vulnerable to Distributed Denial of Service (DDoS), a dangerous attack that depletes resources, preventing service delivery. Among the DDoS attacks, the HTTP slow-rate DDoS attack is particularly critical, targeting web servers with slow or incomplete requests. Significant efforts have been made in the last few years to improve DDoS attack detection in SDNs, leading to the proposal of several detection techniques. In an effort to address these current constraints, scientists have concentrated on leveraging the computational capabilities of data plane devices. Notably, in this context, Programming Protocol-independent Packet Processors (P4) have become an important technology closely linked to the data plane components of SDN. The use of new detection techniques through the use of P4-equipped data planes for DDoS detection methods has the potential to reduce the computational load on the controller. This research paper analyzes detection system components and introduces P4httpGuard,a detection mechanism that employs machine learning (ML) techniques in conjunction with P4 switches to identify slow-rate DDoS attacks within SDNs. The model uses P4 switches programmable capabilities to enhance detection while reducing controller computational overhead. The model has been evaluated for performance metrics like detection time, bandwidth consumption, and CPU usage. The results from the implementation of our mechanism demonstrate a notable 60-second improvement in detection time, an 81.89% reduction in bandwidth consumption, and a 25.96% decrease in controller CPU overhead, in compare to the Openflow method. These findings underscore the significant impact of integrating the P4 data plane and programmable targets in substantially enhancing the efficiency of slow-rate DDoS attack detection within SDN.

P4httpGuard: detection and prevention of slow-rate DDoS attacks using machine learning techniques in P4 switch

Machine-learning-assisted DDoS attack detection with P4 language

TPDD: A Two-Phase DDoS Detection System in Software-Defined Networking

Cross-layer detection and defence mechanism against DDoS and DRDoS attacks in software-defined networks using P4 switches

Anti-DDoS Attacks Strategy of SDN Data Plane with Data Augmentation Based on P4

Machine-Learning-Enabled DDoS Attacks Detection in P4 Programmable Networks

P4-HLDMC: A Novel Framework for DDoS and ARP Attack Detection and Mitigation in SD-IoT Networks Using Machine Learning, Stateful P4, and Distributed Multi-Controller Architecture

Unleashing Dynamic Pipeline Reconfiguration of P4 Switches for Efficient Network Monitoring

SPARQ: SYN protection using acyclic redundancy check and quartile range on P4 switches

Performance and Features: Mitigating the Low-Rate TCP-Targeted DoS Attack via SDN

A Method of DDoS Attack Detection and Mitigation for the Comprehensive Coordinated Protection of SDN Controllers

Effective DDoS Mitigation Via ML-Driven In-network Traffic Shaping

P4-NIDS: High-Performance Network Monitoring and Intrusion Detection in P4

DoSGuard: Mitigating Denial-of-Service Attacks in Software-Defined Networks

A P4-Based Adversarial Attack Mitigation on Machine Learning Models in Data Plane Devices

Detection and Mitigation of DoS Attacks in Software Defined Networks

DoS Mitigation Mechanism Based on Non-Cooperative Repeated Game for SDN

SDN-Defend: A Lightweight Online Attack Detection and Mitigation System for DDoS Attacks in SDN

CCS: A Cross-Plane Collaboration Strategy to Defend Against LDoS Attacks in SDN

Dtguard: A Lightweight Defence Mechanism Against A New Dos Attack On Sdn

FSDM: Fast Recovery Saturation Attack Detection and Mitigation Framework in SDN