DDoS attack detection in data plane

Abstract

Distributed Denial of Service (DDoS) attacks pose significant challenges to the availability of online services, with attackers seeking to overwhelm a target’s resources by generating an overwhelming volume of traffic from multiple sources. Traditional detection methods, such as signature-based or traffic pattern analysis, often lack the adaptability required to combat evolving attack strategies effectively. This paper explores the utilization of Software-Defined Networking (SDN) and data plane programmability as a reactive and adaptive mechanism for DDoS attack detection and mitigation. By leveraging the packet-level processing capabilities of P4 (Programming Protocol-Independent Packet Processors), we propose a novel implementation that employs entropy-based detection combined with gossip algorithms for decentralized information sharing. Our approach demonstrates improved responsiveness and scalability in detecting DDoS traffic and provides a comparative analysis between epidemic-based and probability-based gossip protocols. The results highlight the strengths, limitations, and real-world feasibility of our approach.