{"ID":2870845,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2509.12291","arxiv_id":"2509.12291","title":"Collaborative P4-SDN DDoS Detection and Mitigation with Early-Exit Neural Networks","abstract":"Distributed Denial of Service (DDoS) attacks pose a persistent threat to network security, requiring timely and scalable mitigation strategies. In this paper, we propose a novel collaborative architecture that integrates a P4-programmable data plane with an SDN control plane to enable real-time DDoS detection and response. At the core of our approach is a split early-exit neural network that performs partial inference in the data plane using a quantized Convolutional Neural Network (CNN), while deferring uncertain cases to a Gated Recurrent Unit (GRU) module in the control plane. This design enables high-speed classification at line rate with the ability to escalate more complex flows for deeper analysis. Experimental evaluation using real-world DDoS datasets demonstrates that our approach achieves high detection accuracy with significantly reduced inference latency and control plane overhead. These results highlight the potential of tightly coupled ML-P4-SDN systems for efficient, adaptive, and low-latency DDoS defense.","short_abstract":"Distributed Denial of Service (DDoS) attacks pose a persistent threat to network security, requiring timely and scalable mitigation strategies. In this paper, we propose a novel collaborative architecture that integrates a P4-programmable data plane with an SDN control plane to enable real-time DDoS detection and respo...","url_abs":"https://arxiv.org/abs/2509.12291","url_pdf":"https://arxiv.org/pdf/2509.12291v1","authors":"[\"Ouassim Karrakchou\",\"Alaa Zniber\",\"Anass Sebbar\",\"Mounir Ghogho\"]","published":"2025-09-15T10:43:29Z","proceeding":"cs.CR","tasks":"[\"cs.CR\"]","methods":"[\"Convolutional Neural Network\"]","has_code":false}