Anti-DDoS Attacks Strategy of SDN Data Plane with Data Augmentation Based on P4.

As Software Defined Networking (SDN) becomes increasingly prevalent, the risk of Distributed Denial of Service (DDoS) attacks targeting SDN also grows. Specifically, the SDN data plane, consisting of simple forwarding devices, is more susceptible to DDoS attacks launched by malicious actors. These attacks can impose tremendous load on the SDN, potentially leading to its complete collapse in severe cases. The traditional SDN architecture based on the OpenFlow Protocol falls short in meeting the requirements for programming the data plane. To address this challenge and improve the flexibility of SDN architectures, the Programming Protocol-Independent Packet Processors (P4) has emerged. However, existing solutions, primarily based on Statistical Learning, Machine Learning, and Deep Learning, require further enhancement in terms of accuracy, complexity, and latency. In this study, we utilize the P4 language to implement a programmable data plane and propose the P4-CACNN model for detecting and defending against DDoS attacks on the data plane. Firstly, we employ an appropriate attention mechanism to enhance the processing of incoming traffic. Subsequently, the data is fed into a discriminator consisting of a Convolutional Neural Network (CNN) to classify whether it constitutes attack traffic. Experimental results demonstrate that our proposed model achieves a remarkable 98.99% accuracy in detecting DDoS attacks on the SDN data plane, while maintaining low latency.