P4httpGuard: detection and prevention of slow-rate DDoS attacks using machine learning techniques in P4 switch

Software Defined Networks (SDNs) offer a comprehensive network view by separating the control plane from the data plane. However, SDNs are vulnerable to Distributed Denial of Service (DDoS), a dangerous attack that depletes resources, preventing service delivery. Among the DDoS attacks, the HTTP slow-rate DDoS attack is particularly critical, targeting web servers with slow or incomplete requests. Significant efforts have been made in the last few years to improve DDoS attack detection in SDNs, leading to the proposal of several detection techniques. In an effort to address these current constraints, scientists have concentrated on leveraging the computational capabilities of data plane devices. Notably, in this context, Programming Protocol-independent Packet Processors (P4) have become an important technology closely linked to the data plane components of SDN. The use of new detection techniques through the use of P4-equipped data planes for DDoS detection methods has the potential to reduce the computational load on the controller. This research paper analyzes detection system components and introduces P4httpGuard,a detection mechanism that employs machine learning (ML) techniques in conjunction with P4 switches to identify slow-rate DDoS attacks within SDNs. The model uses P4 switches programmable capabilities to enhance detection while reducing controller computational overhead. The model has been evaluated for performance metrics like detection time, bandwidth consumption, and CPU usage. The results from the implementation of our mechanism demonstrate a notable 60-second improvement in detection time, an 81.89