An Orchestration Platform for in-Network DDoS Attack Detection with P4 Programmable Switches

The growing reliance on digital connectivity has made Internet Service Provider (ISP) networks a critical component of modern society, yet they remain a prime target for cyber threats. In recent years, cyberattacks against ISPs have increased in scale and sophistication, posing severe risks to national security, economic stability, and user privacy. The advent of in-network computing and programmable data plane presents a paradigm shift in network security, offering the flexibility to define, modify, and optimize packet processing logic dynamically. Among these advancements, the P4 programming language plays a crucial role, allowing network operators to implement fine-grained traffic monitoring directly within network devices. By leveraging in-network computation, P4 facilitates real-time anomaly detection, making it a powerful tool for mitigating Distributed Denial of Service (DDoS) attacks. However, orchestrating security functions across a distributed network of P4 switches remains a challenge, requiring an efficient and scalable deployment framework.In this paper, we present an open-source orchestration platform for managing and deploying P4-based security programs to enable real-time DDoS detection. Our solution leverages dynamic programmability to enhance network security. By integrating a novel queue monitoring mechanism directly into the data plane, our approach enables the collection of fine-grained network performance metrics in real-time, facilitating faster and more precise attack detection and mitigation. The proposed framework is highly scalable and adaptable, strengthening ISP networks against evolving cyber threats.