DDoS ATTACK DETECTION BASED ON DECISION TREE IN PROGRAMMABLE DATA PLANE

In SDN environments, detecting DDoS attacks requires frequent interaction between the data plane and control plane, making it difficult to achieve a satisfactory balance among accuracy, resource utilization, and response latency. Therefore, this paper proposes a DDoS attack detection scheme implemented through P4. This scheme utilized a decision tree classification algorithm on the programmable data plane to detect network flows based on attack features such as source IP address entropy. The InSDN dataset was used to evaluate the proposed detection scheme experimentally. The results show that compared with other DDoS attack detection methods in SDN, the resource utilization of this scheme is obviously reduced, and the accuracy, precision and recall rate are greatly improved.