The emergence of softwarized network devices, like programmable switches and smart NICs, has brought about new and advanced network functionalities. Intelligent decision-making becomes possible at line rate by offloading network functionality from the network control-plane to the programmable data-plane. In this paper, we offload fine-grained Distributed Denial of Service (DDoS) attack detection to the data-plane. The state-of-the-art in this regard, mainly aims to embed Machine Learning (ML) models into the data-plane without compromising on inference accuracy. Besides accuracy, we must consider multiple other factors, like traffic feature availability and false positive rates. To that end, we propose O'MINE: ONE MODEL IS NOT ENOUGH, a novel collaborative detection mechanism comprising lightweight ML models. This maximises the detection accuracy while keeping the false positive rate (FPR) low. We use three state-of-the-art datasets to evaluate the O'MINE algorithm and its ML models. Our results show that O'MINE can detect DDoS attacks with high accuracy (≈98% and ≈96% with full and scarce training data, respectively) and low FPR (≈0.22% and ≈0.72% with full and scarce training data, respectively), outperforming the state-of-the-art. Lastly, O'MINE only consumes a few device resources (≈6% of LUT and ≈4% of FF) on the Xlinx Alevo U250 FPGA we have used for inference at line rate.
O’MINE: A Novel Collaborative DDoS Detection Mechanism for Programmable Data-Planes / Bardhi, Enkeleda; Ji, Chenxing; Imran, Ali; Shahbaz, Muhammad; Lazzeretti, Riccardo; Conti, Mauro; Kuipers, Fernando. - (2025), pp. 771-788. ( 10th IEEE European Symposium on Security and Privacy, Euro S and P 2025 Venice; Italy ) [10.1109/eurosp63326.2025.00049].
O’MINE: A Novel Collaborative DDoS Detection Mechanism for Programmable Data-Planes
Lazzeretti, Riccardo
;
2025
Abstract
The emergence of softwarized network devices, like programmable switches and smart NICs, has brought about new and advanced network functionalities. Intelligent decision-making becomes possible at line rate by offloading network functionality from the network control-plane to the programmable data-plane. In this paper, we offload fine-grained Distributed Denial of Service (DDoS) attack detection to the data-plane. The state-of-the-art in this regard, mainly aims to embed Machine Learning (ML) models into the data-plane without compromising on inference accuracy. Besides accuracy, we must consider multiple other factors, like traffic feature availability and false positive rates. To that end, we propose O'MINE: ONE MODEL IS NOT ENOUGH, a novel collaborative detection mechanism comprising lightweight ML models. This maximises the detection accuracy while keeping the false positive rate (FPR) low. We use three state-of-the-art datasets to evaluate the O'MINE algorithm and its ML models. Our results show that O'MINE can detect DDoS attacks with high accuracy (≈98% and ≈96% with full and scarce training data, respectively) and low FPR (≈0.22% and ≈0.72% with full and scarce training data, respectively), outperforming the state-of-the-art. Lastly, O'MINE only consumes a few device resources (≈6% of LUT and ≈4% of FF) on the Xlinx Alevo U250 FPGA we have used for inference at line rate.| File | Dimensione | Formato | |
|---|---|---|---|
|
Bardhi_OMINE_postprint_2025.pdf
solo gestori archivio
Note: DOI: 10.1109/EuroSP63326.2025.00049
Tipologia:
Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
867.55 kB
Formato
Adobe PDF
|
867.55 kB | Adobe PDF | Contatta l'autore |
|
Bardhi_OMINE_2025.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
881.97 kB
Formato
Adobe PDF
|
881.97 kB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
