根據全球DDoS威脅態勢報告，2019年出現史上最大的網路攻擊 持續長達13天 最高每秒近30萬個請求，其中網路層DDoS攻擊達到每秒5.8億個數據包(PPS)。攻擊者往往藉由類似事件引發網路攻擊，大多要求贖金來獲取利益，而如今的網路攻擊事件手段越來越多變，並且越演越烈。
現有的防火牆以靜態封包濾除技術只能鎖定資料庫中存在的網路攻擊，而無法有效的偵測相似行為的網路攻擊；現今雖提出高準偵測率的機器學習模型，但由於安裝在獨立主機上而導致網路封包在轉送到獨立主機做處理時延遲時間的增加。因此作者利用SDN資料層的p4交換機中可以彈性編輯封包以及流表架構實現適應決策樹，透過獨立主機分析利用機器學習演算法分析出來的決策樹安置在P4交換機中，而達成低延遲傳輸時間以及高準確偵測率的網路攻擊偵測模組。並考慮到決策樹節點數太多，導致一台p4交換機TCAM容量不足而無法被放置，提出一決策樹切割演算法對樹切割後放進多台的p4交換機，而保證每台交換機TCAM擁有最高的使用率。最終，為保證SDN網路中每條的網路流安全性以及低延遲傳輸時間，我們提出交換機配置演算法將不足要求p4交換機數量的網路流重新選擇一條足夠P4交換機數量的流路徑，使其成為能夠進行高準確率網路攻擊偵測的網路流。

According to 2019 global-ddos-threat-landscape, network layer DDoS attack that reached 580 million
packets per second (PPS). Later in the year, a separate application
layer attack lasted for 13 days and peaked at 292,000 RPS.Attackers request ransom money on similar issue to satisfy their personal benefits, so that the damage of network attacks has been more serious in nowadays.
The current firewall works as a static packet filter with the database inspection system. It definitely gives lower accurate detection. Packet inspection with machine learning algorithm gives higher accurate detection but causes higher latency of packet transmission time while the packets are sent to the individual computer for the inspection. It causes high latency for packet inspection on individual computer as well.
P4 switch is a programmable switch with high flexibility of packet modification and multi-feature packet inspection network architecture. We found that a rule table can be adapted as a decision tree node, and link the tree node as each rule table action(). So we implement decision tree into p4 switch to make low latency and high detect accuracy in the SDN(software defined network) network. Considering too much tree nodes on one decision tree, we purpose a decision tree algorithm to separate decision tree well into multiple p4 switches and result in high utilization of each p4 switch TCAM. Finally, our p4 switch stored algorithm finds enough requested p4 switches by rerouting network path of each flows, to guarantee network security and low latency on each of network flows in SDN networks.

[1] kh, Johnson & De, Tanmay. (2015). An Approach of DDOS Attack Detection Using
Classifiers. 10.1007/978-81-322-2550-8 41
[2] Beigi, Elaheh Biglar, et al. ”Towards effective feature selection in machine learningbased botnet detection approaches.” Communications and Network Security (CNS),
2014 IEEE Conference on. IEEE, 2014.
[3] Sanvito, Davide & Siracusano, Giuseppe & Bifulco, Roberto. (2018). Can the Network be the AI Accelerator?. 20-25. 10.1145/3229591.3229594.
[4] Khalaf, Bashar & Mostafa, Salama & Mohammed, Mazin & Abduallah, Wafaa
Mustapha, Aida. (2019). Comprehensive Review of Artificial Intelligence and Statistical Approaches in Distributed Denial of Service Attack and Defense Methods.
IEEE Access. PP. 2169-3536. 10.1109/ACCESS.2019.2908998.
[5] Chu, Cing-Yu & Xi, Kang & Luo, Min. (2015). Congestion-Aware Single Link Failure Recovery in Hybrid SDN Networks. 10.1109/INFOCOM.2015.7218482.
[6] Tung, Yung-Hao & Wei, Hung-Chuan & Ti, Yen-Wu & Tsou, Yao-Tung & Saxena,
Neetesh & Yu, Chia-Mu. (2020). Counteracting UDP Flooding Attacks in SDN.
Electronics. 9. 1239. 10.3390/electronics9081239.
[7] Siddiqui, Muazzam. (2008). Data Mining Methods for Malware Detection.
[8] Javaid, Ahmad Niyaz, Quamar & Sun, Weqing Alam, Mansoor. (2015). A Deep
Learning Approach for Network Intrusion Detection System. EAI Endorsed Transactions on Security and Safety. 3. 10.4108/eai.3-12-2015.2262516.
[9] Tang, Tuan & Zaidi, Syed Ali Raza & McLernon, Des & Mhamdi, Lotfi & Ghogho,
Mounir. (2018). Deep Recurrent Neural Network for Intrusion Detection in SDNbased Networks. 10.1109/NETSOFT.2018.8460090.
[10] Streiffer, Christopher & Chen, Huan & Benson, Theophilus & Kadav, Asim. (2017).
DeepConfig: Automating Data Center Network Topologies Management with Machine Learning.
49
[11] Jazi, Hossein & Gonzalez, Hugo & Stakhanova, Natalia & Ghorbani, Ali. (2017).
Detecting HTTP-based Application Layer DoS attacks on Web Servers in the presence of sampling. Computer Networks. 121. 10.1016/j.comnet.2017.03.018.
[12] Li, Chuanhuang & Wu, Yan & Yuan, XiaoYong & Sun, Zhengjun & Wang, Weiming
& Li, Xiaolin & Gong, Liang. (2018). Detection and defense of DDoS attack-based
on deep learning in OpenFlow-based SDN. International Journal of Communication
Systems. 31. e3497. 10.1002/dac.3497.
[13] Gupta, B B & Agrawal, P & Joshi, R. & Misra, Manoj. (2013). Estimating Strength
of a DDoS Attack Using Multiple Regression Analysis. 133. 280-289. 10.1007/978-
3-642-17881-8 27.
[14] Liao, Qin & Li, Hong & Kang, Songlin & Liu, Chuchu. (2014). Feature extraction and construction of application layer DDoS attack based on user behavior. Proceedings of the 33rd Chinese Control Conference, CCC 2014. 5492-5497.
10.1109/ChiCC.2014.6895878.
[15] Srivastava, Prerna & Raj, Mohan. (2018). Feature extraction for enhanced malware
detection using genetic algorithm. International Journal of Engineering Technology.
7. 444. 10.14419/ijet.v7i2.8.10479.
[16] Zargari, Shahrzad & Voorhis, D.. (2012). Feature Selection in the Corrected KDDdataset. Proceedings - 3rd International Conference on Emerging Intelligent Data
and Web Technologies, EIDWT 2012. 174-180. 10.1109/EIDWT.2012.10.
[17] Doshi, Rohan & Apthorpe, Noah & Feamster, Nick. (2018). Machine Learning
DDoS Detection for Consumer Internet of Things Devices.
[18] Prasad, M & V, Prasanta & Amarnath, C. (2019). Machine Learning DDoS Detection Using Stochastic Gradient Boosting. International Journal of Computer Sciences and Engineering. 7. 157-166. 10.26438/ijcse/v7i4.157166.
[19] Jaafar, Ghafar & Shahidan, Mohd & Ismail, S.A.. (2019). Review of Recent Detection Methods for HTTP DDoS Attack. Journal of Computer Networks and Communications. 2019. 1-10. 10.1155/2019/1283472.
[20] Cusack, Greg & Michel, Oliver & Keller, Eric. (2018). Machine Learning-Based
Detection of Ransomware Using SDN. 1-6. 10.1145/3180465.3180467.
[21] Bosshart, Pat & Daly, Dan & Izzard, Martin & McKeown, Nick & Rexford, Jennifer
& Talayco, Dan Vahdat, Amin & Varghese, George & Walker, David. (2013). Programming Protocol-Independent Packet Processors. ACM SIGCOMM Computer
Communication Review. 44. 10.1145/2656877.2656890.
[22] Wang, Han & Soul, Robert & Dang, Huynh & Lee, Ki & Shrivastav, Vishal & Foster,
Nate & Weatherspoon, Hakim. (2017). P4FPGA: A Rapid Prototyping Framework
for P4. 122-135. 10.1145/3050220.3050234.
[23] LI Chuanhuang, SUN Zhengjun, YUAN Xiaoyong, LI Xiaolin, GONG
Liang, WANG Weiming. Real-time DDoS attack detection based on
deep learning. Telecommunications Science[J], 2017, 33(7): 53-65
doi:10.11959/j.issn.10000801.2017191
[24] LI Chuanhuang, WU Yan, QIAN Zhengzhe, SUN Zhengjun, WANG Weiming.
DDoS attack detection and defense based on hybrid deep learning model in SDN.
Journal on Communications[J], 2018, 39(7): 176-187 doi:10.11959/j.issn.1000-
436x.2018128
[25] Wei-qun, Chen. Routing-Based Distributed Denial-of-Service Spoofed Packets Filtering. 台灣碩博士論文加值系統 [2005] https://hdl.handle.net/11296/4tk7m7
[26] 淼，武斌. 基于自适神网的DDoS攻方法[EB/OL]. 北京：中科技文在 [2017-11-
24]. http://www.paper.edu.cn/releasepaper/content/201711-178
[27] Cheng, Yu-Chieh & Wang, Pi-Chung. (2015). Packet Classification Using Dynamically Generated Decision Trees. IEEE Transactions on Computers. 64. 582-586.
10.1109/TC.2013.227.
[28] Ching-Chow, Yang & Bai-Sheng, Chen.(2015). A Neural Network Approach for
Customer Group Classification. Journal of Management & Systems Vol. 12, No. 3,
July 2005. pp. 43-65
[29] Sniedovich, Moshe. (2006). Dijkstra’s algorithm revisited: The dynamic programming connexion. Control and Cybernetics. 35
[30] Li, Haiming & Xia, Qiyang & Wang, Yong. (2017). Research and Improvement of Kruskal Algorithm. Journal of Computer and Communications. 05. 63-69.
10.4236/jcc.2017.512007
[31] Impera. Research Labs. ”2019 Global DDoS Threat Landscape”. 2019.
https://www.imperva.com/resources/resource-library/reports/global-ddos-threatlandscape/