The emergence of softwarized network devices, like programmable switches and smart NICs, has brought about new and advanced network functionalities. Intelligent decision-making becomes possible at line rate by offloading network functionality from the network control-plane to the programmable data-plane. In this paper, we offload fine-grained Distributed Denial of Service (DDoS) attack detection to the data-plane. The state-of-the-art in this regard, mainly aims to embed Machine Learning (ML) models into the data-plane without compromising on inference accuracy. Besides accuracy, we must consider multiple other factors, like traffic feature availability and false positive rates. To that end, we propose O’MINE: ONE MODEL IS NOT ENOUGH, a novel collaborative detection mechanism comprising lightweight ML models. This maximises the detection accuracy while keeping the false positive rate (FPR) low. We use three state-of-the-art datasets to evaluate the O’MINE algorithm and its ML models. Our results show that O’MINE can detect DDoS attacks with high accuracy (≈98% and ≈96% with full and scarce training data, respectively) and low FPR (≈0.22% and ≈0.72% with full and scarce training data, respectively), outperforming the state-of-the-art. Lastly, O’MINE only consumes a few device resources (≈6% of LUT and ≈4% of FF) on the Xlinx Alevo U250 FPGA we have used for inference at line rate.

In the Internet of Things era, the Internet demands extremely high-speed communication and data transformation. To this end, the tactile Internet has been proposed as a medium that provides the sense of touch ability, facilitating data transferability with extra-low latency in various applications ranging from industry, robotics, and healthcare to road traffic, education, and culture. Here, programmable networks are role players in approaching the tactile Internet's low latency (≈ 1ms) pillar. Several functionalities - including security - are offloaded onto the network core employing programmable in-network pipelines. From the security perspective, Artificial Intelligence (AI) is another role player that enables the line-rate inference on the core network without involving the control plane. However, integrating AI-based security solutions in programmable devices is challenging mainly because of their constrained anatomy. Furthermore, such solutions inherit well-known adversarial AI vulnerabilities, representing an additional threat to programmable networks. Considering the above, this article discusses AI-based security solutions in programmable networks, focusing on the explored modalities of integrating AI models in programmable constrained network devices. Moreover, we elaborate on the challenges and risks of relying on AI for such mechanisms. Lastly, the article brings a visionary glimpse for future trends in this regard, raising some essential questions on the indispensability of AI for security functionalities and providing some alternative solutions.