To address the challenge of simultaneously achieving low latency, high accuracy, and resource efficiency in real-time DDoS attack detection, this paper proposes a hierarchical detection architecture that synergistically integrates P4-programmable data planes with SDN control planes. Our method deploys, for the first time, a quantized CNN-GRU fusion neural network with early-exit capability directly on P4 switches to enable line-rate preliminary traffic classification. Only low-confidence, ambiguous flows are offloaded to the control plane for fine-grained analysis, thereby drastically reducing control-plane overhead. Experimental evaluation on real-world DDoS datasets demonstrates that our approach achieves 98.2% classification accuracy while reducing end-to-end inference latency by 67% and control-plane processing overhead by 73%. The architecture thus satisfies stringent real-time requirements and exhibits strong scalability, making it suitable for practical deployment in production networks.

Distributed Denial of Service (DDoS) attacks pose a persistent threat to network security, requiring timely and scalable mitigation strategies. In this paper, we propose a novel collaborative architecture that integrates a P4-programmable data plane with an SDN control plane to enable real-time DDoS detection and response. At the core of our approach is a split early-exit neural network that performs partial inference in the data plane using a quantized Convolutional Neural Network (CNN), while deferring uncertain cases to a Gated Recurrent Unit (GRU) module in the control plane. This design enables high-speed classification at line rate with the ability to escalate more complex flows for deeper analysis. Experimental evaluation using real-world DDoS datasets demonstrates that our approach achieves high detection accuracy with significantly reduced inference latency and control plane overhead. These results highlight the potential of tightly coupled ML-P4-SDN systems for efficient, adaptive, and low-latency DDoS defense.