Leveraging Programmable Data Plane for Network Intrusion Detection:
A Survey

Rukh, Mah; Ahmed, Hassan

You are here : University of Gloucestershire > Research > Research Repository

Leveraging Programmable Data Plane for Network Intrusion Detection: A Survey

Tools

Rukh, Mah ORCID: https://orcid.org/0000-0001-7660-1150 and Ahmed, Hassan ORCID: https://orcid.org/0000-0001-9605-4043 (2026) Leveraging Programmable Data Plane for Network Intrusion Detection: A Survey. Computer Networks. (In Press)

[thumbnail of 15898 Rukh, Mah (2026) Leveraging Programmable Data Plane for Network Intrusion Detection - A Survey.pdf]

Text
15898 Rukh, Mah (2026) Leveraging Programmable Data Plane for Network Intrusion Detection - A Survey.pdf - Accepted Version
Restricted to Repository staff only until 6 March 2028.
Download (1MB) | Request a copy

Abstract

The rapid proliferation of digital devices, particularly resource-constrained IoT nodes, has expanded the network attack surface, posing new challenges for timely and effective intrusion detection. Traditional centralized Intrusion Detection Systems (IDSs) struggle to cope with the growing scale and sophistication of modern threats. Recent research leverages the programmability of the data plane in switches, edge gateways, and smart network interface cards to enable intrusion detection closer to the traffic source. Programmable Data Planes (PDPs) allow custom packet parsing, real-time header manipulation, and extraction of packet- and flow-level features, facilitating early attack detection without full reliance on centralized systems. This survey reviews PDP-based intrusion detection approaches, from thresholding and rule-based methods to entropy- and AI-driven techniques, while addressing hardware constraints such as limited memory and fixed pipelines. Unlike prior surveys, our work uniquely classifies IDSs as feature- or packet-based, analyzes inference approaches and their deployment points, examines datasets used for evaluation, identifies detectable threat types, and reports code availability to promote reproducibility. The paper concludes with key challenges and research directions for advancing PDP-based intrusion detection in dynamic network environments.

Item Type:	Article
Article Type:	Article
Uncontrolled Keywords:	Cyber-attack; Detection; P4; Switch; Machine learning; Network; Programmable data-plane; Intrusion detection; Entropy
Subjects:	Q Science > Q Science (General) > Q336 Artificial intelligence Q Science > QA Mathematics > QA76 Computer software > QA76.625 Internet programming. Intranet programming.
Divisions:	Schools and Research Institutes > School of Business, Computing and Social Sciences
Depositing User:	Mah Rukh
Date Deposited:	10 Mar 2026 00:54
Last Modified:	10 Mar 2026 08:00
URI:	https://eprints.glos.ac.uk/id/eprint/15898

University Staff: Request a correction | Repository Editors: Update this record

CORE (COnnecting REpositories)

University Of Gloucestershire

Find Us On Social Media:

Other University Web Sites

Staffnet (Staff Only)

University of Gloucestershire, The Park, Cheltenham, Gloucestershire, GL50 2RH. Telephone +44 (0)844 8010001.

© UoG 2008-24
Knowledge Base
Accessibility
Privacy and Cookies
Disclaimer
Comments concerning this page to Webmaster