The rapid proliferation of digital devices, particularly resource-constrained IoT nodes, has expanded the network attack surface, posing new challenges for timely and effective intrusion detection. Traditional centralized Intrusion Detection Systems (IDSs) struggle to cope with the growing scale and sophistication of modern threats. Recent research leverages the programmability of the data plane in switches, edge gateways, and smart network interface cards to enable intrusion detection closer to the traffic source. Programmable Data Planes (PDPs) allow custom packet parsing, real-time header manipulation, and extraction of packet- and flow-level features, facilitating early attack detection without full reliance on centralized systems. This survey reviews PDP-based intrusion detection approaches, from thresholding and rule-based methods to entropy- and AI-driven techniques, while addressing hardware constraints such as limited memory and fixed pipelines. Unlike prior surveys, our work uniquely classifies IDSs as feature- or packet-based, analyzes inference approaches and their deployment points, examines datasets used for evaluation, identifies detectable threat types, and reports code availability to promote reproducibility. The paper concludes with key challenges and research directions for advancing PDP-based intrusion detection in dynamic network environments.
Fida et al. (Sun,) studied this question.