Over the last decade, DDoS attack has evolved to become one of the biggest cyber threats to network infrastructure, causing more service outages than ever. Because of their large attack surface, communications service provider (CSP) networks are often the prime target for network-layer attacks, so that attackers could tunnel junk traffic to their downstream customers. Therefore, CSP networks are best placed to establish network attack detection and mitigation.