With　the　growth　of　network　applications　such　as　5G　and　artificial　intelligence,　network　security　techniques,　i.e.,　the　techniques　that　detect　various　attacks　(e.g.,　well-known　denial-of　service　(DDoS)　attacks)　and　prevent　production　networks　(e.g.,　data　center　networks)　from　being　attacked,　become　increasingly　essential　for　network　management　and　have　gained　great　popularity　in　the　networking　community.　Generally,　these　techniques　are　built　on　proprietary　hardware　appliances,　i.e.,　middleboxes,　or　the　paradigm　that　combines　both　software-defined　networking　(SDN)　and　network　function　virtualization　(NFV)　to　implement　security　functions.　However,　the　techniques　built　on　middleboxes　are　proven　to　be　hard-to-manage,　costly,　and　inflexible,　thereby　making　them　an　out-of-date　choice　in　network　security.　For　the　techniques　built　on　SDN　and　NFV,　they　virtualize　and　softwarize　security　functions　on　commodity　servers,　leading　to　non-trivial　performance　degradation.　Fortunately,　the　recent　emergence　of　programmable　switches　brings　new　opportunities　of　empowering　network　security　techniques　with　the　characteristics　of　easy-tomanage,　low　cost,　high　flexibility,　and　Tbps-level　performance.　In　this　survey,　we　focus　on　this　promising　trend　in　network　security.　More　precisely,　this　survey　first　presents　the　preliminaries　of　programmable　switches,　which　are　the　primary　driver　of　next-generation　network　security　techniques.　Next,　we　comprehensively　review　existing　techniques　built　on　programmable　switches,　classify　these　techniques,　and　discuss　their　background,　motivation,　design,　implementation,　and　limitations　case-by-case.　Finally,　we　summarize　open　issues　and　future　research　directions　in　this　promising　research　topic　of　network　security.　IEEE