Distributed Denial of Service (DDoS) attack is a critical and persistent threat to the Internet. Recent DDoS detection schemes based on emerging programmable switches can achieve higher processing throughput and improve detection accuracy. However, with limited data plane memory, such schemes are not suitable for handling a large number of concurrent flows. Prior arts that attempt to increase memory efficiency have failed to do so without the expense of cost and accuracy. In this paper, we propose NetSentry, the first programmable switch based dynamic pooled testing DDoS detector. NetSentry detects DDoS in a pooled testing manner, where multiple flows are grouped to share the same storage unit on the data plane. NetSentry designs an elastic flow aggregation mechanism to dynamically adjust the detection granularity. Further, to achieve accurate DDoS detection for aggregated flows, NetSentry implements frequency domain DDoS detection on programmable switches. Evaluations of NetSentry’s hardware prototype show that NetSentry can achieve better accuracy while saving up to 91% of the data plane memory required to store flow features compared to the state-of-the-art programmable switch-based flow classification scheme.