Artificial Intelligence Based Framework for DDoS Defense in Software Defined Networks
DOI:
https://doi.org/10.62760/iteecs.5.2.2026.198Keywords:
Meta Learning, Deep Learning, Machine Learning, Genetic Algorithm, Particle Swarm Optimization, Software-Defined NetworkingAbstract
Software Defined Networking (SDN) offers a flexible and programmable alternative to traditional network architectures by decoupling the control and data planes and introducing a centralized controller and application layer. While this architecture enables dynamic traffic management, centralized policy enforcement, and seamless integration of network services, it also introduces critical vulnerabilities, particularly to Distributed Denial-of-Service (DDoS) attacks. The centralized nature of the SDN controller makes it a prime target, where resource exhaustion or flow table saturation can lead to widespread service disruption. These attacks can severely impact time-sensitive applications and compromise the overall stability of the network. In this work, an AI-driven framework is proposed for detecting and mitigating DDoS attacks in SDN environments. The framework incorporates models from diverse categories, including meta-learning, adaptive reinforcement learning, supervised learning, unsupervised clustering, and deep learning techniques. This broad integration enables a comprehensive evaluation of detection capabilities and ensures adaptability to various traffic patterns and attack scenarios. A hybrid Particle Swarm Optimization Genetic Algorithm (PSO-GA) approach is also presented to fine-tune models’ parameters and thereby enhance the detection efficiency of the models. Extensive experiments are conducted using multiple performance metrics to evaluate each model under both optimized and non-optimized conditions. The results demonstrate the effectiveness of the proposed framework in enhancing SDN resilience against DDoS threats.
References
H. Yu, H. Qi, and K. Li, “WECAN: an e?cient west-east control associated network for large-scale SDN systems”, Mobile Networks and Applications, Vol. 25, pp. 114-124, 2020. https://doi.org/10.1007/s11036-018-1194-9
Z. Zhang and C. Wang, “Service function chain migration: A survey”, Computers, Vol. 14, No. 6, art. no. 203, 2025. https://doi.org/10.3390/computers14060203
Q. I. Ali and S.R. Awad, “Enhancing SDN Performance: Machine learning integration with the POX controller for dynamic routing and congestion management”, International Transactions on Electrical Engineering and Computer Science, Vol. 4, No. 3, pp. 152-160, 2025. https://doi.org/10.62760/iteecs.4.3.2025.132
R. Chaudhary, G. S. Aujla, N. Kumar, P. K. Chouhan, “A comprehensive survey on software defined networking for smart communities”, International Journal of Communication Systems, Vol. 38, No. 1, art. no. e5296, 2022. https://doi.org/10.1002/dac.5296
A. H. Abdi, L. Audah, A. Salh, M. A. Alhartomi, H. Rasheed, and S. Ahmed, “Security control and data planes of SDN: A comprehensive review of traditional, AI, and MTD approaches to security solutions”, IEEE Access, Vol. 12, pp. 69941 – 69980, 2024. https://doi.org/10.1109/ACCESS.2024.3393548
M. A. Aladaileh, M. Anbar, A. J. Hintaw, I.H. Hasbullah, A. A. Bahashwan, T. A. Al-Amiedy, and D.R. Ibrahim, “Effectiveness of an entropy based approach for detecting low and high rate DDoS attacks against the SDN controller: Experimental analysis”, Applied Sciences, Vol. 13, No. 2, art. no. 775, 2023. https://doi.org/10.3390/app13020775
S. Batewela, M. Liyanage, E. Zeydan, M. Ylianttila, and P. Ranaweera, “Security orchestration in 5G and beyond smart network technologies”, IEEE Open Journal of the Computer Society, Vol. 6, pp. 554-573, 2025. https://doi.org/10.1109/OJCS.2025.3563619
W. Hill, Y. T. Acquaah, J. Mason, D. Limbrick, S. Teixeira-Poit, C. Coates, and K. Roy, “DDoS in SDN: a review of open datasets, attack vectors and mitigation strategies”, Discover Applied Sciences, Vol. 6, art. no. 472, 2024. https://doi.org/10.1007/s42452-024-06172-x
A. Hirsi, M. A. Alhartomi, L. Audah, A. Salh, N. M. Sahar, and S. Ahmed, “Comprehensive analysis of DDoS anomaly detection in software defined networks”, IEEE Access, Vol. 13, pp. 23013 – 23071, 2025. https://doi.org/10.1109/ACCESS.2025.3535943
A. A. Wabi, I. Idris, O. M. Olaniyi and J. A. Ojeniyi, “DDoS attack detection in SDN: Method of attacks, detection techniques, challenges and research gaps”, Computers & Security, Vol. 139, art. no. 103652, 2024. https://doi.org/10.1016/j.cose.2023.103652
S. Soltani, A. Amanlou, M. Shojafar, and R. Tafazolli, “Security of topology discovery service in SDN: Vulnerabilities and countermeasures”, IEEE Open Journal of the Communications Society, Vol. 5, pp. 3410 – 3450, 2024. https://doi.org/10.1109/OJCOMS.2024.3406489
M. A. Almedires, A. Elkhalil, and M. Amin, “Adversarial attack detection in industrial control systems using LSTM based intrusion detection and black-box defense strategies”, Journal of Cyber Security and Risk Auditing, Vol. 2025, No. 3, 2025. https://doi.org/10.63180/jcsra.thestap.2025.3.2
A. Ali, “Adaptive and Context-Aware Authentication Framework Using Edge AI and Blockchain in Future Vehicular Networks”, STAP Journal of Security Risk Management, Vol. 2024, No. 1, 2024. https://doi.org/10.63180/jsrm.thestap.2024.1.3
H. Polat, O. Polat, and A. Cetin, “Detecting DDoS attacks in software defined networks through feature selection methods and machine learning models”, Sustainability, Vol. 12, No. 3, art. no. 1035, 2020. https://doi.org/10.3390/su12031035
M. W. Nadeem, H. G. Goh, V. Ponnusamy, and Y. Aun, “DDoS detection in SDN using machine learning techniques”, Computers, Materials & Continua, Vol. 71, No. 1, pp. 771-789, 2022. https://doi.org/10.32604/cmc.2022.021669
K. M. Ko, J. M. Baek, B. S. Seo, and W. B. Lee, “Comparative study of AI enabled DDoS detection technologies in SDN”, Applied Sciences, Vol. 13, No. 17, art. no. 9488, 2023. https://doi.org/10.3390/app13179488
H. M. Belachew, M. Y. Beyene, A. B. Desta, B. T. Alemu, S. S. Musa, and A. J. Muhammed, “Design a robust DDoS attack detection and mitigation scheme in SDN edge IoT by leveraging machine learning”, IEEE Access, Vol. 13, pp. 10194 – 10214, 2025. https://doi.org/10.1109/ACCESS.2025.3526692
R. V. Mendonça, A. A. M. Teodoro, R. L. Rosa, M. Saadi, D. C. Melgarejo, and P. H. J. Nardelli, “Intrusion detection system based on fast hierarchical deep convolutional neural network”, IEEE Access, Vol. 9, pp. 61024 – 61034, 2021. https://doi.org/10.1109/ACCESS.2021.3074664
N. Ahuja, D. Mukhopadhyay, and G. Singal, “DDoS attack traffic classification in SDN using deep learning”, Personal and Ubiquitous Computing, Vol. 28, pp. 417-429, 2024. https://doi.org/10.1007/s00779-023-01785-2
J. A. P. Díaz, I. M. Valdovinos, K. K. R. Choo, and D. Zhu, “A flexible SDN based architecture for identifying and mitigating low-rate DDoS attacks using machine learning”, IEEE Access, Vol. 8, pp. 155859-155872, 2020. https://doi.org/10.1109/ACCESS.2020.3019330
M. P. Novaes, L. F. Carvalho, J. Lloret, M. L. P. Jr, “Adversarial Deep Learning approach detection and defense against DDoS attacks in SDN environments”, Future Generation Computer Systems, Vol. 125, pp. 156-167, 2021. https://doi.org/10.1016/j.future.2021.06.047
S. Mehmood, R. Amin, J. Mustafa, M. Hussain, F. S. Alsubaei, and M. D. Zakaria, “Distributed denial of services (DDoS) attack detection in SDN using optimizer-equipped CNN-MLP”, PLOS One, Vol. 20, No. 1, art. no. e0312425, 2025. https://doi.org/10.1371/journal.pone.0312425
T. E. Ali, Y. W. Chong, and S. Manickam, “Comparison of ML/DL approaches for detecting DDoS attacks in SDN”, Applied Sciences, Vol. 13, No. 5, art. no. 3033, 2023. https://doi.org/10.3390/app13053033
N. M. Y. Naula, C. V. Rosales, and J. A. P. Diaz, “SDN based architecture for transport and application layer DDoS attack detection by using machine and deep learning”, IEEE Access, Vol. 9, pp. 108495-108512, 2021. https://doi.org/10.1109/ACCESS.2021.3101650
A. A. Najar and S. M. Naik, “A robust DDoS intrusion detection system using convolutional neural network”, Computers and Electrical Engineering, Vol. 117, art. no. 109277, 2024. https://doi.org/10.1016/j.compeleceng.2024.109277
Y. A. Dunainawi, B. R. A. Kaseem, and H.S.A. Raweshidy, “Optimized artificial intelligence model for DDoS detection in SDN environment”, IEEE Access, Vol. 11, pp. 106733-106748, 2023. https://doi.org/10.1109/ACCESS.2023.3319214
N. Aslam, S. Srivastava, and M. M. Gore, “A comprehensive analysis of machine learning- and deep learning based solutions for DDoS attack detection in SDN”, Arabian Journal for Science and Engineering, Vol. 49, pp. 3533–3573, 2024. https://doi.org/10.1007/s13369-023-08075-2
A. S. Zaidoun and Z. Lachiri, “A hybrid deep learning model for multi-class DDoS detection in SDN networks”, Annals of Telecommunications, Vol. 80, pp. 459 - 472, 2025. https://doi.org/10.1007/s12243-025-01085-1
A. K. Refai, “DDoS Attack Detection using Machine Learning Trained Models”, IEEE International Conference on Consumer Electronics, pp. 1-6, 2026. https://doi.org/10.1109/ICCE67443.2026.11449845
SDN-DDoS traffic dataset. https://data.mendeley.com/datasets/b7vw628825/1
Additional Files
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Ali Salim Malik Al-Jabri, Mina Malekzadeh
This work is licensed under a Creative Commons Attribution 4.0 International License.
This Journal and its metadata are licenced under a