Skip to main content

Advertisement

Springer Nature Link
Log in

Real-Time Anomaly Detection Framework to Mitigate Emerging Threats in Software Defined Networks

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

The Software Defined Networking (SDN) framework offers a practical and programmer-friendly approach to computer network design, addressing numerous issues that plague legacy networks. By centralizing and separating the control plane from the data plane, SDN provides an ideal foundation for addressing various security concerns. However, the attributes that make SDN attractive, its centralized management, also make it a prime target for a wide range of cyberattacks. While previous studies have addressed security threats in legacy networks, SDN introduces new vulnerabilities that require fresh insights and strategies. Various attacks can disrupt legitimate network services, posing a significant challenge in early detection and mitigation due to the inherent complexity of SDN traffic. This paper tackles these challenges by employing advanced feature selection techniques to reduce the dimensionality of data required for training machine learning models. This streamlined approach enhances the efficiency of attack vector detection within the SDN environment. Furthermore, we propose the integration of a machine learning model into the SDN controller, enabling real-time detection and immediate mitigation of malicious network flows. We evaluate the effectiveness of our proposed framework using the InSDN and NITSDN datasets. To assess its impact on SDN controller performance, we implement the lightweight framework in a simulated SDN environment. Our results demonstrate that the proposed solution incurs minimal overhead, ensuring that network performance remains largely unaffected. This research contributes to the ongoing efforts to secure SDN architectures, providing a practical and efficient approach to detect and mitigate emerging threats in SDNs. It underscores the importance of proactive measures to safeguard the integrity and availability of SDN-based network services.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Data Availability

The manuscript includes references to access the open-source dataset used in the experimental setup and model evaluation.

Code Availability

The author(s) will provide the code used in this work on reasonable request.

References

  1. Ahmad, A., Harjula, E., Ylianttila, M., Ahmad, I.: Evaluation of machine learning techniques for security in sdn. In: 2020 IEEE Globecom Workshops (GC Wkshps, pp. 1–6 (2020)

  2. Ahmad, I., Kumar, T., Liyanage, M., Ylianttila, M., Koskela, T., Braysy, T., Anttonen, A., Pentikinen, V., Soininen, J.-P., Huusko, J.: Towards gadget-free internet services: a roadmap of the naked world. Telemat. Inform. 35(1), 82–92 (2018)

    Article  Google Scholar 

  3. Liyanage, M., Ahmed, I., Okwuibe, J., Ylianttila, M., Kabir, H., Santos, J.L., Kantola, R., Perez, O.L., Itzazelaia, M.U., De Oca, E.M.: Enhancing security of software defined mobile networks. IEEE Access 5, 9422–9438 (2017)

    Article  Google Scholar 

  4. Dayal, N., Maity, P., Srivastava, S., Khondoker, R.: Research trends in security and ddos in sdn. Secur. Commun. Netw. 9(18), 6386–6411 (2016)

    Article  Google Scholar 

  5. Jagannath, J., Polosky, N., Jagannath, A., Restuccia, F., Melodia, T.: Machine learning for wireless communications in the internet of things: a comprehensive survey. Ad Hoc Netw. 93, 101913 (2019)

    Article  Google Scholar 

  6. Kumar, C., Ansari, M.S.A.: An explainable nature-inspired cyber attack detection system in software-defined IoT applications. Expert Syst. Appl. 250, 123853 (2024)

    Article  Google Scholar 

  7. Mazini, M., Shirazi, B., Mahdavi, I.: Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and Adaboost algorithms. J. King Saud Univ.-Comput. Inform. Sci. 31(4), 541–553 (2019)

    Article  Google Scholar 

  8. Cui, Y., Qian, Q., Guo, C., Shen, G., Tian, Y., Xing, H., Yan, L.: Towards ddos detection mechanisms in software-defined networking. J. Netw. Comput. Appl. 190, 103156 (2021)

    Article  Google Scholar 

  9. Feng, F., Liu, X., Yong, B., Zhou, R., Zhou, Q.: Anomaly detection in ad-hoc networks based on deep learning model: a plug and play device. Ad Hoc Netw. 84, 82–89 (2019)

    Article  Google Scholar 

  10. Elsayed, M.S., Le-Khac, N.-A., Jurcut, A.D.: Insdn: a novel sdn intrusion dataset. IEEE Access 8, 165263–165284 (2020)

    Article  Google Scholar 

  11. Khanal, B., Kumar, C., Ansari, M. S. A.: Nitsdn: Development of sdn dataset for ml-based intrusion detection system. In: International Conference on Advanced Computational and Communication Paradigms. Springer, pp. 99–111, 2023

  12. Kumar, C., Biswas, S., Ansari, M.S.A., Govil, M.C.: Nature-inspired intrusion detection system for protecting software-defined networks controller. Comput. Secur. 134, 103438 (2023)

    Article  Google Scholar 

  13. Logeswari, T.A.G., Bose, S.: An intrusion detection system for sdn using machine learning. Intell. Autom. Soft Comput. 35(1), 867–880 (2023)

    Article  Google Scholar 

  14. Sayed, M.S.E., Le-Khac, N.-A., Azer, M.A., Jurcut, A.D.: A flow-based anomaly detection approach with feature selection method against ddos attacks in sdns. IEEE Trans. Cognit. Commun. Netw. 8(4), 1862–1880 (2022)

    Article  Google Scholar 

  15. ElSayed, M.S., Le-Khac, N.-A., Albahar, M.A., Jurcut, A.: A novel hybrid model for intrusion detection systems in sdns based on cnn and a new regularization technique. J. Netw. Comput. Appl. 191, 103160 (2021)

    Article  Google Scholar 

  16. Tan, L., Pan, Y., Wu, J., Zhou, J., Jiang, H., Deng, Y.: A new framework for ddos attack detection and defense in sdn environment. IEEE Access 8, 161908–161919 (2020)

    Article  Google Scholar 

  17. Wang, J., Wang, L.: Sdn-defend: a lightweight online attack detection and mitigation system for ddos attacks in sdn. Sensors 8287(22), 21 (2022)

    Google Scholar 

  18. Fan, C., Kaliyamurthy, N.M., Chen, S., Jiang, H., Zhou, Y., Campbell, C.: Detection of ddos attacks in software defined networking using entropy. Appl. Sci. 12, 370 (2022)

    Article  Google Scholar 

  19. Yu, S., Zhang, J., Liu, J., Zhang, X., Li, Y., Xu, T.: A cooperative ddos attack detection scheme based on entropy and ensemble learning in sdn. EURASIP J. Wirel. Commun. Netw. 2021, 90 (2021)

    Article  Google Scholar 

  20. Fausto, A., Gaggero, G., Patrone, F., Marchese, M.: Reduction of the delays within an intrusion detection system (ids) based on software defined networking (sdn). IEEE Access 10, 109850–109862 (2022)

    Article  Google Scholar 

  21. Varghese, J.E., Muniyal, B.: An efficient ids framework for ddos attacks in sdn environment. IEEE Access 9, 69680–69699 (2021)

    Article  Google Scholar 

  22. Janabi, A.H., Kanakis, T., Johnson, M.: Overhead reduction technique for software-defined network based intrusion detection systems. IEEE Access 10, 66481–66491 (2022)

    Article  Google Scholar 

  23. Pajouh, H.H., Javidan, R., Khayami, R., Dehghantanha, A., Choo, K.-K.R.: A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in iot backbone networks. IEEE Trans. Emerg. Top. Comput. 7(2), 314–323 (2019)

    Article  Google Scholar 

  24. Elsayed, M. S., Le-Khac, N.-A., Dev, S., Jurcut, A. D.: Machine-learning techniques for detecting attacks in sdn. In: 2019 IEEE 7th International Conference on Computer Science and Network Technology (ICCSNT), pp. 277–281, 2019

  25. Nanda, S., Zafari, F., DeCusatis, C., Wedaa, E., Yang, B.: Predicting network attack patterns in sdn using machine learning approach. In: 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp. 167–172, 2016

  26. Bostani, H., Sheikhan, M.: Hybrid of anomaly-based and specification-based ids for internet of things using unsupervised opf based on mapreduce approach. Comput. Commun. 98, 52–71 (2017)

    Article  Google Scholar 

  27. Polat, H., Polat, O., Cetin, A.: Detecting ddos attacks in software-defined networks through feature selection methods and machine learning models. Sustainability 12, 1035 (2020)

    Article  Google Scholar 

  28. Lashkari, A. H., Gil, G. D., Mamun, M. S. I., Ghorbani, A. A.: Characterization of tor traffic using time based features. In: Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,, pp. 253–262, INSTICC, SciTePress, 2017

  29. Krishnan, P., Duttagupta, S., Achuthan, K.: Varman: multi-plane security framework for software defined networks. Comput. Commun. 148, 215–239 (2019)

    Article  Google Scholar 

  30. Naseer, S., Saleem, Y., Khalid, S., Bashir, M.K., Han, J., Iqbal, M.M., Han, K.: Enhanced network anomaly detection based on deep neural networks. IEEE Access 6, 48231–48246 (2018)

    Article  Google Scholar 

  31. Breiman, L.: Random forests. Mach. Learn. 45, 5–32 (2001)

    Article  Google Scholar 

  32. Guyon, I., Weston, J., Barnhill, S., Vapnik, V.: Gene selection for cancer classification using support vector machines. Mach. Learn. 46, 389–422 (2002)

    Article  Google Scholar 

  33. Plackett, R.L.: Karl pearson and the chi-squared test. Int. Stat. Rev. 51(1), 59–72 (1983)

    Article  MathSciNet  Google Scholar 

  34. Quinlan, J.R.: Induction of decision trees. Mach. Learn. 1, 81–106 (1986)

    Article  Google Scholar 

  35. Vikramkumar, B. Vijaykumar, and Trilochan: Bayes and naive bayes classifier, ArXiv, vol. abs/1404.0933, 2014

  36. Wright, R. E.: Reading and understanding multivariate statistics. American Psychological Association, 1995

  37. Ruder, S.: An overview of gradient descent optimization algorithms, ArXiv, vol. abs/1609.04747, 2016

  38. Ruck, D.W., Rogers, S.K., Kabrisky, M., Oxley, M.E., Suter, B.W.: The multilayer perceptron as an approximation to a bayes optimal discriminant function. IEEE Trans. Neural Netw. 1(4), 296–298 (1990)

    Article  Google Scholar 

  39. Sharafaldin, I., Lashkari, A. H., Ghorbani, A. A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: International Conference on Information Systems Security and Privacy, 2018

  40. Sharafaldin, I., Habibi Lashkari, A., Ghorbani, A. A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: 4th International Conference on Information Systems Security and Privacy (ICISSP), 2018

  41. GitHub - trema/cbench: An dedicated OpenFlow controller implementation for ”cbench” OpenFlow controller benchmark suite. https://github.com/trema/cbench. [Accessed 11-May-2023]

Download references

Acknowledgements

The authors express their gratitude to the Ministry of Education, Government of India, for providing an experimental setup infrastructure in the institute to conduct the research study. Additionally, the authors would like to thank the anonymous reviewers for their valuable feedback, which has helped improve the manuscript.

Funding

For the research, authoring, and publication of this article, we have not received any financial funding.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Institute of Technology Sikkim, Barfung Block, Ravangla, Sikkim, 737139, India

    Bipal Khanal, Chandan Kumar & Md. Sarfaraj Alam Ansari

Authors
  1. Bipal Khanal
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Chandan Kumar
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Md. Sarfaraj Alam Ansari
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

All the authors have an equal contribution to making the manuscript an important research paper.

Corresponding author

Correspondence to Md. Sarfaraj Alam Ansari.

Ethics declarations

Conflict of interest

There are no Conflict of interest to disclose.

Ethical Approval

This content is the author’s original work, which has never been published before.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Khanal, B., Kumar, C. & Ansari, M.S.A. Real-Time Anomaly Detection Framework to Mitigate Emerging Threats in Software Defined Networks. J Netw Syst Manage 33, 26 (2025). https://doi.org/10.1007/s10922-025-09904-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10922-025-09904-5

Keywords