Ensemble-Based Classification of Software-Defined Network (SDN) Attacks Traffic.

Saved in:
Bibliographic Details
Title: Ensemble-Based Classification of Software-Defined Network (SDN) Attacks Traffic.
Authors: Isaiah, Aladesote Olomi1 gs57427@student.upm.edu.my, Abdullah, Azizol1 azizol@upm.edu.my, Samian, Normalia1 normalia@upm.edu.my, Hanapi, Zurina Mohd.1 zurinamh@upm.edu.my
Source: Engineering Letters. May2026, Vol. 34 Issue 5, p1826-1841. 16p.
Subjects: Software-defined networking, Ensemble learning, Feature selection, Machine learning, Computer network security, Intrusion detection systems (Computer security), Sampling (Process)
Abstract: Software-Defined Networking (SDN) has emerged as a transformative paradigm for modernizing network infrastructures. It enables seamless integration with next-generation technologies such as IoT, Cloud Computing, Artificial Intelligence (AI), and Quantum Computing. Despite its architectural advantages, SDN's centralized control plane introduces critical security vulnerabilities, necessitating the deployment of advanced Intrusion Detection Systems (IDS). This study therefore assesses the effectiveness of three ensemble learning techniques - Voting, Stacking, and Bagging - and a hybrid ensemble model, MultiBoosting. The models were evaluated using both the complete and feature-selected subsets of the SDN-based features of the InSDN dataset, with feature selection performed via Information Gain and Correlation-based methods. The study also employs the Synthetic Minority Over-sampling Technique (SMOTE) to address class imbalance. The experimental results reveal that the proposed approach achieves a weighted F1-score average of 0.3362 on selected SDN features, surpassing the Novel Approach (0.3339) and the baseline InSDN method (0.3299). On the complete feature set, the proposed model also demonstrates superior performance with a weighted average of 0.5036, compared to 0.4964 for the Novel Approach. The proposed method consistently outperforms the existing techniques on both full and reduced feature sets across key SDN-related attack categories--including Botnet, DoS, DDoS, Probe, U2R, PGA, and Web Attacks. The only exception is DDoS classification, where the proposed and InSDN approaches exhibit identical performance on the reduced feature set. [ABSTRACT FROM AUTHOR]
Copyright of Engineering Letters is the property of International Association of Engineers (IAENG) and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
Description
Abstract:Software-Defined Networking (SDN) has emerged as a transformative paradigm for modernizing network infrastructures. It enables seamless integration with next-generation technologies such as IoT, Cloud Computing, Artificial Intelligence (AI), and Quantum Computing. Despite its architectural advantages, SDN's centralized control plane introduces critical security vulnerabilities, necessitating the deployment of advanced Intrusion Detection Systems (IDS). This study therefore assesses the effectiveness of three ensemble learning techniques - Voting, Stacking, and Bagging - and a hybrid ensemble model, MultiBoosting. The models were evaluated using both the complete and feature-selected subsets of the SDN-based features of the InSDN dataset, with feature selection performed via Information Gain and Correlation-based methods. The study also employs the Synthetic Minority Over-sampling Technique (SMOTE) to address class imbalance. The experimental results reveal that the proposed approach achieves a weighted F1-score average of 0.3362 on selected SDN features, surpassing the Novel Approach (0.3339) and the baseline InSDN method (0.3299). On the complete feature set, the proposed model also demonstrates superior performance with a weighted average of 0.5036, compared to 0.4964 for the Novel Approach. The proposed method consistently outperforms the existing techniques on both full and reduced feature sets across key SDN-related attack categories--including Botnet, DoS, DDoS, Probe, U2R, PGA, and Web Attacks. The only exception is DDoS classification, where the proposed and InSDN approaches exhibit identical performance on the reduced feature set. [ABSTRACT FROM AUTHOR]
ISSN:1816093X