HSF: A Hybrid SVM-RF Machine Learning Framework for Dual-Plane DDoS Detection and Mitigation in Software-Defined Networks

被引：0

作者：

Hirsi, Abdinasir ^{[1
,2
]}

Audah, Lukman ^{[1
,3
]}

Alhartomi, Mohammed A. ^{[4
]}

Salh, Adeb ^{[5
]}

Ansa, Godwin Okon ^{[6
]}

Hamdi, Mustafa Maad ^{[7
]}

Saputri, Diani Galih ^{[8
]}

Ahmed, Salman ^{[9
]}

Farah, Abdullahi ^{[10
]}

机构：

[1] Universiti Tun Hussein Onn Malaysia (UTHM), Advanced Telecommunication Research Center, Faculty of Electrical and Electronic Engineering, Parit Raja

[2] Jamhuriya University of Science and Technology, Faculty of Engineering, Mogadishu

[3] UTHM, Faculty of Electronic and Electrical Engineering, Parit Raja

[4] University of Tabuk, Department of Electrical Engineering, Tabuk

[5] Universiti Tunku Abdul Rahman (UTAR), Faculty of Information and Communication Technology, Kampar

[6] Akwa Ibom State University, Mkpat Enin, Faculty of Physical Sciences, Department of Computer Science, Akwa Ibom

[7] University of Anbar, College of Computer Science and IT, Department of Computer Science, Ramadi

[8] UTHM, Microelectronics and Nanotechnology Shamsuddin Research Centre (MiNT-SRC), Johor, Parit Raja

[9] UTHM, Faculty of Electrical and Electronic Engineering, VLSI and Embedded Technology (VEST) Focus Group, Parit Raja

[10] Somtel Telecommunication Company, Engineering Department, Bosaso

来源：

IEEE Access | 2025年 / 13卷

关键词：

DDoS attack; machine learning; network security; random forest; SDN security; support vector machine;

D O I：

10.1109/ACCESS.2025.3583712

中图分类号：

学科分类号：

摘要：

Software-defined networking (SDN) has revolutionized network management by centralizing control through software, thereby enabling dynamic traffic adjustments that are independent of the data plane. However, this innovation introduces significant security vulnerabilities because the existing solutions are largely adaptations of traditional methods and fail to address the unique challenges of SDN environments. To address this issue, this study proposes a machine-learning (ML)-based intrusion detection framework tailored specifically for SDN. In particular, the framework utilizes a hybrid model that combines a Support Vector Machine (SVM) and Random Forest (RF) classifiers (HSF), which significantly improves intrusion detection accuracy. Specifically, the proposed solution is structured as a three-layer protection mechanism. First, the Data Plane Monitoring layer examines features, such as packet count and byte count, to detect anomalies. Second, the Control Plane Monitoring layer evaluates attributes such as the source IP, destination IP, and protocols to identify suspicious activity. Finally, the Detection Layer leverages the hybrid ML approach to further strengthen detection capabilities and ensure timely responses. Importantly, the experimental results reveal that the HSF technique achieves an anomaly detection rate exceeding 99% across both data and control planes. This highlights its efficacy in securing the next-generation SDN networks. © 2013 IEEE.

引用

页码：112303 / 112323

页数：20

共 60 条

[1]

Ashok P., Hallur G., Wireless broadband unleashed: Charting regulatory pathways for broadband development, Proc. 2nd World Conf. Commun. Comput. (WCONF), pp. 1-6, (2024)

[2]

Kim Y., Hakak S., Ghorbani A., Detecting distributed denial-ofservice (DDoS) attacks that generate false authentications on electric vehicle (EV) charging infrastructure, Comput. Secur., 144, (2024)

[3]

Ahmed S., Ahmad N., Shah N.A., Mustafa Abro G.E., Wijayanto A., Hirsi A., Altaf A.R., Lightweight AES design for IoT applications: Optimizations in FPGA and ASIC with DFA countermeasure strategies, IEEE Access, 13, pp. 22489-22509, (2025)

[4]

Huang H., Sun B., Hu L., A task offloading approach based on risk assessment to mitigate edge DDoS attacks, Comput. Secur., 140, (2024)

[5]

Nguyen P.S., Huy T.N., Tuan T.A., Trung P.D., Long H.V., Hybrid feature extraction and integrated deep learning for cloud-based malware detection, Comput. Secur., 150, (2025)

[6]

Birthriya S.K., Ahlawat P., Jain A.K., Detection and prevention of spear phishing attacks: A comprehensive survey, Comput. Secur., 151, (2025)

[7]

Crespo-Martinez I.S., Campazas-Vega A., Guerrero-Higueras A.M., Riego-Delcastillo V., Alvarez-Aparicio C., Fernandez-Llamas C., SQL injection attack detection in network flow data, Comput. Secur., 127, (2023)

[8]

Hirsi A., Alhartomi M.A., Audah L., Salh A., Sahar N.M., Ahmed S., Ansa G.O., Farah A., Comprehensive analysis of DDoS anomaly detection in software-defined networks, IEEE Access, 13, pp. 23013-23071, (2025)

[9]

Zhao Z., Li Z., Zhou Z., Yu J., Song Z., Xie X., Zhang F., Zhang R., DDoS family: A novel perspective for massive types of DDoS attacks, Comput. Secur., 138, (2024)

[10]

Harada R., Shibata N., Kaneko S., Honda K., Terada J., Ishida Y., Akashi K., Miyachi T., Quick suppression of DDoS attacks by frame priority control in IoT backhaul with construction of miraibased attacks, IEEE Access, 10, pp. 22392-22399, (2022)

← 1 2 3 4 5 6 →