Intelligent SDN Architecture With Fuzzy Neural Network and Blockchain for Monitoring Critical Events

The article deals with the creation of an intelligent architecture of the Internet of Things transport environment based on software-defined network (SDN) and blockchain for detecting threats and attacks. The transport environment is created for the monitoring system of critical events in the road transport infrastructure. Blockchain technology is used to authenticate network nodes, store sensor data in a distributed ledger. The network packet clustering method based on a fuzzy neural network is used to detect packets with possible malicious content. The intelligent SDN architecture is a hierarchy of four layers with six levels and includes: a) edge computing layer (sensor nodes and routers level, SDN switches data level), b) fog computing layer (zone server level, control level in SDN controllers), c) a cloud computing layer with data center servers, d) a layer for presenting monitoring results on user devices and applications. Detection of threats and attacks is implemented by validating network nodes and analyzing header fields of IP packets and TCP segments. The intrusion detection system includes a parser and analyzer of data packets, a module for filtering traffic by type, port numbers and other characteristics of packets, a module for synthesizing digital signatures of trusted nodes and their validation, a module for analyzing and clustering packets based on fuzzy logic and a neural network, modules for logging procedures. The probability function of packets belonging to clusters is tuned through deep learning of a five-layer neural network. The conclusion about belonging and degree of similarity with malicious packages is formed using the fuzzy logic apparatus. To train the neural network, the previously synthesized rules of the flow tables and the identified signs of atypical data packets are used. The functionality and effectiveness of the SDN architecture with an intrusion detection system is validated by simulating procedures in the NS3 Simulator system, evaluating authenticity, latency, throughput, response time, and accuracy in detecting atypical data packets.