A Simulation-Based SDN Framework for Cyberattack Detection and Traffic Management

Aboubakr Bajenaid; Maher Khemakhem; Fathy E. Eassa; Farid Bourennani; Junaid M. Qurashi; Abdulaziz A. Alsulami; Badraddin Alturki

doi:10.48084/etasr.14738

Authors

Aboubakr Bajenaid Department of Information Systems, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia
Maher Khemakhem Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia
Fathy E. Eassa Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia
Farid Bourennani Department of Computer Science and Artificial Intelligence, Faculty of Computer Science and Engineering, University of Jeddah, Jeddah 23890, Saudi Arabia
Junaid M. Qurashi Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia
Abdulaziz A. Alsulami Department of Information Systems, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia
Badraddin Alturki Department of Information Technology, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia

Volume: 15 | Issue: 6 | Pages: 30462-30469 | December 2025 | https://doi.org/10.48084/etasr.14738

Received: 12 September 2025 | Revised: 12 October 2025 and 25 October 2025 | Accepted: 29 October 2025 | Online: 8 December 2025
Corresponding author: Aboubakr Bajenaid

Abstract

Software-Defined Networking (SDN) enables centralized control and programmability, providing a promising foundation for intelligent traffic management and enhanced security. This paper proposes a simulation-based SDN framework that integrates multiple Machine Learning (ML) models to evaluate the effectiveness of cyberattack detection and to manage packet resilience through the analysis of metrics such as throughput, switch delay, controller response time, and security performance indicators. Experimental results demonstrate that the Decision Tree (DT) and Extreme Gradient Boosting (XGBoost) classifiers achieved higher throughput, whereas the Deep Neural Network (DNN) and Transformer models imposed greater computational overhead. In addition, the DT and Random Forest (RF) models showed an accuracy–responsiveness trade-off, with better throughput and less processing time. Experimental results demonstrate high classification accuracy, with DT, RF, and XGBoost achieving near-perfect detection rates, whereas DNN and Transformer models maintained competitive performance despite certain class-specific limitations. The F1-scores validate the robustness of these classifiers. Complementary SDN simulations assessed packet management efficiency, yielding a consistent packet drop rate of approximately 31–32%, throughput ranging from 7.55 to 9.79 packets/s, and average switch delays around 12 ms across models. The findings confirm that the suggested hybrid approach not only detects cyberattacks effectively but also maintains acceptable SDN performance under diverse traffic conditions.

Keywords:

Software-Defined Networking (SDN), Quality of Service (QoS), traffic management, load balancing, intrusion detection, Machine Learning (ML), classification performance, packet loss, throughput, latency

Downloads

Download data is not yet available.

References

A. H. Abdi et al., "Security Control and Data Planes of SDN: A Comprehensive Review of Traditional, AI, and MTD Approaches to Security Solutions," IEEE Access, vol. 12, pp. 69941–69980, 2024. DOI: https://doi.org/10.1109/ACCESS.2024.3393548

W. G. Gadallah, N. M. Omar, and H. M. Ibrahim, "Machine Learning-based Distributed Denial of Service Attacks Detection Technique using New Features in Software-defined Networks," International Journal of Computer Network and Information Security, vol. 13, no. 3, pp. 15–27, June 2021. DOI: https://doi.org/10.5815/ijcnis.2021.03.02

M. Rahouti, K. Xiong, Y. Xin, S. K. Jagatheesaperumal, M. Ayyash, and M. Shaheed, "SDN Security Review: Threat Taxonomy, Implications, and Open Challenges," IEEE Access, vol. 10, pp. 45820–45854, 2022. DOI: https://doi.org/10.1109/ACCESS.2022.3168972

B. Isyaku, M. S. Mohd Zahid, M. Bte Kamat, K. Abu Bakar, and F. A. Ghaleb, "Software Defined Networking Flow Table Management of OpenFlow Switches Performance and Security Challenges: A Survey," Future Internet, vol. 12, no. 9, Sept. 2020, Art. no. 147. DOI: https://doi.org/10.3390/fi12090147

J. Kim et al., "Enhancing security in SDN: Systematizing attacks and defenses from a penetration perspective," Computer Networks, vol. 241, Mar. 2024, Art. no. 110203. DOI: https://doi.org/10.1016/j.comnet.2024.110203

A. AlEroud and I. Alsmadi, "Identifying cyber-attacks on software defined networks: An inference-based intrusion detection approach," Journal of Network and Computer Applications, vol. 80, pp. 152–164, Feb. 2017. DOI: https://doi.org/10.1016/j.jnca.2016.12.024

N. Sultana, N. Chilamkurti, W. Peng, and R. Alhadad, "Survey on SDN based network intrusion detection system using machine learning approaches," Peer-to-Peer Networking and Applications, vol. 12, no. 2, pp. 493–501, Mar. 2019. DOI: https://doi.org/10.1007/s12083-017-0630-0

A. Kamisiński and C. Fung, "FlowMon: Detecting Malicious Switches in Software-Defined Networks," in Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense, Denver, CO, USA, 2015, pp. 39–45. DOI: https://doi.org/10.1145/2809826.2809833

C. S. Khin, A. T. Kyaw, M. M. Maw, and M. Z. Oo, "Reducing Packet-In Messages in OpenFlow Networks," ECTI Transactions on Electrical Engineering, Electronics, and Communications, vol. 20, no. 1, pp. 1–9, Feb. 2022. DOI: https://doi.org/10.37936/ecti-eec.2022201.244944

I. Ali, S. Hong, and T. Cheung, "Quality of Service and Congestion Control in Software-Defined Networking Using Policy-Based Routing," Applied Sciences, vol. 14, no. 19, Oct. 2024, Art. no. 9066. DOI: https://doi.org/10.3390/app14199066

S. Badotra and M. Gurusamy, "SecuNet 4D a comprehensive framework for distributed SDN security and resilience," Scientific Reports, vol. 15, no. 1, May 2025, Art. no. 15996. DOI: https://doi.org/10.1038/s41598-025-98649-x

A. Hirsi et al., "HSF: A Hybrid SVM-RF Machine Learning Framework for Dual-Plane DDoS Detection and Mitigation in Software-Defined Networks," IEEE Access, vol. 13, pp. 112303–112323, 2025. DOI: https://doi.org/10.1109/ACCESS.2025.3583712

O. M. A. Alssaheli, Z. Z. Abidin, N. A. Zakaria, and Z. A. Abas, "Software Defined Network based Load Balancing for Network Performance Evaluation," International Journal of Advanced Computer Science and Applications, vol. 13, no. 4, pp. 117–124, Apr. 2022. DOI: https://doi.org/10.14569/IJACSA.2022.0130414

T. Semong et al., "Intelligent Load Balancing Techniques in Software Defined Networks: A Survey," Electronics, vol. 9, no. 7, July 2020, Art. no. 1091. DOI: https://doi.org/10.3390/electronics9071091

E. Reticcioli, G. D. Di Girolamo, F. Smarra, A. Torzi, F. Graziosi, and A. D’innocenzo, "Modeling and Control of Priority Queueing in Software Defined Networks via Machine Learning," IEEE Access, vol. 10, pp. 91481–91496, 2022. DOI: https://doi.org/10.1109/ACCESS.2022.3201823

L. Boero, M. Cello, C. Garibotto, M. Marchese, and M. Mongelli, "BeaQoS: Load balancing and deadline management of queues in an OpenFlow SDN switch," Computer Networks, vol. 106, pp. 161–170, Sept. 2016. DOI: https://doi.org/10.1016/j.comnet.2016.06.025

S. Bhandari, S. K. Sharma, and X. Wang, "Latency Minimization in Wireless IoT Using Prioritized Channel Access and Data Aggregation," in GLOBECOM 2017 - 2017 IEEE Global Communications Conference, Singapore, 2017, pp. 1–6. DOI: https://doi.org/10.1109/GLOCOM.2017.8255038

K. Truong Dinh, S. Kukliński, T. Osiński, and J. Wytrębowicz, "Heuristic traffic engineering for SDN," Journal of Information and Telecommunication, vol. 4, no. 3, pp. 251–266, July 2020. DOI: https://doi.org/10.1080/24751839.2020.1755528

K. S. Umadevi, M. S. S. Pranay, and K. Rachana, "Multilevel queue scheduling in software defined networks," in 2017 Innovations in Power and Advanced Computing Technologies, Vellore, India, 2017, pp. 1–4. DOI: https://doi.org/10.1109/IPACT.2017.8245144

T. Hu, P. Yi, J. Zhang, and J. Lan, "Reliable and load balance-aware multi-controller deployment in SDN," China Communications, vol. 15, no. 11, pp. 184–198, Nov. 2018. DOI: https://doi.org/10.1109/CC.2018.8543099

M. Ibrar, L. Wang, N. Shah, O. Rottenstreich, G.-M. Muntean, and A. Akbar, "Reliability-Aware Flow Distribution Algorithm in SDN-Enabled Fog Computing for Smart Cities," IEEE Transactions on Vehicular Technology, vol. 72, no. 1, pp. 573–588, Jan. 2023. DOI: https://doi.org/10.1109/TVT.2022.3202195

A. Alharthi, M. Alaryani, and S. Kaddoura, "A comparative study of machine learning and deep learning models in binary and multiclass classification for intrusion detection systems," Array, vol. 26, July 2025, Art. no. 100406. DOI: https://doi.org/10.1016/j.array.2025.100406

M. Rostami and S. Goli-Bidgoli, "An overview of QoS-aware load balancing techniques in SDN-based IoT networks," Journal of Cloud Computing, vol. 13, no. 1, Apr. 2024, Art. no. 89. DOI: https://doi.org/10.1186/s13677-024-00651-7

M. S. Elsayed, N.-A. Le-Khac, and A. D. Jurcut, "InSDN: A Novel SDN Intrusion Dataset," IEEE Access, vol. 8, pp. 165263–165284, 2020. DOI: https://doi.org/10.1109/ACCESS.2020.3022633

M. S. Ataa, E. E. Sanad, and R. A. El-khoribi, "Intrusion detection in software defined network using deep learning approaches," Scientific Reports, vol. 14, no. 1, Nov. 2024, Art. no. 29159. DOI: https://doi.org/10.1038/s41598-024-79001-1

Z. Wu, H. Zhang, P. Wang, and Z. Sun, "RTIDS: A Robust Transformer-Based Approach for Intrusion Detection System," IEEE Access, vol. 10, pp. 64375–64387, 2022. DOI: https://doi.org/10.1109/ACCESS.2022.3182333

S. Jamshidi, K. W. Nafi, A. Nikanjam, and F. Khomh, "Evaluating machine learning-driven intrusion detection systems in IoT: Performance and energy consumption," Computers & Industrial Engineering, vol. 204, June 2025, Art. no. 111103. DOI: https://doi.org/10.1016/j.cie.2025.111103

J. C. Mondragon, P. Branco, G.-V. Jourdan, A. E. Gutierrez-Rodriguez, and R. R. Biswal, "Advanced IDS: a comparative study of datasets and machine learning algorithms for network flow-based intrusion detection systems," Applied Intelligence, vol. 55, no. 7, Apr. 2025, Art. no. 608. DOI: https://doi.org/10.1007/s10489-025-06422-4

"InSDN dataset." Kaggle. [Online]. Available: https://www.kaggle.com/datasets/badcodebuilder/insdn-dataset.

M. Abdallah, N. An Le Khac, H. Jahromi, and A. Delia Jurcut, "A Hybrid CNN-LSTM Based Approach for Anomaly Detection Systems in SDNs," in Proceedings of the 16th International Conference on Availability, Reliability and Security, Vienna, Austria, 2021, pp. 1–7. DOI: https://doi.org/10.1145/3465481.3469190

H. Y. I. Khalid and N. B. I. Aldabagh, "A Survey on the Latest Intrusion Detection Datasets for Software Defined Networking Environments," Engineering, Technology & Applied Science Research, vol. 14, no. 2, pp. 13190–13200, Apr. 2024. DOI: https://doi.org/10.48084/etasr.6756