This is a preview and has not been published. View submission

Enhancing SDN Security and Availability with Blockchain and Dual-Layer Isolation Forest–Driven DDoS Detection

Authors

  • Ahmed Belkhadim RITM – ESTC/CED, ENSEM Hassan II University, Casablanca, Morocco
  • Abdelilah Chahid Laboratory of Modeling and Simulation of Intelligent Industrial Systems, ENSET of Mohammedia, Hassan II University of Casablanca, Morocco
  • Adil Hilmani LASTIMI, High School of Technology Sale, Mohammed V University Rabat, Morocco
  • Abdelaziz Ettaoufik LIAS, Faculty of Sciences Ben M’sick, Hassan II University of Casablanca, Morocco
  • Abderrahim Maizate RITM – ESTC/CED, ENSEM Hassan II University, Casablanca, Morocco
  • Khalifa Mansouri Laboratory of Modeling and Simulation of Intelligent Industrial Systems, ENSET of Mohammedia, Hassan II University of Casablanca, Morocco
Volume: 16 | Issue: 3 | Pages: 36393-36400 | June 2026 | https://doi.org/10.48084/etasr.17899

Received: 1 February 2026 | Revised: 18 March 2026 | Accepted: 1 April 2026 | Online: 14 May 2026


Corresponding author: Ahmed Belkhadim

Abstract

Software-Defined Networking (SDN) improves network programmability and centralized control, yet it remains vulnerable to Distributed Denial-of-Service (DDoS) attacks, particularly those targeting SDN controllers and flow-table management. This paper proposes a double-layer DDoS defense framework that integrates consortium blockchain and machine learning to enhance security and reliability in SDN environments. The architecture deploys a Financial Blockchain Shenzhen Consortium (FISCO)-BCOS consortium blockchain at the controller's northbound interface to securely store and validate flow-table information through smart contracts. To strengthen control-plane resilience, a primary–secondary controller configuration (CM/MS) is introduced, where controllers synchronize validated flow rules via blockchain consensus and support seamless failover. DDoS mitigation is performed using a two-tier strategy: (i) a time-window frequency analysis of blockchain-recorded flow data combined with a token bucket mechanism to detect and limit high-rate flooding sources, and (ii) a composite feature selection process coupled with an Isolation Forest model to detect stealthy low-rate attacks. Experiments conducted on a Mininet-based SDN testbed using the CIC-DDoS2019 dataset demonstrate that the proposed framework achieves 92.29% detection accuracy while preserving stable network transmission behavior. Results indicate that blockchain-based flow validation and controller redundancy improve SDN security and reliability without measurable degradation in Round-Trip Time (RTT) performance.

Keywords:

Software-Defined Networking (SDN), blockchain, smart contracts, DDoS detection, Isolation Forest, token bucket, SDN controller

Downloads

Download data is not yet available.

References

M. U. Younus, S. ul Islam, I. Ali, S. Khan, and M. K. Khan, "A survey on software defined networking enabled smart buildings: Architecture, challenges and use cases," Journal of Network and Computer Applications, vol. 137, pp. 62–77, July 2019.

H. Riggs, A. Khalid, and A. I. Sarwat, "An Overview of SDN Issues—A Case Study and Performance Evaluation of a Secure OpenFlow Protocol Implementation," Electronics, vol. 14, no. 16, Aug. 2025, Art. no. 3244.

R. Basfar, M. Y. Dahab, A. M. Ali, F. Eassa, and K. Bajunaied, "Enhanced Intrusion Detection in Software-Defined Networking using Advanced Feature Selection: The EMRMR Approach," Engineering, Technology & Applied Science Research, vol. 14, no. 6, pp. 19001–19008, Dec. 2024.

A. Kaur, C. Rama Krishna, and N. V. Patil, "A comprehensive review on Software-Defined Networking (SDN) and DDoS attacks: Ecosystem, taxonomy, traffic engineering, challenges and research directions," Computer Science Review, vol. 55, Feb. 2025, Art. no. 100692.

S. Garg, S. Goyal, and A. Bhandari, "A lightweight blockchain based scalable and collaborative mitigation framework against new flow DDoS attacks in SDN enabled autonomous systems," Scientific Reports, vol. 15, no. 1, Oct. 2025, Art. no. 36002.

Z. Zeng, X. Zhang, and Z. Xia, "Intelligent Blockchain-Based Secure Routing for Multidomain SDN-Enabled IoT Networks," Wireless Communications and Mobile Computing, vol. 2022, no. 1, Feb. 2022, Art. no. 5693962.

W. Li, Y. Wang, W. Meng, J. Li, and C. Su, "BlockCSDN: Towards Blockchain-Based Collaborative Intrusion Detection in Software Defined Networking," IEICE Transactions on Information and Systems, vol. E105.D, no. 2, pp. 272–279, Feb. 2022.

R. Ma, Q. Wang, X. Bu, and X. Chen, "Real-Time Detection of DDoS Attacks Based on Random Forest in SDN," Applied Sciences, vol. 13, no. 13, July 2023, Art. no. 7872.

A. V. Kachavimath and N. D g, "An Efficient DDoS Attack Detection in SDN using Multi-Feature Selection and Ensemble Learning," Procedia Computer Science, vol. 252, pp. 241–250, Jan. 2025.

Md. E. Haque, A. Hossain, Md. S. Alam, A. H. Siam, S. M. F. Rabbi, and Md. M. Rahman, "Optimizing DDoS Detection in SDNs Through Machine Learning Models," in 2024 IEEE 16th International Conference on Computational Intelligence and Communication Networks, Indore, India, 2024, pp. 426–431.

I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, "Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy," in 2019 International Carnahan Conference on Security Technology, Chennai, India, 2019, pp. 1–8.

"DDoS evaluation dataset (CIC-DDoS2019)." Canadian Institute for Cybersecurity (CIC), University of New Brunswick. [Online]. Available: https://www.unb.ca/cic/datasets/ddos-2019.html.

"Mininet: An Instant Virtual Network on Your Laptop (or Other PC)." Mininet. http://mininet.org/.

N. O. X. Repo, "noxrepo/pox." Apr. 27, 2026. [Online]. Available: https://github.com/noxrepo/pox.

"Financial Services Blockchain Consortium." GitHub. https://github.com/FISCO-BCOS.

"WeBankBlockchain/WeBASE: WeBASE(WeBank Blockchain Application Software Extension)." Gitee. https://gitee.com/WeBank/WeBASE.

P. Karthika and K. Arockiasamy, "Simulation of SDN in mininet and detection of DDoS attack using machine learning," Bulletin of Electrical Engineering and Informatics, vol. 12, no. 3, pp. 1797–1805, June 2023.

H. Babbar, S. Rani, and M. Driss, "Effective DDoS attack detection in software-defined vehicular networks using statistical flow analysis and machine learning," Plos One, vol. 19, no. 12, Dec. 2024, Art. no. e0314695.

Downloads

How to Cite

[1]
A. Belkhadim, A. Chahid, A. Hilmani, A. Ettaoufik, A. Maizate, and K. Mansouri, “Enhancing SDN Security and Availability with Blockchain and Dual-Layer Isolation Forest–Driven DDoS Detection”, Eng. Technol. Appl. Sci. Res., vol. 16, no. 3, pp. 36393–36400, Jun. 2026.

Metrics

Abstract Views: 2
PDF Downloads: 2

Metrics Information

License

Copyright (c) 2026 Ahmed Belkhadim, Abdelilah Chahid, Adil Hilmani, Abdelaziz Ettaoufik, Abderrahim Maizate, Khalifa Mansouri

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.

Crossref
Scopus
Google Scholar
Europe PMC