DDoS attack detection methods in software-defined networks (SDN): a comparative analysis of classical and modern machine learning and deep learning approaches

Authors

DOI:

https://doi.org/10.18372/2073-4751.85.21094

Keywords:

software-defined networking, DDoS attacks, machine learning, deep learning, OpenFlow, adversarial training, federated learning

Abstract

This paper examines DDoS attack detection methods in software-defined networks (SDN). The aim of the study is a comparative analysis and systematization of classical and modern approaches to attack detection in SDN environments.

Traditional protection methods are analyzed, including entropy-based statistical analysis, threshold and rule-based systems, and conventional machine learning algorithms, with their limitations under modern adaptive attacks identified. Modern machine learning and deep learning approaches are investigated, including ensemble methods, hybrid architectures, adversarially robust models, and federated learning, along with their respective advantages and drawbacks. The accuracy and efficiency of various methods are compared on the basis of current published research results.

The paper proposes further investigation of two-tier machine learning and deep learning architectures and federated learning in software-defined networks, with the aim of improving attack detection accuracy, adversarial robustness, and adaptability to changes in the network environment. Results of the method comparison are presented with emphasis on their effectiveness in real SDN deployments.

References

Ahmed N. et al. Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis // Sensors. — 2022. — Vol. 22, No. 20. — Art. 7896. DOI: 10.3390/s22207896

Abubakar R. et al. An Effective Mechanism to Mitigate Real-Time DDoS Attack // IEEE Access. — 2020. — Vol. 8. — P. 126215–126227. DOI: 10.1109/ACCESS.2020.3007638

Swami R. et al. Software-Defined Networking-Based DDoS Defense Mechanisms // ACM Computing Surveys. — 2019. — Vol. 52, No. 2. — Art. 28. DOI: 10.1145/3301614

Ahmed N. et al. Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms // Sensors. — 2022. — Vol. 22, No. 20. — P. 7896.

Bawany N.Z. et al. DDoS Attack Detection and Mitigation Using SDN: Methods, Practices, and Solutions // Arabian Journal for Science and Engineering. — 2017. — Vol. 42, No. 2. — P. 425–441. DOI: 10.1007/s13369-017-2414-5

Zhang F. et al. Multilayer Data-Driven Cyber-Attack Detection System for Industrial Control Systems // IEEE Transactions on Industrial Informatics. — 2019. — Vol. 15, No. 7. — P. 4362–4369.

Mousavi S.M., St-Hilaire M. Early Detection of DDoS Attacks against SDN Controllers // IEEE CCECE. — 2015. DOI: 10.1109/CCECE.2015.7129521

El Sayed M.S. et al. A Flow-Based Anomaly Detection Approach With Feature Selection Method Against DDoS Attacks in SDNs // IEEE Trans. Cogn. Commun. Netw. — 2022. — Vol. 8, No. 4. — P. 1862–1880.

Zhang F. et al. Dual Generative Adversarial Networks Based Unknown Encryption Ransomware Attack Detection // IEEE Access. — 2022. — Vol. 10. — P. 900–913.

Garg S. et al. Hybrid Deep-Learning-Based Anomaly Detection Scheme for Suspicious Flow Detection in SDN // IEEE Transactions on Multimedia. — 2019. — Vol. 21, No. 3. — P. 566–578.

Batool, S.; Aslam, M.; Akpokodje, E.; Jilani, S.F. A Comprehensive Review of DDoS Detection and Mitigation in SDN Environments: Machine Learning, Deep Learning, and Federated Learning Perspectives. Electronics 2025, 14, 4222. https://doi.org/10.3390/electronics14214222

Chen L., Wang Z., Huo R., Huang T. An Adversarial DBN-LSTM Method for Detecting and Defending against DDoS Attacks in SDN Environments // Algorithms. — 2023. — Vol. 16, No. 4. — Art. 197. https://doi.org/10.3390/a16040197

Boby Clinton, Urikhimbam & Hoque, Nazrul & Robindro, Khumukcham. Classification of DDoS Attack Traffic on SDN Network Environment Using Deep Learning // Cybersecurity (SpringerNature). — 2024. https://www.researchgate.net/publication/382830855

Elshewey A.M., Abbas S., Osman A.M. et al. DDoS Classification of Network Traffic in Software Defined Networking SDN Using a Hybrid Convolutional and Gated Recurrent Neural Network // Scientific Reports. — 2025. — Vol. 15. — Art. 29122. https://doi.org/10.1038/s41598-025-13754-1

Estupiñán Cuesta, E.P.; Martínez Quintero, J.C.; Avilés Palma, J.D. DDoS Attacks Detection in SDN Through Network Traffic Feature Selection and Machine Learning Models. Telecom 2025, 6, 69. https://doi.org/10.3390/telecom6030069

Gayantha N., Rajapakse C., Senanayake J. Advanced DDoS Attack Detection and Mitigation in Software-Defined Networking (SDN) Environments: An Integrated Machine Learning Approach // IEEE SCSE 2025. — Colombo: IEEE, 2025. — P. 1–6. https://doi.org/10.1109/SCSE65633.2025.11030982

Downloads

Published

2026-04-28

How to Cite

Kulakov, Y., & Cherednyk, V. (2026). DDoS attack detection methods in software-defined networks (SDN): a comparative analysis of classical and modern machine learning and deep learning approaches. Problems of Informatization and Control, 1(85). https://doi.org/10.18372/2073-4751.85.21094

Issue

Vol. 1 No. 85 (2026)

Section

Статті

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The scientific journal adheres to the principles of Open Access and provides free, immediate, and permanent access to all published materials without financial, technical, or legal barriers for readers.

All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.

Copyright

Authors who publish their works in the journal:

  • retain the copyright to their publications;

  • grant the journal the right of first publication of the article;

  • agree to the distribution of their materials under the CC BY 4.0 license;

  • have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.