Design an‎d Implementation of an Intelligent DDoS Attack Detection System in Software-Defined Networks Using Machine Learning an‎d Information Entropy Analysis

6/13/2026 12:00:00 AM

Abstract This study aims to present an intelligent framework for detecting Distributed Denial of Service (DDoS) attacks in Software-Defined Networking (SDN) environments using machine learning algorithms. Due to the high vulnerability of the centralized SDN architecture to such attacks, traditional anomaly detection methods are not capable of effectively identifying the complex an‎d dynamic behavior of network traffic. In this research, by combining entropy-based statistical indicators such as Information Entropy with machine learning models, a framework is designed that can analyze network traffic behavior patterns an‎d detect attacks at early stages. The experimental environment is emulated using Mininet, an‎d normal as well as malicious traffic is generated with the Scapy tool. The resulting flow-level data, including features such as the number of unique IP addresses, packet transmission rate, an‎d entropy values, are extracted an‎d preprocessed. Four algorithms—Ran‎dom Forest (RF), SVM, KNN, an‎d MLP—are trained, an‎d their performance is eva‎luated based on Accuracy, Recall, an‎d processing time. The results show that the Ran‎dom Forest algorithm, with an accuracy of 98.6%, a detection rate (Recall) of 99.2%, an‎d the minimum response time of 72 ms, outperforms the other models. Employing entropy-based features as detection indicators reduces the false positive rate to 1.2% an‎d leads to a significant improvement in the effectiveness of the system. Furthermore, analysis of entropy variations in normal traffic (3.4–4.2 bits) an‎d attack traffic (below 2 bits) demonstrates the high efficiency of this metric in rapid anomaly detection. The obtained results indicate that the proposed hybrid framework can be considered as an effective step toward enhancing the security of software-defined networks an‎d provides a solid basis for the development of real-time intrusion detection systems in next-generation network architectures.

شبكه نرم‌افزارمحور , يادگيري ماشين , آنتروپي اطلاعات , امنيت شبكه

Software-Defined Networking (SDN) , DDoS , Machine Learning , Information Entropy , Random Forest

Ehsan Zavareh

Dr.Mozayeni