Software-Defined Networking (SDN) introduces a centralized control paradigm that enhances network programmability but also creates a critical vulnerability: the controller becomes a prime target for Distributed Denial-of-Service (DDoS) attacks. Traditional defense mechanisms are often ineffective in SDN environments due to high computational overhead, lack of adaptability, an‎d poor real-time performance. This research proposes a novel Adaptive Lightweight DDoS Defense System (ALDDS) that leverages optimized machine learning models for real-time detection an‎d mitigation of DDoS attacks targeting SDN controllers. The framework employs a hybrid approach, combining offline training on diverse datasets (CICDDoS2019, InSDN) with online incremental learning to adapt to evolving threats. Three lightweight models—Ran‎dom Forest, XGBoost-Lite, an‎d Convolutional Tsetlin Machine (CTM)—are developed an‎d eva‎luated holistically, considering both detection accuracy an‎d operational efficiency metrics such as latency, CPU/memory overhead, an‎d scalability. The system is implemented an‎d tested in emulated environments using Mininet with Ryu an‎d ONOS controllers, demonstrating detection accuracy exceeding 99% while maintaining sub-50ms latency an‎d less than 20% CPU utilization under attack conditions. The research contributes theoretical advancements in lightweight ML for cybersecurity, practical deployable solutions, an‎d a comprehensive eva‎luation methodology, providing a robust defense mechanism for enhancing SDN security.

2/18/2026 12:00:00 AM

89723

1404/11/30

Real-Time Lightweight Defense Against DDoS Attacks Targeting SDN Controllers using Machine Learning: Challenges an‎d Solutions

شبكه تعريف‌شده توسط نرم‌افزار (SDN)، , تشخيص حمله DDoS , يادگيري ماشين , مدل‌هاي سبك , امنيت شبكه.

Software-Defined Networking (SDN), , DDoS Attack Detection , Machine Learning , Lightweight Models , Network Security.