AN ENSEMBLE MACHINE LEARNING FRAMEWORK FOR ANOMALY DETECTION IN SOFTWARE-DEFINED NETWORKING (SDN) ENVIRONMENTS

Abstract

Software-Defined Networking (SDN) is a new network management method that is both flexible and programmable, but at the same time, it creates new security issues. Detecting bad users in SDN setups requires the use of intelligent, scalable, and adaptive intrusion detection systems (IDS). The paper describes a thorough and systematic comparison of eight machine learning models—Logistic Regression, Decision Tree, Random Forest, XGBoost, LightGBM, AdaBoost, Gradient Boosting, and Bagging Classifier—trained on a public SDN-specific dataset from Kaggle. Apart from several performance metrics such as accuracy, precision, recall, F1 score, AUC, and 5-fold cross-validation to measure generalization, the models were also assessed based on the above-mentioned metrics. The results show that all the ensemble-based models had a perfect classification accuracy (100%) according to all the metrics evaluated while Logistic Regression kept up the high stability with the average accuracy of 99.18%. Thus, it can be concluded that ensemble learning techniques are very robust for the identification and prevention of network intrusions in SDN environments. The research has delivered a certified machine learning framework which can work as a solid base for developing real-time, smart IDS in modern programmable networks.