HSF: A Hybrid SVM-RF Machine Learning Framework for Dual-Plane DDoS Detection and Mitigation in Software-Defined Networks
Software-defined networking (SDN) has revolutionized network management by centralizing control through software, thereby enabling dynamic traffic adjustments that are independent of the data plane. However, this innovation introduces significant security vulnerabilities because the existing solutio...
Saved in:
| Main Authors: | , , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/11053758/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849427188969897984 |
|---|---|
| author | Abdinasir Hirsi Lukman Audah Mohammed A. Alhartomi Adeb Salh Godwin Okon Ansa Mustafa Maad Hamdi Diani Galih Saputri Salman Ahmed Abdullahi Farah |
| author_facet | Abdinasir Hirsi Lukman Audah Mohammed A. Alhartomi Adeb Salh Godwin Okon Ansa Mustafa Maad Hamdi Diani Galih Saputri Salman Ahmed Abdullahi Farah |
| author_sort | Abdinasir Hirsi |
| collection | DOAJ |
| description | Software-defined networking (SDN) has revolutionized network management by centralizing control through software, thereby enabling dynamic traffic adjustments that are independent of the data plane. However, this innovation introduces significant security vulnerabilities because the existing solutions are largely adaptations of traditional methods and fail to address the unique challenges of SDN environments. To address this issue, this study proposes a machine-learning (ML)-based intrusion detection framework tailored specifically for SDN. In particular, the framework utilizes a hybrid model that combines a Support Vector Machine (SVM) and Random Forest (RF) classifiers (HSF), which significantly improves intrusion detection accuracy. Specifically, the proposed solution is structured as a three-layer protection mechanism. First, the Data Plane Monitoring layer examines features, such as packet count and byte count, to detect anomalies. Second, the Control Plane Monitoring layer evaluates attributes such as the source IP, destination IP, and protocols to identify suspicious activity. Finally, the Detection Layer leverages the hybrid ML approach to further strengthen detection capabilities and ensure timely responses. Importantly, the experimental results reveal that the HSF technique achieves an anomaly detection rate exceeding 99% across both data and control planes. This highlights its efficacy in securing the next-generation SDN networks. |
| format | Article |
| id | doaj-art-2b7217e83a5d4cc2b6a98ce05d024538 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-2b7217e83a5d4cc2b6a98ce05d0245382025-08-20T03:29:06ZengIEEEIEEE Access2169-35362025-01-011311230311232310.1109/ACCESS.2025.358371211053758HSF: A Hybrid SVM-RF Machine Learning Framework for Dual-Plane DDoS Detection and Mitigation in Software-Defined NetworksAbdinasir Hirsi0https://orcid.org/0000-0001-8543-6134Lukman Audah1https://orcid.org/0000-0002-0958-4474Mohammed A. Alhartomi2https://orcid.org/0000-0002-5955-8864Adeb Salh3https://orcid.org/0000-0003-0905-2635Godwin Okon Ansa4https://orcid.org/0000-0003-1107-5959Mustafa Maad Hamdi5Diani Galih Saputri6https://orcid.org/0000-0001-7124-7148Salman Ahmed7https://orcid.org/0009-0003-7129-7892Abdullahi Farah8Advanced Telecommunication Research Center, Faculty of Electrical and Electronic Engineering, Universiti Tun Hussein Onn Malaysia (UTHM), Parit Raja, MalaysiaAdvanced Telecommunication Research Center, Faculty of Electrical and Electronic Engineering, Universiti Tun Hussein Onn Malaysia (UTHM), Parit Raja, MalaysiaDepartment of Electrical Engineering, University of Tabuk, Tabuk, Saudi ArabiaFaculty of Information and Communication Technology, Universiti Tunku Abdul Rahman (UTAR), Kampar, MalaysiaDepartment of Computer Science, Faculty of Physical Sciences, Akwa Ibom State University, Mkpat Enin, Akwa Ibom, NigeriaDepartment of Computer Science, College of Computer Science and IT, University of Anbar, Ramadi, IraqMicroelectronics and Nanotechnology Shamsuddin Research Centre (MiNT-SRC), UTHM, Parit Raja, Johor, MalaysiaVLSI and Embedded Technology (VEST) Focus Group, Faculty of Electrical and Electronic Engineering, UTHM, Parit Raja, MalaysiaEngineering Department, Somtel Telecommunication Company, Bosaso, SomaliaSoftware-defined networking (SDN) has revolutionized network management by centralizing control through software, thereby enabling dynamic traffic adjustments that are independent of the data plane. However, this innovation introduces significant security vulnerabilities because the existing solutions are largely adaptations of traditional methods and fail to address the unique challenges of SDN environments. To address this issue, this study proposes a machine-learning (ML)-based intrusion detection framework tailored specifically for SDN. In particular, the framework utilizes a hybrid model that combines a Support Vector Machine (SVM) and Random Forest (RF) classifiers (HSF), which significantly improves intrusion detection accuracy. Specifically, the proposed solution is structured as a three-layer protection mechanism. First, the Data Plane Monitoring layer examines features, such as packet count and byte count, to detect anomalies. Second, the Control Plane Monitoring layer evaluates attributes such as the source IP, destination IP, and protocols to identify suspicious activity. Finally, the Detection Layer leverages the hybrid ML approach to further strengthen detection capabilities and ensure timely responses. Importantly, the experimental results reveal that the HSF technique achieves an anomaly detection rate exceeding 99% across both data and control planes. This highlights its efficacy in securing the next-generation SDN networks.https://ieeexplore.ieee.org/document/11053758/DDoS attackmachine learningnetwork securityrandom forestSDN securitysupport vector machine |
| spellingShingle | Abdinasir Hirsi Lukman Audah Mohammed A. Alhartomi Adeb Salh Godwin Okon Ansa Mustafa Maad Hamdi Diani Galih Saputri Salman Ahmed Abdullahi Farah HSF: A Hybrid SVM-RF Machine Learning Framework for Dual-Plane DDoS Detection and Mitigation in Software-Defined Networks IEEE Access DDoS attack machine learning network security random forest SDN security support vector machine |
| title | HSF: A Hybrid SVM-RF Machine Learning Framework for Dual-Plane DDoS Detection and Mitigation in Software-Defined Networks |
| title_full | HSF: A Hybrid SVM-RF Machine Learning Framework for Dual-Plane DDoS Detection and Mitigation in Software-Defined Networks |
| title_fullStr | HSF: A Hybrid SVM-RF Machine Learning Framework for Dual-Plane DDoS Detection and Mitigation in Software-Defined Networks |
| title_full_unstemmed | HSF: A Hybrid SVM-RF Machine Learning Framework for Dual-Plane DDoS Detection and Mitigation in Software-Defined Networks |
| title_short | HSF: A Hybrid SVM-RF Machine Learning Framework for Dual-Plane DDoS Detection and Mitigation in Software-Defined Networks |
| title_sort | hsf a hybrid svm rf machine learning framework for dual plane ddos detection and mitigation in software defined networks |
| topic | DDoS attack machine learning network security random forest SDN security support vector machine |
| url | https://ieeexplore.ieee.org/document/11053758/ |
| work_keys_str_mv | AT abdinasirhirsi hsfahybridsvmrfmachinelearningframeworkfordualplaneddosdetectionandmitigationinsoftwaredefinednetworks AT lukmanaudah hsfahybridsvmrfmachinelearningframeworkfordualplaneddosdetectionandmitigationinsoftwaredefinednetworks AT mohammedaalhartomi hsfahybridsvmrfmachinelearningframeworkfordualplaneddosdetectionandmitigationinsoftwaredefinednetworks AT adebsalh hsfahybridsvmrfmachinelearningframeworkfordualplaneddosdetectionandmitigationinsoftwaredefinednetworks AT godwinokonansa hsfahybridsvmrfmachinelearningframeworkfordualplaneddosdetectionandmitigationinsoftwaredefinednetworks AT mustafamaadhamdi hsfahybridsvmrfmachinelearningframeworkfordualplaneddosdetectionandmitigationinsoftwaredefinednetworks AT dianigalihsaputri hsfahybridsvmrfmachinelearningframeworkfordualplaneddosdetectionandmitigationinsoftwaredefinednetworks AT salmanahmed hsfahybridsvmrfmachinelearningframeworkfordualplaneddosdetectionandmitigationinsoftwaredefinednetworks AT abdullahifarah hsfahybridsvmrfmachinelearningframeworkfordualplaneddosdetectionandmitigationinsoftwaredefinednetworks |