Detection of DDoS attacks in SDN with Siberian Tiger Optimization algorithm and deep learning

Detection of DDoS attacks in SDN with Siberian Tiger Optimization algorithm and deep learning | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Detection of DDoS attacks in SDN with Siberian Tiger Optimization algorithm and deep learning Naseer Hameed Saadoon Al-Sarray, Javad Rahebi, Ayşe Demirhan This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-4105679/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract The Software-defined Networking (SDN) system plays a crucial role in efficiently overseeing the Internet network by segregating the control and data planes. In the SDN, the controller manages and determines the policy in sending data and setting the SDN switches. Despite the significant advantages, the SDN network has security challenges. DDoS attacks are the main challenge in SDN networks. DDoS attacks primarily target the SDN controller to disrupt network performance. Intrusion detection systems in SDN networks need confidential methods for message exchange and coordination of controllers so that they can exchange the blacklist of attacking addresses with each other. In this manuscript, we introduce an approach utilizing 1D CNN and LSTM networks for detecting attacks in the SDN network, incorporating blacklist information hidden in images. In the first stage, game theory and deep learning based on GAN are used to increase attack detection accuracy in each SDN controller to balance the data set. In the second stage, each controller uses 1D CNN to extract the primary features, and the Siberian tiger optimization (STO) algorithm is applied to enhance the efficiency of this deep learning network. In the third step, the STO algorithm selects the optimal features. Finally, the LSTM network classifies traffic by receiving the selected features. SDN controllers use image encryption to increase privacy and security for exchanging and sharing blacklists. The tests performed in Python and on datasets UNSW-NB15, CIC-IDS2017, and NSL-KDD are 99.49%, 99.86%, and 99.91%. The proposed method GAN-CL-STO demonstrates higher accuracy in detecting network attacks compared to the CNN-LSTM, HODNN+CRF, 1D CNN, PSO-1D CNN, and 1D CNN+BiLSTM methods. The suggested approach for identifying attacks in SDN is more accurate than WOA, HHO, and COA feature selection methods. Distributed Denial of Service (DDoS) Internet of Things (IoT) Software-Defined Networking (SDN) Deep Learning Siberian Tiger Optimization (STO) Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-4105679","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":280399448,"identity":"1f46fdc0-cb76-4050-a5d2-4dbb31294fe8","order_by":0,"name":"Naseer Hameed Saadoon Al-Sarray","email":"","orcid":"","institution":"Gazi University","correspondingAuthor":false,"prefix":"","firstName":"Naseer","middleName":"Hameed Saadoon","lastName":"Al-Sarray","suffix":""},{"id":280399450,"identity":"8d166329-52ba-4b3c-875f-8046bc23ed62","order_by":1,"name":"Javad Rahebi","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABFElEQVRIie3Rv0rDQBzA8V8I1CWa9aRgX+FCoAiKvkqOgG4iCCXQwcjBZQm4Fio+Qx9A8HcE6nJ0PjBDu2SOuHQRvNilaJquDvcdjhvuw/0DsNn+cREQ52FpJhTASQF6e9bjhnCK28TbT6BHNqSpg/hZHnx+vFzc+H0uxnVShv6Up1CPCrjsYyshSoUEq/ju+EkKjaoaklKmzmRRgHcUtRJKriKC6LKZZkJLUZyDZql7KAzZcTI6qOI14j17NeS2IYOGfHUR4s7NLgWbESbAkCFtiNNBiIrnpwrf2KSU3FysCgNzF5kvrj1P7XoxyXWCY/Y4zVZ1kpTB83u2Wq5HZycHeTv5HZqNf8bun/xLbDabzbbdNzeJbQsghefhAAAAAElFTkSuQmCC","orcid":"","institution":"Istanbul Topkapi University","correspondingAuthor":true,"prefix":"","firstName":"Javad","middleName":"","lastName":"Rahebi","suffix":""},{"id":280399452,"identity":"7d92e08f-48c9-4277-bdfe-b4da46706094","order_by":2,"name":"Ayşe Demirhan","email":"","orcid":"","institution":"Gazi University","correspondingAuthor":false,"prefix":"","firstName":"Ayşe","middleName":"","lastName":"Demirhan","suffix":""}],"badges":[],"createdAt":"2024-03-15 07:13:15","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-4105679/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-4105679/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":53265412,"identity":"f2d9ef25-b8f5-4d59-99d6-cf0289132039","added_by":"auto","created_at":"2024-03-22 15:36:05","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":946496,"visible":true,"origin":"","legend":"","description":"","filename":"NasirPaper2024.02.27.pdf","url":"https://assets-eu.researchsquare.com/files/rs-4105679/v1_covered_6e1edd3a-a910-4f33-b8f7-3374916bcbfc.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Detection of DDoS attacks in SDN with Siberian Tiger Optimization algorithm and deep learning","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Distributed Denial of Service (DDoS), Internet of Things (IoT), Software-Defined Networking (SDN), Deep Learning, Siberian Tiger Optimization (STO)","lastPublishedDoi":"10.21203/rs.3.rs-4105679/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-4105679/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"The Software-defined Networking (SDN) system plays a crucial role in efficiently overseeing the Internet network by segregating the control and data planes. In the SDN, the controller manages and determines the policy in sending data and setting the SDN switches. Despite the significant advantages, the SDN network has security challenges. DDoS attacks are the main challenge in SDN networks. DDoS attacks primarily target the SDN controller to disrupt network performance. Intrusion detection systems in SDN networks need confidential methods for message exchange and coordination of controllers so that they can exchange the blacklist of attacking addresses with each other. In this manuscript, we introduce an approach utilizing 1D CNN and LSTM networks for detecting attacks in the SDN network, incorporating blacklist information hidden in images. In the first stage, game theory and deep learning based on GAN are used to increase attack detection accuracy in each SDN controller to balance the data set. In the second stage, each controller uses 1D CNN to extract the primary features, and the Siberian tiger optimization (STO) algorithm is applied to enhance the efficiency of this deep learning network. In the third step, the STO algorithm selects the optimal features. Finally, the LSTM network classifies traffic by receiving the selected features. SDN controllers use image encryption to increase privacy and security for exchanging and sharing blacklists. The tests performed in Python and on datasets UNSW-NB15, CIC-IDS2017, and NSL-KDD are 99.49%, 99.86%, and 99.91%. The proposed method GAN-CL-STO demonstrates higher accuracy in detecting network attacks compared to the CNN-LSTM, HODNN+CRF, 1D CNN, PSO-1D CNN, and 1D CNN+BiLSTM methods. The suggested approach for identifying attacks in SDN is more accurate than WOA, HHO, and COA feature selection methods.","manuscriptTitle":"Detection of DDoS attacks in SDN with Siberian Tiger Optimization algorithm and deep learning","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-03-19 16:32:08","doi":"10.21203/rs.3.rs-4105679/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"9f261947-10a8-4a11-8551-887ea82486b2","owner":[],"postedDate":"March 19th, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2024-10-30T04:23:10+00:00","versionOfRecord":[],"versionCreatedAt":"2024-03-19 16:32:08","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-4105679","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-4105679","identity":"rs-4105679","version":["v1"]},"buildId":"qtupq5eGEP_6zYnWcrvyt","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}