Optimized Hybrid CNN-LSTM Framework with Multi-Feature Analysis and SMOTE for Intrusion Detection in SDN
Main Article Content
Abstract
There is a growing trend toward the use of software-defined networks (SDN), which presents new security challenges requiring advanced intrusion detection systems (IDS). This paper proposes a deep learning-based hybrid system combining convolutional neural networks (CNNs) and long-term short-term memory networks (LSTMs) that can be used for effective intrusion detection in SDN environments. The model uses CNNs to acquire the spatial features of network traffic data and LSTMs to learn temporal patterns, enabling the identification of complex attack patterns. We evaluate our model using an InSDN dataset and test its performance using various feature sets, ranging from 6 to 83 features in our model. Experimental results indicate that our model has a high multi-class classification accuracy of 99.63% when using all 83 features in Group1. Furthermore, we use a Synthetic Minority Over-sampling Technique (SMOTE) to address the issue of class imbalance which considerably enhances detection accuracy of minority attack classes which is reaching 99.76%. It is established that the presented hybrid CNN-LSTM model is powerful and successful solution to SDN security improvement.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution 4.0 International License.
References
M. Hussain, N. Shah, R. Amin, S. S. Alshamrani, A. Alotaibi, and S. M. Raza, “Software-Defined Networking: Categories, Analysis, and Future Directions,” Sensors 2022, Vol. 22, Page 5551, vol. 22, no. 15, p. 5551, Jul. 2022, doi: 10.3390/S22155551.
H. A. Suleiman and Z. H. Ali, “The Extremism Detection Using Hybrid Deep Learning,” Mustansiriyah J. Pure Appl. Sci., vol. 3, no. 4, pp. 173–189, Sep. 2025, doi: 10.47831/MJPAS.V3I4.292.
J. M. Johnson and T. M. Khoshgoftaar, “Survey on deep learning with class imbalance,” J. Big Data, vol. 6, no. 1, pp. 1–54, Dec. 2019, doi: 10.1186/S40537-019-0192-5/TABLES/18.
S. Salman, S. Salman, and J. H. Soud, “Deep Learning Machine using Hierarchical Cluster Features,” Al-Mustansiriyah J. Sci., vol. 29, no. 3, pp. 82–93, Mar. 2019, doi: 10.23851/mjs.v29i3.625.
R. Yamashita, M. Nishio, R. K. G. Do, and K. Togashi, “Convolutional neural networks: an overview and application in radiology,” Insights Imaging, vol. 9, no. 4, pp. 611–629, Aug. 2018, doi: 10.1007/S13244-018-0639-9.
“Long Short-Term Memory.” Accessed: Sep. 09, 2025. [Online]. Available: https://www.researchgate.net/publication/13853244_Long_Short-Term_Memory
C. V., B. W., H. O., and K. Philip, “SMOTE,” J. Artif. Intell. Res., Jun. 2002, doi: 10.5555/1622407.1622416.
N. K. S. Nayak and B. Bhattacharyya, “Multilayered SDN security with MAC authentication and GAN-based intrusion detection,” PLoS One, vol. 20, no. 9, p. e0331470, Sep. 2025, doi: 10.1371/JOURNAL.PONE.0331470.
Y. Zhang, C. Jue, W. Liu, and Y. Ma, “GRAN: a SDN intrusion detection model based on graph attention network and residual learning,” Comput. J., vol. 68, no. 3, pp. 241–260, Mar. 2025, doi: 10.1093/COMJNL/BXAE108.
A. Dadhania et al., “Software defined network and graph neural network-based anomaly detection scheme for high speed networks,” Cyber Secur. Appl., vol. 3, p. 100079, Dec. 2025, doi: 10.1016/J.CSA.2024.100079.
L. Mhamdi and M. M. Isa, “Securing SDN: Hybrid autoencoder-random forest for intrusion detection and attack mitigation,” J. Netw. Comput. Appl., vol. 225, p. 103868, May 2024, doi: 10.1016/J.JNCA.2024.103868.
A. M. Zacaron, D. M. B. Lent, V. G. da Silva Ruffo, L. F. Carvalho, and M. L. Proença, “Generative Adversarial Network Models for Anomaly Detection in Software-Defined Networks,” J. Netw. Syst. Manag. 2024 324, vol. 32, no. 4, pp. 93-, Sep. 2024, doi: 10.1007/S10922-024-09867-Z.
H. A. Hassan, E. El-Din Hemdan, M. Shokair, F. E. A. El-Samie, and W. El-Shafai, “An Efficient Attack Detection Framework in Software-Defined Networking using Intelligent Techniques,” ICEEM 2023 - 3rd IEEE Int. Conf. Electron. Eng., no. October, 2023, doi: 10.1109/ICEEM58740.2023.10319575.
R. A. Elsayed, R. A. Hamada, M. I. Abdalla, and S. A. Elsaid, “Securing IoT and SDN systems using deep-learning based automatic intrusion detection,” Ain Shams Eng. J., vol. 14, no. 10, Oct. 2023, doi: 10.1016/j.asej.2023.102211.
S. H. A. Kazmi, F. Qamar, R. Hassan, K. Nisar, D. P. B. Dahnil, and M. A. Al-Betar, “Threat Intelligence with Non-IID Data in Federated Learning enabled Intrusion Detection for SDN: An Experimental Study,” 2023 24th Int. Arab Conf. Inf. Technol. ACIT 2023, pp. 1–6, 2023, doi: 10.1109/ACIT58888.2023.10453867.
A. Mzibri, R. Benaini, and M. Ben Mamoun, “Case Study on the Performance of ML-Based Network Intrusion Detection Systems in SDN,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Science and Business Media Deutschland GmbH, 2023, pp. 90–95. doi: 10.1007/978-3-031-37765-5_7.
A. Almazyad, L. Halman, and A. Alsaeed, “Probe Attack Detection Using an Improved Intrusion Detection System,” Comput. Mater. Contin., vol. 74, no. 3, pp. 479–4784, 2023, doi: 10.32604/cmc.2023.033382.
H. M. Chuang, F. Liu, and C. H. Tsai, “Early Detection of Abnormal Attacks in Software-Defined Networking Using Machine Learning Approaches,” Symmetry (Basel)., vol. 14, no. 6, Jun. 2022, doi: 10.3390/sym14061178.
S. Wang et al., “Detecting flooding DDoS attacks in software defined networks using supervised learning techniques,” Eng. Sci. Technol. an Int. J., vol. 35, Nov. 2022, doi: 10.1016/j.jestch.2022.101176.
J. Wang and L. Wang, “SDN-Defend: A Lightweight Online Attack Detection and Mitigation System for DDoS Attacks in SDN,” Sensors, vol. 22, no. 21, 2022, doi: 10.3390/s22218287.
M. S. El Sayed, N. A. Le-Khac, M. A. Azer, and A. D. Jurcut, “A Flow-Based Anomaly Detection Approach With Feature Selection Method Against DDoS Attacks in SDNs,” IEEE Trans. Cogn. Commun. Netw., vol. 8, no. 4, pp. 1862–1880, 2022, doi: 10.1109/TCCN.2022.3186331.
M. S. ElSayed, N. A. Le-Khac, M. A. Albahar, and A. Jurcut, “A novel hybrid model for intrusion detection systems in SDNs based on CNN and a new regularization technique,” J. Netw. Comput. Appl., vol. 191, Oct. 2021, doi: 10.1016/j.jnca.2021.103160.
Q. V. Dang, “Intrusion Detection in Software-Defined Networks,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Science and Business Media Deutschland GmbH, 2021, pp. 356–371. doi: 10.1007/978-3-030-91387-8_23.
A. S. Alshra’A, A. Farhat, and J. Seitz, “Deep Learning Algorithms for Detecting Denial of Service Attacks in Software-Defined Networks,” in Procedia Computer Science, Elsevier B.V., 2021, pp. 254–263. doi: 10.1016/j.procs.2021.07.032.
M. Abdallah, N. An Le Khac, H. Jahromi, and A. Delia Jurcut, “A Hybrid CNN-LSTM Based Approach for Anomaly Detection Systems in SDNs,” in ACM International Conference Proceeding Series, Association for Computing Machinery, Aug. 2021. doi: 10.1145/3465481.3469190.
O. E. Tayfour and M. N. Marsono, “Collaborative detection and mitigation of DDoS in software-defined networks,” J. Supercomput., vol. 77, no. 11, pp. 13166–13190, Nov. 2021, doi: 10.1007/s11227-021-03782-9.
M. Said Elsayed, N. A. Le-Khac, S. Dev, and A. D. Jurcut, “Network Anomaly Detection Using LSTM Based Autoencoder,” in Q2SWinet 2020 - Proceedings of the 16th ACM Symposium on QoS and Security for Wireless and Mobile Networks, Association for Computing Machinery, Inc, Nov. 2020, pp. 37–45. doi: 10.1145/3416013.3426457.
M. S. Elsayed, N. A. Le-Khac, and A. D. Jurcut, “InSDN: A novel SDN intrusion dataset,” IEEE Access, vol. 8, pp. 165263–165284, 2020, doi: 10.1109/ACCESS.2020.3022633.
L.-P. Chen, “Mehryar Mohri, Afshin Rostamizadeh, and Ameet Talwalkar: Foundations of machine learning, second edition,” Stat. Pap. 2019 605, vol. 60, no. 5, pp. 1793–1795, Jul. 2019, doi: 10.1007/S00362-019-01124-9.
S. H. A. Kazmi, F. Qamar, R. Hassan, K. Nisar, D. P. B. Dahnil, and M. A. Al-Betar, “Threat Intelligence with Non-IID Data in Federated Learning enabled Intrusion Detection for SDN: An Experimental Study,” in 2023 24th International Arab Conference on Information Technology, ACIT 2023, Institute of Electrical and Electronics Engineers Inc., 2023. doi: 10.1109/ACIT58888.2023.10453867.
N. Abbas, Y. Nasser, M. Shehab, and S. Sharafeddine, “Attack-Specific Feature Selection for Anomaly Detection in Software-Defined Networks,” in 2021 3rd IEEE Middle East and North Africa COMMunications Conference, MENACOMM 2021, Institute of Electrical and Electronics Engineers Inc., 2021, pp. 142–146. doi: 10.1109/MENACOMM50742.2021.9678279.
T. A. Tang, L. Mhamdi, D. McLernon, S. A. R. Zaidi, and M. Ghogho, “Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks,” 2018 4th IEEE Conf. Netw. Softwarization Work. NetSoft 2018, pp. 462–469, Sep. 2018, doi: 10.1109/NETSOFT.2018.8460090.