A Computational Intelligence-Driven Reference Architecture for Anomaly Detection in Software-Defined Networking (SDN)
Abstract
Research Context: The rise of Cloud, 5G, and IoT demands the continuous control of millions of networked devices. While Software-Defined Networking (SDN) simplifies network management, it struggles with security and the fine-grained analysis necessary for reliable operational problem detection. Scientific Problem: A critical architectural gap exists as there is no standardized, flexible framework to catalog diverse network scenarios and automatically associate them with the most effective Computational Intelligence (CI) techniques. This lack of a self-learning structure severely hinders the intelligence of the SDN control layer. Proposed Solution: We present a novel, technology-agnostic Reference Architecture for anomaly detection, applicable to both SDN and traditional networks. This highly resilient design leverages hexagonal microservices and rigorously adopts the TM Forum’s Open Digital Architecture (ODA) model (TAM and eTOM) to achieve crucial industry standardization and interoperability. Related IS Theory: Work Systems Theory (proposing a systemic framework for an organizational process) and Institutional Theory, highlighted by the strategic adoption of ODA/TM Forum standards to ensure industry legitimacy. Research Method: An experimental methodology utilizing a Proof-of-Concept (PoC) prototype validated the architecture. We trained and assessed seven distinct Machine Learning (ML) algorithms against two different public datasets, proving the architecture’s inherent versatility. Summary of Results: Results confirm the absolute need for a flexible architecture, as the solution model varies significantly across scenarios. The analysis showed that the choice of the most effective algorithm is strictly contingent upon the specific anomaly type and the chosen evaluation metric. Contributions and Impact to IS Area: The main contribution is a standardized Reference Architecture that standardizes the evaluation, promotion, and application of diverse computational intelligence techniques according to the network context. This provides a blueprint for next-generation, self-learning, and standards-compliant network operations, marking a significant step towards truly autonomous networks.
References
Das, T., Shukla, R., and Sengupta, S. (2021). The devil is in the details: Confident & explainable anomaly detector for software-defined networks. pages 1–5.
Devi, A. U., Vishal Kumar, R., and et al (2023). A data mining approach on the performance of machine learning methods for share price forecasting using the weka environment. In 2023 Fifth International Conference on Electrical, Computer and Communication Technologies (ICECCT), pages 01–06.
Dinh, P. T. and Park, M. (2021). R-edos: Robust economic denial of sustainability detection in an sdn-based cloud through stochastic recurrent neural network. IEEE Access.
Hu, F., Hao, Q., and Bao, K. (2014). A survey on software-defined network and openflow: From concept to implementation. IEEE Communications Surveys and Tutorials, (4).
Immich, R., Borges, P., Cerqueira, E., and Curado, M. (2014). Adaptive motion-aware fec-based mechanism to ensure video transmission. In IEEE Symposium on Computers and Communication (ISCC), pages 1–6.
Immich, R., Cerqueira, E., and Curado, M. (2015). Shielding video streaming against packet losses over vanets. Wireless Networks, pages 1–15.
Kang, H., Ahn, D. H., Lee, G. M., Yoo, J. D., Park, K. H., and Kim, H. K. (2019). Iot network intrusion dataset.
Le, D.-H., Tran, H.-A., Souihi, S., and Mellouk, A. (2021). An ai-based traffic matrix prediction solution for software-defined network. In ICC 2021 - IEEE International Conference on Communications, pages 1–6. IEEE.
Mathas, C. M., Segou, O. E., Xylouris, G., Christinakis, D., Kourtis, M.-A., Vassilakis, C., and Kourtis, A. (2018). Evaluation of apache spot’s machine learning capabilities in an sdn/nfv enabled environment. In Proceedings of the 13th International Conference on Availability, Reliability and Security, New York, NY, USA.
Neto, E. P., Silva, F. S. D., Schneider, L. M., Neto, A. V., and Immich, R. (2021). Seamless mano of multi-vendor sdn controllers across federated multi-domains. Computer Networks, 186:107752.
Nobakht, M., Sivaraman, V., and Boreli, R. (2016). A host-based intrusion detection and mitigation framework for smart home iot using openflow. In 2016 11th International Conference on Availability, Reliability and Security (ARES), pages 147–156.
ODA, T. (2023). Open digital architecture (oda). Maio, 2023. Disponível em: [link]. Acesso em Maio 02, 2023.
Oliveira, I., Neto, E., Immich, R., Fontes, R., Neto, A., Rodriguez, F., and Rothenberg, C. E. (2021). dh-aes-p4: On-premise encryption and in-band key-exchange in p4 fully programmable data planes. In 2021 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pages 148–153.
Pan, X., Yang, H., Xu, Z., and Zhu, Z. (2022). Adversarial analysis of ml-based anomaly detection in multi-layer network automation. In Journal of Lightwave Technology, volume 40, pages 4934–4944. IEEE.
Phan, T. V., Nguyen, T. G., Dao, N.-N., Huong, T. T., Thanh, N. H., and Bauschert, T. (2020). Deepguard: Efficient anomaly detection in sdn with fine-grained traffic flow monitoring. IEEE Transactions on Network and Service Management, 17(3).
Protogerou, A., Kopsacheilis, E. V., Mpatziakas, A., Papachristou, K., Theodorou, T. I., Papadopoulos, S., Drosou, A., and Tzovaras, D. (2022). Time series network data enabling distributed intelligence. a holistic iot security platform solution. In Electronics (Switzerland), volume 11. MDPI.
Qi, Q., Shen, R., Wang, J., Sun, H., Guo, S., and Liao, J. (2021). Spatial-temporal learning-based artificial intelligence for it operations in the edge network. In IEEE Network, volume 35, pages 197–203. IEEE.
Queiroz, W., Capretz, M. A. M., and Dantas, M. (2019). An approach for sdn traffic monitoring based on big data techniques. volume 131, pages 28–39. Cited By :49.
Silva, F. S. D., Bessa, A., Silva, S., Ferino, S., Paiva, P., Medeiros, M., Silva, L., Neto, J., Costa, K., Santos, C., Maciel, D., Silva, L., Inoue, A., Immich, R., Aranha, E., Martins, A., Sousa, V., Kulesza, U., Fernandes, M., Salvador, M., Pupio, G., Fontes, R., and Neto, A. (2023). Proactive ML-assisted and quality-driven slice application service management to keep QoE in 5G mobile networks. In 2023 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN).
Starke, A., McNair, J., Trevizan, R., Bretas, A., Peeples, J., and Zare, A. (2018). Toward resilient smart grid communications using distributed sdn with ml-based anomaly detection. In Chowdhury, K. R., Di Felice, M., Matta, I., and Sheng, B., editors, Wired/Wireless Internet Communications, Cham. Springer International Publishing.
Tsogbaatar, E., Bhuyan, M. H., Taenaka, Y., Fall, D., Gonchigsumlaa, K., Elmroth, E., and Kadobayashi, Y. (2020). SDN-Enabled IoT Anomaly Detection Using Ensemble Learning. IFIP Advances in Information and Communication Technology. Springer.
Ullah, I. and Mahmoud, Q. H. (2020). A scheme for generating a dataset for anomalous activity detection in iot networks. In Goutte, C. and Zhu, X., editors, Advances in Artificial Intelligence, pages 508–520, Cham. Springer International Publishing.
Zhao, Y., Yan, B., Liu, D., He, Y., Wang, D., and Zhang, J. (2018). Soon: self-optimizing optical networks with machine learning. Opt. Express, 26(22):28713–28726.
