Software‐defined networking (SDN) is an emerging paradigm in enterprise networks because of its flexible and cost‐effective nature. By decoupling control and data plane, SDN can provide various defense solutions for securing futuristic networks. However, the architectural design and characteristics of SDN attract several severe attacks. Distributed denial of service (DDoS) is considered as a major destructive cyber attack that makes the services of controller unavailable for its legitimate users. In this research article, an intrusion detection framework is proposed to detect DDoS attacks against SDN. The proposed framework relies on voting‐based ensemble model for the attack detection. Ensemble model is a combination of multiple machine learning classifiers for prediction of final results. In this research article, we propose and analyze three ensemble models named as Voting‐CMN, Voting‐RKM, and Voting‐CKM particularly to benchmarking datasets such as UNSW‐NB15, CICIDS2017, and NSL‐KDD, respectively. For validation of the proposed models, a cross‐validation technique is used with the prediction algorithms. The effectiveness of proposed models is evaluated in terms of prominent metrics (accuracy, precision, recall, and F‐measure). Experimental results indicate that the proposed models achieve better performance in terms of accuracy as compared with other existing models.

中文翻译：

---

用于保护软件定义网络的基于投票的入侵检测框架

软件定义网络 (SDN) 因其灵活且具有成本效益的特性而成为企业网络中的新兴范式。通过将控制平面和数据平面解耦，SDN可以为保护未来网络提供各种防御解决方案。然而，SDN 的架构设计和特性吸引了一些严重的攻击。分布式拒绝服务 (DDoS) 被认为是一种主要的破坏性网络攻击，它使控制器的服务对其合法用户不可用。在这篇研究文章中，提出了一种入侵检测框架来检测针对 SDN 的 DDoS 攻击。所提出的框架依赖于基于投票的集成模型进行攻击检测。集成模型是多个机器学习分类器的组合，用于预测最终结果。在这篇研究文章中，我们分别针对 UNSW-NB15、CICIDS2017 和 NSL-KDD 等基准数据集提出并分析了三个名为 Voting-CMN、Voting-RKM 和 Voting-CKM 的集成模型。为了验证所提出的模型，交叉验证技术与预测算法一起使用。建议模型的有效性是根据突出的指标（准确度、精确度、召回率和 F 度量）来评估的。实验结果表明，与其他现有模型相比，所提出的模型在准确性方面取得了更好的性能。建议模型的有效性是根据突出的指标（准确度、精确度、召回率和 F 度量）来评估的。实验结果表明，与其他现有模型相比，所提出的模型在准确性方面取得了更好的性能。建议模型的有效性是根据突出的指标（准确度、精确度、召回率和 F 度量）来评估的。实验结果表明，与其他现有模型相比，所提出的模型在准确性方面取得了更好的性能。