The inherent features of software-defined networking (SDN) architecture revolutionize traditional network infrastructure and provide the opportunity for integrated and centralized network monitoring. One of the shortcomings of SDNs is related to its high vulnerability to distributed denial of service attacks and other similar ones. In this paper, a novel multi-stage modular approach is proposed for detecting and mitigating security anomalies in SDN environment (SADM-SDNC). The proposed approach uses NetFlow protocol for gathering information and generating dataset and information gain ratio in order to select the effective features. Also, the C-support vector classification algorithm with radial basis function kernel, and features of Floodlight controller for developing a structure with desirable performance were used in the proposed scheme. The experimental results demonstrate that the proposed approach performs better than other methods in terms of enhancing accuracy and detection rate, and reducing classification error and false alarm rate, which were measured as 99.67%, 99.26%, 0.33%, and 0.08% respectively. Finally, thanks to utilizing REST API and Static Entry Pusher technologies in the Floodlight controller, it makes it possible to disconnect any communications with the attacking factors and remove destructive users.

中文翻译：

---

SADM-SDNC：使用 C 支持向量分类的软件定义网络中的安全异常检测和缓解

软件定义网络 (SDN) 架构的固有特性彻底改变了传统的网络基础设施，并为集成和集中式网络监控提供了机会。SDN 的缺点之一与其对分布式拒绝服务攻击和其他类似攻击的高度脆弱性有关。在本文中，提出了一种新颖的多阶段模块化方法，用于检测和缓解 SDN 环境中的安全异常（SADM-SDNC）。所提出的方法使用 NetFlow 协议来收集信息并生成数据集和信息增益比，以选择有效的特征。此外，在所提出的方案中使用了具有径向基函数核的 C 支持向量分类算法和 Floodlight 控制器的特征，用于开发具有理想性能的结构。实验结果表明，该方法在提高准确率和检测率、降低分类误差和误报率方面优于其他方法，分别为99.67%、99.26%、0.33%和0.08%。最后，由于在 Floodlight 控制器中使用了 REST API 和静态入口推送器技术，可以断开与攻击因素的任何通信并删除破坏性用户。