Software-defined networking (SDN) has increased the need for security due to the participation of illegitimate packets resulting from poor processing times and inadequate resource utilizations. In recent days, wireless 5G users, e.g., Internet of Things (IoT) users, have accessed networks from great distances due to their mobility, which requires multiple handovers between communication technologies. However, the process generates illegitimate packets due to connectivity changes. This paper addresses the security issue by using a modified blockchain and handover authentication. The access points (APs) in the infrastructure plane authenticate the 5G users with a hash generation using their identities and pseudo IDs with a lightweight QUARK algorithm. If an excessive number of users are connected with the same AP, then the users’ handover is performed by edge servers based on probabilities. In the data plane, OpenFlow switches perform a flow rule validation and a honeypot implementation for performing the packet validation. Classification of packets into normal, malicious and suspicious packets is also performed at the edge server using a capsule neural network (CapsNet). Deployment of NFV-enabled virtual switches (vSwitch) reduces switch overloading based on the load threshold. For faster validation, a directed acyclic graph (DAG) is implemented at the control plane to store the hashed credentials of the users for authentication and the hashed flow rules for flow rule validation. Suspicious packet validation is performed at the control plane by the controller using the Soft Actor–Critic (SAC) algorithm, and the Honey Badger Optimization algorithm (HBO) is used to select an optimal underloaded controller for efficient load balancing. This model is developed in NS-3, and the results show that our model outperforms the existing approaches in terms of QoS metrics such as bandwidth, response time, delay and packet loss, and security metrics such as detection accuracy and authentication time.

由于处理时间短和资源利用不足导致非法数据包的参与，软件定义网络 (SDN) 增加了对安全性的需求。近年来，无线5G用户，例如物联网(IoT)用户，由于其移动性而从很远的距离访问网络，这需要在通信技术之间进行多次切换。但是，由于连接变化，该过程会生成非法数据包。本文通过使用修改后的区块链和切换身份验证来解决安全问题。基础设施平面中的接入点 (AP) 使用轻量级 QUARK 算法使用身份和伪 ID 通过哈希生成对 5G 用户进行身份验证。如果过多的用户连接到同一个 AP，然后用户的切换由边缘服务器根据概率进行。在数据平面中，OpenFlow 交换机执行流规则验证和执行数据包验证的蜜罐实现。边缘服务器也使用胶囊神经网络 (CapsNet) 将数据包分类为正常、恶意和可疑数据包。部署支持 NFV 的虚拟交换机 (vSwitch) 可根据负载阈值减少交换机过载。为了更快地验证，在控制平面上实施了有向无环图 (DAG)，以存储用户的散列凭证以进行身份​​验证，并存储散列的流规则以进行流规则验证。控制器使用 Soft Actor-Critic (SAC) 算法在控制平面执行可疑数据包验证，Honey Badger 优化算法 (HBO) 用于选择最佳的欠载控制器以实现高效的负载平衡。该模型是在 NS-3 中开发的，结果表明，我们的模型在带宽、响应时间、延迟和丢包等 QoS 指标以及检测准确性和身份验证时间等安全指标方面优于现有方法。