{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,6]],"date-time":"2025-11-06T12:35:30Z","timestamp":1762432530042,"version":"3.41.0"},"reference-count":98,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2025,4,30]],"date-time":"2025-04-30T00:00:00Z","timestamp":1745971200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,4,30]],"date-time":"2025-04-30T00:00:00Z","timestamp":1745971200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Innovations Syst Softw Eng"],"published-print":{"date-parts":[[2025,6]]},"DOI":"10.1007\/s11334-025-00604-6","type":"journal-article","created":{"date-parts":[[2025,4,30]],"date-time":"2025-04-30T04:50:41Z","timestamp":1745988641000},"page":"397-419","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["A comprehensive overview of machine learning for intrusion detection in software-defined networking"],"prefix":"10.1007","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-8532-7371","authenticated-orcid":false,"given":"Hicham","family":"Yzzogh","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5027-8217","authenticated-orcid":false,"given":"Hafssa","family":"Benaboud","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,4,30]]},"reference":[{"key":"604_CR1","doi-asserted-by":"publisher","unstructured":"Yzzogh H, Benaboud H (2023) Using sdn to enhance load balancing in cloud computing: an overview and future directions. In: 2023 6th International conference on advanced communication technologies and networking (CommNet), pp 1\u20136. https:\/\/doi.org\/10.1109\/CommNet60167.2023.10365294","DOI":"10.1109\/CommNet60167.2023.10365294"},{"key":"604_CR2","unstructured":"Haleplidis E, Pentikousis K, Denazis S, Salim JH, Meyer D, Koufopavlou O (2015) Software-defined networking (sdn): layers and architecture terminology (2015). https:\/\/datatracker.ietf.org\/doc\/html\/rfc7426"},{"key":"604_CR3","doi-asserted-by":"crossref","unstructured":"Mizrahi T, Sprecher N, Bellagamba E, Weingarten Y (2014), An overview of operations, administration, and maintenance (OAM) tools, rFC 7276 (2014). http:\/\/www.rfc-editor.org\/info\/rfc7276","DOI":"10.17487\/rfc7276"},{"key":"604_CR4","doi-asserted-by":"publisher","unstructured":"Qi C, Wu J, Hu H, Cheng G, Liu W, Ai J, Yang C (2016) An intensive security architecture with multi-controller for sdn. In: IEEE conference on computer communications workshops (INFOCOM WKSHPS) 2016:401\u2013402. https:\/\/doi.org\/10.1109\/INFCOMW.2016.7562109","DOI":"10.1109\/INFCOMW.2016.7562109"},{"key":"604_CR5","doi-asserted-by":"publisher","unstructured":"R\u00f6pke C, Holz T (2018) Preventing malicious sdn applications from hiding adverse network manipulations. In: Proceedings of the 2018 workshop on security in softwarized networks: prospects and challenges, pp 40\u201345. https:\/\/doi.org\/10.1145\/3229616.3229620","DOI":"10.1145\/3229616.3229620"},{"key":"604_CR6","doi-asserted-by":"publisher","unstructured":"Lee C, Yoon C, Shin S, Cha S\u00a0K (2018) Indago: a new framework for detecting malicious sdn applications. In: 2018 IEEE 26th international conference on network protocols (ICNP), pp 220\u2013230. https:\/\/doi.org\/10.1109\/ICNP.2018.00031","DOI":"10.1109\/ICNP.2018.00031"},{"key":"604_CR7","doi-asserted-by":"publisher","unstructured":"Scott-Hayward S, Kane C, Sezer S (2014) Operationcheckpoint: Sdn application control. In: 2014 IEEE 22nd international conference on network protocols, pp 618\u2013623. https:\/\/doi.org\/10.1109\/ICNP.2014.98","DOI":"10.1109\/ICNP.2014.98"},{"key":"604_CR8","doi-asserted-by":"publisher","unstructured":"Porras PA, Cheung S, Fong MW, Skinner K, Yegneswaran V (2015) Securing the software defined network control layer. Ndss. https:\/\/doi.org\/10.14722\/ndss.2015.23222","DOI":"10.14722\/ndss.2015.23222"},{"key":"604_CR9","doi-asserted-by":"publisher","unstructured":"Wen X, Chen Y, Hu C, Shi C, Wang Y (2013) Towards a secure controller platform for openflow applications. In: Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pp 171\u2013172. https:\/\/doi.org\/10.1145\/2491185.2491212","DOI":"10.1145\/2491185.2491212"},{"key":"604_CR10","doi-asserted-by":"publisher","unstructured":"Tseng Y, Zhang Z, Na\u00eft-Abdesselam F (2016) Controllersepa: a security-enhancing sdn controller plug-in for openflow applications. In: 2016 17th international conference on parallel and distributed computing, applications and technologies (PDCAT), pp 268\u2013273. https:\/\/doi.org\/10.1109\/PDCAT.2016.064","DOI":"10.1109\/PDCAT.2016.064"},{"issue":"4","key":"604_CR11","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1109\/TCC.2014.2355227","volume":"2","author":"H Li","year":"2014","unstructured":"Li H, Li P, Guo S, Nayak A (2014) Byzantine-resilient secure software-defined networks with multiple controllers in cloud. IEEE Trans Cloud Comput 2(4):436\u2013447. https:\/\/doi.org\/10.1109\/TCC.2014.2355227","journal-title":"IEEE Trans Cloud Comput"},{"key":"604_CR12","doi-asserted-by":"publisher","first-page":"8","DOI":"10.14722\/ndss.2015.23283","volume":"15","author":"S Hong","year":"2015","unstructured":"Hong S, Xu L, Wang H, Gu G (2015) Poisoning network visibility in software-defined networks: new attacks and countermeasures. Ndss 15:8\u201311. https:\/\/doi.org\/10.14722\/ndss.2015.23283","journal-title":"Ndss"},{"issue":"2","key":"604_CR13","doi-asserted-by":"publisher","first-page":"1206","DOI":"10.1109\/TNET.2016.2626287","volume":"25","author":"M Ambrosin","year":"2017","unstructured":"Ambrosin M, Conti M, De Gaspari F, Poovendran R (2017) Lineswitch: tackling control plane saturation attacks in software-defined networking. IEEE\/ACM Trans Netw 25(2):1206\u20131219. https:\/\/doi.org\/10.1109\/TNET.2016.2626287","journal-title":"IEEE\/ACM Trans Netw"},{"issue":"1","key":"604_CR14","doi-asserted-by":"publisher","first-page":"9649643","DOI":"10.1155\/2018\/9649643","volume":"2018","author":"B Han","year":"2018","unstructured":"Han B, Yang X, Sun Z, Huang J, Su J (2018) Overwatch: a cross-plane ddos attack defense framework with collaborative intelligence in sdn. Secur Commun Netw 2018(1):9649643. https:\/\/doi.org\/10.1155\/2018\/9649643","journal-title":"Secur Commun Netw"},{"issue":"3","key":"604_CR15","doi-asserted-by":"publisher","first-page":"695","DOI":"10.1109\/TIFS.2017.2765506","volume":"13","author":"S Deng","year":"2018","unstructured":"Deng S, Gao X, Lu Z, Gao X (2018) Packet injection attack and its defense in software-defined networks. IEEE Trans Inf Forensics Secur 13(3):695\u2013705. https:\/\/doi.org\/10.1109\/TIFS.2017.2765506","journal-title":"IEEE Trans Inf Forensics Secur"},{"issue":"7","key":"604_CR16","doi-asserted-by":"publisher","first-page":"1174","DOI":"10.1109\/LCOMM.2019.2896928","volume":"23","author":"AS Alshra\u2019a","year":"2019","unstructured":"Alshra\u2019a AS, Seitz J (2019) Using inspector device to stop packet injection attack in sdn. IEEE Commun Lett 23(7):1174\u20131177. https:\/\/doi.org\/10.1109\/LCOMM.2019.2896928","journal-title":"IEEE Commun Lett"},{"issue":"1","key":"604_CR17","doi-asserted-by":"publisher","first-page":"9178425","DOI":"10.1155\/2018\/9178425","volume":"2018","author":"H Jo","year":"2018","unstructured":"Jo H, Nam J, Shin S (2018) Nosarmor: building a secure network operating system. Secur Commun Netw 2018(1):9178425. https:\/\/doi.org\/10.1155\/2018\/9178425","journal-title":"Secur Commun Netw"},{"issue":"13","key":"604_CR18","doi-asserted-by":"publisher","first-page":"1971","DOI":"10.1002\/sec.1369","volume":"9","author":"J Noh","year":"2016","unstructured":"Noh J, Lee S, Park J, Shin S, Kang BB (2016) Vulnerabilities of network os and mitigation with state-based permission system. Secur Commun Netw 9(13):1971\u20131982. https:\/\/doi.org\/10.1002\/sec.1369","journal-title":"Secur Commun Netw"},{"key":"604_CR19","doi-asserted-by":"publisher","unstructured":"Brooks M, Yang B (2015) A man-in-the-middle attack against opendaylight sdn controller. In: Proceedings of the 4th annual ACM conference on research in information technology, pp 45\u201349. https:\/\/doi.org\/10.1145\/2808062.2808073","DOI":"10.1145\/2808062.2808073"},{"key":"604_CR20","doi-asserted-by":"publisher","unstructured":"Zhang K, Qiu X (2018) Cmd: A convincing mechanism for mitm detection in sdn. In: IEEE international conference on consumer electronics (ICCE) 2018:1\u20136. https:\/\/doi.org\/10.1109\/ICCE.2018.8326334","DOI":"10.1109\/ICCE.2018.8326334"},{"key":"604_CR21","doi-asserted-by":"publisher","unstructured":"Aseeri A, Netjinda N, Hewett R (2017) Alleviating eavesdropping attacks in software-defined networking data plane. In: Proceedings of the 12th annual conference on cyber and information security research, pp 1\u20138. https:\/\/doi.org\/10.1145\/3064814.3064832","DOI":"10.1145\/3064814.3064832"},{"key":"604_CR22","doi-asserted-by":"publisher","unstructured":"Shang G, Zhe P, Bin X, Aiqun H, Kui R (2017) Flooddefender: protecting data and control plane resources under sdn-aimed dos attacks. In: IEEE INFOCOM 2017-IEEE conference on computer communications. IEEE, pp 1\u20139. https:\/\/doi.org\/10.1109\/INFOCOM.2017.8057009","DOI":"10.1109\/INFOCOM.2017.8057009"},{"key":"604_CR23","doi-asserted-by":"publisher","unstructured":"Zhang M, Bi J, Bai J, Li G ( 2018) Floodshield: securing the sdn infrastructure against denial-of-service attacks. In: 2018 17th IEEE international conference on trust, security and privacy in computing and communications\/12th IEEE international conference on big data science and engineering (TrustCom\/BigDataSE), pp 687\u2013698. https:\/\/doi.org\/10.1109\/TrustCom\/BigDataSE.2018.00101","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00101"},{"key":"604_CR24","doi-asserted-by":"publisher","first-page":"607","DOI":"10.1007\/s12243-016-0505-z","volume":"71","author":"DM Ferrazani\u00a0Mattos","year":"2016","unstructured":"Ferrazani\u00a0Mattos DM, Duarte OCMB (2016) Authflow: authentication and access control mechanism for software defined networking. Ann Telecommun 71:607\u2013615. https:\/\/doi.org\/10.1007\/s12243-016-0505-z","journal-title":"Ann Telecommun"},{"issue":"1","key":"604_CR25","doi-asserted-by":"publisher","first-page":"8012568","DOI":"10.1155\/2019\/8012568","volume":"2019","author":"M Myint\u00a0Oo","year":"2019","unstructured":"Myint\u00a0Oo M, Kamolphiwong S, Kamolphiwong T, Vasupongayya S (2019) Advanced support vector machine-(asvm-) based detection for distributed denial of service (ddos) attack on software defined networking (sdn),. J Comput Netw Commun 2019(1):8012568. https:\/\/doi.org\/10.1155\/2019\/8012568","journal-title":"J Comput Netw Commun"},{"key":"604_CR26","doi-asserted-by":"publisher","unstructured":"Wang S, Chandrasekharan S, Gomez K, Kandeepan S, Al-Hourani A, Asghar MR, Russello G, Zanna P (2018), Secod: Sdn secure control and data plane algorithm for detecting and defending against dos attacks. In: NOMS 2018-2018 IEEE\/IFIP network operations and management symposium. IEEE, pp 1\u20135. https:\/\/doi.org\/10.1109\/NOMS.2018.8406196","DOI":"10.1109\/NOMS.2018.8406196"},{"key":"604_CR27","doi-asserted-by":"publisher","unstructured":"Azzouni A, Braham O, Trang\u00a0Nguyen TM, Pujolle G, Boutaba R (2016) Fingerprinting openflow controllers: the first step to attack an sdn control plane. In: 2016 IEEE global communications conference (GLOBECOM), pp 1\u20136. https:\/\/doi.org\/10.1109\/GLOCOM.2016.7841843","DOI":"10.1109\/GLOCOM.2016.7841843"},{"key":"604_CR28","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.229","volume":"2017","author":"M Zhang","year":"2017","unstructured":"Zhang M, Hou J, Zhang Z, Shi W, Qin B, Liang B (2017) Fine-grained fingerprinting threats to software-defined networks. IEEE Trustcom\/BigDataSE\/ICESS 2017:128\u2013135. https:\/\/doi.org\/10.1109\/Trustcom\/BigDataSE\/ICESS.2017.229","journal-title":"IEEE Trustcom\/BigDataSE\/ICESS"},{"key":"604_CR29","doi-asserted-by":"publisher","unstructured":"Qian Y, You W, Qian K (2016) Openflow flow table overflow attacks and countermeasures. In: European conference on networks and communications (EuCNC) 2016:205\u2013209. https:\/\/doi.org\/10.1109\/EuCNC.2016.7561033","DOI":"10.1109\/EuCNC.2016.7561033"},{"issue":"4","key":"604_CR30","doi-asserted-by":"publisher","first-page":"1086","DOI":"10.1109\/TNSM.2017.2758796","volume":"14","author":"T Xu","year":"2017","unstructured":"Xu T, Gao D, Dong P, Foh CH, Zhang H (2017) Mitigating the table-overflow attack in software-defined networking. IEEE Trans Netw Serv Manag 14(4):1086\u20131097. https:\/\/doi.org\/10.1109\/TNSM.2017.2758796","journal-title":"IEEE Trans Netw Serv Manag"},{"issue":"6","key":"604_CR31","doi-asserted-by":"publisher","first-page":"1254","DOI":"10.3390\/sym14061254","volume":"14","author":"E Fenil","year":"2022","unstructured":"Fenil E, Mohan\u00a0Kumar P (2022) Shchain_3d-resnet: sharding blockchain with 3d-residual network (3d-resnet) deep learning model for classifying ddos attack in software defined network. Symmetry 14(6):1254. https:\/\/doi.org\/10.3390\/sym14061254","journal-title":"Symmetry"},{"issue":"4","key":"604_CR32","doi-asserted-by":"publisher","first-page":"4268","DOI":"10.1007\/s10489-022-03565-6","volume":"53","author":"RK Chouhan","year":"2023","unstructured":"Chouhan RK, Atulkar M, Nagwani NK (2023) A framework to detect ddos attack in ryu controller based software defined networks using feature extraction and classification. Appl Intell 53(4):4268\u20134288. https:\/\/doi.org\/10.1007\/s10489-022-03565-6","journal-title":"Appl Intell"},{"issue":"21","key":"604_CR33","doi-asserted-by":"publisher","first-page":"8287","DOI":"10.3390\/s22218287","volume":"22","author":"J Wang","year":"2022","unstructured":"Wang J, Wang L (2022) Sdn-defend: a lightweight online attack detection and mitigation system for ddos attacks in sdn. Sensors 22(21):8287. https:\/\/doi.org\/10.3390\/s22218287","journal-title":"Sensors"},{"issue":"3","key":"604_CR34","doi-asserted-by":"publisher","first-page":"4185","DOI":"10.1007\/s11042-021-11740-z","volume":"81","author":"SD Kebede","year":"2022","unstructured":"Kebede SD, Tiwari B, Tiwari V, Chandravanshi K (2022) Predictive machine learning-based integrated approach for ddos detection and prevention. Multimedia Tools Appl 81(3):4185\u20134211. https:\/\/doi.org\/10.1007\/s11042-021-11740-z","journal-title":"Multimedia Tools Appl"},{"key":"604_CR35","doi-asserted-by":"publisher","first-page":"14\u00a0301","DOI":"10.1109\/ACCESS.2022.3148134","volume":"10","author":"AH Janabi","year":"2022","unstructured":"Janabi AH, Kanakis T, Johnson M (2022) Convolutional neural network based algorithm for early warning proactive system security in software defined networks. IEEE Access 10:14\u00a0301-14\u00a0310. https:\/\/doi.org\/10.1109\/ACCESS.2022.3148134","journal-title":"IEEE Access"},{"key":"604_CR36","doi-asserted-by":"publisher","unstructured":"Deepa V, Sudar KM, Deepalakshmi P (2019) Design of ensemble learning methods for ddos detection in sdn environment. In: 2019 International conference on vision towards emerging trends in communication and networking (ViTECoN). IEEE, pp 1\u20136. https:\/\/doi.org\/10.1109\/ViTECoN.2019.8899682","DOI":"10.1109\/ViTECoN.2019.8899682"},{"key":"604_CR37","doi-asserted-by":"publisher","unstructured":"Firdaus D, Munadi R, Purwanto Y (2020) Ddos attack detection in software defined network using ensemble k-means++ and random forest. In: 2020 3rd international seminar on research of information technology and intelligent systems (ISRITI), pp 164\u2013169. https:\/\/doi.org\/10.1109\/ISRITI51436.2020.9315521","DOI":"10.1109\/ISRITI51436.2020.9315521"},{"key":"604_CR38","doi-asserted-by":"publisher","first-page":"90 603","DOI":"10.1109\/ACCESS.2021.3090957","volume":"9","author":"T Zoppi","year":"2021","unstructured":"Zoppi T, Ceccarelli A, Bondavalli A (2021) Unsupervised algorithms to detect zero-day attacks: strategy and application. IEEE Access 9:90 603-90 615. https:\/\/doi.org\/10.1109\/ACCESS.2021.3090957","journal-title":"IEEE Access"},{"key":"604_CR39","unstructured":"DARPA1998 Dataset. https:\/\/www.ll.mit.edu\/r-d\/datasets\/1998-darpa-intrusion-detection-evaluation-dataset (1998) [Accessed: 20-Feb-2024]"},{"key":"604_CR40","unstructured":"KDD99 Dataset\/ http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html (1999). [Accessed: 26-Feb-2024]"},{"key":"604_CR41","unstructured":"The caida ucsd anonymized internet traces, 2016, accessed: 10-Feb-2024. [Online]. Available: https:\/\/www.caida.org\/data\/passive\/passive_2016_dataset.xml"},{"key":"604_CR42","unstructured":"The caida ucsd ddos attack 2007 dataset, Accessed: 10-Feb-2024, 2017, [Online]. Available: http:\/\/www.caida.org\/data\/passive\/ddos-20070804_dataset.xml"},{"key":"604_CR43","unstructured":"NSL-KDD99 Dataset, 2009, [Online]. Available: https:\/\/www.unb.ca\/cic\/datasets\/nsl.html [Accessed: 20-Sep-2023]"},{"key":"604_CR44","unstructured":"CTU Malware Capture Botnets in CTU-13 dataset, 2011, accessed: 21-Sep-2023. [Online]. Available: https:\/\/mcfp.felk.cvut.cz\/publicDatasets\/"},{"key":"604_CR45","doi-asserted-by":"publisher","unstructured":"Moustafa N, Slay J (2015) Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set. In: Military communications and information systems conference (MilCIS) 2015:1\u20136. https:\/\/doi.org\/10.1109\/MilCIS.2015.7348942","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"604_CR46","doi-asserted-by":"publisher","unstructured":"Orsini C, King A, Giordano D, Giotsas V, Dainotti A (2016) Bgpstream: a software framework for live and historical bgp data analysis. In: Proceedings of the 2016 internet measurement conference, pp 429\u2013444. https:\/\/doi.org\/10.1145\/2987443.2987482","DOI":"10.1145\/2987443.2987482"},{"key":"604_CR47","unstructured":"Intrusion Detection Evaluation Dataset (CIC-IDS2017), 2017, [Online]. Available: https:\/\/www.unb.ca\/cic\/datasets\/ids-2017.html [Accessed: 28-Sep-2023]"},{"key":"604_CR48","unstructured":"CSE-CIC-IDS2018 on AWS - A collaborative project between the Communications Security Establishment (CSE) & the Canadian Institute for Cybersecurity (CIC), 2018, [Online]. Available: https:\/\/www.unb.ca\/cic\/datasets\/ids-2018.html [Accessed: 26-Oct-2023]"},{"key":"604_CR49","unstructured":"DDoS Evaluation Dataset (CIC-DDoS2019), 2019, [Online]. Available: https:\/\/www.unb.ca\/cic\/datasets\/ddos-2019.html [Accessed: 08-Sep-2024]"},{"key":"604_CR50","doi-asserted-by":"publisher","unstructured":"Sharafaldin I, Lashkari AH, Hakak S, Ghorbani AA (2019) Developing realistic distributed denial of service (ddos) attack dataset and taxonomy. In: International carnahan conference on security technology (ICCST). IEEE 2019:1\u20138. https:\/\/doi.org\/10.1109\/CCST.2019.8888419","DOI":"10.1109\/CCST.2019.8888419"},{"key":"604_CR51","doi-asserted-by":"publisher","first-page":"165 263","DOI":"10.1109\/ACCESS.2020.3022633","volume":"8","author":"MS Elsayed","year":"2020","unstructured":"Elsayed MS, Le-Khac N-A, Jurcut AD (2020) Insdn: a novel sdn intrusion dataset. IEEE Access 8:165 263-165 284. https:\/\/doi.org\/10.1109\/ACCESS.2020.3022633","journal-title":"IEEE Access"},{"key":"604_CR52","doi-asserted-by":"publisher","first-page":"99\u00a0382","DOI":"10.1109\/ACCESS.2024.3423323","volume":"12","author":"J Malik","year":"2024","unstructured":"Malik J, Muthalagu R, Pawar PM (2024) A systematic review of adversarial machine learning attacks, defensive controls, and technologies. IEEE Access 12:99\u00a0382-99\u00a0421. https:\/\/doi.org\/10.1109\/ACCESS.2024.3423323","journal-title":"IEEE Access"},{"key":"604_CR53","doi-asserted-by":"publisher","unstructured":"Irfan MM, Ali S, Yaqoob I, Zafar N (2021) Towards deep learning: a review on adversarial attacks. In: International conference on artificial intelligence (ICAI) 2021:91\u201396. https:\/\/doi.org\/10.1109\/ICAI52203.2021.9445247","DOI":"10.1109\/ICAI52203.2021.9445247"},{"key":"604_CR54","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1016\/j.future.2021.06.047","volume":"125","author":"MP Novaes","year":"2021","unstructured":"Novaes MP, Carvalho LF, Lloret J, Proen\u00e7a ML Jr (2021) Adversarial deep learning approach detection and defense against ddos attacks in sdn environments. Futur Gener Comput Syst 125:156\u2013167. https:\/\/doi.org\/10.1016\/j.future.2021.06.047","journal-title":"Futur Gener Comput Syst"},{"key":"604_CR55","doi-asserted-by":"publisher","unstructured":"Biswas A, Dutta S, Turton T\u00a0L, Ahrens J (2022) Sampling for scientific data analysis and reduction. In: In situ visualization for computational science. Springer, pp 11\u201336. https:\/\/doi.org\/10.1007\/978-3-030-81627-8_2","DOI":"10.1007\/978-3-030-81627-8_2"},{"issue":"3","key":"604_CR56","doi-asserted-by":"publisher","first-page":"457","DOI":"10.1016\/S0377-2217(97)00056-8","volume":"105","author":"DJ White","year":"1998","unstructured":"White DJ (1998) Epsilon-dominating solutions in mean-variance portfolio analysis. Eur J Oper Res 105(3):457\u2013466. https:\/\/doi.org\/10.1016\/S0377-2217(97)00056-8","journal-title":"Eur J Oper Res"},{"key":"604_CR57","doi-asserted-by":"publisher","first-page":"104216","DOI":"10.1016\/j.engappai.2021.104216","volume":"101","author":"M Di Mauro","year":"2021","unstructured":"Di Mauro M, Galatro G, Fortino G, Liotta A (2021) Supervised feature selection techniques in network intrusion detection: a critical review. Eng Appl Artif Intell 101:104216. https:\/\/doi.org\/10.1016\/j.engappai.2021.104216","journal-title":"Eng Appl Artif Intell"},{"key":"604_CR58","doi-asserted-by":"publisher","unstructured":"Dash M, Choi K, Scheuermann P, Liu H (2002) Feature selection for clustering\u2014a filter solution. In: 2002 IEEE international conference on data mining, 2002. Proceedings., pp 115\u2013122. https:\/\/doi.org\/10.1109\/ICDM.2002.1183893","DOI":"10.1109\/ICDM.2002.1183893"},{"key":"604_CR59","doi-asserted-by":"publisher","first-page":"116822","DOI":"10.1016\/j.eswa.2022.116822","volume":"198","author":"J Maldonado","year":"2022","unstructured":"Maldonado J, Riff MC, Neveu B (2022) A review of recent approaches on wrapper feature selection for intrusion detection. Expert Syst Appl 198:116822. https:\/\/doi.org\/10.1016\/j.eswa.2022.116822","journal-title":"Expert Syst Appl"},{"key":"604_CR60","doi-asserted-by":"publisher","unstructured":"ElDahshan KA, AlHabshy AA, Mohammed LT (2023) Filter and embedded feature selection methods to meet big data visualization challenges. Comput Mater Continua 75(1). https:\/\/doi.org\/10.32604\/cmc.2023.032287","DOI":"10.32604\/cmc.2023.032287"},{"issue":"1","key":"604_CR61","doi-asserted-by":"publisher","first-page":"20","DOI":"10.30880\/jscdm.2021.02.01.003","volume":"2","author":"B Hasan","year":"2021","unstructured":"Hasan B, Abdulazeez AM (2021) A review of principal component analysis algorithm for dimensionality reduction. J Soft Comput Data Min 2(1):20\u201330. https:\/\/doi.org\/10.30880\/jscdm.2021.02.01.003","journal-title":"J Soft Comput Data Min"},{"key":"604_CR62","doi-asserted-by":"publisher","first-page":"107470","DOI":"10.1016\/j.optlaseng.2022.107470","volume":"163","author":"N Zhang","year":"2023","unstructured":"Zhang N, Zhong Y, Dian S (2023) Rethinking unsupervised texture defect detection using pca. Opt Lasers Eng 163:107470. https:\/\/doi.org\/10.1016\/j.optlaseng.2022.107470","journal-title":"Opt Lasers Eng"},{"key":"604_CR63","doi-asserted-by":"publisher","first-page":"12 312","DOI":"10.1109\/JSTARS.2021.3129818","volume":"14","author":"SD Fabiyi","year":"2021","unstructured":"Fabiyi SD, Murray P, Zabalza J, Ren J (2021) Folded lda: extending the linear discriminant analysis algorithm for feature extraction and data reduction in hyperspectral remote sensing. IEEE J Sel Top Appl Earth Observ Remote Sens 14:12 312-12 331. https:\/\/doi.org\/10.1109\/JSTARS.2021.3129818","journal-title":"IEEE J Sel Top Appl Earth Observ Remote Sens"},{"key":"604_CR64","doi-asserted-by":"publisher","unstructured":"Balamurali M (2023), T-distributed stochastic neighbor embedding. In: Encyclopedia of mathematical geosciences. Springer, pp 1527\u20131535. https:\/\/doi.org\/10.1007\/978-3-030-85040-1_446.","DOI":"10.1007\/978-3-030-85040-1_446."},{"issue":"1","key":"604_CR65","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/JPROC.2014.2371999","volume":"103","author":"D Kreutz","year":"2015","unstructured":"Kreutz D, Ramos F, Ver\u00edssimo PE, Rothenberg CE, Azodolmolky S, Uhlig S (2015) Software-defined networking: a comprehensive survey. Proc IEEE 103(1):14\u201376. https:\/\/doi.org\/10.1109\/JPROC.2014.2371999","journal-title":"Proc IEEE"},{"key":"604_CR66","doi-asserted-by":"publisher","first-page":"101176","DOI":"10.1016\/j.jestch.2022.101176","volume":"35","author":"S Wang","year":"2022","unstructured":"Wang S, Balarezo JF, Chavez KG, Al-Hourani A, Kandeepan S, Asghar MR, Russello G (2022) Detecting flooding ddos attacks in software defined networks using supervised learning techniques. Eng Sci Technol 35:101176. https:\/\/doi.org\/10.1016\/j.jestch.2022.101176","journal-title":"Eng Sci Technol"},{"key":"604_CR67","doi-asserted-by":"publisher","unstructured":"Wang L, Liu Y (2020) A ddos attack detection method based on information entropy and deep learning in sdn. In: IEEE 4th information technology, networking, electronic and automation control conference (ITNEC), vol. 1. IEEE 2020:1084\u20131088. https:\/\/doi.org\/10.1109\/ITNEC48623.2020.9085007","DOI":"10.1109\/ITNEC48623.2020.9085007"},{"key":"604_CR68","doi-asserted-by":"publisher","unstructured":"Sanjeetha R, Raj A, Saivenu K, Ahmed MI, Sathvik B, Kanavalli A (2021) Detection and mitigation of botnet based ddos attacks using catboost machine learning algorithm in sdn environment. Int J Adv Technol Eng Explor 8(76):445. https:\/\/doi.org\/10.19101\/IJATEE.2021.874021","DOI":"10.19101\/IJATEE.2021.874021"},{"issue":"3","key":"604_CR69","doi-asserted-by":"publisher","first-page":"1035","DOI":"10.3390\/su12031035","volume":"12","author":"H Polat","year":"2020","unstructured":"Polat H, Polat O, Cetin A (2020) Detecting ddos attacks in software-defined networks through feature selection methods and machine learning models. Sustainability 12(3):1035. https:\/\/doi.org\/10.3390\/su12031035","journal-title":"Sustainability"},{"key":"604_CR70","doi-asserted-by":"publisher","unstructured":"Nugraha B, Murthy R\u00a0N (2020), Deep learning-based slow ddos attack detection in sdn-based networks. In: 2020 IEEE conference on network function virtualization and software defined networks (NFV-SDN). IEEE, pp 51\u201356. https:\/\/doi.org\/10.1109\/NFV-SDN50289.2020.9289894","DOI":"10.1109\/NFV-SDN50289.2020.9289894"},{"key":"604_CR71","doi-asserted-by":"publisher","first-page":"17\u00a0404","DOI":"10.1109\/ACCESS.2020.2967478","volume":"8","author":"W Zhijun","year":"2020","unstructured":"Zhijun W, Qing X, Jingjie W, Meng Y, Liang, L (2020) Low-rate ddos attack detection based on factorization machine in software defined networl. IEEE Access 8:17\u00a0404-17\u00a0418. https:\/\/doi.org\/10.1109\/ACCESS.2020.2967478","journal-title":"IEEE Access"},{"issue":"3","key":"604_CR72","doi-asserted-by":"publisher","first-page":"1431","DOI":"10.3390\/app13031431","volume":"13","author":"MN Ali","year":"2023","unstructured":"Ali MN, Imran M, din MS, Kim B-S (2023) Low rate ddos detection using weighted federated learning in sdn control plane in iot network. Appl Sci 13(3):1431. https:\/\/doi.org\/10.3390\/app13031431","journal-title":"Appl Sci"},{"key":"604_CR73","doi-asserted-by":"publisher","first-page":"155\u00a0859","DOI":"10.1109\/ACCESS.2020.3019330","volume":"8","author":"JA Perez-Diaz","year":"2020","unstructured":"Perez-Diaz JA, Valdovinos IA, Choo K-KR, Zhu D (2020) A flexible sdn-based architecture for identifying and mitigating low-rate ddos attacks using machine learning. IEEE Access 8:155\u00a0859-155\u00a0872. https:\/\/doi.org\/10.1109\/ACCESS.2020.3019330","journal-title":"IEEE Access"},{"issue":"3","key":"604_CR74","doi-asserted-by":"publisher","first-page":"277","DOI":"10.32890\/jict2021.20.3.1","volume":"20","author":"OS Akanji","year":"2021","unstructured":"Akanji OS, Abisoye OA, Iliyasu MA (2021) Mitigating slow hypertext transfer protocol distributed denial of service attacks in software defined networks. J Inf Commun Technol 20(3):277\u2013304. https:\/\/doi.org\/10.32890\/jict2021.20.3.1","journal-title":"J Inf Commun Technol"},{"key":"604_CR75","doi-asserted-by":"publisher","first-page":"107883","DOI":"10.1016\/j.compeleceng.2022.107883","volume":"100","author":"\u00d6 Kasim","year":"2022","unstructured":"Kasim \u00d6 (2022) A robust dns flood attack detection with a hybrid deeper learning model. Comput Electr Eng 100:107883. https:\/\/doi.org\/10.1016\/j.compeleceng.2022.107883","journal-title":"Comput Electr Eng"},{"issue":"1","key":"604_CR76","doi-asserted-by":"publisher","first-page":"1169035","DOI":"10.1155\/2022\/1169035","volume":"2022","author":"M Akbari\u00a0Kohnehshahri","year":"2022","unstructured":"Akbari\u00a0Kohnehshahri M, Mohammadi R, Abdoli H, Nassiri M (2022) An efficient method for online detection of drdos attacks on udp-based services in sdn using machine learning algorithms. Mob Inf Syst 2022(1):1169035. https:\/\/doi.org\/10.1155\/2022\/1169035","journal-title":"Mob Inf Syst"},{"issue":"3","key":"604_CR77","doi-asserted-by":"publisher","first-page":"413","DOI":"10.3390\/electronics9030413","volume":"9","author":"NN Tuan","year":"2020","unstructured":"Tuan NN, Hung PH, Nghia ND, Tho NV, Phan TV, Thanh NH (2020) A ddos attack mitigation scheme in isp networks using machine learning based on sdn. Electronics 9(3):413. https:\/\/doi.org\/10.3390\/electronics9030413","journal-title":"Electronics"},{"key":"604_CR78","doi-asserted-by":"publisher","unstructured":"Meti N, Narayan D, Baligar V (2017) Detection of distributed denial of service attacks using machine learning algorithms in software defined networks. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE 2017:1366\u20131371. https:\/\/doi.org\/10.1109\/ICACCI.2017.8126031","DOI":"10.1109\/ICACCI.2017.8126031"},{"key":"604_CR79","doi-asserted-by":"publisher","unstructured":"Sebbar A, Zkik K, Baddi Y, Boulmalf M, Kettani D (2020) Mitm detection and defense mechanism cbna-rf based on machine learning for large-scale sdn context. J Ambient Intell Hum Comput 11:12. https:\/\/doi.org\/10.1007\/s12652-020-02099-4","DOI":"10.1007\/s12652-020-02099-4"},{"key":"604_CR80","doi-asserted-by":"publisher","unstructured":"Santos\u00a0da Silva A, Wickboldt JA, Granville LZ, Schaeffer-Filho A (2016) Atlantic: a framework for anomaly traffic detection, classification, and mitigation in sdn. In: NOMS 2016 - 2016 IEEE\/IFIP network operations and management symposium, 2016 pp 27\u201335. https:\/\/doi.org\/10.1109\/NOMS.2016.7502793","DOI":"10.1109\/NOMS.2016.7502793"},{"issue":"3","key":"604_CR81","doi-asserted-by":"publisher","first-page":"2269","DOI":"10.1109\/TNSM.2022.3175710","volume":"19","author":"L Yang","year":"2022","unstructured":"Yang L, Song Y, Gao S, Hu A, Xiao B (2022) Griffin: real-time network intrusion detection system via ensemble of autoencoder in sdn. IEEE Trans Netw Serv Manag 19(3):2269\u20132281. https:\/\/doi.org\/10.1109\/TNSM.2022.3175710","journal-title":"IEEE Trans Netw Serv Manag"},{"issue":"4","key":"604_CR82","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1016\/j.iot.2018.09.003","volume":"3","author":"A Dawoud","year":"2018","unstructured":"Dawoud A, Shahristani S, Raun C (2018) Deep learning and software-defined networks: towards secure iot architecture. Internet of Things 3(4):82\u201389. https:\/\/doi.org\/10.1016\/j.iot.2018.09.003","journal-title":"Internet of Things"},{"key":"604_CR83","doi-asserted-by":"publisher","unstructured":"Dawoud A, Shahristani S, Raun C (2019) Unsupervised deep learning for software defined networks anomalies detection. In: Transactions on computational collective intelligence XXXIII, pp. 167\u2013178. https:\/\/doi.org\/10.1007\/978-3-662-59540-4_9","DOI":"10.1007\/978-3-662-59540-4_9"},{"key":"604_CR84","doi-asserted-by":"publisher","unstructured":"Van NT, Bao H, Thinh TN (2016) An anomaly-based intrusion detection architecture integrated on openflow switch. In: Proceedings of the 6th international conference on communication and network security, pp 99\u2013103. https:\/\/doi.org\/10.1145\/3017971.3017982","DOI":"10.1145\/3017971.3017982"},{"issue":"3","key":"604_CR85","doi-asserted-by":"publisher","first-page":"4237","DOI":"10.3233\/JIFS-200850","volume":"40","author":"K Muthamil\u00a0Sudar","year":"2021","unstructured":"Muthamil\u00a0Sudar K, Deepalakshmi P (2021) An intelligent flow-based and signature-based ids for sdns using ensemble feature selection and a multi-layer machine learning-based classifier. J Intell Fuzzy Syst 40(3):4237\u20134256. https:\/\/doi.org\/10.3233\/JIFS-200850","journal-title":"J Intell Fuzzy Syst"},{"issue":"12","key":"604_CR86","doi-asserted-by":"publisher","first-page":"7859","DOI":"10.1007\/s00521-019-04187-9","volume":"32","author":"S Kaur","year":"2020","unstructured":"Kaur S, Singh M (2020) Hybrid intrusion detection and signature generation using deep recurrent neural networks. Neural Comput Appl 32(12):7859\u20137877. https:\/\/doi.org\/10.1007\/s00521-019-04187-9","journal-title":"Neural Comput Appl"},{"key":"604_CR87","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1016\/j.comcom.2019.09.014","volume":"148","author":"P Krishnan","year":"2019","unstructured":"Krishnan P, Duttagupta S, Achuthan K (2019) Varman: multi-plane security framework for software defined networks. Comput Commun 148:215\u2013239. https:\/\/doi.org\/10.1016\/j.comcom.2019.09.014","journal-title":"Comput Commun"},{"key":"604_CR88","doi-asserted-by":"publisher","unstructured":"Tang TA, Mhamdi L, McLernon D, Zaidi S, Ghogho M (2016) Deep learning approach for network intrusion detection in software defined networking. In: International conference on wireless networks and mobile communications (WINCOM) 2016:258\u2013263. https:\/\/doi.org\/10.1109\/WINCOM.2016.7777224","DOI":"10.1109\/WINCOM.2016.7777224"},{"key":"604_CR89","doi-asserted-by":"publisher","unstructured":"Tang TA, Mhamdi L, McLernon D, Zaidi SAR, Ghogho M (2018) Deep recurrent neural network for intrusion detection in sdn-based networks. In: 2018 4th IEEE conference on network softwarization and workshops (NetSoft), pp 202\u2013206, https:\/\/doi.org\/10.1109\/NETSOFT.2018.8460090","DOI":"10.1109\/NETSOFT.2018.8460090"},{"key":"604_CR90","doi-asserted-by":"publisher","unstructured":"Alzahrani AO, Alenazi MJ (2021) Designing a network intrusion detection system based on machine learning for software defined networks. Future Internet 13(5):111. https:\/\/doi.org\/10.3390\/fi13050111","DOI":"10.3390\/fi13050111"},{"issue":"4","key":"604_CR91","doi-asserted-by":"publisher","first-page":"427","DOI":"10.1016\/j.ipm.2009.03.002","volume":"45","author":"M Sokolova","year":"2009","unstructured":"Sokolova M, Lapalme G (2009) A systematic analysis of performance measures for classification tasks. Inf Process Manag 45(4):427\u2013437. https:\/\/doi.org\/10.1016\/j.ipm.2009.03.002","journal-title":"Inf Process Manag"},{"issue":"1","key":"604_CR92","doi-asserted-by":"publisher","first-page":"168","DOI":"10.1016\/j.aci.2018.08.003","volume":"17","author":"A Tharwat","year":"2021","unstructured":"Tharwat A (2021) Classification assessment methods. Appl Comput Inf 17(1):168\u2013192. https:\/\/doi.org\/10.1016\/j.aci.2018.08.003","journal-title":"Appl Comput Inf"},{"key":"604_CR93","doi-asserted-by":"publisher","first-page":"108\u00a0495","DOI":"10.1109\/ACCESS.2021.3101650","volume":"9","author":"NM Yungaicela-Naula","year":"2021","unstructured":"Yungaicela-Naula NM, Vargas-Rosales C, Perez-Diaz JA (2021) Sdn-based architecture for transport and application layer ddos attack detection by using machine and deep learning. IEEE Access 9:108\u00a0495-108\u00a0512","journal-title":"IEEE Access"},{"key":"604_CR94","doi-asserted-by":"crossref","unstructured":"Imran Z, Ghaffar A, Alshahrani M, Fayaz AM (2021) A topical review on machine learning, software defined networking, internet of things applications: Research limitations and challenges. Electronics 10(8):880","DOI":"10.3390\/electronics10080880"},{"key":"604_CR95","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2020.107688","volume":"184","author":"A Yazdinejadna","year":"2021","unstructured":"Yazdinejadna A, Parizi RM, Dehghantanha A, Khan MS (2021) A kangaroo-based intrusion detection system on software-defined networks. Comput Netw 184:107688","journal-title":"Comput Netw"},{"key":"604_CR96","doi-asserted-by":"publisher","unstructured":"Benoudifa O, Ait Wakrime A, Benaini R (2023) Autonomous solution for controller placement problem of software-defined networking using muzero based intelligent agents. J King Saud Univ Comput Inf Sci 35(10):101842. https:\/\/doi.org\/10.1016\/j.jksuci.2023.101842","DOI":"10.1016\/j.jksuci.2023.101842"},{"key":"604_CR97","doi-asserted-by":"publisher","unstructured":"Su\u00e1rez-Varela J, Barlet-Ros P (2017) Towards a netflow implementation for openflow software-defined networks. In: 2017 29th international teletraffic congress (ITC 29), vol.\u00a01, 2017, pp 187\u2013195. https:\/\/doi.org\/10.23919\/ITC.2017.8064355","DOI":"10.23919\/ITC.2017.8064355"},{"key":"604_CR98","doi-asserted-by":"publisher","unstructured":"Giotis K, Argyropoulos C, Androulidakis G, Kalogeras D, Maglaris V (2014) Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on sdn environments. Comput Netw 62:122\u2013136. https:\/\/doi.org\/10.1016\/j.bjp.2013.10.014","DOI":"10.1016\/j.bjp.2013.10.014"}],"container-title":["Innovations in Systems and Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11334-025-00604-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11334-025-00604-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11334-025-00604-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T07:05:18Z","timestamp":1750316718000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11334-025-00604-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,30]]},"references-count":98,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2025,6]]}},"alternative-id":["604"],"URL":"https:\/\/doi.org\/10.1007\/s11334-025-00604-6","relation":{},"ISSN":["1614-5046","1614-5054"],"issn-type":[{"type":"print","value":"1614-5046"},{"type":"electronic","value":"1614-5054"}],"subject":[],"published":{"date-parts":[[2025,4,30]]},"assertion":[{"value":"30 October 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 March 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 April 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}]}}