{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T04:57:15Z","timestamp":1769317035434,"version":"3.49.0"},"reference-count":40,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2025,4,23]],"date-time":"2025-04-23T00:00:00Z","timestamp":1745366400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,4,23]],"date-time":"2025-04-23T00:00:00Z","timestamp":1745366400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["SN COMPUT. SCI."],"DOI":"10.1007\/s42979-025-03930-5","type":"journal-article","created":{"date-parts":[[2025,4,23]],"date-time":"2025-04-23T07:18:20Z","timestamp":1745392700000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Enhancing SDN Traffic Analysis Through Machine Learning on Preprocessed Controller Flow Statistics and Packet Analysis Data"],"prefix":"10.1007","volume":"6","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-7858-9721","authenticated-orcid":false,"given":"D. Sendil","family":"Vadivu","sequence":"first","affiliation":[]},{"given":"Ashwin","family":"Santhosh","sequence":"additional","affiliation":[]},{"given":"Narendran","family":"Rajagopalan","sequence":"additional","affiliation":[]},{"given":"Kaustub","family":"Pavagada","sequence":"additional","affiliation":[]},{"given":"Aswin","family":"Valsaraj","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,4,23]]},"reference":[{"issue":"1","key":"3930_CR1","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1145\/3041027.3041030","volume":"47","author":"B Davie","year":"2017","unstructured":"Davie B, Koponen T, Pettit J, Pfaff B, Casado M, Gude N, Chanda A. A database approach to sdn control plane design. ACM SIGCOMM Comput Commun Rev. 2017;47(1):15\u201326.","journal-title":"ACM SIGCOMM Comput Commun Rev"},{"issue":"4","key":"3930_CR2","doi-asserted-by":"publisher","first-page":"2181","DOI":"10.1109\/COMST.2014.2326417","volume":"16","author":"F Hu","year":"2014","unstructured":"Hu F, Hao Q, Bao K. A survey on software-defined network and openflow: From concept to implementation. IEEE Commun Surv Tutor. 2014;16(4):2181\u2013206.","journal-title":"IEEE Commun Surv Tutor"},{"issue":"9","key":"3930_CR3","doi-asserted-by":"publisher","first-page":"147","DOI":"10.3390\/fi12090147","volume":"12","author":"B Isyaku","year":"2020","unstructured":"Isyaku B, Mohd Zahid MS, Bte Kamat M, Abu Bakar K, Ghaleb FA. Software defined networking flow table management of openflow switches performance and security challenges: a survey. Future Internet. 2020;12(9):147.","journal-title":"Future Internet"},{"key":"3930_CR4","doi-asserted-by":"crossref","unstructured":"Rao K, Bhavya K, Raghunandan KR, Dodmane R, Shetty S, Islam SM. Control plane security issues in software-defined networking: a comprehensive review. Software-Defined Network Frameworks, 180\u2013192.","DOI":"10.1201\/9781040018323-11"},{"issue":"1","key":"3930_CR5","first-page":"1","volume":"16","author":"H Yousif Khalid","year":"2024","unstructured":"Yousif Khalid H, Badie Aldabagh N. Exploring Honeypot as a deception and trigger mechanism for real-time attack detection in software-defined networking. Int J Comput Digit Syst. 2024;16(1):1\u201310.","journal-title":"Int J Comput Digit Syst"},{"key":"3930_CR6","doi-asserted-by":"crossref","unstructured":"Prakash A, Priyadarshini R. An intelligent software defined network controller for preventing distributed denial of service attack. In 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT) 2018. (pp. 585\u2013589). IEEE.","DOI":"10.1109\/ICICCT.2018.8473340"},{"key":"3930_CR7","unstructured":"Help Net Security. DDoS attack power skyrockets to 1.6 Tbps. 2024. https:\/\/www.helpnetsecurity.com\/2024\/02\/02\/ddos-attacks-h2-2023\/. Accessed 11 Mar 2025."},{"issue":"3","key":"3930_CR8","doi-asserted-by":"publisher","first-page":"4769","DOI":"10.32604\/cmc.2023.033382","volume":"74","author":"A Almazyad","year":"2023","unstructured":"Almazyad A, Halman L, Alsaeed A. Probe attack detection using an improved intrusion detection system. Comput Mater Continua 2023;74(3):4769\u201384.","journal-title":"Comput Mater Continua"},{"key":"3930_CR9","doi-asserted-by":"publisher","first-page":"42163","DOI":"10.1109\/ACCESS.2024.3378271","volume":"12","author":"J Buzzio-Garc\u00eda","year":"2024","unstructured":"Buzzio-Garc\u00eda J, Vergara J, R\u00edos-Guiral S, Garz\u00f3n C, Guti\u00e9rrez S, Botero JF, P\u00e9rez-D\u00edaz JA. Exploring traffic patterns through network programmability: introducing SDNFlow, a comprehensive OpenFlow-based statistics dataset for attack detection. IEEE Access. 2024;12:42163\u201380.","journal-title":"IEEE Access"},{"key":"3930_CR10","first-page":"1","volume":"2018","author":"J Ye","year":"2018","unstructured":"Ye J, Cheng X, Zhu J, Feng L, Song L. A DDoS attack detection method based on SVM in software-defined network. Secur Commun Netw. 2018;2018:1\u20139.","journal-title":"Secur Commun Netw"},{"key":"3930_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2019\/8012568","volume":"2019","author":"M Myint Oo","year":"2019","unstructured":"Myint Oo M, Kamolphiwong S, Kamolphiwong T, Vasupongayya S. Advanced support vector machine (ASVM)-based detection for distributed denial-of-service (DDoS) attack on software-defined networking (SDN). J Comput Netw Commun. 2019;2019:1\u201312.","journal-title":"J Comput Netw Commun"},{"key":"3930_CR12","doi-asserted-by":"publisher","first-page":"165263","DOI":"10.1109\/ACCESS.2020.3022633","volume":"8","author":"MS Elsayed","year":"2020","unstructured":"Elsayed MS, Le-Khac NA, Jurcut AD. InSDN: a novel SDN intrusion dataset. IEEE Access. 2020;8:165263\u201384.","journal-title":"IEEE Access"},{"issue":"1","key":"3930_CR13","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.7438","volume":"35","author":"AO Alzahrani","year":"2023","unstructured":"Alzahrani AO, Alenazi MJ. ML-IDSDN: machine learning based intrusion detection system for software-defined network. Concurr Comput: Pract Exp. 2023;35(1): e7438.","journal-title":"Concurr Comput: Pract Exp"},{"key":"3930_CR14","first-page":"1","volume":"2023","author":"LM Halman","year":"2023","unstructured":"Halman LM, Alenazi MJ. MCAD: a machine learning-based cyberattack detector in software-defined networking (SDN) for healthcare systems. IEEE Access. 2023;2023:1\u201312.","journal-title":"IEEE Access"},{"key":"3930_CR15","doi-asserted-by":"crossref","unstructured":"Khanal B, Kumar C, Ansari MSA. NITSDN: development of SDN dataset for ML-based intrusion detection system. In International Conference on Advanced Computational and Communication Paradigms (pp. 99\u2013111. 2023. Singapore: Springer Nature Singapore.","DOI":"10.1007\/978-981-99-4284-8_8"},{"issue":"2","key":"3930_CR16","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1007\/s10922-025-09904-5","volume":"33","author":"B Khanal","year":"2025","unstructured":"Khanal B, Kumar C, Ansari MSA. Real-time anomaly detection framework to mitigate emerging threats in software defined networks. J Netw Syst Manage. 2025;33(2):26.","journal-title":"J Netw Syst Manage"},{"key":"3930_CR17","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2021.103108","volume":"187","author":"N Ahuja","year":"2021","unstructured":"Ahuja N, Singal G, Mukhopadhyay D, Kumar N. Automated DDOS attack detection in software defined networking. J Netw Comput Appl. 2021;187: 103108.","journal-title":"J Netw Comput Appl"},{"key":"3930_CR18","doi-asserted-by":"crossref","unstructured":"Sarica AK, Angin P. A novel SDN dataset for intrusion detection in IoT networks. In 2020 16th International Conference on Network and Service Management (CNSM). 2020. (pp. 1\u20135). IEEE.","DOI":"10.23919\/CNSM50824.2020.9269042"},{"issue":"28","key":"3930_CR19","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.8289","volume":"36","author":"D Sendil Vadivu","year":"2024","unstructured":"Sendil Vadivu D, Rajagopalan N. RyuGuard\u2014combining Ryu and machine learning for proactive DDoS defense in software-defined networks. Concurr Comput: Pract Exp. 2024;36(28): e8289.","journal-title":"Concurr Comput: Pract Exp"},{"key":"3930_CR20","unstructured":"Wikimedia Foundation. Hping. Wikipedia. 2025. https:\/\/en.wikipedia.org\/wiki\/Hping"},{"key":"3930_CR21","unstructured":"Scapy. (n.d.). https:\/\/scapy.net\/. Accessed 11 Mar 2025."},{"key":"3930_CR22","unstructured":"Wireshark go deep. Wireshark. (n.d.). https:\/\/www.wireshark.org\/. Accessed 03 Feb 2025."},{"key":"3930_CR23","unstructured":"Ahlashkari. (n.d.). Ahlashkari\/CicFlowmeter: CicFlowmeter-v4.0 (formerly known as iscxflowmeter) is an ethernet traffic bi-flow generator and analyzer for anomaly detection that has been used in many cybersecurity datsets such as Android adware-general malware dataset (CICAAGM2017), IPS\/IDS Dataset (CICIDS2017), Android Malware Dataset (CICANDMAL2017) and distributed denial of service (CICDDOS2019). GitHub. https:\/\/github.com\/ahlashkari\/CicFlowmeter. Accessed 11 Mar 2025."},{"key":"3930_CR24","doi-asserted-by":"crossref","unstructured":"Vadivu DS, Rajagopalan N. Mitigating DDoS attack in SDN using random forest classifier\u2013based flow table analysis with Ryu controller. In 2024 2nd International Conference on Advancement in Computation & Computer Technologies (InCACCT). 2024. (pp. 220\u2013224). IEEE.","DOI":"10.1109\/InCACCT61598.2024.10551213"},{"key":"3930_CR25","doi-asserted-by":"crossref","unstructured":"Priya L, Rajagopalan N. Performance analysis of software-defined networks (SDN) via POX controller simulation in Mininet. In International Conference on Advanced Network Technologies and Intelligent Computing. 2023. (pp. 116\u2013130). Cham: Springer Nature Switzerland.","DOI":"10.1007\/978-3-031-64076-6_9"},{"key":"3930_CR26","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1613\/jair.953","volume":"16","author":"NV Chawla","year":"2002","unstructured":"Chawla NV, Bowyer KW, Hall LO, Kegelmeyer WP. SMOTE: synthetic minority over-sampling technique. J Artif Intell Res. 2002;16:321\u201357.","journal-title":"J Artif Intell Res"},{"issue":"4","key":"3930_CR27","doi-asserted-by":"publisher","first-page":"809","DOI":"10.30630\/joiv.6.4.1476","volume":"6","author":"MT Kurniawan","year":"2022","unstructured":"Kurniawan MT, Yazid S, Sucahyo YG. Comparison of feature selection methods for DDoS attacks on software defined networks using filter-based, wrapper-based and embedded-based. JOIV: Int J Inform Vis. 2022;6(4):809\u201314.","journal-title":"JOIV: Int J Inform Vis"},{"issue":"11","key":"3930_CR28","first-page":"1","volume":"17","author":"KMA Alheeti","year":"2023","unstructured":"Alheeti KMA, Alzahrani A, Alamri M, Kareem AK, Al Dosary D. A comparative study for SDN security based on machine learning. Int J Interact Mobile Technol. 2023;17(11):1\u201310.","journal-title":"Int J Interact Mobile Technol"},{"key":"3930_CR29","doi-asserted-by":"crossref","unstructured":"Dutta J, Kim YW, Dominic D. Comparison of gradient boosting and extreme boosting ensemble methods for webpage classification. In 2020 Fifth International Conference on Research in Computational Intelligence and Communication Networks (ICRCICN). 2020. (pp. 77\u201382). IEEE.","DOI":"10.1109\/ICRCICN50933.2020.9296176"},{"key":"3930_CR30","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2023.109807","volume":"230","author":"T Cerquitelli","year":"2023","unstructured":"Cerquitelli T, Meo M, Curado M, Skorin-Kapov L, Tsiropoulou EE. Machine learning empowered computer networks. Comput Netw. 2023;230: 109807.","journal-title":"Comput Netw"},{"issue":"546","key":"3930_CR31","doi-asserted-by":"publisher","first-page":"1434","DOI":"10.1080\/01621459.2023.2197686","volume":"119","author":"S Bates","year":"2024","unstructured":"Bates S, Hastie T, Tibshirani R. Cross-validation: what does it estimate and how well does it do it? J Am Stat Assoc. 2024;119(546):1434\u201345.","journal-title":"J Am Stat Assoc"},{"key":"3930_CR32","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2023.110162","volume":"239","author":"R Doriguzzi-Corin","year":"2024","unstructured":"Doriguzzi-Corin R, Knob\nLAD, Mendozzi L, Siracusa D, Savi M. Introducing packet-level analysis in programmable data planes to advance\nnetwork intrusion detection. Comput Netw. 2024;239:110162. https:\/\/doi.org\/10.1016\/j.comnet.2023.110162.","journal-title":"Comput Netw."},{"issue":"6","key":"3930_CR33","doi-asserted-by":"publisher","first-page":"109","DOI":"10.3390\/sym14061095","volume":"14","author":"M Alduailij","year":"2022","unstructured":"Alduailij M, Khan QW, Tahir M, Sardaraz M, Alduailij M, Malik F. Machine-learning-based DDoS attack detection using mutual information and random forest feature importance method. Symmetry. 2022;14(6):109.","journal-title":"Symmetry"},{"issue":"17","key":"3930_CR34","doi-asserted-by":"publisher","first-page":"9488","DOI":"10.3390\/app13179488","volume":"13","author":"KM Ko","year":"2023","unstructured":"Ko KM, Baek JM, Seo BS, Lee WB. Comparative study of AI-enabled DDoS detection technologies in SDN. Appl Sci. 2023;13(17):9488.","journal-title":"Appl Sci"},{"issue":"1","key":"3930_CR35","doi-asserted-by":"publisher","first-page":"867","DOI":"10.32604\/iasc.2023.026769","volume":"35","author":"G Logeswari","year":"2023","unstructured":"Logeswari G, Bose S, Anitha TJIA. An intrusion detection system for SDN using machine learning. Intell Autom Soft Comput. 2023;35(1):867\u201380.","journal-title":"Intell Autom Soft Comput"},{"issue":"3","key":"3930_CR36","doi-asserted-by":"publisher","first-page":"1035","DOI":"10.3390\/su12031035","volume":"12","author":"H Polat","year":"2020","unstructured":"Polat H, Polat O, Cetin A. Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainability. 2020;12(3):1035.","journal-title":"Sustainability"},{"issue":"2s","key":"3930_CR37","doi-asserted-by":"publisher","first-page":"546","DOI":"10.52783\/cana.v31.666","volume":"31","author":"N Chavhan","year":"2024","unstructured":"Chavhan N. Statistical implementation for SD-RNN model for multiclass classification for network intrusion detection system. Commun Appl Non-Linear Anal. 2024;31(2s):546\u201360.","journal-title":"Commun Appl Non-Linear Anal"},{"issue":"4","key":"3930_CR38","doi-asserted-by":"publisher","first-page":"1862","DOI":"10.1109\/TCCN.2022.3186331","volume":"8","author":"MS El Sayed","year":"2022","unstructured":"El Sayed MS, Le-Khac NA, Azer MA, Jurcut AD. A flow-based anomaly detection approach with feature selection method against DDoS attacks in SDNs. IEEE Trans Cognit Commun Netw. 2022;8(4):1862\u201380.","journal-title":"IEEE Trans Cognit Commun Netw"},{"key":"3930_CR39","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/ACCESS.2022.3232124","volume":"11","author":"RB Said","year":"2023","unstructured":"Said RB, Sabir Z, Askerzade I. CNN-BiLSTM: a hybrid deep learning approach for network intrusion detection system in software-defined networking with hybrid feature selection. IEEE Access. 2023;11:1\u201310.","journal-title":"IEEE Access"},{"key":"3930_CR40","unstructured":"Ahlashkari. (n.d.-b). Ahlashkari\/NTLFlowLyzer. GitHub. https:\/\/github.com\/ahlashkari\/NTLFlowLyzer. Accessed 11 Mar 2025."}],"container-title":["SN Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-025-03930-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s42979-025-03930-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-025-03930-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,23]],"date-time":"2025-04-23T07:18:36Z","timestamp":1745392716000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s42979-025-03930-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,23]]},"references-count":40,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2025,6]]}},"alternative-id":["3930"],"URL":"https:\/\/doi.org\/10.1007\/s42979-025-03930-5","relation":{},"ISSN":["2661-8907"],"issn-type":[{"value":"2661-8907","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,4,23]]},"assertion":[{"value":"31 May 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 March 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 April 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that no competing interests exist in relation to the research described in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Research Involving Human and\/or Animals"}},{"value":"Not applicable.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Informed Consent"}}],"article-number":"412"}}