{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T01:35:40Z","timestamp":1760060140512,"version":"build-2065373602"},"reference-count":39,"publisher":"MDPI AG","issue":"8","license":[{"start":{"date-parts":[[2025,8,13]],"date-time":"2025-08-13T00:00:00Z","timestamp":1755043200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Fujian Provincial Department of Industry and Information Technology Letter Software, China","award":["488","2024H6007","2024H6030","KH230139A","KH240131A"],"award-info":[{"award-number":["488","2024H6007","2024H6030","KH230139A","KH240131A"]}]},{"name":"Fujian Provincial Department of Science and Technology, China","award":["488","2024H6007","2024H6030","KH230139A","KH240131A"],"award-info":[{"award-number":["488","2024H6007","2024H6030","KH230139A","KH240131A"]}]},{"name":"Industry-Research Project from Network Communication Company, China","award":["488","2024H6007","2024H6030","KH230139A","KH240131A"],"award-info":[{"award-number":["488","2024H6007","2024H6030","KH230139A","KH240131A"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>With the rapid development of technologies such as cloud computing, big data, and the Internet of Things (IoT), Software-Defined Networking (SDN) is emerging as a new network architecture for the modern Internet. SDN separates the control plane from the data plane, allowing a central controller, the SDN controller, to quickly direct the routing devices within the topology to forward data packets, thus providing flexible traffic management for communication between information sources. However, traditional Distributed Denial of Service (DDoS) attacks still significantly impact SDN systems. This paper proposes a novel dual-layer strategy capable of detecting and mitigating DDoS attacks in an SDN network environment. The first layer of the strategy enhances security by using blockchain technology to replace the SDN flow table storage container in the northbound interface of the SDN controller. Smart contracts are then used to process the stored flow table information. We employ the time window algorithm and the token bucket algorithm to construct the first layer strategy to defend against obvious DDoS attacks. To detect and mitigate less obvious DDoS attacks, we design a second-layer strategy that uses a composite data feature correlation coefficient calculation method and the Isolation Forest algorithm from unsupervised learning techniques to perform binary classification, thereby identifying abnormal traffic. We conduct experimental validation using the publicly available DDoS dataset CIC-DDoS2019. The results show that using this strategy in the SDN network reduces the average deviation of round-trip time (RTT) by approximately 38.86% compared with the original SDN network without this strategy. Furthermore, the accuracy of DDoS attack detection reaches 97.66% and an F1 score of 92.2%. Compared with other similar methods, under comparable detection accuracy, the deployment of our strategy in small-scale SDN network topologies provides faster detection speeds for DDoS attacks and exhibits less fluctuation in detection time. This indicates that implementing this strategy can effectively identify DDoS attacks without affecting the stability of data transmission in the SDN network environment.<\/jats:p>","DOI":"10.3390\/fi17080367","type":"journal-article","created":{"date-parts":[[2025,8,13]],"date-time":"2025-08-13T13:30:38Z","timestamp":1755091838000},"page":"367","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["DDoS Defense Strategy Based on Blockchain and Unsupervised Learning Techniques in SDN"],"prefix":"10.3390","volume":"17","author":[{"given":"Shengmin","family":"Peng","sequence":"first","affiliation":[{"name":"School of Intelligent Engineering, Fuzhou Polytechnic, Fuzhou 350108, China"}]},{"given":"Jialin","family":"Tian","sequence":"additional","affiliation":[{"name":"Computer and Information College, Fujian Agriculture and Forestry University, Fuzhou 350002, China"}]},{"given":"Xiangyu","family":"Zheng","sequence":"additional","affiliation":[{"name":"Computer and Information College, Fujian Agriculture and Forestry University, Fuzhou 350002, China"}]},{"given":"Shuwu","family":"Chen","sequence":"additional","affiliation":[{"name":"Computer and Information College, Fujian Agriculture and Forestry University, Fuzhou 350002, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7218-6321","authenticated-orcid":false,"given":"Zhaogang","family":"Shu","sequence":"additional","affiliation":[{"name":"Computer and Information College, Fujian Agriculture and Forestry University, Fuzhou 350002, China"}]}],"member":"1968","published-online":{"date-parts":[[2025,8,13]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"100289","DOI":"10.1016\/j.iot.2020.100289","article-title":"A survey on the architecture, application, and security of software defined networking: Challenges and open issues","volume":"12","author":"Nisar","year":"2020","journal-title":"Internet Things"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Luo, S., Wu, J., Li, J., and Pei, B. (2015, January 26\u201328). A defense mechanism for distributed denial of service attack in software-defined networks. Proceedings of the 2015 Ninth International Conference on Frontier of Computer Science and Technology, Dalian, China.","DOI":"10.1109\/FCST.2015.11"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1145\/1355734.1355746","article-title":"OpenFlow: Enabling innovation in campus networks","volume":"38","author":"McKeown","year":"2008","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"301","DOI":"10.1080\/21642583.2017.1331768","article-title":"A review of detection approaches for distributed denial of service attacks","volume":"5","author":"Kaur","year":"2017","journal-title":"Syst. Sci. Control Eng."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"2316","DOI":"10.1109\/TITS.2021.3056704","article-title":"Authenticated key agreement scheme with user anonymity and untraceability for 5G-enabled softwarized industrial cyber-physical systems","volume":"23","author":"Sutrala","year":"2021","journal-title":"IEEE Trans. Intell. Transp. Syst."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1949","DOI":"10.1007\/s10207-023-00728-5","article-title":"Investigation of application layer DDoS attacks in legacy and software-defined networks: A comprehensive review","volume":"22","author":"Kaur","year":"2023","journal-title":"Int. J. Inf. Secur."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Tian, J., Shu, Z., Chen, S., Xie, H., Liu, X., and Qiu, C. (2024, January 10\u201312). Enhanced DDoS Defense in SDN: Double-Layered Strategy with Blockchain Integration. Proceedings of the 2024 IEEE the 13th International Conference on Communications, Circuits, and Systems (ICCCAS 2024), Xiamen, China.","DOI":"10.1109\/ICCCAS62034.2024.10652857"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"68","DOI":"10.1145\/3500920","article-title":"When SDN and blockchain shake hands","volume":"65","author":"Latah","year":"2022","journal-title":"Commun. ACM"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"e3995","DOI":"10.1002\/ett.3995","article-title":"Consortium blockchain-enabled access control mechanism in edge computing based generic Internet of Things environment","volume":"32","author":"Saha","year":"2021","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Abou El Houda, Z., Hafid, A., and Khoukhi, L. (2019, January 9\u201313). Co-IoT: A collaborative DDoS mitigation scheme in IoT environment based on blockchain using SDN. Proceedings of the 2019 IEEE Global Communications Conference (GLOBECOM), Waikoloa, HI, USA.","DOI":"10.1109\/GLOBECOM38437.2019.9013542"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Chattaraj, D., Saha, S., Bera, B., and Das, A.K. (2020, January 6\u20139). On the design of blockchain-based access control scheme for software defined networks. Proceedings of the IEEE INFOCOM 2020\u2014IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Toronto, ON, Canada.","DOI":"10.1109\/INFOCOMWKSHPS50562.2020.9162669"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Abuhashim, A., and Tan, C.C. (2020, January 7\u201310). Smart contract designs on blockchain applications. Proceedings of the 2020 IEEE Symposium on Computers and Communications (ISCC), Rennes, France.","DOI":"10.1109\/ISCC50000.2020.9219622"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Giotis, K., Apostolaki, M., and Maglaris, V. (2016, January 25\u201329). A reputation-based collaborative schema for the mitigation of distributed attacks in SDN domains. Proceedings of the NOMS 2016\u20142016 IEEE\/IFIP Network Operations and Management Symposium, Istanbul, Turkey.","DOI":"10.1109\/NOMS.2016.7502849"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Wani, S., Imthiyas, M., Almohamedh, H., Alhamed, K.M., Almotairi, S., and Gulzar, Y. (2021). Distributed denial of service (DDoS) mitigation using blockchain\u2014A comprehensive insight. Symmetry, 13.","DOI":"10.3390\/sym13020227"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"103093","DOI":"10.1016\/j.jnca.2021.103093","article-title":"Emerging DDoS attack detection and mitigation strategies in software-defined networks: Taxonomy, challenges and future directions","volume":"187","author":"Valdovinos","year":"2021","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"5041","DOI":"10.1109\/TII.2020.3012508","article-title":"Blockchain based IIoT data sharing framework for SDN-enabled pervasive edge computing","volume":"17","author":"Gao","year":"2020","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"109512","DOI":"10.1016\/j.comnet.2022.109512","article-title":"S-HIDRA: A blockchain and SDN domain-based architecture to orchestrate fog computing environments","volume":"221","author":"Caminero","year":"2023","journal-title":"Comput. Netw."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"5693962","DOI":"10.1155\/2022\/5693962","article-title":"Intelligent blockchain-based secure routing for multidomain SDN-enabled IoT networks","volume":"2022","author":"Zeng","year":"2022","journal-title":"Wirel. Commun. Mob. Comput."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Ma, R., Wang, Q., Bu, X., and Chen, X. (2023). Real-Time Detection of DDoS Attacks Based on Random Forest in SDN. Appl. Sci., 13.","DOI":"10.3390\/app13137872"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"e2160","DOI":"10.1002\/nem.2160","article-title":"An augmented K-means clustering approach for the detection of distributed denial-of-service attacks","volume":"31","author":"Marvi","year":"2021","journal-title":"Int. J. Netw. Manag."},{"key":"ref_21","first-page":"264","article-title":"FRChain: A blockchain-based flow-rules-oriented data forwarding security scheme in SDN","volume":"15","author":"Lian","year":"2021","journal-title":"KSII Trans. Internet Inf. Syst. (TIIS)"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"531","DOI":"10.23919\/cje.2022.00.103","article-title":"A hybrid entropy and blockchain approach for network security defense in SDN-based IIoT","volume":"32","author":"Su","year":"2023","journal-title":"Chin. J. Electron."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"272","DOI":"10.1587\/transinf.2021BCP0013","article-title":"BlockCSDN: Towards blockchain-based collaborative intrusion detection in software defined networking","volume":"105","author":"Li","year":"2022","journal-title":"IEICE TRANSACTIONS Inf. Syst."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Hassan, A.I., El Reheem, E.A., and Guirguis, S.K. (2024). An entropy and machine learning based approach for DDoS attacks detection in software defined networks. Sci. Rep., 14.","DOI":"10.1038\/s41598-024-67984-w"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"25623","DOI":"10.1109\/ACCESS.2024.3367357","article-title":"A Genetic Algorithm and t-Test Based System for DDoS Attack Detection in IoT Networks","volume":"12","author":"Saiyed","year":"2024","journal-title":"IEEE Access"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"349","DOI":"10.14445\/22315381\/IJETT-V71I2P237","article-title":"XGBoost Machine Learning Model-Based DDoS Attack Detection and Mitigation in an SDN Environment","volume":"71","author":"Arvind","year":"2023","journal-title":"Int. J. Eng. Trends Technol."},{"key":"ref_27","first-page":"620","article-title":"Detection of DDoS Attacks in Software Defined Networking Using Machine Learning Models","volume":"Volume 700","author":"Hamarshe","year":"2023","journal-title":"Proceedings of the 2023 International Conference on Advances in Computing Research (ACR\u201923)"},{"key":"ref_28","first-page":"3003","article-title":"Enhanced DDoS Detection Using Advanced Machine Learning and Ensemble Techniques in Software Defined Networking","volume":"81","author":"Butt","year":"2024","journal-title":"Comput. Mater. Contin."},{"key":"ref_29","unstructured":"Wang, R., Ye, K., Meng, T., and Xu, C.Z. (2020, January 18\u201320). Performance evaluation on blockchain systems: A case study on Ethereum, Fabric, Sawtooth and Fisco-Bcos. Proceedings of the Services Computing\u2014SCC 2020: 17th International Conference, Held as Part of the Services Conference Federation, SCF 2020, Honolulu, HI, USA. Proceedings 17."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"475","DOI":"10.1016\/j.future.2019.12.019","article-title":"An overview on smart contracts: Challenges, advances and platforms","volume":"105","author":"Zheng","year":"2020","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., Hakak, S., and Ghorbani, A.A. (2019, January 1\u20133). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. Proceedings of the 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India.","DOI":"10.1109\/CCST.2019.8888419"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"1479","DOI":"10.1109\/TKDE.2019.2947676","article-title":"Extended isolation forest","volume":"33","author":"Hariri","year":"2019","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"189","DOI":"10.1109\/TNN.2008.2005601","article-title":"Normalized mutual information feature selection","volume":"20","author":"Tesmer","year":"2009","journal-title":"IEEE Trans. Neural Netw."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"197","DOI":"10.1007\/s11749-016-0481-7","article-title":"A random forest guided tour","volume":"25","author":"Biau","year":"2016","journal-title":"Test"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Chen, X., and Jeong, J.C. (2007, January 13\u201315). Enhanced recursive feature elimination. Proceedings of the Sixth International Conference on Machine Learning and Applications (ICMLA 2007), Cincinnati, OH, USA.","DOI":"10.1109\/ICMLA.2007.35"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"De Oliveira, R.L.S., Schweitzer, C.M., Shinoda, A.A., and Prete, L.R. (2014, January 4\u20136). Using mininet for emulation and prototyping software-defined networks. Proceedings of the 2014 IEEE Colombian Conference on Communications and Computing (COLCOM), Bogota, Colombia.","DOI":"10.1109\/ColComCon.2014.6860404"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Tripathy, D.N., and Reed, W.M. (2013). Pox. Diseases of Poultry, Wiley.","DOI":"10.1002\/9781119421481.ch10"},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"140156","DOI":"10.1109\/ACCESS.2021.3115577","article-title":"Toward the ontological modeling of smart contracts: A solidity use case","volume":"9","author":"Cimmino","year":"2021","journal-title":"IEEE Access"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Yacouby, R., and Axman, D. (2020, January 20). Probabilistic extension of precision, recall, and f1 score for more thorough evaluation of classification models. Proceedings of the First Workshop on Evaluation and Comparison of NLP Systems, Online.","DOI":"10.18653\/v1\/2020.eval4nlp-1.9"}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/8\/367\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T18:26:23Z","timestamp":1760034383000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/8\/367"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,13]]},"references-count":39,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2025,8]]}},"alternative-id":["fi17080367"],"URL":"https:\/\/doi.org\/10.3390\/fi17080367","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2025,8,13]]}}}