Classification of Cyber Attacks on Software-Defined Networking (SDN) Using Deep Learning LSTM and GRU

Authors

  • Zuki Pristiantoro Putro Telkom University
  • Annisa Desianty

Keywords:

Additional Refinements Keywords, IDS, SDN, LSTM, GRU

Abstract

Network security is a major challenge in the era of digital transformation, especially in Software-Defined Networking (SDN) architectures, which offer high flexibility but increase the risk of cyber-attacks. This study compares the performance of two Deep Learning models, namely Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU), in detecting cyber-attacks using the UNSW-NB15 dataset. This dataset covers nine categories of attacks such as DoS, Fuzzers, Exploits, and Reconnaissance, making it relevant for simulating modern network conditions. The research stages include data preprocessing, model training, and performance evaluation using accuracy, precision, recall, and F1-score metrics. The experimental results show that the GRU model has a more efficient training time, while LSTM achieves higher accuracy in detecting complex temporal patterns. These findings are expected to serve as a reference for the development of an optimal Deep Learning-based Intrusion Detection System (IDS) in an SDN environment.

References

D. Agnew, S. Boamah, A. Bretas, and J. McNair, “Network Security Challenges and Countermeasures for Software-Defined Smart Grids: A Survey,” Preprints, Mar. 2024, doi: 10.20944/preprints202403.1701.v1.

Q. Ren et al., “SDN-ESRC: A Secure and Resilient Control Plane for Software-Defined Networks,” IEEE Trans. Netw. Serv. Manag., vol. 19, no. 3, pp. 2366–2381, 2022, doi: 10.1109/TNSM.2022.3163198.

A. M. Abdelrahman et al., “Software-defined networking security for private data center networks and clouds: Vulnerabilities, attacks, countermeasures, and solutions,” Int. J. Commun. Syst., vol. 34, no. 4, p. e4706, 2021, doi: https://doi.org/10.1002/dac.4706.

A. Bajenaid et al., “Towards Robust SDN Security: A Comparative Analysis of Oversampling Techniques with ML and DL Classifiers,” Electronics, vol. 14, no. 5, 2025, doi: 10.3390/electronics14050995.

A. M. Elshewey, S. Abbas, A. M. Osman, E. A. Aldakheel, and Y. Fouad, “DDoS classification of network traffic in software defined networking SDN using a hybrid convolutional and gated recurrent neural network,” Sci. Rep., vol. 15, no. 1, p. 29122, 2025, doi: 10.1038/s41598-025-13754-1.

M. S. Ataa, E. E. Sanad, and R. A. El-khoribi, “Intrusion detection in software defined network using deep learning approaches,” Sci. Rep., vol. 14, no. 1, p. 29159, 2024, doi: 10.1038/s41598-024-79001-1.

M. Soltani, B. Ousat, M. Jafari Siavoshani, and A. H. Jahangir, “An adaptable deep learning-based intrusion detection system to zero-day attacks,” J. Inf. Secur. Appl., vol. 76, p. 103516, 2023, doi: https://doi.org/10.1016/j.jisa.2023.103516.

K. E. ArunKumar, D. V Kalaga, C. M. S. Kumar, M. Kawaji, and T. M. Brenza, “Forecasting of COVID-19 using deep layer Recurrent Neural Networks (RNNs) with Gated Recurrent Units (GRUs) and Long Short-Term Memory (LSTM) cells,” Chaos, Solitons & Fractals, vol. 146, p. 110861, 2021, doi: https://doi.org/10.1016/j.chaos.2021.110861.

J. Yang, “A new Attacks Intrusion Detection Model Based on Deep Learning in Software-Defined Networking Environments,” in 2024 4th International Conference on Machine Learning and Intelligent Systems Engineering (MLISE), 2024, pp. 430–436. doi: 10.1109/MLISE62164.2024.10674546.

C. G. Cordero, E. Vasilomanolakis, A. Wainakh, M. Mühlhäuser, and S. Nadjm-Tehrani, “On Generating Network Traffic Datasets with Synthetic Attacks for Intrusion Detection,” ACM Trans. Priv. Secur., vol. 24, no. 2, Jan. 2021, doi: 10.1145/3424155.

A. Kaur, C. Rama Krishna, and N. V. Patil, “A comprehensive review on Software-Defined Networking (SDN) and DDoS attacks: Ecosystem, taxonomy, traffic engineering, challenges and research directions,” Comput. Sci. Rev., vol. 55, p. 100692, 2025, doi: https://doi.org/10.1016/j.cosrev.2024.100692.

Q. Zong, X. Yang, X. Zhang, and W. Liu, “Active fault detection for spacecraft attitude control system,” in 2020 39th Chinese Control Conference (CCC), 2020, pp. 4083–4088. doi: 10.23919/CCC50068.2020.9188435.

Z. M. Nayeri, T. Ghafarian, and B. Javadi, “Application placement in Fog computing with AI approach: Taxonomy and a state of the art survey,” J. Netw. Comput. Appl., vol. 185, p. 103078, 2021, doi: https://doi.org/10.1016/j.jnca.2021.103078.

Z. Hussain, Q. Z. Sheng, and W. E. Zhang, “A review and categorization of techniques on device-free human activity recognition,” J. Netw. Comput. Appl., vol. 167, p. 102738, 2020, doi: https://doi.org/10.1016/j.jnca.2020.102738.

E. B. Ali, S. Kishk, and E. H. Abdelhay, “Multidimensional auction for task allocation using computation offloading in fifth generation networks,” Futur. Gener. Comput. Syst., vol. 108, pp. 717–725, 2020, doi: https://doi.org/10.1016/j.future.2020.02.021.

A. Banitalebi Dehkordi, M. Soltanaghaei, and F. Z. Boroujeni, “The DDoS attacks detection through machine learning and statistical methods in SDN,” J. Supercomput., vol. 77, no. 3, pp. 2383–2415, 2021, doi: 10.1007/s11227-020-03323-w.

H. Elubeyd and D. Yiltas-Kaplan, “Hybrid Deep Learning Approach for Automatic DoS/DDoS Attacks Detection in Software-Defined Networks,” Appl. Sci., vol. 13, no. 6, 2023, doi: 10.3390/app13063828.

D. Liu et al., “Deep Learning-Based Intrusion Detection: A CNN-LSTM-Transformer Approach for Enhanced Network Security,” in Proceedings of the 10th International Conference on Cyber Security and Information Engineering, in ICCSIE ’25. New York, NY, USA: Association for Computing Machinery, 2025, pp. 318–325. doi: 10.1145/3759179.3760451.

I. I. Kurochkin and S. S. Volkov, “Using GRU based deep neural network for intrusion detection in software-defined networks,” IOP Conf. Ser. Mater. Sci. Eng., vol. 927, no. 1, p. 12035, Sep. 2020, doi: 10.1088/1757-899X/927/1/012035.

M. Elsayed, N.-A. Le-Khac, and A. Jurcut, “InSDN: A Novel SDN Intrusion Dataset,” IEEE Access, 2020, doi: 10.1109/ACCESS.2020.3022633.

J. Lansky et al., “Deep Learning-Based Intrusion Detection Systems: A Systematic Review,” IEEE Access, vol. 9, pp. 101574–101599, 2021, doi: 10.1109/ACCESS.2021.3097247.

Downloads

Published

2026-06-03

How to Cite

Pristiantoro Putro, Z., & Desianty, A. . (2026). Classification of Cyber Attacks on Software-Defined Networking (SDN) Using Deep Learning LSTM and GRU . Journal of Informatics and Communication Technology (JICT), 7(2), 1–10. Retrieved from https://ejournal.akademitelkom.ac.id/j_ict/index.php/j_ict/article/view/459

Issue

Vol. 7 No. 2 (2025)

Section

Informatika

License

Copyright (c) 2025 Zuki Pristiantoro Putro, Annisa Desianty

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.