Akademik Veri Yönetim Sistemi
PeerJ Computer Science, cilt.12, 2026 (SCI-Expanded, Scopus)
This study presents the development of a realistic and comprehensive SDN-ATK dataset designed to evaluate the effectiveness of machine learning (ML) and deep learning (DL) approaches for attack detection in Software-Defined Networking (SDN) environments. Unlike existing datasets, SDN-ATK explicitly includes attacks targeting key SDN components such as SDN controllers and OpenFlow switches, addressing a critical gap in current research. We evaluated three ML (XGBoost, Random Forest, and Decision Tree) and three DL (Convolutional Neural Network (CNN), Feed-forward Neural Network (FNN), and Long Short-Term Memory (LSTM)) algorithms across binary and multiclass classification tasks to assess detection performance. Our results demonstrate that DL models, particularly FNN and CNN outperform ML counterparts, achieving 98 - 99% accuracy, precision, and recall in binary classification. Explainability analyses were conducted using SHAP (SHapley Additive explanations) on the XGBoost model, offering valuable insights into the importance of feature and improving transparency in ML-based attack detection. The study's findings provide critical guidance for both academia and industry, highlighting that within our Ryu-based SDN testbed, DL models demonstrated more reliable and balanced performance for large-scale attack detection. This work lays a solid foundation for future research, including developing real-time, intelligent, and explainable intrusion detection systems for SDN environments.