An efficient federated learning based defense mechanism for software defined network cyber threats through machine learning models

Software-Defined Networking (SDN) is flexible, provides centralized control, and is vendor-independent; however, due to its centralized architecture, it is extremely susceptible to complex cyber-attacks. The classical means of intrusion detection proves to be unable to cope with dynamic and large-scales threats, which prove to be high-false positive as well as slow responses. This work proposes an AI-based federated defense system, which incorporates XGBoost to identify threats correctly, LightGBM to provide adaptive responses in real-time, and Federated Learning to share intelligence among each other without jeopardizing data confidentiality. Based on high-dimensional network traffic, log files, system activities, the framework uses feature engineering to improve anomaly differentiation and boost SDN resilience. Extensive testing on benchmark datasets (NSL-KDD and CICIDS2017) shows that the suggested solution has a 96.3% detection rate, which minimizes false positives and is 7.8% more effective than traditional ML-based intrusion detection systems. The framework can be easily scaled, it saves privacy, and is flexible to new zero-day threats, fitting the current SDN-based environments.