Abstract
Software-Defined Networking (SDN) has changed the way networks are managed by providing a centralized and programmable framework. However, it also makes the SDN controller more vulnerable to Distributed Denial of Service (DDoS) attacks, which try to take it down. Current intrusion detection technologies, encompassing conventional machine learning and deep learning models, frequently encounter difficulties in adapting to evolving attack patterns or effectively capturing the intricate topological features inherent in SDN environments. To overcome these limitations, GCTNetwork is proposed as an innovative framework grounded in Dynamic Graph Neural Networks (DGNN) designed to identify DDoS attacks in Software-Defined Networks (SDNs) in real time. GCTNetwork utilizes Gated Convolutional Temporal (GCT) layers for integrated node-edge feature analysis, an Edge-Aware LSTM for temporal dependency modeling, and a Graph Attention Layer (GAT) to emphasize essential communication pathways. Utilizing the SDN Dataset, our evaluation indicates that GCTNetwork delivers reliable and efficient performance, achieving an accuracy of 94.08% and an F1-score of 93.27%, outperforming other advanced SDN-based models such as LR-STGCN, GRAN, and ST-GCN. The model also demonstrates a substantial reliability, as indicated by its low False Alarm Index (FAI) of 0.06, which signifies its effectiveness in reducing unnecessary alerts within dynamic controller environments. Training and validation trends exhibit stable convergence, characterized by progressively increasing accuracy and consistently declining loss across epochs, reflecting significant generalization without indications of overfitting. The results confirm the proposed framework's capacity to deliver precise, efficient, and stable DDoS detection, underscoring the efficacy of dynamic, edge-aware graph learning in improving security within SDN-based infrastructures.