Software-defined networking (SDN) is an innovative network paradigm, offering substantial control of network operation through a network’s architecture. SDN is an ideal platform for implementing projects involving distributed applications, security solutions, and decentralized network administration in a multitenant data center environment due to its programmability. As its usage rapidly expands, network security threats are becoming more frequent, leading SDN security to be of significant concern. Machine-learning (ML) techniques for intrusion detection of DDoS attacks in SDN networks utilize standard datasets and fail to cover all classification aspects, resulting in under-coverage of attack diversity. This paper proposes a hybrid technique to recognize denial-of-service (DDoS) attacks that combine deep learning and feedforward neural networks as autoencoders. Two datasets were analyzed for the training and testing model, first statically and then iteratively. The auto-encoding model is constructed by stacking the input layer and hidden layer of self-encoding models’ layer by layer, with each self-encoding model using a hidden layer. To evaluate our model, we use a three-part data split (train, test, and validate) rather than the common two-part split (train and test). The resulting proposed model achieved a higher accuracy for the static dataset, where for ISCX-IDS-2012 dataset, accuracy reached a high of 99.35% in training, 99.3% in validation and 99.99% in precision, recall, and F1-score. for the UNSW2018 dataset, the accuracy reached a high of 99.95% in training, 0.99.94% in validation, and 99.99% in precision, recall, and F1-score. In addition, the model achieved great results with a dynamic dataset (using an emulator), reaching a high of 97.68% in accuracy.
