@Article{cmes.2025.074178,
AUTHOR = {Nader Karmous, Wadii Jlassi, Mohamed Ould-Elhassen Aoueileyine, Imen Filali, Ridha Bouallegue},
TITLE = {A New Dataset for Network Flooding Attacks in SDN-Based IoT Environments},
JOURNAL = {Computer Modeling in Engineering \& Sciences},
VOLUME = {145},
YEAR = {2025},
NUMBER = {3},
PAGES = {4363--4393},
URL = {http://www.techscience.com/CMES/v145n3/65006},
ISSN = {1526-1506},
ABSTRACT = {This paper introduces a robust Distributed Denial-of-Service attack detection framework tailored for Software-Defined Networking based Internet of Things environments, built upon a novel, synthetic multi-vector dataset generated in a Mininet-Ryu testbed using real-time flow-based labeling. The proposed model is based on the XGBoost algorithm, optimized with Principal Component Analysis for dimensionality reduction, utilizing lightweight flow-level features extracted from OpenFlow statistics to classify attacks across critical IoT protocols including TCP, UDP, HTTP, MQTT, and CoAP. The model employs lightweight flow-level features extracted from OpenFlow statistics to ensure low computational overhead and fast processing. Performance was rigorously evaluated using key metrics, including Accuracy, Precision, Recall, F1-Score, False Alarm Rate, AUC-ROC, and Detection Time. Experimental results demonstrate the model’s high performance, achieving an accuracy of 98.93% and a low FAR of 0.86%, with a rapid median detection time of 1.02 s. This efficiency validates its superiority in meeting critical Key Performance Indicators, such as Latency and high Throughput, necessary for time-sensitive SDN-IoT systems. Furthermore, the model’s robustness and statistically significant outperformance against baseline models such as Random Forest, k-Nearest Neighbors, and Gradient Boosting Machine,validating through statistical tests using Wilcoxon signed-rank test and confirmed via successful deployment in a real SDN testbed for live traffic detection and mitigation.},
DOI = {10.32604/cmes.2025.074178}
}