Submit

Login Login

Register Register

Home / Journals / CMC / Online First / doi:10.32604/cmc.2025.072772
Journal Menu
Special Issues
Table of Content

All issues

Online First

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Open Access

ARTICLE

Explainable Hybrid AI Model for DDoS Detection in SDN-Enabled Internet of Vehicle

Oumaima Saidani1, Nazia Azim2, Ateeq Ur Rehman3,*, Akbayan Bekarystankyzy4, Hala AbdelHameed Mostafa5, Mohamed R. Abonazel6, Ehab Ebrahim Mohamed Ebrahim7, Sarah Abu Ghazalah8
1 Department of Information Systems, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, P.O. Box 84428, Riyadh, 11671, Saudi Arabia
2 Department of Computer Science, Abdul Wali Khan University Mardan, Mardan, 23200, KPK, Pakistan
3 School of Computing, Gachon University, Seongnam-si, 13120, Republic of Korea
4 School of Digital Engineering, Narxoz University, Almati, 050000, Kazakhstan
5 Faculty of Computer and Artificial Intelligence, Fayoum University, Fayoum, 63514, Egypt
6 Department of Applied Statistics and Econometrics, Faculty of Graduate Studies for Statistical Research, Cairo University, Giza, 12613, Egypt
7 Department of Economics, College of Business, Imam Mohammad Ibn Saud Islamic University (IMSIU), P.O. Box 90950, Riyadh, 11623, Saudi Arabia
8 Department of Informatics and Computer System, College of Computer Science, King Khalid University, Abha, 61421, Saudi Arabia
* Corresponding Author: Ateeq Ur Rehman. Email: email

Computers, Materials & Continua https://doi.org/10.32604/cmc.2025.072772

Received 03 September 2025; Accepted 14 November 2025; Published online 08 January 2026

Abstract

The convergence of Software Defined Networking (SDN) in Internet of Vehicles (IoV) enables a flexible, programmable, and globally visible network control architecture across Road Side Units (RSUs), cloud servers, and automobiles. While this integration enhances scalability and safety, it also raises sophisticated cyberthreats, particularly Distributed Denial of Service (DDoS) attacks. Traditional rule-based anomaly detection methods often struggle to detect modern low-and-slow DDoS patterns, thereby leading to higher false positives. To this end, this study proposes an explainable hybrid framework to detect DDoS attacks in SDN-enabled IoV (SDN-IoV). The hybrid framework utilizes a Residual Network (ResNet) to capture spatial correlations and a Bi-Long Short-Term Memory (BiLSTM) to capture both forward and backward temporal dependencies in high-dimensional input patterns. To ensure transparency and trustworthiness, the model integrates the Explainable AI (XAI) technique, i.e., SHapley Additive exPlanations (SHAP). SHAP highlights the contribution of each feature during the decision-making process, facilitating security analysts to understand the rationale behind the attack classification decision. The SDN-IoV environment is created in Mininet-WiFi and SUMO, and the hybrid model is trained on the CICDDoS2019 security dataset. The simulation results reveal the efficacy of the proposed model in terms of standard performance metrics compared to similar baseline methods.

Keywords

Explainable AI; software defined networking; Internet of vehicles; DDoS attack; ResNet; BiLSTM

  • 97

    View

  • 18

    Download

  • 0

    Like

Related articles
Copyright© 2026 Tech Science Press
© 1997-2026 TSP (Henderson, USA) unless otherwise stated

Share Link