Submit

Login Login

Register Register

Home / Journals / CMC / Online First / doi:10.32604/cmc.2026.077454
Journal Menu
Special Issues
Table of Content

All issues

Online First

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Open Access

ARTICLE

A Novel Synthetic Dataset for Effective Detection of Replay Attacks in SDN-Enabled IoT Networks

Nader Karmous1, Leila Bousbia1, Mohamed Ould-Elhassen Aoueileyine1, Imen Filali2,*, Ridha Bouallegue1
1 Innov’COM Laboratory, Higher School of Communication of Tunis, University of Carthage, Technopark Elghazala, Raoued, Ariana, Tunisia
2 Department of Computer Sciences, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, Riyadh, Saudi Arabia
* Corresponding Author: Imen Filali. Email: email

Computers, Materials & Continua https://doi.org/10.32604/cmc.2026.077454

Received 09 December 2025; Accepted 06 February 2026; Published online 03 April 2026

Abstract

This study proposes an intelligent Intrusion Detection and Prevention System (IDPS) integrated into a centralized Ryu Software-Defined Networking (SDN) controller to mitigate replay attacks within Internet of Things (IoT) environments. To address the scarcity of specialized datasets, a comprehensive dataset was generated using a real-time SDN-IoT testbed encompassing Mininet, multiple OpenFlow 1.3 switches, and a single Ryu controller. The experimental setup featured the exchange of legitimate and malicious Message Queuing Telemetry Transport (MQTT) traffic between hosts and IoT devices to simulate realistic network behaviors and attack vectors. Our methodology introduces a novel feature engineering framework by evaluating three distinct configurations, including: (1) preprocessed features, (2) data reduced through Principal Component Analysis (PCA), and (3) latent representations extracted via a Variational Autoencoder (VAE). Four distinct classifiers were rigorously benchmarked, including Random Forest (RF), Support Vector Machine (SVM), Extreme Gradient Boosting (XGBoost), and a Convolutional Neural Network (CNN). Performance metrics were derived from 50 independent runs and validated through paired t-tests and Wilcoxon signed-rank tests. The results demonstrate that VAE-based deep feature extraction significantly improves detection accuracy. Notably, the CNN trained on these features achieved a peak accuracy of 99.91% and a false alarm rate of 0.19%. The framework’s real-time effectiveness and scalability were validated through live deployment, offering a robust and reproducible solution for securing SDN-enabled IoT infrastructures. Ultimately, our proposed CNN-VAE approach demonstrates superior performance and higher detection precision compared to existing related works in the field of IoT intrusion detection.

Keywords

Replay attacks; man in the middle; cybersecurity; software defined networking; Internet of Things; machine learning; artificial intelligence; deep learning; variational autoencoder; feature selection; principal component analysis; Wilcoxon signed-rank

  • 480

    View

  • 32

    Download

  • 0

    Like

Related articles
Copyright© 2026 Tech Science Press
© 1997-2026 TSP (Henderson, USA) unless otherwise stated

Share Link