@Article{cmc.2026.077454,
AUTHOR = {Nader Karmous, Leila Bousbia, Mohamed Ould-Elhassen Aoueileyine, Imen Filali, Ridha Bouallegue},
TITLE = {A Novel Synthetic Dataset for Effective Detection of Replay Attacks in SDN-Enabled IoT Networks},
JOURNAL = {Computers, Materials \& Continua},
VOLUME = {},
YEAR = {},
NUMBER = {},
PAGES = {{pages}},
URL = {http://www.techscience.com/cmc/online/detail/26427},
ISSN = {1546-2226},
ABSTRACT = {This study proposes an intelligent Intrusion Detection and Prevention System (IDPS) integrated into a centralized Ryu Software-Defined Networking (SDN) controller to mitigate replay attacks within Internet of Things (IoT) environments. To address the scarcity of specialized datasets, a comprehensive dataset was generated using a real-time SDN-IoT testbed encompassing Mininet, multiple OpenFlow 1.3 switches, and a single Ryu controller. The experimental setup featured the exchange of legitimate and malicious Message Queuing Telemetry Transport (MQTT) traffic between hosts and IoT devices to simulate realistic network behaviors and attack vectors. Our methodology introduces a novel feature engineering framework by evaluating three distinct configurations, including: (1) preprocessed features, (2) data reduced through Principal Component Analysis (PCA), and (3) latent representations extracted via a Variational Autoencoder (VAE). Four distinct classifiers were rigorously benchmarked, including Random Forest (RF), Support Vector Machine (SVM), Extreme Gradient Boosting (XGBoost), and a Convolutional Neural Network (CNN). Performance metrics were derived from 50 independent runs and validated through paired <i>t</i>-tests and Wilcoxon signed-rank tests. The results demonstrate that VAE-based deep feature extraction significantly improves detection accuracy. Notably, the CNN trained on these features achieved a peak accuracy of 99.91% and a false alarm rate of 0.19%. The framework’s real-time effectiveness and scalability were validated through live deployment, offering a robust and reproducible solution for securing SDN-enabled IoT infrastructures. Ultimately, our proposed CNN-VAE approach demonstrates superior performance and higher detection precision compared to existing related works in the field of IoT intrusion detection.},
DOI = {10.32604/cmc.2026.077454}
}