Open Access

ARTICLE

A Novel Synthetic Dataset for Effective Detection of Replay Attacks in SDN-Enabled IoT Networks

Nader Karmous¹, Leila Bousbia¹, Mohamed Ould-Elhassen Aoueileyine¹, Imen Filali^2,*, Ridha Bouallegue¹

1 Innov’COM Laboratory, Higher School of Communication of Tunis, University of Carthage, Technopark Elghazala, Raoued, Ariana, Tunisia
2 Department of Computer Sciences, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, Riyadh, Saudi Arabia

* Corresponding Author: Imen Filali. Email:

Computers, Materials & Continua 2026, 88(1), 28 https://doi.org/10.32604/cmc.2026.077454

Received 09 December 2025; Accepted 06 February 2026; Issue published 08 May 2026

Abstract

This study proposes an intelligent Intrusion Detection and Prevention System (IDPS) integrated into a centralized Ryu Software-Defined Networking (SDN) controller to mitigate replay attacks within Internet of Things (IoT) environments. To address the scarcity of specialized datasets, a comprehensive dataset was generated using a real-time SDN-IoT testbed encompassing Mininet, multiple OpenFlow 1.3 switches, and a single Ryu controller. The experimental setup featured the exchange of legitimate and malicious Message Queuing Telemetry Transport (MQTT) traffic between hosts and IoT devices to simulate realistic network behaviors and attack vectors. Our methodology introduces a novel feature engineering framework by evaluating three distinct configurations, including: (1) preprocessed features, (2) data reduced through Principal Component Analysis (PCA), and (3) latent representations extracted via a Variational Autoencoder (VAE). Four distinct classifiers were rigorously benchmarked, including Random Forest (RF), Support Vector Machine (SVM), Extreme Gradient Boosting (XGBoost), and a Convolutional Neural Network (CNN). Performance metrics were derived from 50 independent runs and validated through paired t-tests and Wilcoxon signed-rank tests. The results demonstrate that VAE-based deep feature extraction significantly improves detection accuracy. Notably, the CNN trained on these features achieved a peak accuracy of 99.91% and a false alarm rate of 0.19%. The framework’s real-time effectiveness and scalability were validated through live deployment, offering a robust and reproducible solution for securing SDN-enabled IoT infrastructures. Ultimately, our proposed CNN-VAE approach demonstrates superior performance and higher detection precision compared to existing related works in the field of IoT intrusion detection.

---

Keywords

---