A Drift-Aware One-Class SVM Framework for Real-Time Adaptive DDoS Detection in SDN Environments

Software-Defined Networking (SDN) has become a capable and programmable networking model which isolates the control plane and data plane in order to allow the management to be centrally located and network configurations to be dynamically configured. Although it has such benefits, the centralized character of SDN renders it very susceptible to Distributed Denial-of-Service (DDoS) attacks, which can significantly impair the network services and undermine the availability of the system. The traditional intrusion detection systems usually assume the signature-based approach or the supervised learning method that uses labeled attack data and cannot be effectively adjusted to dynamic network environments. To overcome these issues, the present study suggested a Drift-Aware One-Class Support Vector Machine (OCSVM) architecture in adaptive DDoS detection in Software-Defined Networks. The algorithm behind the suggested solution involves unsupervised anomaly detection to learn the challenge behavior of normal network traffic and detect deviations that are likely to signify an attack. Also, it includes a concept drift detection mechanism that is used to track this change in network traffic and implement the corresponding update to the detection model in case of significant shifts in the distribution. This ability to adapt to learning allows the system to retain accuracy of detection in the changing network conditions. Experimental analysis shows that the suggested drift-conscious OCSVM model outperforms the traditional anomaly detection methods on detection rates, minimizes false alarms, and strengthens it better. The findings underscore the usefulness of the unsupervised learning and drift-conscious adaptation in obtaining modern programmable network infrastructures.

@article{ijter2026212604159960,
  author = {Priti Tukaram Chorade and Narendra Chaudhari},
  title = {A Drift-Aware One-Class SVM Framework for Real-Time Adaptive DDoS Detection in SDN Environments},
  journal = {International Journal of Technology &  Emerging Research },
  year = {2026},
  volume = {2},
  number = {4},
  pages = {49-57},
  doi =  {10.64823/ijter.2604006},
  issn = {3068-109X},
  url = {https://www.ijter.org/article/212604159960/a-drift-aware-one-class-svm-framework-for-real-time-adaptive-ddos-detection-in-sdn-environments},
  abstract = {Software-Defined Networking (SDN) has become a capable and programmable networking model which isolates the control plane and data plane in order to allow the management to be centrally located and network configurations to be dynamically configured. Although it has such benefits, the centralized character of SDN renders it very susceptible to Distributed Denial-of-Service (DDoS) attacks, which can significantly impair the network services and undermine the availability of the system. The traditional intrusion detection systems usually assume the signature-based approach or the supervised learning method that uses labeled attack data and cannot be effectively adjusted to dynamic network environments. To overcome these issues, the present study suggested a Drift-Aware One-Class Support Vector Machine (OCSVM) architecture in adaptive DDoS detection in Software-Defined Networks. The algorithm behind the suggested solution involves unsupervised anomaly detection to learn the challenge behavior of normal network traffic and detect deviations that are likely to signify an attack. Also, it includes a concept drift detection mechanism that is used to track this change in network traffic and implement the corresponding update to the detection model in case of significant shifts in the distribution. This ability to adapt to learning allows the system to retain accuracy of detection in the changing network conditions. Experimental analysis shows that the suggested drift-conscious OCSVM model outperforms the traditional anomaly detection methods on detection rates, minimizes false alarms, and strengthens it better. The findings underscore the usefulness of the unsupervised learning and drift-conscious adaptation in obtaining modern programmable network infrastructures.},
  keywords = {Software-Defined Networking, DDoS Detection, One-Class SVM, Concept Drift, Adaptive Intrusion Detection, Network Security, Machine Learning},
  month = {Apr},
}

Copyright © 2025 Authors retain the copyright of this article. This article is an open access article distributed under the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.