Exploring Traffic Patterns Through Network Programmability: Introducing SDNFLow, a Comprehensive OpenFlow-Based Statistics Dataset for Attack Detection

In the contemporary cybersecurity landscape, robust attack detection mechanisms are important for organizations. However, the current state of research in Software-Defined Networking (SDN) suffers from a notable lack of recent SDN-OpenFlow-based datasets. This study seeks to bridge this gap by introducing a novel dataset for intrusion detection in Software-Defined Networking named SDNFlow. The dataset, derived from OpenFlow statistics gathered from real traffic, integrates a comprehensive range of network activities. An empirical evaluation leveraging diverse Machine and deep Learning algorithms was performed. Namely, Logistic regression, decision tree, random forest, K-nearest neighbors, Support Vector Machines, and Multilayer Perceptron were tested getting pretty good results with a precision average of 98% to 99% in binary classification and from 97% to 99% in multiclass classification depending of the attack, we highlight the efficacy of K-Nearest Neighbors (KNN) for traffic classification, particularly in detecting DDoS attacks and port scanning. The dataset is valuable for evaluating intrusion detection systems within SDN environments and deepening the understanding of traffic patterns in Software Defined Networks.