Evaluation of SDN Flow Table Manipulation Attack Using Machine Learning Techniques

Security vulnerabilities in Software-Defined Networking (SDN) can expose the entire network to serious cyberattacks. This study focuses on Flow Rule Manipulation, a critical threat in which an attacker adds, modifies, or deletes flow rules in the SDN controller. Manipulating flow rules can change the forwarding logic, disrupt network traffic, steal data, or redirect sensitive information to malicious hosts. In this study, we simulate a real-time flow rule manipulation attack on an SDN controller to examine its effects on the network. The attack is executed through a structured sequence that includes reconnaissance and active manipulation in a live SDN environment with an active data plane. By inserting malicious flow rules, the attacker can divert traffic, intercept data, and alter network behaviour. The study employs various machine learning techniques to detect attempts at manipulating flow tables and assesses which models are most effective in identifying abnormal changes. Several machine learning algorithms are evaluated, including Logistic Regression, Random Forest, Support Vector Machine (SVM), Gradient Boosting, and K-Nearest Neighbors (KNN), to determine the most effective detection method. The results demonstrate the potential of machine learning-based detection to enhance the security and resilience of modern critical network against flow rule manipulation attacks.