Scalable architecture for autonomous malware detection and defense in software-defined networks using federated learning approaches

Scalable architecture for autonomous malware detection and defense in software-defined networks using federated learning approaches

Abstract This paper proposes a scalable and autonomous malware detection and defence architecture in software-defined networks (SDNs) that employs federated learning (FL). This architecture combines SDN’s centralized management of potentially significant data streams with FL’s decentralized, privacy...

Full description

Saved in:
Bibliographic Details
Main Authors: Ripal Ranpara, Shobhit K. Patel, Om Prakash Kumar, Fahad Ahmed Al-Zahrani
Format: Article
Language:English
Published: Nature Portfolio 2025-08-01
Series:Scientific Reports
Subjects:
Software-defined networks (SDNs)
Malware detection
Federated learning
Autonomous cybersecurity
Scalable network defense
Privacy-preserving AI
Online Access:https://doi.org/10.1038/s41598-025-14512-z
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Abstract This paper proposes a scalable and autonomous malware detection and defence architecture in software-defined networks (SDNs) that employs federated learning (FL). This architecture combines SDN’s centralized management of potentially significant data streams with FL’s decentralized, privacy-preserving learning capabilities in a distributed manner adaptable to varying time and space constraints. This enables a flexible, adaptive design and prevention approach in large-scale, heterogeneous networks. Using balanced datasets, we observed detection rates of up to 96% for controlled DDoS and Botnet attacks. However, in more realistic simulations that utilized diverse, real-world imbalanced datasets (such as CICIDS 2017 and UNSW-NB15) and complex scenarios like data exfiltration, the performance dropped to an overall accuracy of 59.50%. This reflects the challenges encountered in real-world deployments. We analyzed performance metrics such as detection accuracy, latency (less than 1 s), throughput recovery (from 300 to 500 Mbps), and communication overhead comparatively. Our architecture minimizes privacy risks by ensuring that raw data never leaves the device; only model updates are shared for aggregation at the global level. While it effectively detects high-impact incursions, there is room for improvement in identifying more subtle threats, which can be addressed with enriched datasets and improved feature engineering. This work offers a robust, privacy-preserving framework for deploying scalable and intelligent malware detection in contemporary network infrastructures.
ISSN:2045-2322

Similar Items