A Comparative Analysis of Deep Learning Architectures for Real-Time Anomaly Detection in Software-Defined Networks

In this paper, we review and advance the application of deep learning algorithms for anomaly detection in Software Defined Networks (SDN). As SDN environments become more prevalent in modern networking infrastructures, their centralized control and dynamic nature make them susceptible to various security threats, including Distributed Denial of Service (DDoS) attacks, data breaches, and unauthorized access. Traditional anomaly detection techniques often fall short in adapting to these evolving threats, necessitating more robust, adaptive solutions. This study evaluates three prominent deep learning architectures—Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNNs), and Autoencoders—for their effectiveness in detecting anomalous behavior in SDN environments. Through extensive experimentation, we compare these models in terms of accuracy, precision, recall, F1-score, and ROC-AUC, highlighting their strengths and limitations. Our results show that CNNs excel in detecting spatial anomalies, RNNs are wellsuited for temporal anomaly detection, and Autoencoders provide robust detection for previously unseen anomalies. Additionally, we examine the sensitivity of threshold settings in Autoencoders and assess the real-time feasibility of these models by measuring their inference times. The findings suggest that deep learning-based anomaly detection significantly enhances the security of SDNs, providing both accuracy and speed suitable for real-time applications. Finally, we propose future directions for optimizing deep learning models to handle large-scale, dynamic SDN deployments more effectively. This work contributes to the growing body of research focused on utilizing deep learning for improving the security and resilience of SDN-based infrastructures.