Software defined networking (SDN) represents a transformative shift in network architecture by decoupling the control plane from the data plane, enabling centralized and flexible management of network resources. However, this architectural shift introduces significant security challenges, as SDN's centralized control becomes an attractive target for various types of attacks. While current research has yielded valuable insights into attack detection in SDN, critical gaps remain. Addressing challenges in feature selection, broadening the scope beyond DDoS attacks, strengthening attack decisions based on multi flow analysis, and building models capable of detecting unseen attacks that they have not been explicitly trained on are essential steps toward advancing security in SDN. In this paper, we introduce a novel approach that leverages Natural Language Processing (NLP) and the pre trained BERT base model to enhance attack detection in SDN. Our approach transforms network flow data into a format interpretable by language models, allowing BERT to capture intricate patterns and relationships within network traffic. By using Random Forest for feature selection, we optimize model performance and reduce computational overhead, ensuring accurate detection. Attack decisions are made based on several flows, providing stronger and more reliable detection of malicious traffic. Furthermore, our approach is specifically designed to detect previously unseen attacks, offering a solution for identifying threats that the model was not explicitly trained on. To rigorously evaluate our approach, we conducted experiments in two scenarios: one focused on detecting known attacks, achieving 99.96% accuracy, and another on detecting unseen attacks, where our model achieved 99.96% accuracy, demonstrating the robustness of our approach in detecting evolving threats to improve the security of SDN networks.

翻译：软件定义网络（SDN）通过将控制平面与数据平面解耦，实现了网络架构的变革性转变，使得网络资源能够进行集中化和灵活的管理。然而，这种架构转变也带来了重大的安全挑战，因为SDN的集中控制成为了各类攻击的诱人目标。尽管当前研究在SDN攻击检测方面已取得有价值的见解，但关键性缺口依然存在。解决特征选择中的挑战、将研究范围扩展到DDoS攻击之外、基于多流分析强化攻击决策，以及构建能够检测模型未明确训练过的未知攻击的模型，是提升SDN安全性的关键步骤。本文提出了一种新颖的方法，利用自然语言处理（NLP）和预训练的BERT基础模型来增强SDN中的攻击检测。我们的方法将网络流数据转换为语言模型可解释的格式，使BERT能够捕捉网络流量中复杂的模式和关系。通过使用随机森林进行特征选择，我们优化了模型性能并降低了计算开销，确保了检测的准确性。攻击决策基于多个流进行，从而提供了更强大、更可靠的恶意流量检测。此外，我们的方法专门设计用于检测先前未知的攻击，为识别模型未明确训练过的威胁提供了解决方案。为了严格评估我们的方法，我们在两种场景下进行了实验：一种专注于检测已知攻击，达到了99.96%的准确率；另一种专注于检测未知攻击，我们的模型同样达到了99.96%的准确率，这证明了我们的方法在检测不断演变的威胁以提升SDN网络安全性方面的鲁棒性。