Abstract:

In the evolving landscape of cybersecurity, automation and intelligence-driven models are crucial for effective threat detection and defense. Capsule Networks (CapsNets), with their unique capability to preserve spatial hierarchies in data, offer a powerful alternative for detecting complex and dynamic cyber threats. Traditional intrusion detection systems, particularly those based on conventional deep learning models like CNNs, often struggle with detecting novel attacks due to their inability to capture hierarchical relationships and their vulnerability to adversarial examples. Moreover, in Software-Defined Networks (SDNs), real-time detection and response are hindered by the lack of adaptive, high-accuracy mechanisms. This paper introduces a novel framework called Capsule Network-based Anomaly Prediction for Software-Defined Networks (CAP-SDN). CAP-SDN utilizes Capsule Networks with dynamic routing to learn and model the spatial dependencies and instantiation parameters of network traffic flows. The framework includes a layered approach: real-time traffic collection, preprocessing, anomaly detection using CapsNets, and automated defense through SDN controller actions. The dynamic routing mechanism enables the network to better generalize and identify unseen threats, improving detection accuracy and robustness. The proposed method enables real-time monitoring and mitigation of threats in SDNs, offering automated responses such as flow redirection, isolation of malicious nodes, and alert generation. CAP-SDN enhances both detection capability and reaction speed, aligning with the demands of modern cybersecurity automation. Experimental evaluations demonstrate that CAP-SDN achieves superior detection accuracy and lower false positive rates compared to traditional deep learning models. The framework proves effective in dynamically securing SDNs against a wide range of cyber threats while maintaining system performance.