Hybrid Blockchain-AI Framework for Real-Time Mitigation of Zero-Day Attacks in Software-Defined Networks
Keywords:
Software-Defined Networking, zero-day attacks, blockchain, artificial intelligence, intrusion detection, , real-time mitigation, network securityAbstract
Background: Software-Defined Networking (SDN) centralises control logic, improving flexibility but exposing the controller and its interfaces to sophisticated zero-day attacks that traditional, signature-based defences struggle to detect in real time. Aim: This paper proposes and evaluates a hybrid Blockchain-AI framework designed to detect and mitigate zero-day attacks in SDNs with high accuracy and auditable, decentralised enforcement. Methodology: The framework combines an autoencoder-classifier ensemble for traffic analysis with a permissioned blockchain that records alerts and mitigation actions as tamper-evident transactions. An SDN testbed with 20 switches, 200 hosts, and 140,000 flows (50% benign, 45% known attacks, 5% synthetic zero-day) is used to compare the proposed solution against a threshold-based IDS and an AI-only baseline. All models were trained on an Intel Xeon E5-2680 v4 server (14-core, 2.40 GHz, 64 GB RAM) running Ubuntu 20.04 LTS with Python 3.9 and TensorFlow 2.11. Results: The hybrid framework achieves a zero-day detection rate of 91.8% with an F1-score of 0.896, compared to 87.1% (F1 = 0.856) for the AI-only system and 41.2% (F1 = 0.398) for the traditional IDS. Overall accuracy reaches 98.7%, with a false positive rate of 1.4% and a false negative rate of 5.8%. End-to-end security response time averages 115 ms, including blockchain confirmation, while benign throughput remains above 4,600 flows/s at 5,000 flows/s load. Cross-validation (5-fold) confirms these results, with an average zero-day F1-score of 0.891 ± 0.012 (95% CI: [0.879, 0.903]). Conclusion: The results indicate that integrating AI-based anomaly detection with blockchain-backed coordination significantly improves zero-day mitigation in SDN while preserving acceptable latency and throughput. The hybrid design offers a promising foundation for building transparent, resilient, and self-defending programmable networks.
