A Novel Game-Theoretic Feature Selection-Based Resource-Aware Ensemble Framework for DDoS Detection in SDN

Distributed Denial-of-Service (DDoS) attacks continue to pose significant challenges in Software-Defined Networking (SDN), where the centralized controller often becomes a critical point of failure. As attack strategies grow more advanced, including low-rate and zero-day attacks, there is an increasing need for detection systems that offer both high accuracy and efficient, adaptable performance. In this study, we propose an ensemble-based intrusion detection framework for SDN environments. A central element of the framework is a hybrid feature selection approach that combines Random Forest (RF) feature importance with the Banzhaf Power Index (BPI), a concept from cooperative game theory. This method helps select features that are both relevant and complementary, reducing redundancy and lowering computational demands. The framework incorporates several machine learning models, including XGBoost, Random Forest, Gradient Boosting, Support Vector Machines, k-Nearest Neighbors, AdaBoost, and Naive Bayes. These models are integrated into four ensemble configurations using voting strategies. We evaluate the framework using two datasets: CIC-DDoS2023, which represents recent and diverse attack types, and a flow-based SDN dataset that simulates controller-targeted attacks. The ensemble models showed strong detection performance across both datasets and in many cases, exceeded existing baseline methods. Beyond accuracy, we also analyzed training time, inference latency, memory usage, and model size. One important observation is that resource usage is closely influenced by the number and type of selected features, emphasizing how dataset characteristics impact deployment decisions. While some models trained in under five seconds with very low memory requirements, others required significantly more resources. Overall, the framework offers a practical and effective solution for real-time DDoS detection in SDN systems.