Abstract The rapid evolution of network threats has surpassed the capabilities of traditional intrusion detection systems and static network configurations. In this work, we present an integrated real-time anomaly detection and remediation framework that combines machine learning (ML) and software-defined networking (SDN) technologies in a graphical network simulator (GNS3) emulated environment. We create our dataset containing both benign and malicious traffic, including web browsing, DNS queries, port scans, and DoS attacks, by orchestrating flows through OpenvSwitch and emulated routers and switches. The monitored traffic undergoes flow-level feature extraction to generate packet counts, inter-arrival times, and byte distributions, which are used to train and evaluate both supervised and unsupervised ML models, including random forests, support vector machines (SVMs), and isolated forests. This research proposes a new replicable framework based on GNS3 for adaptive network security using ML and SDN, as well as publicly available datasets and administrator scripts for further experimentation.
Manasyan et al. (Wed,) studied this question.