DOI: 10.3390/mca31040117 ISSN: 2297-8747

Detecting Low-Rate Flow-Table Attacks in KDN with a Hybrid GRU–CatBoost Approach

Sara Bahrami, Hamid Haj Seyyed Javadi

Knowledge-Defined Networks (KDNs) are at serious risk due to Low-Rate Flow-Table (LoFT) attacks, which covertly deplete switch flow tables while eluding traditional detection systems. In order to precisely identify such attacks in real time, this paper suggests a Hybrid GRU–CatBoost framework that combines robust categorical classification with temporal sequence modeling. In order to capture temporal dependencies, network traffic flows are first represented as sequential feature vectors and then processed by a Gated Recurrent Unit (GRU) network. To differentiate between malicious and normal flows, the resulting embeddings are fed into a CatBoost classifier along with categorical features. Comparing the suggested method to conventional ML and DL models, experimental results on realistic KDN traffic show that it achieves superior accuracy, high true-positive rates, and low false positives. The framework is also appropriate for real-time deployment because it maintains low detection latency in high-flow scenarios. This study demonstrates how well hybrid sequential and boosting-based techniques work to secure next-generation programmable networks.

More from our Archive