<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">kaz44</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Университета Шакарима. Серия технические науки</journal-title><trans-title-group xml:lang="en"><trans-title>Bulletin of Shakarim University. Technical Sciences</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2788-7995</issn><issn pub-type="epub">3006-0524</issn><publisher><publisher-name>«Шәкәрім университеті» КеАҚ</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.53360/2788-7995-2025-4(20)-28</article-id><article-id custom-type="elpub" pub-id-type="custom">kaz44-2226</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>АВТОМАТИЗАЦИЯ И ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ (ОРИГИНАЛЬНАЯ СТАТЬЯ)</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>AUTOMATION AND INFORMATION TECHNOLOGY (ORIGINAL ARTICLE)</subject></subj-group></article-categories><title-group><article-title>МНОГОЦЕЛЕВАЯ ЭВОЛЮЦИОННАЯ ОПТИМИЗАЦИЯ ПОЛИТИК БЕЗОПАСНОСТИ В ПРОГРАММНО-ОПРЕДЕЛЯЕМЫХ СЕТЯХ (SDN) С УЧЕТОМ ОГРАНИЧЕНИЙ TCAM И ЗАДЕРЖКИ</article-title><trans-title-group xml:lang="en"><trans-title>MULTI-OBJECTIVE EVOLUTIONARY OPTIMIZATION OF SECURITY POLICIES IN SOFTWAREDEFINED NETWORKS (SDN) GIVEN TCAM AND LATENCY CONSTRAINTS</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0001-1880-1290</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Шырын</surname><given-names>Б. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Shyryn</surname><given-names>B.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Бексұлтан Андасұлы Шырын – докторант кафедры компьютерной и программной инженерии факультета информационных технологий </p><p>010000 Республика Казахстан, г. Астана, ул. Сатпаева, 2</p></bio><bio xml:lang="en"><p>Bexultan Shyryn – PhD student of the Department of Computer and Software Engineering</p><p>0100000, Republic of Kazakhstan, Astana, Satpayev street, building 2</p></bio><email xlink:type="simple">bexultan.shyryn@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-4525-0738</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Ahanger</surname><given-names>Т. A.</given-names></name><name name-style="western" xml:lang="en"><surname>Ahanger</surname><given-names>T. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Tariq Ahamed Ahanger – доктор PhD, доцент</p><p>Королевство Саудовская Аравия, г. Эль-Хардж </p></bio><bio xml:lang="en"><p>Tariq Ahamed Ahanger – Doctor of Philosophy, Professor (Associate)</p><p>Al Kharj, Saudi Arabia</p></bio><email xlink:type="simple">t.ahanger@psau.edu.sa</email><xref ref-type="aff" rid="aff-2"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0003-1042-0415</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Жумадиллаева</surname><given-names>А. К.</given-names></name><name name-style="western" xml:lang="en"><surname>Zhumadillayeva</surname><given-names>A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Айнур Канадиловна Жумадиллаева – кандидат технических наук, ассоциированный профессор кафедры компьютерной и программной инженерии факультета информационных технологий </p><p>010000 Республика Казахстан, г. Астана, ул. Сатпаева, 2</p></bio><bio xml:lang="en"><p>Aynur Zhumadillayeva – Associate Professor of the Department of Computer and Software Engineering, IT Faculty </p><p>0100000, Republic of Kazakhstan, Astana, Satpayev street, building 2</p></bio><email xlink:type="simple">Ay8222@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-1635-4693</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Бекешова</surname><given-names>Г. Б.</given-names></name><name name-style="western" xml:lang="en"><surname>Bekeshova</surname><given-names>G.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Гульвира Бауыржановна Бекешова – магистр технических наук, старший преподаватель кафедры Информационной безопасности факультета информационных технологий </p><p>010000 Республика Казахстан, г. Астана, ул. Сатпаева, 2</p></bio><bio xml:lang="en"><p>Gulvira Bekeshova – Senior Lecturer at the Department of Information Security, IT Faculty </p><p>0100000, Republic of Kazakhstan, Astana, Satpayev street, building 2</p></bio><email xlink:type="simple">gulvirabauyrzhanovna@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru">Евразийский национальный университет им. Л.Н. Гумилева<country>Казахстан</country></aff><aff xml:lang="en">L.N. Gumilyov Eurasian National University<country>Kazakhstan</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru">Университет принца Sattam Bin Abdulaziz<country>Саудовская Аравия</country></aff><aff xml:lang="en">Prince Sattam Bin Abdulaziz University<country>Saudi Arabia</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2025</year></pub-date><pub-date pub-type="epub"><day>25</day><month>01</month><year>2026</year></pub-date><volume>1</volume><issue>4(20)</issue><fpage>238</fpage><lpage>248</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Шырын Б.А., Ahanger Т.A., Жумадиллаева А.К., Бекешова Г.Б., 2026</copyright-statement><copyright-year>2026</copyright-year><copyright-holder xml:lang="ru">Шырын Б.А., Ahanger Т.A., Жумадиллаева А.К., Бекешова Г.Б.</copyright-holder><copyright-holder xml:lang="en">Shyryn B., Ahanger T.A., Zhumadillayeva A., Bekeshova G.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://tech.vestnik.shakarim.kz/jour/article/view/2226">https://tech.vestnik.shakarim.kz/jour/article/view/2226</self-uri><abstract><p>Статья посвящена рассмотрению задачи оптимизации политик безопасности в программно-определяемых сетях (SDN). Решение этой проблемы авторы предлагают осуществлять с помощью NSGA-II – эффективного алгоритма эволюционной оптимизации множественных целей. Изложенный подход ориентирован на достижение баланса между необходимостью жестко обеспечивать сетевую безопасность и наличием ограниченных вычислительных ресурсов. Особое внимание уделяется таким факторам, как задержки передачи данных и размер таблиц TCAM, которые оказывают существенное влияние на эффективность фильтрации трафика. На основе построенной в статье модели, включающей оценки вероятностей угроз, методики нормализации целевых функций и использования штрафных коэффициентов за конфликты правил, оптимизацию проведены по трем ключевым параметрам: риску атак, задержкам в сети и загрузке TCAM. Проведенное моделирование охватило три сценария работы сети – нормальный, смешанный и атакующий – с применением пакетов Mininet и Ryu. Взаимосравнение предложенного метода с дифференциальной эволюцией (DE) и жадным алгоритмом (Greedy) показало, что NSGA-II достигает оптимального распределения решений по фронту Парето, быстрее сходится и при этом не теряет в точности фильтрации. В статье, кроме того, представлена визуализация смены поколений, компромиссные графики и профили нагрузки. В заключении рассматриваются перспективы интеграции предложенной модели с контроллерами ONOS и OpenDaylight; кроме того, обсуждаются возможность использования гибридных решений на основе Deep Reinforcement Learning, Federated Learning и Explainable AI.</p></abstract><trans-abstract xml:lang="en"><p>This article examines the problem of optimizing security policies in software-defined networks (SDN). The authors propose solving this problem using NSGA-II, an efficient algorithm for evolutionary optimization of multiple objectives. The proposed approach aims to achieve a balance between the need to strictly enforce network security and the availability of limited computing resources. Particular attention is paid to factors such as data transmission latency and TCAM table size, which significantly affect the effectiveness of traffic filtering. Based on the model developed in the article, which includes threat probability assessments, objective function normalization methods, and the use of penalty coefficients for rule conflicts, optimization was performed across three key parameters: attack risk, network latency, and TCAM load. The simulation covered three network operation scenarios-normal, mixed, and attack-using Mininet and Ryu packets. A comparison of the proposed method with differential evolution (DE) and a greedy algorithm (Greedy) showed that NSGA-II achieves optimal solution distribution along the Pareto frontier, converges faster, and maintains filtering accuracy. The paper also presents visualization of generational transitions, tradeoff graphs, and load profiles. The conclusion discusses the potential for integrating the proposed model with ONOS and OpenDaylight controllers, and discusses the feasibility of using hybrid solutions based on Deep Reinforcement Learning, Federated Learning, and Explainable AI.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>программно-определяемые сети (SDN)</kwd><kwd>многокритериальная оптимизация</kwd><kwd>эволюционные алгоритмы</kwd><kwd>NSGA-II</kwd><kwd>безопасность сети</kwd><kwd>обнаружение аномалий</kwd></kwd-group><kwd-group xml:lang="en"><kwd>software-defined networks (SDN)</kwd><kwd>multi-objective optimization</kwd><kwd>evolutionary algorithms</kwd><kwd>NSGA-II</kwd><kwd>network security</kwd><kwd>anomaly detection</kwd></kwd-group><funding-group xml:lang="ru"><funding-statement>Авторы выражают благодарность Министерству высшего образования и науки Республики Казахстан, выделившему грантовый проект на 2025-2027 годы. ИРН АР25796479.</funding-statement></funding-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Optimal controller selection and migration in large scale software defined networks for next generation IoT / M. Shahzad et al // SN Applied Sciences. – 2023. – Vol. 5, Art. 309.</mixed-citation><mixed-citation xml:lang="en">Optimal controller selection and migration in large scale software defined networks for next generation IoT / M. Shahzad et al // SN Applied Sciences. – 2023. – Vol. 5, Art. 309.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Adaptive population-based multi-objective optimization in SDN controllers for cost optimization / А.А. Qaffas et al // Physical Communication. – 2023. – Vol. 58, Art. 102006.</mixed-citation><mixed-citation xml:lang="en">Adaptive population-based multi-objective optimization in SDN controllers for cost optimization / А.А. Qaffas et al // Physical Communication. – 2023. – Vol. 58, Art. 102006.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">On the (in)security of the control plane of SDN architecture: A survey / Z.A. Bhuiyan et al // IEEE Access. – 2023. – Vol. 11. – P. 91550-91582.</mixed-citation><mixed-citation xml:lang="en">On the (in)security of the control plane of SDN architecture: A survey / Z.A. Bhuiyan et al // IEEE Access. – 2023. – Vol. 11. – P. 91550-91582.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Alzahrani A.O. ML-IDSDN: Machine learning based intrusion detection system for softwaredefined network / A.O. Alzahrani, M.J.F. Alenazi // Concurrency and Computation: Practice and Experience. – 2023. – Vol. 35, Art. e7438.</mixed-citation><mixed-citation xml:lang="en">Alzahrani A.O. ML-IDSDN: Machine learning based intrusion detection system for softwaredefined network / A.O. Alzahrani, M.J.F. Alenazi // Concurrency and Computation: Practice and Experience. – 2023. – Vol. 35, Art. e7438.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Towards robust SDN security: A comparative analysis of oversampling techniques with ML and DL classifiers / А. Bajenaid et al // Electronics. – 2025. – Vol. 14, № 5. – Р. 995.</mixed-citation><mixed-citation xml:lang="en">Towards robust SDN security: A comparative analysis of oversampling techniques with ML and DL classifiers / А. Bajenaid et al // Electronics. – 2025. – Vol. 14, № 5. – Р. 995.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Mahadik S.S. Edge-Federated Learning-Based Intelligent Intrusion Detection System for Heterogeneous Internet of Things / S.S. Mahadik, P.M. Pawar, R. Muthalagu // IEEE Access. – 2024. – Vol. 12. – P. 81736-81757.</mixed-citation><mixed-citation xml:lang="en">Mahadik S.S. Edge-Federated Learning-Based Intelligent Intrusion Detection System for Heterogeneous Internet of Things / S.S. Mahadik, P.M. Pawar, R. Muthalagu // IEEE Access. – 2024. – Vol. 12. – P. 81736-81757.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Survey of federated learning in intrusion detection / H. Zhang et al // Journal of Parallel and Distributed Computing. – 2025. – Vol. 195, Art. 104976.</mixed-citation><mixed-citation xml:lang="en">Survey of federated learning in intrusion detection / H. Zhang et al // Journal of Parallel and Distributed Computing. – 2025. – Vol. 195, Art. 104976.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Reinforcement learning-based SDN routing scheme empowered by causality detection and GNN / Y. He et al // Frontiers in Computational Neuroscience. – 2024. – Vol. 18, Article 1393025.</mixed-citation><mixed-citation xml:lang="en">Reinforcement learning-based SDN routing scheme empowered by causality detection and GNN / Y. He et al // Frontiers in Computational Neuroscience. – 2024. – Vol. 18, Article 1393025.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Explainable intrusion detection for cyber defences in the Internet of Things: Opportunities and solutions / N. Moustafa et al // IEEE Communications Surveys &amp; Tutorials. – 2023. – P(99) 1-1.</mixed-citation><mixed-citation xml:lang="en">Explainable intrusion detection for cyber defences in the Internet of Things: Opportunities and solutions / N. Moustafa et al // IEEE Communications Surveys &amp; Tutorials. – 2023. – P(99) 1-1.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Arreche O. XAI-IDS: Toward proposing an explainable artificial intelligence framework for enhancing network intrusion detection systems / O. Arreche, T. Guntur, M. Abdallah // Applied Sciences. – 2024. – Vol. 14, № 10, Art. 4170.</mixed-citation><mixed-citation xml:lang="en">Arreche O. XAI-IDS: Toward proposing an explainable artificial intelligence framework for enhancing network intrusion detection systems / O. Arreche, T. Guntur, M. Abdallah // Applied Sciences. – 2024. – Vol. 14, № 10, Art. 4170.</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Ataa M.S. Intrusion detection in software defined network using deep learning approaches / M.S. Ataa, E.E. Sanad, R.A. El-khoribi // Scientific Reports. – 2024. – Vol. 14, Art. 29159.</mixed-citation><mixed-citation xml:lang="en">Ataa M.S. Intrusion detection in software defined network using deep learning approaches / M.S. Ataa, E.E. Sanad, R.A. El-khoribi // Scientific Reports. – 2024. – Vol. 14, Art. 29159.</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Network intrusion detection model using wrapper-based feature selection and multi-head attention transformers / М. Umer et al // Scientific Reports. – 2025. – Vol. 15, Art. 28718.</mixed-citation><mixed-citation xml:lang="en">Network intrusion detection model using wrapper-based feature selection and multi-head attention transformers / М. Umer et al // Scientific Reports. – 2025. – Vol. 15, Art. 28718.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
