MULTI-OBJECTIVE EVOLUTIONARY OPTIMIZATION OF SECURITY POLICIES IN SOFTWAREDEFINED NETWORKS (SDN) GIVEN TCAM AND LATENCY CONSTRAINTS

This article examines the problem of optimizing security policies in software-defined networks (SDN). The authors propose solving this problem using NSGA-II, an efficient algorithm for evolutionary optimization of multiple objectives. The proposed approach aims to achieve a balance between the need to strictly enforce network security and the availability of limited computing resources. Particular attention is paid to factors such as data transmission latency and TCAM table size, which significantly affect the effectiveness of traffic filtering. Based on the model developed in the article, which includes threat probability assessments, objective function normalization methods, and the use of penalty coefficients for rule conflicts, optimization was performed across three key parameters: attack risk, network latency, and TCAM load. The simulation covered three network operation scenarios-normal, mixed, and attack-using Mininet and Ryu packets. A comparison of the proposed method with differential evolution (DE) and a greedy algorithm (Greedy) showed that NSGA-II achieves optimal solution distribution along the Pareto frontier, converges faster, and maintains filtering accuracy. The paper also presents visualization of generational transitions, tradeoff graphs, and load profiles. The conclusion discusses the potential for integrating the proposed model with ONOS and OpenDaylight controllers, and discusses the feasibility of using hybrid solutions based on Deep Reinforcement Learning, Federated Learning, and Explainable AI.

1. Optimal controller selection and migration in large scale software defined networks for next generation IoT / M. Shahzad et al // SN Applied Sciences. – 2023. – Vol. 5, Art. 309.

2. Adaptive population-based multi-objective optimization in SDN controllers for cost optimization / А.А. Qaffas et al // Physical Communication. – 2023. – Vol. 58, Art. 102006.

3. On the (in)security of the control plane of SDN architecture: A survey / Z.A. Bhuiyan et al // IEEE Access. – 2023. – Vol. 11. – P. 91550-91582.

4. Alzahrani A.O. ML-IDSDN: Machine learning based intrusion detection system for softwaredefined network / A.O. Alzahrani, M.J.F. Alenazi // Concurrency and Computation: Practice and Experience. – 2023. – Vol. 35, Art. e7438.

5. Towards robust SDN security: A comparative analysis of oversampling techniques with ML and DL classifiers / А. Bajenaid et al // Electronics. – 2025. – Vol. 14, № 5. – Р. 995.

6. Mahadik S.S. Edge-Federated Learning-Based Intelligent Intrusion Detection System for Heterogeneous Internet of Things / S.S. Mahadik, P.M. Pawar, R. Muthalagu // IEEE Access. – 2024. – Vol. 12. – P. 81736-81757.

7. Survey of federated learning in intrusion detection / H. Zhang et al // Journal of Parallel and Distributed Computing. – 2025. – Vol. 195, Art. 104976.

8. Reinforcement learning-based SDN routing scheme empowered by causality detection and GNN / Y. He et al // Frontiers in Computational Neuroscience. – 2024. – Vol. 18, Article 1393025.

9. Explainable intrusion detection for cyber defences in the Internet of Things: Opportunities and solutions / N. Moustafa et al // IEEE Communications Surveys & Tutorials. – 2023. – P(99) 1-1.

10. Arreche O. XAI-IDS: Toward proposing an explainable artificial intelligence framework for enhancing network intrusion detection systems / O. Arreche, T. Guntur, M. Abdallah // Applied Sciences. – 2024. – Vol. 14, № 10, Art. 4170.

11. Ataa M.S. Intrusion detection in software defined network using deep learning approaches / M.S. Ataa, E.E. Sanad, R.A. El-khoribi // Scientific Reports. – 2024. – Vol. 14, Art. 29159.

12. Network intrusion detection model using wrapper-based feature selection and multi-head attention transformers / М. Umer et al // Scientific Reports. – 2025. – Vol. 15, Art. 28718.