MARC details
| 000 -LEADER |
|---|
| fixed length control field |
07354namaa22004331i 4500 |
| 003 - CONTROL NUMBER IDENTIFIER |
|---|
| control field |
EG-GICUC |
| 005 - أخر تعامل مع التسجيلة |
|---|
| control field |
20251227100939.0 |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION |
|---|
| fixed length control field |
251226s2025 ua a|||frm||| 000 0 eng d |
| 040 ## - CATALOGING SOURCE |
|---|
| Original cataloguing agency |
EG-GICUC |
| Language of cataloging |
eng |
| Transcribing agency |
EG-GICUC |
| Modifying agency |
EG-GICUC |
| Description conventions |
rda |
| 041 0# - LANGUAGE CODE |
|---|
| Language code of text/sound track or separate title |
eng |
| Language code of summary or abstract |
eng |
| -- |
ara |
| 049 ## - Acquisition Source |
|---|
| Acquisition Source |
Deposit |
| 082 04 - DEWEY DECIMAL CLASSIFICATION NUMBER |
|---|
| Classification number |
006.31 |
| 092 ## - LOCALLY ASSIGNED DEWEY CALL NUMBER (OCLC) |
|---|
| Classification number |
006.31 |
| Edition number |
21 |
| 097 ## - Degree |
|---|
| Degree |
M.Sc |
| 099 ## - LOCAL FREE-TEXT CALL NUMBER (OCLC) |
|---|
| Local Call Number |
Cai01.20.01.M.Sc.2025.Ma.I |
| 100 0# - MAIN ENTRY--PERSONAL NAME |
|---|
| Authority record control number or standard number |
Mahmoud Sami Ataa, |
| Preparation |
preparation. |
| 245 10 - TITLE STATEMENT |
|---|
| Title |
Intrusion detection system for software defined networking based on deep learning approaches / |
| Statement of responsibility, etc. |
by Mahmoud Sami Ataa ; Supervised Prof. Reda A. El-khoribi, Dr. Eman E. Sanad. |
| 246 15 - VARYING FORM OF TITLE |
|---|
| Title proper/short title |
نظام كشف التسلل إلى الشبكات المعرفة بالبرمجيات على نهج التعلم العميق |
| 264 #0 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE |
|---|
| Date of production, publication, distribution, manufacture, or copyright notice |
2025. |
| 300 ## - PHYSICAL DESCRIPTION |
|---|
| Extent |
103 Leaves : |
| Other physical details |
illustrations ; |
| Dimensions |
30 cm. + |
| Accompanying material |
CD. |
| 336 ## - CONTENT TYPE |
|---|
| Content type term |
text |
| Source |
rda content |
| 337 ## - MEDIA TYPE |
|---|
| Media type term |
Unmediated |
| Source |
rdamedia |
| 338 ## - CARRIER TYPE |
|---|
| Carrier type term |
volume |
| Source |
rdacarrier |
| 502 ## - DISSERTATION NOTE |
|---|
| Dissertation note |
Thesis (M.Sc)-Cairo University, 2025. |
| 504 ## - BIBLIOGRAPHY, ETC. NOTE |
|---|
| Bibliography, etc. note |
Bibliography: pages 99-103. |
| 520 #3 - SUMMARY, ETC. |
|---|
| Summary, etc. |
Ensuring robust network security is crucial in the context of Software-<br/>Defined Networking (SDN), which has become a multi -billion-dollar <br/>industry and is widely deployed in modern data centers. SDN provides <br/>network programmability, centralized control, and a global network view, <br/>offering significant advantages over traditional networks. However, these <br/>benefits come with new vulnerabilities and attack vectors, making SDN <br/>security a critical research area. The emergence of Machine Learning (ML) <br/>and, more specifically, Deep Learning (DL) has led to innovative approaches <br/>to securing SDN environments. <br/>This research focuses on developing an advanced Deep Learning -based <br/>Intrusion Detection System (IDS) to address SDN -specific attack vectors. <br/>We designed and evaluated two IDS models, a hybrid CNN-LSTM <br/>architecture and a Transformer encoder-only architecture. The IDS targets <br/>the SDN controller, a crucial component of the network that, if compromised, <br/>could lead to severe security breaches. The InSDN dataset was used for <br/>training and testing, as it accurately captures real -world SDN traffic. For <br/>evaluation, we employed accuracy, precision, recall, and F1-score as key <br/>metrics. Experimental results demonstrated that the Transformer model with <br/>48 features achieved the highest accuracy of 99.02%, while the CNN -LSTM <br/>model closely followed with 99.01%. <br/>To optimize the IDS for real-world deployment, we reduced the feature <br/>set to 6 and 4 features, assessing the impact on performance. Additionally, <br/>we addressed the poor representation of certain attack types by merging four <br/>underrepresented attacks into a single class, significantly improving <br/>classification accuracy. Furthermore, we explored binary classification, <br/>where all attack types were combined into a single attack class, resulting in <br/>higher accuracy for both models. Notably, the CNN-LSTM model achieved <br/>the best results with 6 features, reaching an accuracy of 99. 19% and a 99.49% <br/>F1-score, surpassing state-of-the-art results. <br/>Beyond model evaluation, we assessed the IDS’s impact on SDN <br/>network performance by analyzing key metrics such as latency, throughput, <br/>CPU, and memory usage. The findings indicate that while the CNN -LSTM-<br/>based IDS introduced a slight increase in latency of 0.016 ms, a marginal <br/>decrease in throughput of approximately 100 kBps, and minimal resource <br/>consumption, 5% CPU and 1% memory increase, we also developed a <br/>Transformer-based IDS that exhibited a higher computational impact. This <br/>second IDS resulted in a 0.004 ms increase in latency, a 31 kBps decrease in <br/>throughput, a 25% increase in CPU usage, and a 3% increase in memory <br/>usage. These results highlight the tr ade-off between model complexity and <br/>network performance. While both IDS solutions effectively detect intrusions, <br/>the CNN-LSTM model offers a more lightweight implementation compared <br/>to the Transformer-based IDS, which provides more sensitive detection <br/>capabilities with higher resource consumption. |
| 520 #3 - SUMMARY, ETC. |
|---|
| Summary, etc. |
تُعَدّ أمان الشبكات أمرًا بالغ الأهمية في الشبكات المعرفة بالبرمجيات (SDN)، وهي صناعة سريعة النمو تُقدَّر بمليارات الدولارات وتُستخدم على نطاق واسع في الشبكات الحديثة ومراكز البيانات. يوفر التحكم المركزي والرؤية الشاملة للشبكة في SDN مزايا واضحة مقارنة بالشبكات التقليدية، لكنها تُدخل أيضًا نقاط ضعف جديدة. لمواجهة هذه التحديات، لجأ الباحثون إلى تقنيات التعلم الآلي، وبشكل خاص التعلم العميق (DL)، لتأمين بنية SDN التحتية.في هذه الدراسة، تم تطوير نظامي كشف تسلل (IDS) متقدمين يعتمدان على التعلم العميق: أحدهما مزيج بين الشبكات الالتفافية (CNN) وذاكرة المدى الطويل القصير (LSTM)، والآخر يعتمد على نموذج المحول (Transformer) باستخدام طبقات التشفير فقط. تستهدف هذه الأنظمة وحدة التحكم في SDN، وهي مكون حرج ومعرض للهجمات، باستخدام مجموعة بيانات InSDN لمحاكاة حركة المرور الواقعية.ولتكييف هذه الأنظمة للاستخدام الفعلي، تم تقليص عدد السمات المستخدمة من 48 (المجموعة الكاملة) إلى 6 و4 سمات فقط. كما تم دمج أنواع الهجمات قليلة التمثيل لتحسين دقة التصنيف، وساهم التصنيف الثنائي في تعزيز الأداء من خلال تبسيط عملية الكشف عن الهجمات.حقق نموذج CNN-LSTM أداءً متميزًا باستخدام 6 سمات فقط، إذ وصلت دقته إلى 99.19% و 99.49% على مقياس F1، وهو ما يُعد من أفضل النتائج في هذا المجال. وفي التقييم النهائي للأداء، تبين أن نموذج Transformer يتمتع بحساسية كشف أعلى، لكن نموذج CNN-LSTM قدّم توازنًا أفضل من حيث تقليل التأثير على زمن الاستجابة، وسرعة المعالجة، واستهلاك الموارد. |
| 530 ## - ADDITIONAL PHYSICAL FORM AVAILABLE NOTE |
|---|
| Issues CD |
Issues also as CD. |
| 546 ## - LANGUAGE NOTE |
|---|
| Text Language |
Text in English and abstract in Arabic & English. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name entry element |
Deep learning |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name entry element |
التعلم العميق |
| 653 #1 - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
Software-defined networks |
| -- |
Cybersecurity |
| -- |
Intrusion detection system |
| -- |
Deep learning |
| -- |
Convolutional neural networks model |
| -- |
Long short term memory model |
| -- |
transformer model |
| -- |
الشبكات المعرفة بالبرمجيات |
| -- |
الامن السيبرانى |
| 700 0# - ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Reda A. El-khoribi |
| Relator term |
thesis advisor. |
| 700 0# - ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Eman E. Sanad |
| Relator term |
thesis advisor. |
| 900 ## - Thesis Information |
|---|
| Grant date |
01-01-2025 |
| Supervisory body |
Reda A. El-khoribi |
| -- |
Eman E. Sanad |
| Universities |
Cairo University |
| Faculties |
Faculty of Computers and Artificial Intelligence |
| Department |
Department of Information Technology |
| 905 ## - Cataloger and Reviser Names |
|---|
| Cataloger Name |
Shimaa |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) |
|---|
| Source of classification or shelving scheme |
Dewey Decimal Classification |
| Koha item type |
Thesis |
| Edition |
21 |
| Suppress in OPAC |
No |