Abstract
The rapid adoption of Software Defined Networking and Network Function Virtualization architectures has transformed modern communication infrastructure by introducing flexible and programmable network control. However, the same programmability has increased the exposure of these environments to sophisticated cyber threats, particularly the zero-day attacks that exploit previously unknown vulnerabilities. Traditional intrusion detection mechanisms rely heavily on signature-based or supervised learning models that require labelled attack data. Such approaches have limited capability when the network encounters unseen attack patterns. Consequently, an effective anomaly detection framework that can operate without extensive labelled datasets has become an important research requirement. This study has proposed a Self-Supervised Network Anomaly Representation Model (SS-NARM) for detecting zero-day attacks within SDN/NFV environments. The proposed approach has utilized self-supervised representation learning that has extracted latent behavioural patterns from network traffic without the need for manual annotation. The architecture has integrated a feature encoder that has learned intrinsic traffic characteristics and a contrastive learning module that has maximized the similarity between semantically related network flows while separating anomalous behaviour. During the training phase, the model has generated pseudo-labels from intrinsic traffic patterns, which have guided the representation learning process. The anomaly scoring mechanism has evaluated deviations between learned normal traffic embeddings and real-time observations within the SDN controller monitoring layer. The experimental evaluation demonstrates that the proposed SS-NARM framework significantly improves the detection capability for zero-day attacks in SDN/NFV environments. The model achieves 96.8% detection accuracy, 95.4% precision, 94.9% recall, and 95.1% F1-score, while achieving an AUC value of 0.98 that reflects strong discrimination capability between normal and malicious traffic flows.
Authors
Pitty Nagarjuna1, Soumya Madduru2
Indian Institute of Science, Bengaluru, India1, Srinivasa Ramanujan Institute of Technology, India2
Keywords
Self-Supervised Learning, Zero-Day Attack Detection, Software Defined Networking, Network Function Virtualization, Anomaly Detection Systems