Federated Graph Neural Networks for Privacy-Preserving and Adaptive DDoS Mitigation in Software-Defined Networks

The proliferation of Software-Defined Networking (SDN) has enhanced network programmability and centralized control, but it has also made SDN controllers prime targets for Distributed Denial-of-Service (DDoS) attacks. Conventional detection techniques often rely on centralized data collection, which raises privacy concerns, introduces latency, and struggles with the dynamic nature of modern attack patterns. This paper proposes a Federated Graph Neural Network (FedGNN) framework for privacy-preserving, adaptive, and real-time DDoS mitigation in SDN environments. In the proposed approach, each SDN domain locally trains a GNN-based detection model that captures the graph-structured topology and traffic flow patterns, without sharing raw packet data. Model updates are securely aggregated at a central coordinator using a federated learning paradigm, ensuring both data confidentiality and cross-domain intelligence sharing. To improve resilience, the FedGNN integrates attention-based dynamic weighting to prioritize updates from domains experiencing abnormal traffic surges. Extensive simulations on benchmark datasets and a Mininet-based SDN testbed demonstrate that the proposed framework achieves higher detection accuracy, faster response times, and reduced false positives compared to conventional machine learning and deep learning methods. The results highlight FedGNN’s ability to adapt to evolving DDoS strategies while maintaining operational privacy, making it a promising solution for next-generation intelligent network defense.