With more and more existing networks being transformed to Software-Defined Networking (SDN), they need to be more secure and demand smarter ways of traffic control. This work, SmartSecChain-SDN, is a platform that combines machine learning based intrusion detection, blockchain-based storage of logs, and application-awareness-based priority in SDN networks. To detect network intrusions in a real-time, precision and low-false positives setup, the framework utilizes the application of advanced machine learning algorithms, namely Random Forest, XGBoost, CatBoost, and CNN-BiLSTM. SmartSecChain-SDN is based on the Hyperledger Fabric, which is a permissioned blockchain technology, to provide secure, scalable, and privacy-preserving storage and, thus, guarantee that the Intrusion Detection System (IDS) records cannot be altered and can be analyzed comprehensively. The system also has Quality of Service (QoS) rules and traffic shaping based on applications, which enables prioritization of critical services, such as VoIP, video conferencing, and business applications, as well as de-prioritization of non-essential traffic, such as downloads and updates. Mininet can simulate real-time SDN scenarios because it is used to prototype whole architectures. It is also compatible with controllers OpenDaylight and Ryu. It has tested the framework using the InSDN dataset and proved that it can identify different kinds of cyberattacks and handle bandwidth allocation efficiently under circumstances of resource constraints. SmartSecChain-SDN comprehensively addresses SDN system protection, securing and enhancing. The proposed study offers an innovative, extensible way to improve cybersecurity, regulatory compliance, and the administration of next-generation programmable networks.

翻译：随着越来越多的现有网络向软件定义网络（SDN）转型，这些网络需要更高的安全性，并需要更智能的流量控制方法。本研究提出的SmartSecChain-SDN是一个平台，它结合了基于机器学习的入侵检测、基于区块链的日志存储以及SDN网络中基于应用感知的优先级机制。为了在实时、精确且低误报率的设置下检测网络入侵，该框架应用了先进的机器学习算法，包括随机森林、XGBoost、CatBoost和CNN-BiLSTM。SmartSecChain-SDN基于许可区块链技术Hyperledger Fabric，提供安全、可扩展且保护隐私的存储，从而确保入侵检测系统（IDS）记录不可篡改并可进行全面分析。该系统还包含基于应用的QoS规则和流量整形功能，能够优先处理关键服务（如VoIP、视频会议和商业应用），同时降低非必要流量（如下载和更新）的优先级。Mininet用于对整个架构进行原型设计，因为它可以模拟实时SDN场景。该框架还与OpenDaylight和Ryu控制器兼容。通过使用InSDN数据集进行测试，证明该框架能够有效识别各类网络攻击，并在资源受限条件下高效处理带宽分配。SmartSecChain-SDN全面解决了SDN系统的保护、安全和增强问题。本研究提出了一种创新且可扩展的方法，以提升网络安全、法规遵从性以及对下一代可编程网络的管理能力。