PictureGuard: Enhancing Software-Defined Networking–Internet of Things Security with Novel Image-Based Authentication and Artificial Intelligence-Powered Two-Stage Intrusion Detection

Abstract: Software-defined networking (SDN) represents a transformative approach to network management, enabling the centralized and programmable control of network infrastructure. This paradigm facilitates enhanced scalability, flexibility, and security in managing complex systems. When integrated with the Internet of Things (IoT), SDN ad-dresses critical challenges such as security and efficient network management, positioning the SDN-IoT paradigm as an emerging and impactful technology in modern networking. The rapid proliferation of IoT applications has led to a significant increase in security threats, posing challenges to the safe operation of IoT systems. Consequently, SDN-IoT-based ap-plications and services have been widely adopted to address these issues and challenges. However, this platform faces critical limitations in ensuring scalability, optimizing energy consumption, and addressing persistent security vulnerabilities. To overcome these issues, we proposed a secure SDN-IoT environment for intrusion detection and prevention using virtual blockchain (V-Block). Initially, IoT users are registered and authenticated to the shadow blockchain nodes using a picture-based authentication mechanism. After that, au-thenticated user flows validation was provided by considering effective metrics utilizing the Trading-based Evolutionary Game Theory (TEGT) approach. Then, we performed a local risk assessment based on evaluated malicious flows severity and then the attack graph was constructed using an Isomorphism-based Graph Neural Network (IGNN) model. Further, multi-controllers were placed optimally using fox optimization algorithm. The generated global paths were securely stored in the virtual blockchain Finally, the two agents in the multi-controllers were responsible for validating and classifying the incoming suspicious flow packets into normal and malicious packets by considering the operative metrics using the Dueling Deep Q Network (DDQN) algorithm. The presented work was conducted by Network Simulator-3.26 and the different performance matrices were used to itemize the suggested V-Block model based on its malicious traffic, attack detection rate, link failure rate, anomaly detection rate, and scalability.