Deep residual CNN-attention model with GMM statistical injection : a forensic approach to mitigating dataset bias for zero-day detection in SDN
| bracu.type.group | Student Works | |
| dc.contributor.advisor | Chakrabarty, Amitabha | |
| dc.contributor.author | Soumya, Ikti Safat Anjum | |
| dc.contributor.author | Bokthier Bin Foysal | |
| dc.contributor.author | Sharkar, Md Nafiz Fuad | |
| dc.contributor.department | Department of Computer Science and Engineering | |
| dc.date.accessioned | 2026-04-19T05:41:07Z | |
| dc.date.available | 2026-04-19T05:41:07Z | |
| dc.date.copyright | 2026 | |
| dc.date.issued | 2026-01 | |
| dc.description | Cataloged from PDF version of thesis. | |
| dc.description | Includes bibliographical references (pages 52-54). | |
| dc.description | This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science and Engineering, 2026. | en_US |
| dc.description.abstract | Software-Defined Networks (SDN) and its centralized control plane have become highly valuable assets of the present-day infrastructure, and therefore, one of the primary targets of DDoS attacks. Although Intrusion Detection Systems (IDS) that are based on Machine Learning have potential, most of the systems experience shortcut learning. Instead of training to actually attack them, they learn fixed identifiers such as IP addresses. These models are very accurate in the laboratory, but they do not reach accuracy in real-world applications. This paper addresses the issue through one of its strategies, the Forensic-Induced Progressive Refinement Strategy, which focuses on dataset validation rather than performance measurements. First, bias-inducing qualities are located and eliminated as a result of conducting a forensic audit. Second, in physics-based constraints, a Topology-Aware Multiclass Augmentation engine creates realistic traffic profiles of twelve classes in order to solve the issue of data scarcity and class imbalance. The main contribution is a Hybrid Wide and Deep Learning Framework that is a combination of two streams: a deep stream, which is a 1D-CNN, residual connection, and Multi-Head Attention to extract spatial patterns, and a wide stream, which uses Gaussian Mixture Models (GMM) to extract statistical grounds. The integrated Zero-Day Forensics mechanism employs Integrated GMM-based Negative Log-Likelihood thresholds to identify previously unknown attack type which breaks the closed-world assumption of traditional classifiers. The experimental findings indicate that the framework is 88.96% accurate on bias-free data and generalizes well against Zero-Day threats, which are highly inaccurate compared to the baseline models SVM and KNN when trained on biased data. The piece institutionalizes forensic rigor and architectural duality as the key concepts towards strong SDN intrusion detection. | en_US |
| dc.description.degree | Bachelor of Science in Computer Science and Engineering | |
| dc.description.statementofresponsibility | Ikti Safat Anjum Soumya | |
| dc.description.statementofresponsibility | Bokthier Bin Foysal | |
| dc.description.statementofresponsibility | Md Nafiz Fuad Sharkar | |
| dc.format.extent | 54 pages | |
| dc.identifier.other | ID 21201816 | |
| dc.identifier.other | ID 21241016 | |
| dc.identifier.other | ID 21301366 | |
| dc.identifier.uri | http://hdl.handle.net/10361/27935 | |
| dc.language.iso | en | en_US |
| dc.publisher | BRAC University | en_US |
| dc.rights | BRAC University theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. | |
| dc.subject | Software-Defined Networking (SDN) | en_US |
| dc.subject | Intrusion Detection System (IDS) | en_US |
| dc.subject | Deep residual learning | en_US |
| dc.subject | Zero-day detection | en_US |
| dc.subject | Forensic auditing | en_US |
| dc.subject | Machine learning | en_US |
| dc.subject.lcsh | Software-defined networking (Computer network technology). | |
| dc.subject.lcsh | Computer networks--Security measures. | |
| dc.subject.lcsh | Deep learning (Machine learning)--Mathematical models. | |
| dc.subject.lcsh | Computer communication systems. | |
| dc.subject.lcsh | Computer security. | |
| dc.subject.lcsh | Data encryption (Computer science). | |
| dc.title | Deep residual CNN-attention model with GMM statistical injection : a forensic approach to mitigating dataset bias for zero-day detection in SDN | en_US |
| dc.type | Thesis | en_US |