Towards Zero-Trust Enabled Intelligent Intrusion Detection in Software-Defined Networks: A Multi-Layered Deep Learning Defense Framework

Abstract

This study proposes a Zero-Trust Enabled Intelligent Intrusion Detection Framework for Software-Defined Networks (SDN) by integrating zero-trust security principles with an attention-based Convolutional Neural Network (CNN) model. While SDN enhances programmability and centralized network control, it simultaneously introduces critical security vulnerabilities, particularly within the controller and inter-layer communication interfaces. Existing zero-trust SDN implementations focus primarily on static identity verification and micro-segmentation, whereas deep learning-based intrusion detection systems (IDS) operate independently of access control logic. This architectural separation limits adaptive real-time threat mitigation.  To address this limitation, the proposed framework introduces a multi-layer security architecture that embeds zero-trust enforcement across control, data, and application planes while integrating an attention-enhanced CNN-based IDS within the SDN controller. The model was implemented using a Mininet simulation environment with a Ryu controller and evaluated using the NSL-KDD and UNSW-NB15 benchmark datasets. A dynamic trust scoring mechanism recalibrates access privileges based on behavioral analysis outputs from the IDS. Experimental results demonstrate that the proposed ZT-CNN framework achieves 98.7% detection accuracy with a significantly reduced false positive rate of 0.021, outperforming traditional IDS and standalone CNN models. The findings confirm that synchronizing detection intelligence with programmable policy enforcement enhances SDN resilience, reduces lateral attack propagation, and enables adaptive trust validation. This research contributes a unified and intelligent defense framework suitable for next-generation programmable and cloud-integrated networks.