SENTRY: A Self-Adaptive Multi-Controller SDN Security Architecture with In-Switch Intelligence for Multi-Vector IoT Attack Defense

As Software-Defined Networking (SDN) becomes integral to the Internet of Things (IoT) infrastructure, its centralized architecture exposes inherent control-plane weaknesses exploitable by coordinated cyber threats. Traditional detectors rely heavily on static thresholds and single-controller designs, limiting their agility under dynamic, distributed, or low-rate attacks. This paper introduces SENTRY, a Self-Adaptive Multi-Controller Security framework that combines stateful data-plane analytics, entropy-aware adaptive detection, and collaborative inter-controller coordination. Deployed on a distributed SDN–IoT testbed, SENTRY achieved 97.8% detection accuracy and 94.5% true positive rate across varied attack intensities, maintaining a false-positive rate below 4% and detection latency near 1.3 seconds. Compared with baseline entropy detectors, control overhead decreased by 31%, while detection speed improved by 41%. The multi-controller consensus protocol maintained 98% synchronization reliability with under 0.9 s delay. These results demonstrate that integrating adaptive stateful processing and cooperative intelligence forms a scalable, real-time defensive fabric, capable of addressing multi-vector threats in evolving IoT ecosystems.