A Systematic Literature Review on Cyber Attack Detection in Software-Define Networking (SDN)
Article Sidebar
PDF
112 views
Main Article Content
Abstract
The increasing complexity and sophistication of cyberattacks pose significant challenges to traditional network security tools. Software-defined networking (SDN) has emerged as a promising solution because of its centralized management and adaptability. However, cyber-attack detection in SDN settings remains a vital issue. The current literature lacks comprehensive assessment of SDN cyber-attack detection methods including preparation techniques, benefits and types of attacks analysed in datasets. This gap hinders the understanding of the strengths and weaknesses of various detection approaches. This systematic literature review aims to examine SDN cyberattack detection, identify strengths, weaknesses, and gaps in existing techniques, and suggest future research directions in this critical area. A systematic approach was used to review and analyse various SDN cyberattack detection techniques from 2017--2024. A comprehensive assessment was conducted to address these research gaps and provide a comprehensive understanding of different detection methods. The study classified attacks on SDN planes, analysed detection datasets, discussed feature selection methods, evaluated approaches such as entropy, machine learning (ML), deep learning (DL), and federated learning (FL), and assessed metrics for evaluating defense mechanisms against cyberattacks. The review emphasized the importance of developing SDN-specific datasets and using advanced feature selection algorithms. It also provides valuable insights into the state-of-the-art techniques for detecting cyber-attacks in SDN and outlines a roadmap for future research in this critical area. This study identified research gaps and emphasized the importance of further exploration in specific areas to increase cybersecurity in SDN environments.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution 4.0 International License.
References
J. Wang and L. Wang, “SDN-Defend: A Lightweight Online Attack Detection and Mitigation System for DDoS Attacks in SDN,” Sensors, vol. 22, no. 21, 2022, doi: 10.3390/s22218287.
Z. S. Younus and M. Alanezi, “A Survey on Network Security Monitoring: Tools and Functionalities,” Mustansiriyah J. Pure Appl. Sci., vol. 1, no. 2, pp. 55–86, Jul. 2023, Accessed: Aug. 05, 2024. [Online]. Available: https://mjpas.uomustansiriyah.edu.iq/index.php/mjpas/article/view/33
T. Omar, A. Ho, and B. Urbina, “Detection of DDoS in SDN Environment Using Entropy-based Detection,” 2019 IEEE Int. Symp. Technol. Homel. Secur. HST 2019, pp. 1–6, 2019.
B. Lawal and N. At, “Real-Time Detection and Mitigation of Distributed Denial of Service ( DDoS ) Attacks in Software Defined Networking ( SDN ),” no. May, pp. 1–5, 2018, doi: 10.1109/SIU.2018.8404674.
W. G. Gadallah, H. M. Ibrahim, and N. M. Omar, “A deep learning technique to detect distributed denial of service attacks in software-defined networks,” Comput. Secur., vol. 137, no. February, p. 103588, 2024, doi: 10.1016/j.cose.2023.103588.
M. Myint Oo, S. Kamolphiwong, T. Kamolphiwong, and S. Vasupongayya, “Advanced Support Vector Machine-(ASVM-) based detection for Distributed Denial of Service (DDoS) attack on Software Defined Networking (SDN),” J. Comput. Networks Commun., vol. 2019, 2019, doi: 10.1155/2019/8012568.
M. A. Ferrag, L. Maglaras, S. Moschoyiannis, and H. Janicke, “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,” J. Inf. Secur. Appl., vol. 50, p. 102419, Feb. 2020, doi: 10.1016/J.JISA.2019.102419.
A. M. Aleesa, B. B. Zaidan, A. A. Zaidan, and N. M. Sahar, “Review of intrusion detection systems based on deep learning techniques: coherent taxonomy, challenges, motivations, recommendations, substantial analysis and future directions,” Neural Comput. Appl., vol. 32, no. 14, pp. 9827–9858, Jul. 2020, doi: 10.1007/S00521-019-04557-3.
S. Gamage and J. Samarabandu, “Deep learning methods in network intrusion detection: A survey and an objective comparison,” J. Netw. Comput. Appl., vol. 169, p. 102767, Nov. 2020, doi: 10.1016/J.JNCA.2020.102767.
Z. Ahmad, A. Shahid Khan, C. Wai Shiang, J. Abdullah, and F. Ahmad, “Network intrusion detection system: A systematic study of machine learning and deep learning approaches,” Trans. Emerg. Telecommun. Technol., vol. 32, no. 1, Jan. 2020, doi: 10.1002/ETT.4150.
S. Gupta and D. Grover, “A Comprehensive Review on Detection of DDoS Attacks using ML in SDN Environment,” Proc. - Int. Conf. Artif. Intell. Smart Syst. ICAIS 2021, pp. 1158–1163, Mar. 2021, doi: 10.1109/ICAIS50930.2021.9395987.
B. Alhijawi, S. Almajali, H. Elgala, H. Bany Salameh, and M. Ayyash, “A survey on DoS/DDoS mitigation techniques in SDNs: Classification, comparison, solutions, testing tools and datasets,” Comput. Electr. Eng., vol. 99, p. 107706, Apr. 2022, doi: 10.1016/J.COMPELECENG.2022.107706.
A. Makuvaza, D. S. Jat, and A. M. Gamundani, “Deep Neural Network (DNN) Solution for Real-time Detection of Distributed Denial of Service (DDoS) Attacks in Software Defined Networks (SDNs),” 2021. doi: 10.1007/s42979-021-00467-1.
C. Li et al., “Detection and defense of DDoS attack–based on deep learning in OpenFlow-based SDN,” Int. J. Commun. Syst., vol. 31, no. 5, p. e3497, Mar. 2018, doi: 10.1002/DAC.3497.
J. Wang, L. Wang, and R. Wang, “A Method of DDoS Attack Detection and Mitigation for the Comprehensive Coordinated Protection of SDN Controllers,” 2023.
T. G. Gebremeskel, K. A. Gemeda, T. G. Krishna, and P. J. Ramulu, “DDoS Attack Detection and Classification Using Hybrid Model for Multicontroller SDN,” Wirel. Commun. Mob. Comput., vol. 2023, pp. 1–18, 2023, doi: 10.1155/2023/9965945.
A. O. Sangodoyin, M. O. Akinsolu, P. Pillai, and V. Grout, “Detection and Classification of DDoS Flooding Attacks on Software-Defined Networks: A Case Study for the Application of Machine Learning,” IEEE Access, vol. 9, pp. 122495–122508, 2021, doi: 10.1109/ACCESS.2021.3109490.
N. Ahuja, G. Singal, D. Mukhopadhyay, and N. Kumar, “Automated DDOS attack detection in software defined networking,” J. Netw. Comput. Appl., vol. 187, no. May, 2021, doi: 10.1016/j.jnca.2021.103108.
T. M. Nam et al., “Self-organizing map-based approaches in DDoS flooding detection using SDN,” Int. Conf. Inf. Netw., vol. 2018-Janua, pp. 249–254, 2018, doi: 10.1109/ICOIN.2018.8343119.
T. V. Phan, T. G. Nguyen, N. N. Dao, T. T. Huong, N. H. Thanh, and T. Bauschert, “DeepGuard: Efficient Anomaly Detection in SDN with Fine-Grained Traffic Flow Monitoring,” IEEE Trans. Netw. Serv. Manag., vol. 17, no. 3, pp. 1349–1362, 2020, doi: 10.1109/TNSM.2020.3004415.
M. Z. Abdullah, A. K. Jassim, F. N. Hummadi, and M. M. M. Al Khalidy, “NEW STRATEGIES FOR IMPROVING NETWORK SECURITY AGAINST CYBER ATTACK BASED ON INTELLIGENT ALGORITHMS,” J. Eng. Sustain. Dev., vol. 28, no. 3, pp. 342–354, May 2024, doi: 10.31272/JEASD.28.3.4.
M. W. Nadeem, H. G. Goh, Y. Aun, and V. Ponnusamy, “Detecting and Mitigating Botnet Attacks in Software-Defined Networks Using Deep Learning Techniques,” IEEE Access, vol. 11, no. May, pp. 49153–49171, 2023, doi: 10.1109/ACCESS.2023.3277397.
F. Kamil, H. Mihna, M. A. Habeeb, and Y. L. Khaleel, “Using Information Technology for Comprehensive Analysis and Prediction in Forensic Evidence,” Mesopotamian journal of Cybersecurity, vol. 2024, pp. 4–16, 2024, doi.org/10.58496/MJCS/2024/002.
A. A. Abd Al-Ameer and W. S. Bhaya, “Enhanced Intrusion Detection in Software-Defined Networks Through Federated Learning and Deep Learning,” Ing. des Syst. d’Information, vol. 28, no. 5, pp. 1213–1220, 2023, doi: 10.18280/isi.280509.
S. Maeda, A. Kanai, S. Tanimoto, T. Hatashima, and K. Ohkubo, “A Botnet Detection Method on SDN using Deep Learning,” 2019 IEEE Int. Conf. Consum. Electron. ICCE 2019, pp. 1–6, 2019, doi: 10.1109/ICCE.2019.8662080.
H. Wang, W. Li, J. H. Yi, and G.-J. Ahn, “DDosTC: A Transformer-Based Network Attack Detection Hybrid Mechanism in SDN,” Sensors 2021, Vol. 21, Page 5047, vol. 21, no. 15, p. 5047, Jul. 2021, doi: 10.3390/S21155047.
K. S. Sahoo et al., “An Evolutionary SVM Model for DDOS Attack Detection in Software Defined Networks,” IEEE Access, vol. 8, pp. 132502–132513, 2020, doi: 10.1109/ACCESS.2020.3009733.
S. Haider, A. Akhunzada, G. Ahmed, and M. Raza, “Deep Learning based Ensemble Convolutional Neural Network Solution for Distributed Denial of Service Detection in SDNs,” 2019 UK/China Emerg. Technol. UCET 2019, Aug. 2019, doi: 10.1109/UCET.2019.8881856.
H. Babbar, S. Rani, A. Singh, and G. Gianini, “Detecting Cyberattacks to Federated Learning on Software-Defined Networks,” pp. 120–132, 2024, doi: 10.1007/978-3-031-51643-6_9.
I. A. Shakir, P. A. A. A. Saleh, and P. H. M.El-Bakry, “Use of Singular Value Decomposition for a Deep Learning-Based Fast Intrusion Detection System,” J. Coll. Basic Educ., vol. 30, no. 123, pp. 73–87, Apr. 2024, doi: 10.35950/CBEJ.V30I123.11337.
T. H. Lee, L. H. Chang, and C. W. Syu, “Deep learning enabled intrusion detection and prevention system over SDN networks,” 2020 IEEE Int. Conf. Commun. Work. ICC Work. 2020 - Proc., Jun. 2020, doi: 10.1109/ICCWORKSHOPS49005.2020.9145085.
Z. A. El Houda, A. S. Hafid, and L. Khoukhi, “MiTFed: A Privacy Preserving Collaborative Network Attack Mitigation Framework Based on Federated Learning Using SDN and Blockchain,” IEEE Trans. Netw. Sci. Eng., vol. 10, no. 4, pp. 1985–2001, 2023, doi: 10.1109/TNSE.2023.3237367.
H. Elubeyd and D. Yiltas-Kaplan, “Hybrid Deep Learning Approach for Automatic DoS/DDoS Attacks Detection in Software-Defined Networks,” Appl. Sci., vol. 13, no. 6, 2023, doi: 10.3390/app13063828.
L. Chen, Z. Wang, R. Huo, and T. Huang, “An Adversarial DBN-LSTM Method for Detecting and Defending against DDoS Attacks in SDN Environments,” Algorithms 2023, Vol. 16, Page 197, vol. 16, no. 4, p. 197, Apr. 2023, doi: 10.3390/A16040197.
S. M. H. Mirsadeghi, H. Bahsi, R. Vaarandi, and W. Inoubli, “Learning From Few Cyber-Attacks: Addressing the Class Imbalance Problem in Machine Learning-Based Intrusion Detection in Software-Defined Networking,” IEEE Access, vol. 11, no. November, pp. 140428–140442, 2023, doi: 10.1109/ACCESS.2023.3341755.
L. A. E. Al-saeedi et al., “Artificial Intelligence and Cybersecurity in Face Sale Contracts : Legal Issues and Frameworks,” Mesopotamian journal of Cybersecurity, vol. 4, no. 2, pp. 129–142, 2024., doi:org/10.58496/MJCS/2024/0012.
A. Mansoor, M. Anbar, A. A. Bahashwan, B. A. Alabsi, and S. D. A. Rihan, “Deep Learning-Based Approach for Detecting DDoS Attack on Software-Defined Networking Controller,” Syst. 2023, Vol. 11, Page 296, vol. 11, no. 6, p. 296, Jun. 2023, doi: 10.3390/SYSTEMS11060296.
L. Altay, “JESS : Joint Entropy Based DDoS Defense Scheme in SDN,” vol. 8716, no. c, pp. 1–15, 2018, doi: 10.1109/JSAC.2018.2869997.
H. Zhou and J. Ling, “A Cooperative Detection of DDoS attacks based on CNN-BiLSTM in SDN,” J. Phys. Conf. Ser., vol. 2589, no. 1, 2023, doi: 10.1088/1742-6596/2589/1/012001.
M. A. Aladaileh et al., “Effectiveness of an Entropy-Based Approach for Detecting Low- and High-Rate DDoS Attacks against the SDN Controller: Experimental Analysis,” Appl. Sci., vol. 13, no. 2, 2023, doi: 10.3390/app13020775.
M. A. Aladaileh, M. Anbar, A. J. Hintaw, I. H. Hasbullah, A. A. Bahashwan, and S. Al-sarawi, “applied sciences Renyi Joint Entropy-Based Dynamic Threshold Approach to Detect DDoS Attacks against SDN Controller with Various Traffic Rates,” 2022.
T. Wang, Y. Feng, and K. Sakurai, “Improving the Two-stage Detection of Cyberattacks in SDN Environment Using Dynamic Thresholding”.
S. Yu, J. Zhang, J. Liu, X. Zhang, Y. Li, and T. Xu, “A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN,” EURASIP J. Wirel. Commun. Netw., 2021, doi: 10.1186/s13638-021-01957-9.
L. Wang and Y. Liu, “A DDoS Attack Detection Method Based on Information Entropy and Deep Learning in SDN,” Proc. 2020 IEEE 4th Inf. Technol. Networking, Electron. Autom. Control Conf. ITNEC 2020, pp. 1084–1088, Jun. 2020, doi: 10.1109/ITNEC48623.2020.9085007.
R. Fadaei and O. Ermi, “A DDoS Attack Detection and Defense Scheme Using Time-series Analysis for SDN,” 2020.
J. Cui, M. Wang, Y. Luo, and H. Zhong, “DDoS detection and defense mechanism based on cognitive-inspired computing in SDN,” Futur. Gener. Comput. Syst., vol. 97, pp. 275–283, 2019, doi: 10.1016/j.future.2019.02.037.
U. Gurusamy and M. Msk, “Detection and mitigation of UDP flooding attack in a multicontroller software defined network using secure flow management model,” no. April, pp. 1–11, 2019, doi: 10.1002/cpe.5326.
K. S. Sahoo, D. Puthal, M. Tiwary, J. J. P. C. Rodrigues, B. Sahoo, and R. Dash, “An Early Detection of Low Rate DDoS Attack to SDN Based Data Center Networks using Information Distance Metrics,” Futur. Gener. Comput. Syst., 2018, doi: 10.1016/j.future.2018.07.017.
K. S. Sahoo, “Detection of Control Layer DDoS Attack using Entropy metrics in SDN : An Empirical Investigation,” 2017 Ninth Int. Conf. Adv. Comput., pp. 281–286, 2017.
O. Polat et al., “Multi-Stage Learning Framework Using Convolutional Neural Network and Decision Tree-Based Classification for Detection of DDoS Pandemic Attacks in SDN-Based SCADA Systems,” Sensors, vol. 24, no. 3, 2024, doi: 10.3390/s24031040.
H. Alubaidan, R. Alzaher, M. AlQhatani, and R. Mohammed, “DDoS Detection in Software-Defined Network (SDN) Using Machine Learning,” Int. J. Cybern. Informatics, vol. 12, no. 04, pp. 93–104, 2023, doi: 10.5121/ijci.2023.120408.
Musmuharam and Suharjito, “Detection of Distributed Denial of Service Attacks in Software Defined Networks by Using Machine Learning,” Int. J. Commun. Networks Inf. Secur., vol. 15, no. 3, pp. 13–25, 2023, doi: 10.17762/ijcnis.v15i3.6214.
T. E. Ali, Y. W. Chong, and S. Manickam, “Comparison of ML/DL Approaches for Detecting DDoS Attacks in SDN,” Appl. Sci., vol. 13, no. 5, 2023, doi: 10.3390/app13053033.
A. O. Alzahrani and M. J. F. Alenazi, “Designing a network intrusion detection system based on machine learning for software defined networks,” Futur. Internet, vol. 13, no. 5, 2021, doi: 10.3390/fi13050111.
W. Zhijun, X. Qing, W. Jingjie, Y. Meng, and L. Liang, “Low-rate DDoS Attack Detection Based on Factorization Machine in Software Defined Network,” vol. XX, 2020, doi: 10.1109/ACCESS.2020.2967478.
G. Kaur and P. Gupta, “Hybrid Approach for detecting DDOS Attacks in Software Defined Networks,” 2019 12th Int. Conf. Contemp. Comput. IC3 2019, pp. 1–6, 2019, doi: 10.1109/IC3.2019.8844944.
B. V. Karan, D. G. Narayan, and P. S. Hiremath, “Detection of DDoS Attacks in Software Defined Networks,” Proc. 2018 3rd Int. Conf. Comput. Syst. Inf. Technol. Sustain. Solut. CSITSS 2018, pp. 265–270, 2018, doi: 10.1109/CSITSS.2018.8768551.
J. Ye, X. Cheng, J. Zhu, L. Feng, and L. Song, “A DDoS Attack Detection Method Based on SVM in Software Defined Network,” Secur. Commun. Networks, vol. 2018, Apr. 2018, doi: 10.1155/2018/9804061.
D. Hu, P. Hong, and Y. Chen, “FADM : DDoS Flooding Attack Detection and Mitigation System in Software-Defined Networking,” 2017.
A. T. Phu et al., “Defending SDN against packet injection attacks using deep learning,” Comput. Networks, vol. 234, pp. 1–15, 2023, doi: 10.1016/j.comnet.2023.109935.
K. Perumal and K. Arockiasamy, “Optimized deep neural network based DDoS attack detection and bait mitigation process in software defined network,” Concurr. Comput. Pract. Exp., vol. 35, no. 12, pp. 1–23, 2023, doi: 10.1002/cpe.7692.
U. Mbasuva and G. A. L. Zodi, “Designing Ensemble Deep Learning Intrusion Detection System for DDoS attacks in Software Defined Networks,” Proc. 2022 16th Int. Conf. Ubiquitous Inf. Manag. Commun. IMCOM 2022, 2022, doi: 10.1109/IMCOM53663.2022.9721785.
Y. Liu, T. Zhi, M. Shen, L. Wang, Y. Li, and M. Wan, “Software-defined DDoS detection with information entropy analysis and optimized deep learning,” Futur. Gener. Comput. Syst., vol. 129, pp. 99–114, Apr. 2022, doi: 10.1016/J.FUTURE.2021.11.009.
N. Ahuja, G. Singal, and D. Mukhopadhyay, “DLSDN: Deep learning for DDOS attack detection in software defined networking,” Proc. Conflu. 2021 11th Int. Conf. Cloud Comput. Data Sci. Eng., pp. 683–688, Jan. 2021, doi: 10.1109/CONFLUENCE51648.2021.9376879.
S. Haider et al., “A Deep CNN Ensemble Framework for Efficient DDoS Attack Detection in Software Defined Networks,” IEEE Access, vol. 8, no. March, pp. 53972–53983, 2020, doi: 10.1109/ACCESS.2020.2976908.
M. P. Novaes, L. F. Carvalho, J. Lloret, and M. L. Proenca, “Long short-term memory and fuzzy logic for anomaly detection and mitigation in software-defined network environment,” IEEE Access, vol. 8, pp. 83765–83781, 2020, doi: 10.1109/ACCESS.2020.2992044.
L. Zhou, J. Shu, and X. Jia, “Collaborative Anomaly Detection in Distributed SDN,” Proc. - IEEE Glob. Commun. Conf. GLOBECOM, 2020, doi: 10.1109/GLOBECOM42002.2020.9322364.
B. Nugraha and R. N. Murthy, “Deep Learning-based Slow DDoS Attack Detection in SDN-based Networks,” 2020 IEEE Conf. Netw. Funct. Virtualization Softw. Defin. Networks, NFV-SDN 2020 - Proc., pp. 51–56, Nov. 2020, doi: 10.1109/NFV-SDN50289.2020.9289894.
D. Arivudainambi, V. K. Varun, and S. Sibi Chakkaravarthy, “LION IDS: A meta-heuristics approach to detect DDoS attacks against Software-Defined Networks,” Neural Comput. Appl., vol. 31, no. 5, pp. 1491–1501, 2019, doi: 10.1007/s00521-018-3383-7.
J. Mateus, G. L. Zodi, and A. Bagula, “Federated Learning-Based Solution for DDoS Detection in SDN,” pp. 875–880, 2024.
S. H. A. Kazmi, F. Qamar, R. Hassan, K. Nisar, D. P. B. Dahnil, and M. A. Al-Betar, “Threat Intelligence with Non-IID Data in Federated Learning enabled Intrusion Detection for SDN: An Experimental Study,” 2023 24th Int. Arab Conf. Inf. Technol. ACIT 2023, pp. 1–6, 2023, doi: 10.1109/ACIT58888.2023.10453867.
H. T. Thi, N. D. Hoang Son, P. T. Duv, and H. Van Pham, “Federated Learning-Based Cyber Threat Hunting for APT Attack Detection in SDN-Enabled Networks,” 2022 21st Int. Symp. Commun. Inf. Technol. Isc. 2022, pp. 1–6, 2022, doi: 10.1109/ISCIT55906.2022.9931222.
H. A. Hassan, E. El-Din Hemdan, M. Shokair, F. E. A. El-Samie, and W. El-Shafai, “An Efficient Attack Detection Framework in Software-Defined Networking using Intelligent Techniques,” ICEEM 2023 - 3rd IEEE Int. Conf. Electron. Eng., no. October, 2023, doi: 10.1109/ICEEM58740.2023.10319575.
N. Naim, M. Imad, M. A. Hassan, M. B. Afzal, S. Khan, and A. U. Khan, “POX and RYU Controller Performance Analysis on Software Defined Network,” EAI Endorsed Trans. Internet Things, vol. 9, no. 3, pp. 1–11, 2023, doi: 10.4108/eetiot.v9i3.2821.
R. Santos, D. Souza, W. Santo, A. Ribeiro, and E. Moreno, “Machine learning algorithms to detect DDoS attacks in SDN,” Concurr. Comput. Pract. Exp., vol. 32, no. 16, pp. 1–14, 2020, doi: 10.1002/cpe.5402.
A. S. Alshra’A, A. Farhat, and J. Seitz, “Deep Learning Algorithms for Detecting Denial of Service Attacks in Software-Defined Networks,” Procedia Comput. Sci., vol. 191, no. 2019, pp. 254–263, 2021, doi: 10.1016/j.procs.2021.07.032.
M. S. Elsayed, N. A. Le-Khac, S. Dev, and A. D. Jurcut, “DDoSNet: A Deep-Learning Model for Detecting Network Attacks,” Proc. - 21st IEEE Int. Symp. a World Wireless, Mob. Multimed. Networks, WoWMoM 2020, no. July, pp. 391–396, 2020, doi: 10.1109/WoWMoM49955.2020.00072.
R. Doriguzzi-Corin and D. Siracusa, “FLAD: Adaptive Federated Learning for DDoS attack detection,” Comput. Secur., vol. 137, no. c, 2024, doi: 10.1016/j.cose.2023.103597.
T. V. Phan and T. G. Nguyen, “FEAR: Federated Cyber-Attack Reaction in Distributed Software-Defined Networks with Deep Q-Network,” Wirel. Telecommun. Symp., vol. 2022-April, no. March 2022, 2022, doi: 10.1109/WTS53620.2022.9768169.
N. T. Trong, H. Do Hoang, D. M. Trung, P. T. Duy, and V. H. Pham, “A federated threat hunting system with big data analysis for SDN-enabled networks,” Proc. - 2022 RIVF Int. Conf. Comput. Commun. Technol. RIVF 2022, pp. 35–40, 2022, doi: 10.1109/RIVF55975.2022.10013833.