Abstract
Technology has revolutionized various aspects of human life, and networking plays an important role in this revolution. Networks have gained significant importance with the evolution of technology. Traditional networks have served human life for decades but cannot provide future networking requirements. Software-defined networking (SDN) is a major paradigm shift in the networking field; it provides an efficient way of managing and controlling networks by separating the control layer from the data layer. SDN has gained significant attention from researchers and industry experts in recent years. However, to accept SDN as a replacement for traditional networking, several areas need to be improved, and security is one of them. This exhaustive literature survey presents a detailed analysis of security solutions proposed by researchers for SDN security. This literature review can be classified into three main categories of SDN security solutions: conventional network security solutions, machine learning (ML)-based, and blockchain-based security solutions. A detailed domain analysis has been performed, and the proposed strategies and their results have been evaluated. Moreover, the shortcomings and contributions of previous approaches toward scientific society have been analyzed to facilitate the new research. This research has completed a detailed and diversified literature review to have wide concrete knowledge regarding the future trends for designing and developing innovative SDN security solutions. An exhaustive literature review revealed that various ML-based SDN security approaches have been proposed, including convolutional neural network (CNN), support vector machine (SVM), and k-nearest neighbors (KNN). Among these ML algorithms, CNN and SVM were found to be more effective and state-of-the-art in securing the SDN. Parametric analysis of different researchers demonstrated that blockchain-based flow rules, blockchain-based packet parsers, and controller authentication outperformed while securing the SDN networks. The paper covered all the aspects of previous research that have been experimented with to determine the robust and concrete techniques for the security of SDN networks.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
1 Introduction
Software-defined networking (SDN) has revolutionized the way of managing networks. It is a new paradigm in networking that has gained significant consideration from researchers and industry experts. SDN provides a centralized approach to managing the network’s infrastructure. Using SDN, network administrators can manage and monitor the network more efficiently. Centralized control of the network enables them to configure the network through software interface without physical intervention to network devices [1]. Despite providing many promising features in network management, SDN has also embraced several challenges, particularly regarding security. SDN controllers, the centralized management entities of SDN, are highly vulnerable to attacks that can lead to network disruptions or total network control. In recent research, several solutions have been proposed to address these security issues. However, conventional security solutions cannot fulfill the security requirements of unique SDN architecture. Recent research has also considered machine learning (ML) and artificial intelligence-based security models for SDN security. However, the main limitations of these models are the training complexity, the unavailability of datasets for training, and the testing accuracy. Among many different approaches proposed to enhance SDN security. Blockchain seems a promising solution to overcome SDN security because of its temper-proof and decentralized nature [2,3,4,5,6,7,8,9,10]. However, it is important to resolve the research gaps identified in these papers to accept blockchain-based solutions for SDN security [11].
1.1 Software Defined Networks (SDN)
SDN is a modern network paradigm separating the data and control planes. The centralized SDN controller does the management and configuration of the network. The data plane forwards the network packets based on the rules provided by the controller [9]. SDN provides a flexible and programmable approach to managing the networks, which allows network administrators to configure the networks through software interfaces without physical interventions [12]. SDN is an efficient way of managing the network as it provides a centralized view of the network through a software interface for network administrators. SDN seems to be a promising approach to fulfill the requirements of future networks [13]. This centralized control also allows network administrators to quickly respond to changes in network demand, such as traffic spikes, and adjust network resources accordingly. Figure 1 shows the architecture of the SDN.
SDN architecture
SDN architecture provides flexibility and agility not only on the management side but also on the security side. Separating the data and control planes allows network administrators to easily implement security policies and protocols, such as firewalls, intrusion detection systems, and access controls, to protect the network. Furthermore, Provides an improved and efficient way of network monitoring so that It is easy to monitor the malicious activities in the network and respond to security threats in real-time [13]. It also facilitates the new network and application requirements of organizations by implementing them through SDN controllers [14,15,16]. Figure 2 presents the main advantages of SDN technology to different communication networks.
Advantages of SDN
There are three main layers in SDN architecture: the application layer, the control layer, and the infrastructure layer. Each layer has its own interfaces and application programming interfaces (APIs). Figure 3 presents the structure of the main layers of the SDN network [17].
Layers of SDN
-
A.
Application Layer:
The application layer in SDN controls the network’s behavior according to requirements. It defines the attributes and rules and makes decisions based on network changes. This layer uses the northbound APIs to communicate with the SDN controller about the implications of required changes.
-
Application layer interface (ALI): This layer provides the interface for interaction between SDN controllers and applications.
-
Northbound API: This sub-layer allows communication between network applications and SDN controllers.
-
-
B.
Control Layer:
In SDN, the control layer is the most powerful and significant layer, and it possesses all the authority of the network. The control layer is connected to the lower and upper layers; the lower layer devices are via southbound APIs, and the upper layers are connected via northbound APIs. The controller directs the behavior of network devices based on the demands of the network.
-
Control layer interface (CLI): This sub-layer provides an interface for the SDN controller to interact with the underlying network devices.
-
Southbound API: Through this layer, the SDN controller communicates with the lower-layer devices and gives network-related instructions.
-
-
C.
Infrastructure Layer:
All physical components in SDN lie in this layer. The infrastructure layer comprises all physical components, such as routers and switches. Southbound API is used to communicate with upper-layer devices.
-
Infrastructure layer interface (ILI): This sub-layer provides an interface for the network devices to interact with the SDN controller.
-
Data plane: This sub-layer forwards data packets between network devices.
More flexibility and scalability are made possible by the modular approach to SDN architecture offered by these layers and sub-layers. Additionally, centralized network management and control are made possible by separating the control and data planes, enhancing network security and performance [17].
-
2 Related Work
SDN is a relatively new technology, and with respect to security, it has both advantages and disadvantages. On the one hand, SDN can be utilized to reduce or eliminate certain risks and vulnerabilities that are commonly exploited in traditional networks, such as lack of network segmentation, limited visibility and control, lack of fine-grained access control, Inflexible network provisioning, limited adaptability to emerging threats. However, the unique architecture of SDN can overcome the risk and vulnerabilities of traditional networks by providing programmability, flexibility, and more control over the network, but it also introduces new vulnerabilities and threat vectors that attackers can exploit [18] such as controller vulnerabilities, authentication issues of Northbound and Southbound APIs, and application-related issues. This is due to the separation of control and data planes, as well as the centralized nature of network controllers, which creates a single point of failure that can compromise an entire SDN network [19]. Each SDN layer has different security issues, illustrated in Fig. 4 and briefly discussed in Sect. 6.
This section details common attacks and malicious behaviors targeting various layers of the SDN architecture. Unlike traditional networks, each SDN network component, layer, or protocol may be subject to intentional or inadvertent misuse, leading to the exposure of system vulnerabilities or abnormal behavior [18, 20, 21].
2.1 Application Layer Attacks
In SDN, the application layer is responsible for providing network services to users and applications [21]. Security breaches on the application layer can lead to the exploration of sensitive information, and attacks can gain unauthorized access to sensitive information [22]. On the top of the list is a denial of service (DoS) attack, which overloads the application with bogus traffic so that application resources get busy in responding to the fake traffic and remain unavailable for legitimate users [23]. Another way attackers attack the application layer is by installing a malicious application. Once a malicious application is installed on the top layer, the SDN controller can be manipulated during the packet handling and forwarding rule implementation [24]. Attacks on the Northbound API (NBI) are also used to implement misconfiguration on this layer to target the communication between the controller and application [18, 25].
2.2 Control Layer Attacks
The control layer is SDN’s most important and sensitive layer because it manages the major network operations. Every attacker wishes to attack control because the whole network is compromised once the control layer is bypassed [18]. Various attacks are observed on the control layer, such as controller hijacking and intrusion of fake controllers. Controller hijacking means the attacker bypasses the controller, leading to unauthorized access to network devices and forged rules. Meanwhile, the intrusion of a fake controller means a fake system enters the SDN network and pretends to be a controller [26]. This illegal access can lead to manipulation of the network rules and unauthorized access to sensitive data [27, 28]. Controller poisoning through infected applications is also a type of attack on the control layer, which further negatively impacts the data plane by sending tempered packets and rules [19, 22, 29,30,31].
Layer-wise security issues of SDN
2.3 Infrastructure Layer Attacks
The infrastructure layer is considered the backbone of the SDN network as it consists of the physical and software infrastructure of the network [32]. One common attack on the infrastructure layer is a DoS attack. This attack floods the network with a large traffic volume, causing it to become overwhelmed and unresponsive. This can lead to network downtime and loss of service for legitimate users [23, 33, 34]. Network devices can be isolated through DoS attacks. Switches can be installed with tempered information to modify the flow rules, malicious applications or bypassed controllers can be sources to launch these attacks [29]. Using flow-rule flooding on the infrastructure layer is important to consider where an infected or malicious switch forces the controller for a new rule installation, which can affect the performance of network switches [12, 35].
3 Research Methodology
This literature review is organized to provide extensive knowledge in the field of SDN security. This literature review aims to provide valuable information for researchers to identify the gaps in SDN security. This section contains the research methodology used to conduct this work. The methodology contains research questions, a search string to find the related research papers, a list of scientific repositories to access the research articles, and selection criteria (inclusion and exclusion) of research papers.
3.1 Research Questions
This literature survey reviewed the security solutions used for SDN security. This survey mainly categorized SDN security solutions into three domains: conventional security, AI/ML-based security solutions, and blockchain-based security solutions. Based on these categories, the following research questions are formulated (see Table 1).
3.2 Search String
To retrieve the SDN security-related studies, we used the following search strings:
SDN Security, blockchain-based security solutions for SDN, AI-based SDN Security solutions, and traditional/ conventional security solutions for /applied to SDN.
3.3 Search Repositories
The scientific digital libraries introduced in Table 2 are selected to obtain the results on developed search strings. However, search engines and studies indexers are not mentioned in this table.
3.4 Data Origin
In literature, many solutions have been proposed to address the SDN security issues. Researchers highlighted the sensitivity of SDN layers and proposed solutions to ensure the security of each layer. Moreover, different techniques are also considered in the domain of SDN security. Different search repositories mentioned in Table 2 were accessed to find these studies. Figure 5 shows the frequency (%) of research studies obtained from search repositories, and Fig. 6 shows the number of research studies obtained from each repository.
Percentages of research studies obtained from search repositories
Number of research studies obtained from search repositories
3.5 Publications Span (in Years)
Figures 7 and 8 mention the included research studies mentioned above in Figs. 5 and 6 based on inclusion and exclusion criteria. Figure 7 shows the percentage of studies selected between 2013 and 2024, and Fig. 8 shows the number of studies between these years.
Percentage of research studies year-wise
The number of research studies year-wise
3.6 Inclusion vs. Exclusion Criteria
Table 3 shows the inclusion vs. exclusion criteria of selected studies. The research strings extracted hundreds of studies from the selected repositories, and based on the criteria in Table 3, studies were included and excluded to prepare this work.
4 Analysis
This literature review aims to synthesize and explore industry and research practices related to SDN security and identify the key areas to focus on. By analyzing a diverse range of scholarly articles, technical reports, and industry publications, this review will provide valuable insights into the latest advancements, trends, and best practices in SDN security, ultimately guiding the development of effective security solutions in SDN environments. The systematic literature review conducted for this paper sheds light on the wide range of security measures developed to protect SDN. The findings of the systematic literature review revealed that the SDN security mechanisms can be broadly categorized into three distinct domains: conventional security mechanisms, AI/ML-based security solutions, and blockchain-based security solutions, as illustrated in Fig. 9.
The considered domains of SDN security for this work
4.1 Conventional Network’s Security Mechanisms Applied to SDN
Table 4 comprises a detailed literature review of conventional security solutions applied to SDN architecture. Due to its increasing complexity and dynamic nature, traditional security solutions have shortcomings in securing SDN architecture.
In Table 4, a literature review of conventional security solutions applied to SDN has been conducted. This table concludes by summarizing the key findings of the literature review and highlighting the reasons why relying solely on conventional security solutions is ineffective for the security demands of SDN. Traditional networks are configured and managed manually. Additionally, traditional networks rely on vendor-specific firmware and hardware, which limits the flexibility and customizability of the network. In contrast, SDN introduces a change in the network landscape by separating the data plane from the control plane. SDN facilitates organizations in building more dynamic and adaptable networks according to their specific needs and subsequently requires different security solutions [47]. Conventional security solutions such as Firewall and Intrusion Detection / Prevention Systems (IDS/IPS), Virtual Private Networks (VPN), Access Control Lists (ACLs), Encryption and SSL/TLS, Role-Base Access Control (RBAC), and authentication authorization mechanisms, which are commonly used in traditional networks, lack when applied to SDN architecture. For example, firewalls and IDS/IPS mechanisms struggle to respond to the frequent changes and updates in the SDN environment. Moreover, maintaining comprehensive and consistent security policies across all layers of SDN is challenging. Similarly, traditional networks’ authentication and authorization mechanisms are not scalable enough to manage the increased number of devices and nodes in SDN networks. RBAC and ACL are rigid in nature and purely designed according to traditional networks and are not suitable for flexible and dynamic SDN architecture. Furthermore, the encryption and SSL/TLS are insufficient to provide sophisticated cyberattacks to target SDN controllers and communication channels [48, 49].
4.2 AI/ML-Based Security Solutions Applied to SDN
Table 5 investigates AI/ML-based solutions applied to SDN security. In this section, an extensive literature review uncovers AI/ML-empowered solutions employed to tackle real-time threat detection and mitigation in SDN. The subsequent section performs a detailed analysis of AI/ML techniques and sheds light on their advantages and limitations in the context of SDN.
Table 5 provides the exploration of AI/ML security solutions applied to SDN. During the literature review, renowned algorithms such as support vector machine (SVM), decision trees (DTs), k-nearest neighbors (KNN), convolutional neural networks (CNN), random forest (RF), and XGBoost have been evaluated for their performance in real-time threat detection and mitigation. The literature review highlighted the limitations of AI/ML-based solutions when applied to SDN. One of the main challenges faced by these solutions lies in training complexity and the requirement of real-time datasets to achieve accuracy in prediction, which causes considerable overhead and resource demand on SDN controllers. Additionally, the dynamic and rapidly changing nature of SDN networks badly impacts the performance of the pre-trained model [58]. Moreover, AI/ML algorithms demand high computational requirements, which introduces latency in key network operations and makes it difficult to provide real-time processing. Furthermore, AI/ML-based solutions are susceptible to adversarial attacks, where malicious actors intentionally manipulate network data to deceive the AI/ML models, leading to false positives or negatives in security alerts [58,59,60,61,62]. Considering these limitations, it can be concluded that the AI/ML solutions are unable to provide comprehensive security solutions to address the security issues in the SDN domain [63,64,65].
4.3 Blockchain-Based Security Solutions for SDN
Section 4.1 and 4.2 comprehensively reviewed the security solutions applied for SDN security. Moreover, the literature revealed that the SDN demands new and improved security mechanisms due to its unique architecture. Limitations of both traditional and AI/ML-based security solutions are also discussed in the above sections. This section examines the blockchain-based security solutions, their contributions, and limitations [11].
Table 6 examines the blockchain-based security solutions applied to SDN security and found that blockchain technology has significant potential to revolutionize the SDN security approach by inheriting blockchain properties such as decentralization, immutability, and transparency. However, blockchain-based security has several challenges, such as scalability and a growing ledger with increasing transactions which add delays in network operations [76, 77]. Additionally, security automation is a crucial aspect of the SDN security domain because manual interventions decrease performance. Furthermore, lightweight Blockchain based solutions are important to reduce the computational overheads and resource requirements. To develop an effective and more agile SDN security solution based on Blockchain technology, it is important to address the mentioned issues [76, 78,79,80,81]. However, the research gap analysis on identified parameters from the literature can be observed in Table 7.
5 Future Directions for SDN in B5G and 6G Networks
SDN represents a promising paradigm for Beyond fifth-generation (B5G) and sixth-generation (6G) networks. Table 8 provides the main applications of SDN for these upcoming networks [90, 91]. It also provides the potential research directions for each application. Despite its benefits, SDN poses new security risks, which will only get worse in the environment of 5G and 6G networks. Table 9 provides the main security issues with the SDN for B5G and 6G networks and the potential research directions to solve each security issue.
6 Conclusion
The use of SDN has revolutionized network management, providing centralization and automation that improves efficiency and agility. However, security threats to SDN controllers continue to grow, necessitating the exploration of innovative security mechanisms that can address the security challenges faced by SDN networks. Blockchain technology offers a promising solution, providing secure and transparent data storage and transfer capabilities. However, current Blockchain-based security solutions have limitations, including scalability, high computational cost, and interoperability among different devices and layers [70, 73, 81, 85,86,87,88].
This work has conducted a comprehensive analysis, providing valuable insight into the landscape of security solutions applied to SDN. The review was categorized into three main sections: conventional security solutions, AI/ML-based security solutions, and Blockchain-based security solutions for SDN. A detailed literature review of conventional security solutions employed for SDN security was discussed in Sect. 4.1. It became evident that these traditional methods have their limitations when applied to SDN’s dynamic and programmable nature. These limitations include a lack of agility, inability to adapt to real-time threats, and manual configuration requirements, making them less effective in providing robust security for SDN networks, as summarized in Sect. 4.1. Similarly, Sect. 4.2 comprised an in-depth literature analysis of AI/ML-based security solutions considered for SDN security and identified that AI/ML solutions also face challenges such as the need for extensive training data, high computational overheads, and the risk of false positives and negatives as discussed in Sect. 4.2. The literature review on Blockchain-based security solutions for SDN conducted in Sect. 4.3 highlighted the key benefits of Blockchain technology to enhance SDN security [89]. However, the challenges mentioned in Sect. 4.3 need to be addressed to effectively implement Blockchain-based solutions in SDN environments.
In the future, SDN security studies should concentrate on creating and executing more robust security architectures, protecting communication protocols inside the SDN data plane, developing advanced SDN-specific intrusion detection and prevention mechanisms, utilizing AI to strengthen SDN stability, and creating frameworks that support interoperability and compliance to standard security procedures. SDN is a crucial component of contemporary networks, and its security requires more investigation. Researchers may strengthen SDN’s assault resistance and shield networks from various vulnerabilities by exploring these and other potential areas of research.
Data Availability
Not applicable.
References
Haji SH et al (2021) Comparison of software defined networking with traditional networking. Asian J Res Comput Sci 9(2):1–18
Sahay R, Meng W, Jensen CD (2019) The application of Software defined networking on securing computer networks: a survey. J Netw Comput Appl 131:89–108
Rajasekaran AS, Azees M, Al-Turjman F (2022) A comprehensive survey on blockchain technology. Sustain Energy Technol Assess 52:102039
Alharbi T (2020) Deployment of blockchain technology in software defined networks: a survey. IEEE Access 8:9146–9156
Deepa N et al (2022) A survey on blockchain for big data: approaches, opportunities, and future directions. Future Generation Computer Systems
Liu Y et al (2019) A trust chain assessment method based on blockchain for SDN network nodes in IEEE International Conference on Smart Internet of Things (SmartIoT). 2019. IEEE
Muthanna A et al (2019) Secure and reliable IoT networks using fog computing with software-defined networking and blockchain. J Sens Actuator Networks 8(1):15
Hu J et al (2020) Securing SDN-controlled IoT networks through edge blockchain. IEEE Internet Things J 8(4):2102–2115
Nam Nguyen H et al (2021) A survey of Blockchain technologies applied to software-defined networking: research challenges and solutions. IET Wirel Sens Syst 11(6):233–247
Almasoud AS, Hussain FK, Hussain OK (2020) Smart contracts for blockchain-based reputation systems: a systematic literature review. J Netw Comput Appl 170:102814
Altaf A et al (2023) A survey of blockchain technology: Architecture, applied domains, platforms, and security threats. Social Sci Comput Rev 41(5):1941–1962
Al-Heety OS et al (2020) A comprehensive survey: benefits, services, recent works, challenges, security, and use cases for sdn-vanet. IEEE Access 8:91028–91047
Kreutz D et al (2014) Software-defined networking: a comprehensive survey. Proc IEEE 103(1):14–76
Nunes BAA et al (2014) A survey of software-defined networking: past, present, and future of programmable networks. IEEE Commun Surv Tutorials 16(3):1617–1634
Algarni S et al (2022) BCNBI: a blockchain-based Security Framework for Northbound Interface in Software-defined networking. Electronics 11(7):996
Rawal BS et al (2021) Network augmentation by dynamically splitting the switching function in SDN in IEEE International Conference on Communications Workshops (ICC Workshops). 2021. IEEE
Schaller S, Hood D (2017) Software defined networking architecture standardization. Comput Stand Interfaces 54:197–202
Shaghaghi A et al (2020) Software-defined network (SDN) data plane security: issues, solutions, and future directions. Handbook of Computer Networks and Cyber Security: Principles and Paradigms,: pp. 341–387
Abdou A, van Oorschot PC, Wan T (2018) Comparative analysis of control plane security of SDN and conventional networks. IEEE Commun Surv Tutorials 20(4):3542–3559
Kazmi SHA et al (2023) Survey on Joint Paradigm of 5G and SDN Emerging Mobile Technologies: Architecture, Security, Challenges and Research Directions. Wireless Personal Communications,: pp. 1–48
Deb R, Roy S (2022) A comprehensive survey of vulnerability and information security in SDN. Computer Networks,: p. 108802
Assegie TA, Nair PS (2019) A review on software defined network security risks and challenges. TELKOMNIKA (Telecommunication Comput Electron Control) 17(6):3168–3174
Alhaj AN, Dutta N (2022) Analysis of security attacks in SDN network: A comprehensive survey. Contemporary Issues in Communication, Cloud and Big Data Analytics: Proceedings of CCB 2020,: pp. 27–37
Daneshmand B, Le TA (2022) Software-Defined Networking: A New Approach to Fifth Generation Networks–Security Issues and Challenges Ahead in Thirteenth International Conference on Ubiquitous and Future Networks (ICUFN). 2022. IEEE
Yungaicela-Naula NM, Vargas-Rosales C, Perez-Diaz JA (2021) SDN-based architecture for transport and application layer DDoS attack detection by using machine and deep learning. IEEE Access 9:108495–108512
Khan N et al (2023) Data plane failure and its recovery techniques in SDN: a systematic literature review. J King Saud University-Computer Inform Sci 35(3):176–201
Nguyen T-H, Yoo M (2017) Analysis of link discovery service attacks in SDN controller in International Conference on Information Networking (ICOIN). 2017. IEEE
Priyadarsini M et al (2022) A security enforcement framework for SDN controller using game theoretic approach. IEEE Transactions on Dependable and Secure Computing
Prathibha S et al (2022) Detection Methods for Software Defined Networking Intrusions (SDN) in International Conference on Advances in Computing, Communication and Applied Informatics (ACCAI). 2022. IEEE
Onyema EM et al (2022) A security policy protocol for detection and prevention of internet control message protocol attacks in software defined networks. Sustainability 14(19):11950
Chica JCC, Imbachi JC, Vega JFB (2020) Security in SDN: a comprehensive survey. J Netw Comput Appl 159:102595
Spooner J, Zhu SY (2016) A review of solutions for SDN-exclusive security issues. Int J Adv Comput Sci Appl, 7(8)
Li C et al (2017) Securing SDN infrastructure of IoT–fog networks from MitM attacks. IEEE Internet Things J 4(5):1156–1164
Hoang DB, Farahmandian S (2017) Security of software-defined infrastructures with SDN, NFV, and cloud computing technologies. Guide to Security in SDN and NFV: Challenges, Opportunities, and Applications,: pp. 3–32
Kujur P, Biswal SP, Patel S (2022) Security Challenges and Analysis for SDN-Based Networks. Software Defined Networks: Architecture and Applications,: pp. 321–346
Banse C, Rangarajan S (2015) A secure northbound interface for SDN applications in IEEE Trustcom/BigDataSE/ISPA. 2015. IEEE
Toshniwal B et al (2019) BEAM: Behavior-based access control mechanism for SDN applications in 28th International Conference on Computer Communication and Networks (ICCCN). 2019. IEEE
Duy PT et al (2019) Toward a trust-based authentication framework of Northbound interface in Software Defined Networking in Industrial Networks and Intelligent Systems: 5th EAI International Conference, INISCOM 2019, Ho Chi Minh City, Vietnam, August 19, 2019, Proceedings. Springer
Cui H et al (2017) Authentication mechanism for network applications in SDN environments in 2017 20th International Symposium on Wireless Personal Multimedia Communications (WPMC). IEEE
Aliyu AL, Bull P, Abdallah A (2017) A trust management framework for network applications within an SDN environment in 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA). 2017. IEEE
Wen X et al (2013) Towards a secure controller platform for openflow applications in Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Tseng Y et al (2017) Controller DAC: Securing SDN controller with dynamic access control in IEEE International Conference on Communications (ICC). 2017. IEEE
Tseng Y, Zhang Z, Naït-Abdesselam F (2016) ControllerSEPA: a security-enhancing SDN controller plug-in for OpenFlow applications in 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT). 2016. IEEE
Tseng Y, Nait-Abdesselam F, Khokhar A (2018) SENAD: Securing network application deployment in software defined networks in IEEE International Conference on Communications (ICC). 2018. IEEE
Oktian YE et al (2015) Secure your northbound SDN API in 2015 Seventh International Conference on Ubiquitous and Future Networks. IEEE
Martins BJCdA et al (2019) An Extensible Access Control Architecture for Software Defined Networks based on X. 812 in IEEE Latin-American Conference on Communications (LATINCOM). 2019. IEEE
Ohri P, Neogi SG (2022) Software-defined networking Security challenges and solutions: a Comprehensive Survey. Int J Comput Digit Syst 12(1):400–383
Maleh Y, Fatani IFE, Gholami KE (2022) A Systematic Review on Software Defined Networks Security: Threats and Mitigations. Advances in Information, Communication and Cybersecurity: Proceedings of ICI2C’21,: pp. 591–606
Turner SW et al (2023) A promising integration of SDN and Blockchain for IoT networks: a Survey. IEEE Access
Tuan NN et al (2020) A DDoS attack mitigation scheme in ISP networks using machine learning based on SDN. Electronics 9(3):413
Alzahrani AO, Alenazi MJ (2021) Designing a network intrusion detection system based on machine learning for software defined networks. Future Internet 13(5):111
Henry A et al (2023) Composition of hybrid deep learning model and feature optimization for intrusion detection system. Sensors 23(2):890
Kirutika K et al (2019) Controller monitoring system in software defined networks using random forest algorithm in International Carnahan Conference on Security Technology (ICCST). 2019. IEEE
Yue M et al (2020) Detecting DoS attacks based on multi-features in SDN. IEEE Access 8:104688–104700
Janabi AH, Kanakis T, Johnson M (2022) Convolutional neural network based algorithm for early warning proactive system security in software defined networks. IEEE Access 10:14301–14310
Hadem P, Saikia DK, Moulik S (2021) An SDN-based intrusion detection system using SVM with selective logging for IP traceback. Comput Netw 191:108015
Kumar G, Alqahtani H (2023) Machine Learning Techniques for Intrusion Detection Systems in SDN-Recent advances, challenges and future directions, vol 134. CMES-Computer Modeling in Engineering & Sciences, 1
Imran M, Appice A, Malerba D (2024) Evaluating realistic adversarial attacks against machine learning models for Windows PE Malware Detection. Future Internet 16(5):168
Xie J et al (2018) A survey of machine learning techniques applied to software defined networking (SDN): research issues and challenges. IEEE Commun Surv Tutorials 21(1):393–430
Ali TE, Chong Y-W, Manickam S (2023) Machine learning techniques to detect a DDoS attack in SDN: a systematic review. Appl Sci 13(5):3183
Ahmed N et al (2022) Network threat detection using machine/deep learning in sdn-based platforms: a comprehensive analysis of state-of-the-art solutions, discussion, challenges, and future research direction. Sensors 22(20):7896
Nguyen TN (2018) The challenges in SDN/ML based network security: A survey. arXiv preprint arXiv:1804.03539
Kulkarni R (2023) Review of AI/ML in Software Defined Network from Past to Present. AITC-2023 and CSSP-2023,: p. 196
Alashhab AA et al (2022) A survey of low rate DDoS Detection techniques based on machine learning in Software-defined networks. Symmetry 14(8):1563
Mansoor A et al (2023) Deep learning-based Approach for detecting DDoS Attack on Software-defined networking Controller. Systems 11(6):296
Aliyu AL, Aneiba A, Patwary M (2019) Secure communication between network applications and controller in software defined network in IEEE 18th international symposium on network computing and applications (NCA). 2019. IEEE
Steichen M, Hommes S, State R (2017) ChainGuard—A firewall for blockchain applications using SDN with OpenFlow. In 2017 principles, Systems and Applications of IP Telecommunications (IPTComm). IEEE
Hoang HD, Duy PT, Pham V-H (2019) A security-enhanced monitoring system for northbound interface in SDN using blockchain in Proceedings of the 10th International Symposium on Information and Communication Technology
Barka E et al (2021) STHM: a secured and trusted healthcare monitoring architecture using SDN and Blockchain. Electronics 10(15):1787
Duy PT et al (2022) B-DAC: a decentralized access control framework on northbound interface for securing SDN using blockchain. J Inform Secur Appl 64:103080
Houda AE, Hafid ZAS, Khoukhi L (2019) Cochain-SC: an intra-and inter-domain DDoS mitigation scheme based on blockchain using SDN and smart contract. IEEE Access 7:98893–98907
Shashidhara R et al (2021) SDN-chain: privacy‐preserving protocol for software defined networks using blockchain. Secur Priv 4(6):e178
Boukria S, Guerroumi M, Romdhani I (2019) BCFR: Blockchain-based controller against false flow rule injection in SDN in 2019 IEEE Symposium on Computers and Communications (ISCC). IEEE
Yazdinejad A et al (2020) P4-to-blockchain: a secure blockchain-enabled packet parser for software defined networking. Computers Secur 88:101629
Li W et al (2022) BlockCSDN: towards blockchain-based collaborative intrusion detection in software defined networking. IEICE Trans Inf Syst 105(2):272–279
SureshKumar S et al (2022) Smart Block-SDN: An Advanced Blockchain-SDN Framework for Resource Management in 8th International Conference on Smart Structures and Systems (ICSSS). 2022. IEEE
Ali G, ElAffendi M, Ahmad N (2023) BlockAuth: a blockchain-based framework for secure vehicle authentication and authorization. PLoS ONE 18(9):e0291596
Rahman A et al (2022) On the integration of blockchain and sdn: overview, applications, and future perspectives. J Netw Syst Manage 30(4):73
Jiang S, Yang L (2023) A blockchain-based Consensus Slicing mechanism for Distributed Sdn Control Plane. Int J Cybernetics Inf (IJCI) 12(12):121
Chattaraj D et al (2020) On the design of blockchain-based access control scheme for software defined networks in IEEE INFOCOM 2020-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). IEEE
Jiang B et al (2023) FACSC: Fine-Grained Access Control Based on Smart Contract for Terminals in Software-Defined Network. Security and Communication Networks, 2023
Houda AE, Khoukhi ZL, Hafid A (2018) Chainsecure-a scalable and proactive solution for protecting blockchain applications using sdn in IEEE global communications conference (GLOBECOM). 2018. IEEE
Meng W, Li W, Zhou J (2021) Enhancing the security of blockchain-based software defined networking through trust-based traffic fusion and filtration. Inform Fusion 70:60–71
Li W, Wang Y, Li J (2023) A blockchain-enabled collaborative intrusion detection framework for SDN-assisted cyber-physical systems. Int J Inf Secur 22(5):1–12
Jiasi W et al (2019) Secure software-defined networking based on blockchain. arXiv preprint arXiv:1906.04342
Guo X et al (2022) A novel security mechanism for software defined network based on Blockchain. Comput Sci Inform Syst 19(2):523–545
Wang J et al (2023) A two-layer consortium blockchain with transaction privacy protection based on sharding technology. J Inform Secur Appl 74:103452
Espín JAP et al (2023) SDN-based automated rekey of IPsec security associations: Design and practical validations. Computer Networks,: p. 109905
Alshahrani H et al (2023) Sustainability in blockchain: a systematic literature review on scalability and power consumption issues. Energies 16(3):1510
Volkov A, Proshutinskiy K, Adam ABM, Ateya AA, Muthanna A, Koucheryavy A (2019) SDN Load Prediction Algorithm Based on Artificial Intelligence. In Communications in Computer and Information Science; Springer International Publishing: Cham,; pp. 27–40 ISBN 9783030366247
Yadav R, Kamran R, Jha P, Karandikar A (2023) Applying SDN to Mobile Networks: A New Perspective for 6G Architecture. arXiv [cs.NI]
Kazmi SHA, Qamar F, Hassan R, Nisar K, Chowdhry BS (2023) Survey on Joint paradigm of 5G and SDN Emerging Mobile technologies: Architecture, Security, challenges and Research directions. Wirel Pers Commun 130:2753–2800. https://doi.org/10.1007/s11277-023-10402-7
Mao B, Liu J, Wu Y, Kato N (2023) Security and privacy on 6G network edge: a Survey. IEEE Commun Surv Tutor Secondquarter 25:1095–1127. https://doi.org/10.1109/comst.2023.3244674
Alotaibi A, Barnawi A (2023) Securing massive IoT in 6G: recent solutions, architectures, future directions. Internet Things 22:100715. https://doi.org/10.1016/j.iot.2023.100715
Varma IM, Kumar NA (2023) Comprehensive Survey on SDN and Blockchain-based Secure Vehicular Networks. Veh Commun 44:100663. https://doi.org/10.1016/j.vehcom.2023.100663
Acknowledgements
The authors would like to thank Prince Sultan University for their support.
Funding
This research was supported by EIAS Data Science & Blockchain Lab, Prince Sultan University. The Authors would like to thank Prince Sultan University for paying the APC of this article.
Author information
Authors and Affiliations
Contributions
Muhammad Shahzad: Participated in “Conceptualization, Methodology, Formal Analysis, and Writing—Original draft preparation.”. Safdar Rizvi: Participated in “Methodology, Resources, Data Preparation, Formal Analysis, and Writing—Original draft preparation.”. Talha Ahmed Khan: Participated in “Methodology, Data Preparation, Formal Analysis, and Writing—Original draft preparation.”. Sadique Ahmad: Participated in “Methodology, Software, Validation, Formal Analysis, and Writing—Original draft preparation.”. Abdelhamied A. Ateya: Participated in “Conceptualization, Methodology, Investigation, Resources, Supervision, and Writing—review and editing.”.
Corresponding author
Ethics declarations
Ethical Approval and Consent to Participate
Not applicable.
Consent for Publication
We hereby provide consent for the publication of the manuscript.
Competing Interests
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.
About this article
Cite this article
Shahzad, M., Rizvi, S., Khan, T.A. et al. An Exhaustive Parametric Analysis for Securing SDN Through Traditional, AI/ML, and Blockchain Approaches: A Systematic Review. Int J Netw Distrib Comput 13, 12 (2025). https://doi.org/10.1007/s44227-024-00055-8
Received:
Accepted:
Published:
Version of record:
DOI: https://doi.org/10.1007/s44227-024-00055-8