Towards Secure SDN: Survey of Machine Learning Approaches for Attack Detection and Mitigation

Abstract

Software-Defined Networking (SDN) has evolved as a revolutionary framework in contemporary network infrastructures, providing centralized control, programmability, scalability, and dynamic configuration. Nevertheless, its logically centralized architecture also presents vulnerabilities that adversaries may exploit, resulting in significant security dangers. Traditional security techniques frequently inadequately meet the intricate and dynamic threat landscape of SDN systems. This paper offers an extensive analysis of machine learning (ML) techniques for threat identification and mitigation in Software-Defined Networking (SDN). It connects theoretical advancements with practical applications, emphasizing how machine learning may function as a versatile and intelligent instrument to enhance software-defined networking security. The review commences by classifying principal attack vectors aimed at SDN components, encompassing the control plane, data plane, and communication channels. It subsequently analyzes supervised, unsupervised, and deep learning techniques utilized to identify and alleviate threats including Distributed Denial of Service (DDoS), spoofing, poisoning, and rule manipulation. The discussion also encompasses benchmark datasets and evaluation measures frequently employed in the literature. Results indicate that machine learning substantially improves detection precision, flexibility, and scalability. Supervised learning is efficacious when labeled data are accessible, whereas unsupervised learning is beneficial for detecting novel or zero-day risks.Deep learning, specifically, attains exceptional efficacy in intricate assault situations. Nonetheless, significant hurdles persist, such as the scarcity of high-quality information, substantial computational demands, and the necessity for real-time adaptation. Future research must concentrate on hybrid models, collaborative detection, and the creation of realistic SDN-specific datasets to facilitate effective, scalable, and resilient security solutions