Comprehensive Analysis of DDoS Anomaly Detection in Software-Defined Networks
Software-Defined Networking (SDN) offers significant advantages for modern networks, including flexibility, centralized control, and reduced dependency on vendor-specific hardware. However, these benefits introduce security vulnerabilities, particularly from Distributed Denial-of-Service (DDoS) atta...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10857272/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1825207019078942720 |
|---|---|
| author | Abdinasir Hirsi Mohammed A. Alhartomi Lukman Audah Adeb Salh Nan Mad Sahar Salman Ahmed Godwin Okon Ansa Abdullahi Farah |
| author_facet | Abdinasir Hirsi Mohammed A. Alhartomi Lukman Audah Adeb Salh Nan Mad Sahar Salman Ahmed Godwin Okon Ansa Abdullahi Farah |
| author_sort | Abdinasir Hirsi |
| collection | DOAJ |
| description | Software-Defined Networking (SDN) offers significant advantages for modern networks, including flexibility, centralized control, and reduced dependency on vendor-specific hardware. However, these benefits introduce security vulnerabilities, particularly from Distributed Denial-of-Service (DDoS) attacks, which represent some of the most disruptive threats to SDN environments. A review of the literature shows that while various techniques have been proposed to counteract DDoS threats, many studies have focused on single detection methods, with only a few utilizing multiple approaches. This fragmented focus limits a comprehensive approach to addressing DDoS threats across the SDN layers. To bridge this gap, this paper presents the first comprehensive review of DDoS anomaly detection in SDN, examining over 165 primary research articles published between 2020 and 2024. A novel taxonomy of DDoS attacks is introduced, categorizing them by distinct characteristics, and mapping each attack type to relevant detection methods within specific SDN layers. The survey provides a layer-by-layer analysis of DDoS detection techniques, covering the application, control, and infrastructure layers, and offers a structured overview that clarifies the applicability and effectiveness of each method. The paper concludes by synthesizing key findings, identifying unresolved challenges, and outlining future research directions to advance DDoS detection mechanisms in SDN. This roadmap is designed to guide researchers in addressing security vulnerabilities and enhancing SDN resilience against evolving DDoS threats. |
| format | Article |
| id | doaj-art-5785739d218c4318b4464cb66b25a95a |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-5785739d218c4318b4464cb66b25a95a2025-02-07T00:01:32ZengIEEEIEEE Access2169-35362025-01-0113230132307110.1109/ACCESS.2025.353594310857272Comprehensive Analysis of DDoS Anomaly Detection in Software-Defined NetworksAbdinasir Hirsi0https://orcid.org/0000-0001-8543-6134Mohammed A. Alhartomi1https://orcid.org/0000-0002-5955-8864Lukman Audah2https://orcid.org/0000-0002-0958-4474Adeb Salh3https://orcid.org/0000-0003-0905-2635Nan Mad Sahar4https://orcid.org/0000-0002-7861-8148Salman Ahmed5https://orcid.org/0009-0003-7129-7892Godwin Okon Ansa6https://orcid.org/0000-0003-1107-5959Abdullahi Farah7Advanced Telecommunication Research Center, Faculty of Electrical and Electronic Engineering, Universiti Tun Hussein Onn Malaysia, Parit Raja, MalaysiaDepartment of Electrical Engineering, University of Tabuk, Tabuk, Saudi ArabiaAdvanced Telecommunication Research Center, Faculty of Electrical and Electronic Engineering, Universiti Tun Hussein Onn Malaysia, Parit Raja, MalaysiaFaculty of Information and Communication Technology, University Tunku Abdul Rahman (UTAR), Kampar, MalaysiaInnovation and Entrepreneurship Centre (IEC), University of Tabuk, Tabuk, Saudi ArabiaVLSI and Embedded Technology (VEST) Focus Group, Faculty of Electrical and Electronic Engineering, Universiti Tun Hussein Onn Malaysia, Parit Raja, MalaysiaDepartment of Computer Science, Faculty of Physical Sciences, Akwa Ibom State University, Akwa Ibom, NigeriaEngineering Department, Somtel Telecommunication Company, Bosaso, Bari, SomaliaSoftware-Defined Networking (SDN) offers significant advantages for modern networks, including flexibility, centralized control, and reduced dependency on vendor-specific hardware. However, these benefits introduce security vulnerabilities, particularly from Distributed Denial-of-Service (DDoS) attacks, which represent some of the most disruptive threats to SDN environments. A review of the literature shows that while various techniques have been proposed to counteract DDoS threats, many studies have focused on single detection methods, with only a few utilizing multiple approaches. This fragmented focus limits a comprehensive approach to addressing DDoS threats across the SDN layers. To bridge this gap, this paper presents the first comprehensive review of DDoS anomaly detection in SDN, examining over 165 primary research articles published between 2020 and 2024. A novel taxonomy of DDoS attacks is introduced, categorizing them by distinct characteristics, and mapping each attack type to relevant detection methods within specific SDN layers. The survey provides a layer-by-layer analysis of DDoS detection techniques, covering the application, control, and infrastructure layers, and offers a structured overview that clarifies the applicability and effectiveness of each method. The paper concludes by synthesizing key findings, identifying unresolved challenges, and outlining future research directions to advance DDoS detection mechanisms in SDN. This roadmap is designed to guide researchers in addressing security vulnerabilities and enhancing SDN resilience against evolving DDoS threats.https://ieeexplore.ieee.org/document/10857272/Amplification attacksanomaly detectionbotnet attacksDDoS detectionflooding attacksprotocol attacks |
| spellingShingle | Abdinasir Hirsi Mohammed A. Alhartomi Lukman Audah Adeb Salh Nan Mad Sahar Salman Ahmed Godwin Okon Ansa Abdullahi Farah Comprehensive Analysis of DDoS Anomaly Detection in Software-Defined Networks IEEE Access Amplification attacks anomaly detection botnet attacks DDoS detection flooding attacks protocol attacks |
| title | Comprehensive Analysis of DDoS Anomaly Detection in Software-Defined Networks |
| title_full | Comprehensive Analysis of DDoS Anomaly Detection in Software-Defined Networks |
| title_fullStr | Comprehensive Analysis of DDoS Anomaly Detection in Software-Defined Networks |
| title_full_unstemmed | Comprehensive Analysis of DDoS Anomaly Detection in Software-Defined Networks |
| title_short | Comprehensive Analysis of DDoS Anomaly Detection in Software-Defined Networks |
| title_sort | comprehensive analysis of ddos anomaly detection in software defined networks |
| topic | Amplification attacks anomaly detection botnet attacks DDoS detection flooding attacks protocol attacks |
| url | https://ieeexplore.ieee.org/document/10857272/ |
| work_keys_str_mv | AT abdinasirhirsi comprehensiveanalysisofddosanomalydetectioninsoftwaredefinednetworks AT mohammedaalhartomi comprehensiveanalysisofddosanomalydetectioninsoftwaredefinednetworks AT lukmanaudah comprehensiveanalysisofddosanomalydetectioninsoftwaredefinednetworks AT adebsalh comprehensiveanalysisofddosanomalydetectioninsoftwaredefinednetworks AT nanmadsahar comprehensiveanalysisofddosanomalydetectioninsoftwaredefinednetworks AT salmanahmed comprehensiveanalysisofddosanomalydetectioninsoftwaredefinednetworks AT godwinokonansa comprehensiveanalysisofddosanomalydetectioninsoftwaredefinednetworks AT abdullahifarah comprehensiveanalysisofddosanomalydetectioninsoftwaredefinednetworks |