Abstract
Due to fast development in digital systems, the traditional network architecture is becoming inadequate for the requirements of new technologies such as Cloud Computing, Internet of Things, Bring Your Own Device and for the expansion of internet services. These technologies and services need large-scale computing, high resource availability, dynamic infrastructure tailoring, automation, resilience, holistic knowledge and other needs, still network design demonstrated unmanageable in term of flexible network deployment, dynamic system configuration, agile system estimation, and adaptable system sending. Because of unaltered design of legacy network for recent decades and dynamic nature of modern applications, Software Defined Networks (SDN) has imagined as rising methodology giving programmability, traffic management and adaptive configuration. As SDN architecture gives intelligible centralization and agility to respond to changing demands it additionally presents new attacks conceivable threats and potential security dangers to make it vulnerable and even compromised. Still, on the other side, SDN faces many security challenges, many kinds of new security issues introduced with the advent of SDN. Therefore, an efficient literature review is carried out to collect the issues that most state of the art in SDN security. Systematic Literature Review (SLR) is a collection of 69 well-known papers that are published from 2014–2020. SLR's objective is to study SDN threats, its causes, target planes, cost of developed solutions, and challenges that are related to security. This SLR proposed the layered solution under consideration of advances and threats of technology, in which each layer finds the varying security attacks, its causes, and their proposed solutions. Moreover, to facilitate the future direction related to the security of SDN and privacy, some open problems and challenges are presented. This study will provide a new horizon for future research on SDN security.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10776-022-00561-y/MediaObjects/10776_2022_561_Fig1_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10776-022-00561-y/MediaObjects/10776_2022_561_Fig2_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10776-022-00561-y/MediaObjects/10776_2022_561_Fig3_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10776-022-00561-y/MediaObjects/10776_2022_561_Fig4_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10776-022-00561-y/MediaObjects/10776_2022_561_Fig5_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10776-022-00561-y/MediaObjects/10776_2022_561_Fig6_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10776-022-00561-y/MediaObjects/10776_2022_561_Fig7_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10776-022-00561-y/MediaObjects/10776_2022_561_Fig8_HTML.png)
Similar content being viewed by others
References
S Ortiz (2013) Software-defined networking: On the verge of a breakthrough?” Computer (Long. Beach. Calif)
A. Abdelaziz, et al., Distributed controller clustering in software-defined networks, PLoS One, Vol. 12, No. 4, pp. e174715, 2017.
Open Networking Foundation, Software-defined networking: the new norm for networks [white paper]”, ONF White Pap, Vol. 2, pp. 11, 2012.
N. N. Dao, J. Kim, M. Park and S. Cho, Adaptive suspicious prevention for defending DoS attacks in SDN-based convergent networks”, PLoS One, Vol. 11, No. 8, pp. e0160375, 2016.
F. Pakzad, M. Portmann, W. L. Tan and J. Indulska, Efficient topology discovery in OpenFlow-based Software Defined Networks, Comput. Commun., Vol. 77, pp. 52–61, 2016.
A. Al-Najjar, S. Layeghy, and M. Portmann (2016) Pushing SDN to the end- host, network load balancing using OpenFlow,” in 2016 IEEE International Conference on Pervasive Computing and Communication Workshops, PerCom Workshops
H. S. Saini, R. Sayal, and S. S. Rawat (2019) Innovations in Computer Science and Engineering, vol. 32. Springer Singapore
H. Bos, F. Monrose and G. Blanc, Research in attacks, intrusions, and defenses”, Lect. Notes Comput. Sci., Vol. 9404, pp. 427–447, 2015.
R. Christian (2016) SDN Malware: problems of current protection systems and potential countermeasures,” pp. 89–100
S. Hogg (2014) SDN Security Attack Vectors and SDN Hardening | Network World,” pp. 1–5
C. Yoon, et al., Flow wars: systemizing the attack surface and defenses in software-defined networks, IEEE/ACM Trans. Netw., Vol. 25, No. 6, pp. 3514–3530, 2017.
Z. Zhou and T. A. Benson (2019) Composing SDN Controller Enhancements with Mozart pp. 351–363
N. McKeown et al., (2008) OpenFlow: enabling innovation in campus networks,” ACM SIGCOMM Comput. Commun. Rev.
T. H. Nguyen and M. Yoo, (2017) Analysis of link discovery service attacks in SDN controller,” Int. Conf. Inf. Netw., pp. 259–261
S. Hong, L. Xu, H. Wang, and G. Gu, (2015) Poisoning network visibility in software-defined networks: new attacks and countermeasures
K. Benzekki, A. El Fergougui and A. Elbelrhiti Elalaoui, Software-defined networking (SDN): a survey”, Secur. Commun. Networks, Vol. 9, No. 18, pp. 5803–5833, 2016.
Z. Hu, M. Wang, X. Yan, Y. Yin, and Z. Luo (2015) A comprehensive security architecture for SDN,” in 2015 18th International Conference on Intelligence in Next Generation Networks, ICIN 2015
A Sebbar, M Boulmalf, M Dafir Ech-Cherif El Kettani, and Y Badd (2018) Detection MITM Attack in Multi-SDN Controller,” in Colloquium in Information Science and Technology, CIST
P. W. Chi, C. T. Kuo, J. W. Guo, and C. L. Lei (2015) How to detect a compromised SDN switch,” in 1st IEEE conference on network softwarization: software-defined infrastructures for networks, clouds, IoT and Services, NETSOFT 2015
A. Pradhan and R. Mathew, Solutions to vulnerabilities and threats in software defined networking (SDN), Procedia Comput. Sci., Vol. 171, No. 2019, pp. 2581–2589, 2020.
Y. Meng, Z. Huang, S. Wang, G. Shen, and C. Ke (2020) SOM-based DDoS Defense Mechanism using SDN for the Internet of Things,” 1–10
A. R. Abdou, P. C. Van Oorschot and T. Wan, Comparative analysis of control plane security of SDN and conventional networks, IEEE Commun. Surv. Tutorials, Vol. 20, No. 4, pp. 3542–3559, 2018.
T. Han et al., (2019) A comprehensive survey of security threats and their mitigation techniques for next-generation SDN controllers,” Concurr. Comput., pp. 3–5
H. Zhang, Z. Cai, Q. Liu, Q. Xiao, Y. Li, and C. F. Cheang (2018) A Survey on Security-Aware Measurement in SDN,” Secur. Commun. Networks, 2018
I. Ahmad, S. Namal and M. Ylianttila, Security in software defined networks: a survey, IEEE Communication Surveys & Tutorials, Vol. 17, pp. 4, 2015.
Wenjuan Li and Weizhi Meng, Lam For Kwok, A survey on OpenFlow-based software defined networks: security challenges and countermeasures, Journal of Network and Computer Applications, Vol. 68, pp. 126–139, 2016.
W. Li and W. Meng, A survey on OpenFlow-based Software Defined Networks: Security challenges and countermeasures, Journal of Network and Computer Applications, Vol. 68, pp. 126–139, 2016.
Vasileios Gkioulos, Håkon. Gunleifsen and Goitom K. Weldehawaryat, A Systematic literature review on military software defined networks, Future Internet, Vol. 10, No. 9, pp. 88, 2018.
W. Hassan, T. Chou and L. Xiaoming, Latest trends, challenges and solutions in security in the era of cloud computing and software defined networks, International Journal of Informatics and Communication Technology, Vol. 8, pp. 162, 2019.
T. Han, S. R. U. Jan and T. Zhiyuan, A comprehensive survey of security threats and their mitigation techniques for next-generation SDN controllers, Concurrency Computat Pract Exper, Vol. 32, pp. 16, 2019.
A. Shirmarz and A. Ghaffari, Performance issues and solutions in SDN-based data center: a survey, J Supercomput, Vol. 76, pp. 7545–7593, 2020.
Camilo, J., Chica, C., and Botero, J.F., Security in SDN: A comprehensive survey, Journal of Network and Computer Applications, 2020
Shaghaghi A., Kaafar M.A., Buyya R., Jha S. (2020) Software-Defined Network (SDN) Data Plane Security: Issues, Solutions, and Future Directions. In: Gupta B., Perez G., Agrawal D., Gupta D. (eds) Handbook of Computer Networks and Cyber Security. Springer
S. K. Keshari, V. Kansal and S. Kumar, A Systematic Review of Quality of Services (QoS) in Software Defined Networking (SDN), Wireless Pers Commun, Vol. 116, pp. 2593–2614, 2021.
S. Ahmad and A. H. Mir, Scalability, consistency, reliability and security in SDN controllers: a survey of diverse SDN Controllers, J Netw Syst Manage, Vol. 29, pp. 9, 2021.
S. Matsumoto, S. Hitz, and A. Perrig (2014) Fleet: Defending SDNs from malicious administrators,” HotSDN 2014 - Proc. ACM SIGCOMM 2014 Work. Hot Top. Softw. Defin. Netw., pp. 103–108,
S. Scott-Hayward, C. Kane, and S. Sezer, “OperationCheckpoint: SDN application control,” Proc. - Int. Conf. Netw. Protoc. ICNP, pp. 618–623
P. Porras, S. Cheung, M. Fong, K. Skinner, and V. Yegneswaran, “Securing the Software Defined Network Control Layer,” 2015
K. Petersen, R. Feldt, S. Mujtaba, and M. Mattsson (2018) Systematic mapping studies in software engineering,” in 12th International Conference on Evaluation and Assessment in Software Engineering, EASE 2008
A. Fernandez, E. Insfran, and S. Abrahão, “Usability evaluation methods for the web: A systematic mapping study,” in Information and Software Technology, 2011
J. Xia, Z. Cai, G. Hu and M. Xu, An active defense solution for arp spoofing in open flow network, Chinese J. Electron., Vol. 28, No. 1, pp. 172–178, 2019.
C. Zhang, et al., Towards a SDN-Based Integrated Architecture for Mitigating IP Spoofing Attack, IEEE Access, Vol. 6, pp. 22764–22777, 2017.
T. Park et al., “DPX : Data-Plane eXtensions for SDN Security Service Instantiation
A. Molina Zarca, et al., Security management architecture for NFV/SDN-Aware IoT systems”, IEEE Internet Things J., Vol. 6, No. 5, pp. 8005–8020, 2019.
A. Destounis, et al., Minimum Cost SDN Routing With Reconfiguration Frequency Constraints, IEEE/ACM Transactions on Networking, Vol. 26, No. 4, pp. 1577–1590, 2018.
Z. Su and L. Wang, “CFlam : cost-effective flow latency monitoring system for software defined networks”, 2019 IEEE 20th Int, Conf. High Perform. Switch. Routing, Vol. 25, pp. 3309–3322, 2019.
K. Kogan, S. I. Nikolenko, P. Eugster, A. Shalimov and O. Rottenstreich, “Distributed Platforms, IEEE/ACM Trans. Networking, Vol. 25, No. 6, pp. 1–14, 2017.
Y. Cui, et al., Author ’ s Accepted Manuscript SD-Anti-DDoS : Fast and Efficient DDoS defense in software-defined networks reference, J. Netw. Comput. Appl., Vol. 68, pp. 65–79, 2016.
S. Gao, Z. Li, B. Xiao and G. Wei, Security threats in the data plane of software-defined networks, IEEE Netw., Vol. 32, No. 4, pp. 108–113, 2018.
K. Kalkan, L. Altay, G. Gür and F. Alagöz, JESS: joint entropy-based DDoS defense scheme in SDN, IEEE J. Sel. Areas Commun., Vol. 36, No. 10, pp. 2358–2372, 2018.
Y. Park, S. Y. Chang, and L. M. Krishnamurthy, “Watermarking for detecting freeloader misbehavior in software-defined networks,” 2016 Int. Conf. Comput. Netw. Commun. ICNC 2016, 2016
S. Midha and K. Triptahi, “Extended TLS security and defensive algorithm in openflow SDN,” Proc. 9th Int. Conf. Cloud Comput. Data Sci. Eng. Conflu. 2019: 141–146, 2019
H. Xu, Z. Yu, C. Qian, and X. Li (2017) Minimizing Flow Statistics Collection Cost of SDN Using Wildcard Requests,” pp. 1–9
H. Shafiq, R. A. Rehman, and B. S. Kim (2018) Services and Security Threats in SDN Based VANETs: A Survey,” Wirel. Commun. Mob. Comput., 2018
C. Yoon, P. Porras, M. Fong, B. O. Connor, and T. Vachuska A Security-Mode for Carrier-Grade SDN Controllers,” pp. 461–473
M. Suh, S. H. Park, B. Lee, and S. Yang, “Building firewall over the software-defined network controller,” Int. Conf. Adv. Commun. Technol. ICACT, pp. 744–748, 2014
I. Farris, T. Taleb, Y. Khettab and J. Song, A survey on emerging SDN and NFV security mechanisms for IoT systems, IEEE Commun. Surv. Tutorials, Vol. 21, No. 1, pp. 812–837, 2019.
T. V. Phan, N. K. Bao and M. Park, Distributed-SOM: A novel performance bottleneck handler for large-sized software-defined networks under flooding attacks, J. Netw. Comput. Appl., Vol. 91, No. April, pp. 14–25, 2017.
L. A. Trejo, V. Ferman, M. A. Medina-Pérez, F. M. Arredondo Giacinti, R. Monroy and J. E. Ramirez-Marquez, DNS-ADVP: A machine learning anomaly detection and visual platform to protect top-level domain name servers against DDoS attacks”, IEEE Access, Vol. 7, pp. 116358–116369, 2019.
Z. Shah and S. Cosgrove, Mitigating arp cache poisoning attack in software-defined networking (sdn): A survey, Electron., Vol. 8, No. 10, pp. 1–26, 2019.
A. Zaalouk, R. Khondoker, R. Marx, and K. Bayarou, “OrchSec: An orchestrator-based architecture for enhancing network-security using network monitoring and SDN control functions,” IEEE/IFIP NOMS 2014 - IEEE/IFIP Netw. Oper. Manag. Symp. Manag. a Softw. Defin. World, no. May, 2014
S. Ahmed and N. Medhi, A flow marking based anti-spoofing Mechanism (FMAS) using SDN approach, Adv. Intell. Syst. Comput., Vol. 563, pp. 245–255, 2018.
J. Zhou, J. N. B, and Y. Rao (2017) Block-based convolutional neural network. nternational Workshop on Digital Watermarking 1: 65–76
S. Shin, L. Xu, S. Hong, and G. Gu (2016) Enhancing Network Security through Software Defined Networking (SDN),” 2016 25th Int. Conf. Comput. Commun. Networks, ICCCN 2016
N. Noceti, L. Zini and F. Odone, A multi-camera system for damage and tampering detection in a postal security framework, Eurasip J. Image Video Process., Vol. 2018, No. 1, pp. 1–13, 2018.
P. Ahmad, S. Jacob, and R. Khondoker, “Security Analysis of SDN Applications for Big Data
K. Benton, L. J. Camp, and C. Small, “OpenFlow Vulnerability Assessment Categories and Subject Descriptors,” Proc. Second ACM SIGCOMM Work. Hot Top. Softw. Defin. Netw. - HotSDN ’13, pp. 151
P. Kazemian, M. Chang, H. Zeng, G. Varghese, N. McKeown, and S. Whyte, “Real time network policy checking using header space analysis,” Proc. 10th USENIX Symp. Networked Syst. Des. Implementation, NSDI 2013, pp. 99–111, 2019
S Shin G Gu Attacking software-defined networks: A first feasibility study”, HotSDN 2013 - Proc. 2013 ACM SIGCOMM Work Hot Top. Softw. Defin. Netw. 3 165–166 2013
S. Shin, V. Yegneswaran, P. Porras, and G. Gu, (2013) AVANT-GUARD: Scalable and vigilant switch flow management in software-defined networks,” Proc. ACM Conf. Comput. Commun. Secur., 413–424, 2013
J. Moura and D. Hutchison (2020) Resilient Cyber-Physical Systems: Using NFV Orchestration,” pp. 1–13
M. Niemiec, P. Jaglarz, M. Jekot, P. Chołda, and P. Boryło, “Risk Assessment Approach to Secure Northbound Interface of SDN Networks,” pp. 164–169, 2019
Y. Tian, V. Tran and M. Kuerban, “DOS Attack mitigation strategies on SDN controller”, 2019 IEEE 9th Annu, Comput. Commun. Work. Conf. CCWC, Vol. 2019, pp. 701–707, 2019.
V. Sridharan, K. S. K. Liyanage, and M. Gurusamy, “Privacy-Aware Switch-Controller Mapping in SDN-Based IoT Networks,” 2020 Int. Conf. Commun. Syst. NETworkS, COMSNETS 2020, pp. 1–6
M. M. Alshaer, M. Al-Akhras and A. Albesher, IEEE World Conf, Complex Syst. WCCS, Vol. 2019, No. 4, pp. 1–5, 2019.
S. M. Mousavi and M. St-Hilaire, “Early detection of DDoS attacks against SDN controllers”, 2015 Int, Conf. Comput. Netw. Commun. ICNC, Vol. 2015, pp. 77–81, 2015.
N. M. Sahri and K. Okamura, Protecting DNS services from IP spoofing-SDN collaborative authentication approach, ACM Int. Conf. Proceeding Ser., Vol. 15–17, pp. 83–89, 2016.
R. Skowyra, et al., Effective topology tampering attacks and defenses in Software-Defined networks”, Proc. - 48th Annu. IEEE/IFIP Int. Conf. Dependable Syst, Networks, DSN, Vol. 2018, pp. 374–385, 2018.
A. Shirmarz and A. Ghaffari, Performance issues and solutions in SDN- based data center: a survey, Springer, US, 2020.
M. Li, X. Wang, H. Tong, T. Liu, and Y. Tian, “SPARC: Towards a scalable distributed control plane architecture for protocol-oblivious SDN
W. Rankothge (2019) Past before future: a comprehensive review on software defined networks road map 19: 1
H. Hu, et al., Towards a reliable firewall for software-defined networks, Comput. Secur., Vol. 87, 101597, 2019.
R. Beckett, X. K. Zou, S. Zhang, S. Malik, J. Rexford, and D. Walker An assertion language for debugging SDN applications,” HotSDN 2014 - Proc. ACM SIGCOMM 2014 Work. Hot Top. Softw. Defin. Netw., pp. 91–96, 2014
A. Al-Alaj, R. Sandhu, and R. Krishnan, “A formal access control model for SE-floodlight controller,” SDN-NFV 2019 - Proc. ACM Int. Work. Secur. Softw. Defin. Networks Netw. Funct
L. V. Morales, A. F. Murillo, S. J. Rueda and “Extending the floodlight controller”, Proc. -, IEEE 14th Int, Symp. Netw. Comput. Appl. NCA, Vol. 2015, No. 126–133, pp. 2016, 2015.
E. Al-Shaer and S. Al-Haj (2010) FlowChecker: Configuration analysis and verification of federated OpenFlow infrastructures,” Proc. ACM Conf. Comput. Commun. Secur., 37–44
G. N. Nde and R. Khondoker (2016) SDN testing and debugging tools: A survey,” 2016 5th Int. Conf. Informatics, Electron. Vision, ICIEV 2016, pp. 631–635
P. Fonseca, R. Bennesby, E. Mota and A. Passito, A replication component for resilient OpenFlow-based networking”, Proc. 2012 IEEE Netw, Oper. Manag. Symp. NOMS, Vol. 2015, pp. 933–939, 2012.
N. Sultana, N. Chilamkurti, W. Peng and R. Alhadad, Survey on SDN based network intrusion detection system using machine learning approaches, Peer-to-Peer Netw. Appl., Vol. 12, No. 2, pp. 493–501, 2019.
H. Maziku, S. Shetty and D. M. Nicol, Security risk assessment for SDN-enabled smart grids, Comput. Commun., Vol. 133, pp. 1–11, 2019.
A. Shaghaghi, M. A. Kaafar, R. Buyya and S. Jha, Software-Defined Network (SDN) Data Plane Security: Issues, Solutions, and Future Directions”, Comput. Networks Cyber Secur, Handb, 2020. https://doi.org/10.1007/978-3-030-22277-2_14.
S. R. Chowdhury, F. Bari, R. Ahmed, and R. Boutaba (2014) PayLess : A Low Cost Network Monitoring Framework for Software Defined Networks
J. Yao, Z. Han, M. Sohail and L. Wang, A robust security architecture for SDN-based 5G networks, Futur. Internet, Vol. 11, No. 4, pp. 1–14, 2019.
C. Yoon, T. Park, S. Lee, H. Kang and S. Shin, Enabling security functions with SDN : A feasibility study, Comput. Networks, Vol. 85, No. 2015, pp. 19–35, 2016.
H. Hu, W. Han, G. Ahn, and Z. Zhao (2014) F LOW G UARD : Building Robust Firewalls for Software-Defined Networks 97–102
M. Wang, J. Liu, J. Chen, X. Liu, and J. Mao (2016) PERM-GUARD : Authenticating the validity of flow rules in software defined networking,” J. Signal Process. Syst., 37
S. N. Matheu, et al., Security architecture for defining and enforcing security profiles in DLT/SDN-based IoT systems, Sensors (Switzerland), Vol. 20, No. 7, pp. 1–33, 2020.
Z. Zhao, D. Gong, B. Lu, F. Liu, and C. Zhang (2016) SDN-based double hopping communication against sniffer attack
M. Andreoni, L. Diogo, M. Ferrazani, and O. C. M. B. Duarte (2016) An elastic intrusion detection system for software networks,” Ann. Telecommun
X. Chen and S. Yu, (2015) CIPA : A Collaborative Intrusion Prevention Architecture for Programmable Network and SDN,” Comput. Secur
J. Sonchack, A. J. Aviv, E. Keller, and J. M. Smith (2015) Poster : OFX : Enabling OpenFlow Extensions for Switch-Level Security Applications pp.1678–1680
M. Dhawan (2015) S PHINX : detecting security attacks in software-defined networks,” no. 8–11
B. Wang, Y. Zheng, W. Lou and Y. T. Hou, DDoS attack protection in the era of cloud computing and software-defined networking, Comput. NETWORKS, Vol. 81, pp. 308–319, 2015.
S. Fichera, L. Galluccio, S. C. Grancagnolo, G. Morabito, and S.Palazzo (2015) OPERETTA : An OPEnflow-based REmedy to mitigate TCP SYNFLOOD Attacks against web servers,” Comput. Networks
J. W. Kang, S. H. Park, and J. You (2015) Mynah : enabling lightweight data plane authentication for SDN controllers
M. S. H. Ll, G. A. I. E, J. I. Vélez, and L. C. O (2016) Distributed Denial of Service (DDoS) Attacks Detection Using Machine Learning Prototype,” pp.33–41
Kaur S., Kumar K., Aggarwal N. (2021) A Review of Security Threats in Software-Defined Networking. In: Singh B., Coello Coello C.A., Jindal P., Verma P. (eds) Intelligent Computing and Communication Systems. Algorithms for Intelligent Systems. Springer, Singapore
K. Phemius, M. Bouet, and J. Leguay, “DISCO: Distributed SDN controllers in a multi-domain environment,” in Proc. IEEE NOMS, May 2014, pp. 1–2
K. Phemius, M. Bouet, and J. Leguay, “DISCO: Distributed multidomain SDN controllers in Proc. IEEE NOMS, May 2014, pp. 1–4
E. Al-Shaer and S. Al-Haj, FlowChecker: Configuration analysis and verification of federated openflow infrastructures in Proc. 3rd ACM Workshop SafeConfig, 2015, pp. 37–44
P. Porras et al., A security enforcement kernel for OpenFlow networks,” in Proc. 1st Workshop HotSDN, 2016, pp. 121–126
N. L. van Adrichem, C. Doerr, and F. A. Kuipers, “OpenNetMon: Network monitoring in OpenFlow software-defined networks,” in Proc. IEEE NOMS, May 2014, pp. 1–8
S. R. Chowdhury, M. Bari, R. Ahmed, and R. Boutaba, “PayLess: A low cost network monitoring framework for software defined networks,” in Proc. IEEE NOMS, 2014, pp. 1–9
K. Wang, Y. Qi, B. Yang, Y. Xue, and J. Li, “LiveSec: Towards effective security management in large-scale production networks,” in Proc. ICDCSW, Jun. 2015, pp. 451–460
X. Liu, H. Xue, X. Feng, and Y. Dai, “Design of the multi-level security network switch system which restricts covert channel,” in Proc. IEEE 3rd ICCSN, May 2016, pp. 233–237
A. Zaalouk, R. Khondoker, R. Marx, and K. Bayarou, “OrchSec: An orchestrator-based architecture for enhancing network-security using network monitoring and SDN control functions,” in Proc. IEEE NOMS, May 2017, pp. 1–9
P. Fonseca, R. Bennesby, E. Mota, and A. Passito, “A replication component for resilient OpenFlow-based networking,” in Proc. IEEE NOMS, Apr. 2016, pp. 933–939
P. Smith, A. Schaeffer-Filho, D. Hutchison, and A. Mauthe, “Management patterns: SDN-enabled network resilience management,” in Proc. IEEE NOMS, May 2017, pp. 1–9
M. Suh, S. H. Park, B. Lee, and S. Yang, “Building firewall over the software-defined network controller,” in Proc. 16th ICACT, Feb. 2016, pp. 744–748
M. Koerner and O. Kao, “Oftables: A distributed packet filter,” in Proc. 6th Int. Conf. COMSNETS, Jan. 2017, pp. 1–4
Hao, T. Lakshman, S. Mukherjee, and H. Song, “Secure cloud computing with a virtualized network infrastructure,” in Proc. 2nd USENIX Conf. Hot Topics Cloud Comput., 2016, 16
H. Hu, W. Han, G.-J. Ahn, and Z. Zhao, “FLOWGUARD: building robust firewalls for software-defined networks,” in Proc. 3rd Workshop Topics Softw. Defined Netw., 2017, 97–102.
E. Maccherani et al., “Extending the NetServ autonomic management capabilities using OpenFlow,” in Proc. IEEE NOMS, Apr. 2012, pp. 582–585
T. Xing, D. Huang, L. Xu, C.-J. Chung, and P. Khatkar (2016) SnortFlow: A openflow-based intrusion prevention system in cloud environment,” in Proc. 2nd GREE, Mar. 89–92
S. Shirali-Shahreza and Y. Ganjali (2015) Empowering software defined network controller with packet-level information,” in Proc. IEEE ICC, pp. 1335–1339
S. Shirali-Shahreza and Y. Ganjali, (2015) Efficient implementation of security applications in openflow controller with flexam,” in Proc. IEEE 21st Annu. Symp. HOTI, 49–54
J. Hu, M. Reed, N. Thomos and M. F. AI-Naday and K. Yang, Securing SDN-Controlled IoT Networks Through Edge Blockchain, IEEE Internet of Things Journal, Vol. 8, No. 4, pp. 2102–2115, 2021.
T. Hasan, A. Adnan, T. Giannetsos and J. Malik, "Orchestrating SDN Control Plane towards Enhanced IoT Security," 2020 6th IEEE Conference on Network Softwarization (NetSoft), 2020
D. Javeed, T. Gao and M. T. Khan, SDN-enabled hybrid DL-driven framework for the detection of emerging cyber threats in IoT, Electronics, Vol. 10, pp. 918, 2021.
Marcos V.O.. de Assis, Luiz F. Carvalho, Joel J.P.C.. Rodrigues, Jaime Lloret and Mario L. Proença Jr, Near real-time security system applied to SDN environments in IoT networks using convolutional neural network, Computers & Electrical Engineering, Vol. 86, pp. 1067, 2020.
Mevlut Serkan Tok, Mehmet Demirci (2021) Security analysis of SDN controller-based DHCP services and attack mitigation with DHCP guard, Computers & Security
I. Akbari, E. Tahoun, M. A. Salahuddin, N. Limam and R. Boutaba (2020) ATMoS: Autonomous Threat Mitigation in SDN using Reinforcement Learning NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium pp. 1–9
Revathi, M., Ramalingam, V.V. & Amutha, B. A Machine Learning Based Detection and Mitigation of the DDOS Attack by Using SDN Controller Framework. Wireless Pers Commun (2021)
A. H. M. Jakaria, M. A. Rahman and A. Gokhale, Resiliency-Aware Deployment of SDN in Smart Grid SCADA: A Formal Synthesis Model in, IEEE Transactions on Network and Service Management, Vol. 18, No. 2, pp. 1430–1444, 2021.
H. Jo, J. Nam, and S. Shin (2018) NOSArmor: Building a Secure Network Operating System,” Secure. Commun. Networks 2018
S. ZHANG, X. MENG, and L. WANG (2017) SDNForensics: A Comprehensive Forensics Framework for Software Defined Network,” 54: 92–99
S. Lee, C. Yoon, C. Lee, S. Shin, V. Yegneswaran, and P. Porras, “DELTA: A Security Assessment Framework for Software-Defined Networks 2017.
D. Kreutz, J. Yu, P. Esteves-Verissimo, C. Magalhaes and F. M. V. Ramos, The KISS principle in software-defined networking: A framework for secure communications, IEEE Secure. Priv., Vol. 16, No. 5, pp. 60–70, 2018.
N. Gray, T. Zinner, and P. Tran-Gia, “Enhancing SDN security by device fingerprinting,” Proc. IM 2017 - 2017 IFIP/IEEE Int. Symp. Integer. Netw. Serv. Manag., pp. 879–880, 2017
M. Cheminod, L. Durante, L. Seno, F. Valenza, A. Valenzano and C. Zunino, Leveraging SDN to improve security in industrial networks, pp. 1–7, IEEE Int. Work. Fact. Commun. Syst. - Proceedings, WFCS, 2017.
S. Hyun, et al., Interface to network security functions for cloud-based security services, IEEE Commun. Mag., Vol. 56, No. 1, pp. 171–178, 2018.
W. Lee and N. Kim, Security policy scheme for an efficient security architecture in software-defined networking”, Inf., Vol. 8, No. 2, pp. 65, 2017.
L. Gifre, B. Shariati, and L. Velasco (2018) Experimental Demonstration of Active and Passive Optical Networks Telemetry,” pp. 2017–2019
N. L. M. Van Adrichem, C. Doerr, and F. A. Kuipers, “OpenNetMon: Network monitoring in OpenFlow software-defined networks,” IEEE/IFIP NOMS 2014 - IEEE/IFIP Netw. Oper. Manag. Symp. Manag. a Softw. Defin. World, 2014
M. Koerner and O. Kao, “Oftables: A distributed packet filter,” 2014 6th Int. Conf. Commun. Syst. Networks, COMSNETS 2014, pp. 14–17, 2014
A. Schaeffer-Filho, P. Smith, A. Mauthe and D. Hutchison, Network resilience with reusable management patterns, IEEE Commun. Mag., Vol. 52, No. 7, pp. 108–115, 2014.
C. Bouras, P. Ntarzanos, and A. Papazois, “Cost Modeling for SDN / NFV Based Mobile 5G Networks,” pp. 87–92, 2016
C. Zhang, X. Wang, Y. Zhao, A. Dong, F. Li and M. I. N. Huang, Cost efficient and low-latency network service chain deployment across multiple domains for SDN, IEEE Access, Vol. 7, pp. 143454–143470, 2019.
D. Chourishi, A. Miri, M. Milic, S. Ismaeel and “Role-based multiple controllers for load balancing and security in SDN”, IEEE Canada Int, Humanit. Technol. Conf. IHTC, Vol. 2015, pp. 2015, 2015.
Diego and Ramos, Fernando MV and Verissimo, Paulo Esteves and Rothenberg, Christian Esteve and Azodolmolky, Siamak and Uhlig, Steve Kreutz, “Software-defined networking: A comprehensive survey,” Proceedings of the IEEE, Vol. 103, pp. 14–76, 2014.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
All authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Informed consent
Informed consent was obtained from all individual participants included in the study.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Ahmed, N., Bakar, K.A., Zuhra, F.T. et al. Security & Privacy in Software Defined Networks, Issues, Challenges and Cost of Developed Solutions: A Systematic Literature Review. Int J Wireless Inf Networks 29, 314–340 (2022). https://doi.org/10.1007/s10776-022-00561-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10776-022-00561-y