A comprehensive review on Software-Defined Networking (SDN) and DDoS attacks: Ecosystem, taxonomy, traffic engineering, challenges and research directions

IF 13.3 1区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computer Science Review Pub Date : 2024-11-23 DOI:10.1016/j.cosrev.2024.100692
Amandeep Kaur , C. Rama Krishna , Nilesh Vishwasrao Patil
{"title":"A comprehensive review on Software-Defined Networking (SDN) and DDoS attacks: Ecosystem, taxonomy, traffic engineering, challenges and research directions","authors":"Amandeep Kaur ,&nbsp;C. Rama Krishna ,&nbsp;Nilesh Vishwasrao Patil","doi":"10.1016/j.cosrev.2024.100692","DOIUrl":null,"url":null,"abstract":"<div><div>Software Defined network (SDN) represents a sophisticated networking approach that separates the control logic from the data plane. This separation results in a loosely coupled architecture between the control and data planes, enhancing flexibility in managing and transforming network configurations. Additionally, SDN provides a centralized management model through the SDN controller, simplifying network administration. Despite these advantages, SDN has its security challenges. Issues such as topology spoofing, bandwidth exhaustion, flow table updates, and Distributed Denial of Service (DDoS) attacks are prevalent. Among these, DDoS attacks pose a significant threat to the SDN infrastructure. Understanding SDN’s comprehensive ecosystem and functionality is crucial for mitigating SDN vulnerabilities that may attract DDoS attacks. Further, the central data controller of SDN becomes the primary target of DDoS attacks. In this article, we present: (i) A comprehensive SDN environment ecosystem with analysis of each class, (ii) A DDoS attacks taxonomy for the SDN environment with characterization of each class, (iii) Critically analyzed existing statistical, machine and deep learning-based DDoS attacks detection approaches for the SDN environment, (iv) Systematically characterize and compare existing open-source Distributed Processing Frameworks (DPF) for traffic engineering in the SDN environment, (v) Security challenges associated with the SDN environment, (vi) Summarize publically available DDoS attack datasets, (vii) Highlight open issues and future research directions for protecting the SDN environment from DDoS attacks.</div></div>","PeriodicalId":48633,"journal":{"name":"Computer Science Review","volume":"55 ","pages":"Article 100692"},"PeriodicalIF":13.3000,"publicationDate":"2024-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Science Review","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1574013724000753","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Software Defined network (SDN) represents a sophisticated networking approach that separates the control logic from the data plane. This separation results in a loosely coupled architecture between the control and data planes, enhancing flexibility in managing and transforming network configurations. Additionally, SDN provides a centralized management model through the SDN controller, simplifying network administration. Despite these advantages, SDN has its security challenges. Issues such as topology spoofing, bandwidth exhaustion, flow table updates, and Distributed Denial of Service (DDoS) attacks are prevalent. Among these, DDoS attacks pose a significant threat to the SDN infrastructure. Understanding SDN’s comprehensive ecosystem and functionality is crucial for mitigating SDN vulnerabilities that may attract DDoS attacks. Further, the central data controller of SDN becomes the primary target of DDoS attacks. In this article, we present: (i) A comprehensive SDN environment ecosystem with analysis of each class, (ii) A DDoS attacks taxonomy for the SDN environment with characterization of each class, (iii) Critically analyzed existing statistical, machine and deep learning-based DDoS attacks detection approaches for the SDN environment, (iv) Systematically characterize and compare existing open-source Distributed Processing Frameworks (DPF) for traffic engineering in the SDN environment, (v) Security challenges associated with the SDN environment, (vi) Summarize publically available DDoS attack datasets, (vii) Highlight open issues and future research directions for protecting the SDN environment from DDoS attacks.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
关于软件定义网络(SDN)和 DDoS 攻击的全面综述:生态系统、分类、流量工程、挑战和研究方向
软件定义网络(SDN)是一种复杂的网络方法,它将控制逻辑与数据平面分离开来。这种分离使控制平面和数据平面之间形成了松散耦合的架构,提高了管理和转换网络配置的灵活性。此外,SDN 还通过 SDN 控制器提供了一种集中管理模式,从而简化了网络管理。尽管有这些优势,SDN 也有其安全挑战。拓扑欺骗、带宽耗尽、流量表更新和分布式拒绝服务(DDoS)攻击等问题普遍存在。其中,DDoS 攻击对 SDN 基础设施构成了重大威胁。了解 SDN 的综合生态系统和功能对于减少可能吸引 DDoS 攻击的 SDN 漏洞至关重要。此外,SDN 的中央数据控制器会成为 DDoS 攻击的主要目标。在本文中,我们将介绍(i) 全面的 SDN 环境生态系统,并对每一类进行分析;(ii) SDN 环境的 DDoS 攻击分类法,并对每一类进行特征描述;(iii) 针对 SDN 环境批判性地分析现有的基于统计、机器和深度学习的 DDoS 攻击检测方法、(iv) 系统分析和比较现有开源分布式处理框架 (DPF),用于 SDN 环境中的流量工程;(v) 与 SDN 环境相关的安全挑战;(vi) 总结公开可用的 DDoS 攻击数据集;(vii) 强调保护 SDN 环境免受 DDoS 攻击的公开问题和未来研究方向。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Computer Science Review
Computer Science Review Computer Science-General Computer Science
CiteScore
32.70
自引率
0.00%
发文量
26
审稿时长
51 days
期刊介绍: Computer Science Review, a publication dedicated to research surveys and expository overviews of open problems in computer science, targets a broad audience within the field seeking comprehensive insights into the latest developments. The journal welcomes articles from various fields as long as their content impacts the advancement of computer science. In particular, articles that review the application of well-known Computer Science methods to other areas are in scope only if these articles advance the fundamental understanding of those methods.
期刊最新文献
A comprehensive review on current issues and advancements of Internet of Things in precision agriculture A comprehensive review on Software-Defined Networking (SDN) and DDoS attacks: Ecosystem, taxonomy, traffic engineering, challenges and research directions From accuracy to approximation: A survey on approximate homomorphic encryption and its applications Editorial Board Image processing and artificial intelligence for apple detection and localization: A comprehensive review
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1