A comprehensive review on Software-Defined Networking (SDN) and DDoS attacks: Ecosystem, taxonomy, traffic engineering, challenges and research directions

Software Defined network (SDN) represents a sophisticated networking approach that separates the control logic from the data plane. This separation results in a loosely coupled architecture between the control and data planes, enhancing flexibility in managing and transforming network configurations. Additionally, SDN provides a centralized management model through the SDN controller, simplifying network administration. Despite these advantages, SDN has its security challenges. Issues such as topology spoofing, bandwidth exhaustion, flow table updates, and Distributed Denial of Service (DDoS) attacks are prevalent. Among these, DDoS attacks pose a significant threat to the SDN infrastructure. Understanding SDN’s comprehensive ecosystem and functionality is crucial for mitigating SDN vulnerabilities that may attract DDoS attacks. Further, the central data controller of SDN becomes the primary target of DDoS attacks. In this article, we present: (i) A comprehensive SDN environment ecosystem with analysis of each class, (ii) A DDoS attacks taxonomy for the SDN environment with characterization of each class, (iii) Critically analyzed existing statistical, machine and deep learning-based DDoS attacks detection approaches for the SDN environment, (iv) Systematically characterize and compare existing open-source Distributed Processing Frameworks (DPF) for traffic engineering in the SDN environment, (v) Security challenges associated with the SDN environment, (vi) Summarize publically available DDoS attack datasets, (vii) Highlight open issues and future research directions for protecting the SDN environment from DDoS attacks.