A Comprehensive Analysis of Machine Learning- and Deep Learning-Based Solutions for DDoS Attack Detection in SDN

Software-defined networking (SDN) provides programmability, manageability, flexibility and efficiency compared to traditional networks. These are owing to the SDN's mutual independence or separation of the control and data planes. Decoupling two planes and the centralised nature of SDN enhance DDoS attack protection by facilitating easy implementation of network device policies. The controller's ability to filter network traffic and detect malicious flows is attributed to its global network view. Control and data plane separation brought numerous benefits, but it also introduced a new challenge in terms of its susceptibility to DDoS attack. DDoS attacks are one of the most severe threats to SDN, where the perpetrator disrupts the services of regular users. Machine learning (ML) and deep learning (DL) have emerged as good solutions compared to statistical or policy-based solutions to detect DDoS attack. We have created a detailed taxonomy of DDoS defense solutions. We have surveyed 260 research articles, of which 132 articles are selected based on ML- and/or DL-based solutions to detect DDoS attack in SDN. We discuss the existing works which have applied feature selection algorithms on the dataset to select the best and optimal features for detecting DDoS attack. We present the features of various DDoS datasets available publicly. We also argue for the need to create SDN-specific datasets and then apply feature selection algorithms that may help in better detection of DDoS attack. Finally, we present the research challenges in SDN security that can help the researchers to carry out further research and develop new methods to secure SDN.

Automated summary

Software-defined networking (SDN) provides programmability, manageability, flexibility, and efficiency compared to traditional networks. The decoupling of control and data planes in SDN enhances DDoS attack protection, but also introduces vulnerability. Machine learning (ML) and deep learning (DL) have emerged as effective solutions to detect DDoS attacks in SDN.