Publication: SoK: Software-Defined Networks Security with machine learning
Program
KU-Authors
KU Authors
Co-Authors
Tefek, Utku
Esiner, Ertem
Editor & Affiliation
Compiler & Affiliation
Translator
Other Contributor
Date
Language
eng
Type
Embargo Status
No
Journal Title
Journal ISSN
Volume Title
Alternative Title
Abstract
Software-Defined Networks (SDN) have revolutionized modern networking by enabling flexible, programmable management of network resources. This flexibility facilitates the effective design and deployment of Machine Learning (ML)-based defense mechanisms, including Intrusion Detection Systems (IDS) and anomaly detection. However, the validity of existing SDN-based threat detection solutions for systems that use SDN utilities remains unresolved. This work presents a Systematization of Knowledge (SoK) that synthesizes the literature on ML-based SDN security. The study aims to: (i) analyze and strengthen the validity of reported success in SDN security with ML by reviewing 50 recent high-ranking papers, using a taxonomy-driven analysis that categorizes evaluation metrics and the use of ML models, datasets, controllers, and SDN frameworks
(ii) critically assess the state of the literature by comparing these findings with primary surveys and questioning reported accuracy rates
and (iii) identify future perspectives and key takeaways for security framework deployment, to propose solutions to address validation challenges, and to outline a hybrid model. The outlined hybrid model combines passive DL-based traffic monitoring with triggered active mitigation, mapping datasets, ML model families, and programmable enforcement mechanisms into a layered SDN defense to improve validity, efficiency, and real-world deployability.
(ii) critically assess the state of the literature by comparing these findings with primary surveys and questioning reported accuracy rates
and (iii) identify future perspectives and key takeaways for security framework deployment, to propose solutions to address validation challenges, and to outline a hybrid model. The outlined hybrid model combines passive DL-based traffic monitoring with triggered active mitigation, mapping datasets, ML model families, and programmable enforcement mechanisms into a layered SDN defense to improve validity, efficiency, and real-world deployability.
Source
Publisher
IEEE
Subject
Computer science, Information systems, Engineering, electrical and electronic, Telecommunications
Citation
Has Part
Source
IEEE Access
Book Series Title
Edition
DOI
10.1109/ACCESS.2026.3673172
item.page.datauri
Link
Rights
N/A
Copyrights Note
Creative Commons license
Except where otherwised noted, this item's license is described as N/A
