Publication:
SoK: Software-Defined Networks Security with machine learning

dc.contributor.coauthorTefek, Utku
dc.contributor.coauthorEsiner, Ertem
dc.contributor.departmentGraduate School of Sciences and Engineering
dc.contributor.departmentDepartment of Computer Engineering
dc.contributor.departmentKUIS AI (Koç University & İş Bank Artificial Intelligence Center)
dc.contributor.kuauthorÖrsdemir, Alperen
dc.contributor.kuauthorKüpçü, Alptekin
dc.contributor.schoolcollegeinstituteGRADUATE SCHOOL OF SCIENCES AND ENGINEERING
dc.contributor.schoolcollegeinstituteCollege of Engineering
dc.contributor.schoolcollegeinstituteResearch Center
dc.date.accessioned2026-07-02T07:31:50Z
dc.date.issued2026
dc.description.abstractSoftware-Defined Networks (SDN) have revolutionized modern networking by enabling flexible, programmable management of network resources. This flexibility facilitates the effective design and deployment of Machine Learning (ML)-based defense mechanisms, including Intrusion Detection Systems (IDS) and anomaly detection. However, the validity of existing SDN-based threat detection solutions for systems that use SDN utilities remains unresolved. This work presents a Systematization of Knowledge (SoK) that synthesizes the literature on ML-based SDN security. The study aims to: (i) analyze and strengthen the validity of reported success in SDN security with ML by reviewing 50 recent high-ranking papers, using a taxonomy-driven analysis that categorizes evaluation metrics and the use of ML models, datasets, controllers, and SDN frameworks
dc.description.abstract(ii) critically assess the state of the literature by comparing these findings with primary surveys and questioning reported accuracy rates
dc.description.abstractand (iii) identify future perspectives and key takeaways for security framework deployment, to propose solutions to address validation challenges, and to outline a hybrid model. The outlined hybrid model combines passive DL-based traffic monitoring with triggered active mitigation, mapping datasets, ML model families, and programmable enforcement mechanisms into a layered SDN defense to improve validity, efficiency, and real-world deployability.
dc.description.fulltextNo
dc.description.harvestedfromManual
dc.description.indexedbyWOS
dc.description.indexedbyScopus
dc.description.openaccessGreen Submitted, gold
dc.description.publisherscopeInternational
dc.description.readpublishN/A
dc.description.sponsoredbyTubitakEuTÜBİTAK
dc.description.sponsorshipThis work was supported in part by TUB & Idot;TAK, the Scientific and Technological Research Council of Turkiye under Grant 123E462 and Grant 124N941; and in part by the National Research Foundation, Prime Minister's Office, Singapore, through the Campus for Research Excellence and Technological Enterprise (CREATE) Program
dc.description.versionPublished Version
dc.identifier.WoSQuartileQ2
dc.identifier.doi10.1109/ACCESS.2026.3673172
dc.identifier.embargoNo
dc.identifier.endpage40787
dc.identifier.grantno123E462
dc.identifier.grantno124N941
dc.identifier.issn2169-3536
dc.identifier.scopus2-s2.0-105032799050
dc.identifier.startpage40769
dc.identifier.urihttps://doi.org/10.1109/ACCESS.2026.3673172
dc.identifier.urihttps://hdl.handle.net/20.500.14288/33128
dc.identifier.volume14
dc.identifier.wos001719526900013
dc.keywordsSecurity
dc.keywordsTaxonomy
dc.keywordsSoftware
dc.keywordsVirtualization
dc.keywordsBand-pass filters
dc.keywordsSoftware defined networking
dc.keywordsAnomaly detection
dc.keywordsAnalytical models
dc.keywordsThreat assessment
dc.keywordsReviews
dc.keywordsIntrusion detection system
dc.keywordsMachine learning
dc.keywordsNetwork functions virtualization
dc.keywordsSoftware-defined networking
dc.languageeng
dc.publisherIEEE
dc.relation.affiliationKoç University
dc.relation.collectionKoç University Institutional Repository
dc.relation.ispartofIEEE Access
dc.relation.openaccessN/A
dc.rightsN/A
dc.rights.uriN/A
dc.subjectComputer science
dc.subjectInformation systems
dc.subjectEngineering, electrical and electronic
dc.subjectTelecommunications
dc.titleSoK: Software-Defined Networks Security with machine learning
dc.typeJournal Article
dspace.entity.typePublication
relation.isOrgUnitOfPublication3fc31c89-e803-4eb1-af6b-6258bc42c3d8
relation.isOrgUnitOfPublication89352e43-bf09-4ef4-82f6-6f9d0174ebae
relation.isOrgUnitOfPublication77d67233-829b-4c3a-a28f-bd97ab5c12c7
relation.isOrgUnitOfPublication.latestForDiscovery3fc31c89-e803-4eb1-af6b-6258bc42c3d8
relation.isParentOrgUnitOfPublication434c9663-2b11-4e66-9399-c863e2ebae43
relation.isParentOrgUnitOfPublication8e756b23-2d4a-4ce8-b1b3-62c794a8c164
relation.isParentOrgUnitOfPublicationd437580f-9309-4ecb-864a-4af58309d287
relation.isParentOrgUnitOfPublication.latestForDiscovery434c9663-2b11-4e66-9399-c863e2ebae43

Files