Publication: SoK: Software-Defined Networks Security with machine learning
| dc.contributor.coauthor | Tefek, Utku | |
| dc.contributor.coauthor | Esiner, Ertem | |
| dc.contributor.department | Graduate School of Sciences and Engineering | |
| dc.contributor.department | Department of Computer Engineering | |
| dc.contributor.department | KUIS AI (Koç University & İş Bank Artificial Intelligence Center) | |
| dc.contributor.kuauthor | Örsdemir, Alperen | |
| dc.contributor.kuauthor | Küpçü, Alptekin | |
| dc.contributor.schoolcollegeinstitute | GRADUATE SCHOOL OF SCIENCES AND ENGINEERING | |
| dc.contributor.schoolcollegeinstitute | College of Engineering | |
| dc.contributor.schoolcollegeinstitute | Research Center | |
| dc.date.accessioned | 2026-07-02T07:31:50Z | |
| dc.date.issued | 2026 | |
| dc.description.abstract | Software-Defined Networks (SDN) have revolutionized modern networking by enabling flexible, programmable management of network resources. This flexibility facilitates the effective design and deployment of Machine Learning (ML)-based defense mechanisms, including Intrusion Detection Systems (IDS) and anomaly detection. However, the validity of existing SDN-based threat detection solutions for systems that use SDN utilities remains unresolved. This work presents a Systematization of Knowledge (SoK) that synthesizes the literature on ML-based SDN security. The study aims to: (i) analyze and strengthen the validity of reported success in SDN security with ML by reviewing 50 recent high-ranking papers, using a taxonomy-driven analysis that categorizes evaluation metrics and the use of ML models, datasets, controllers, and SDN frameworks | |
| dc.description.abstract | (ii) critically assess the state of the literature by comparing these findings with primary surveys and questioning reported accuracy rates | |
| dc.description.abstract | and (iii) identify future perspectives and key takeaways for security framework deployment, to propose solutions to address validation challenges, and to outline a hybrid model. The outlined hybrid model combines passive DL-based traffic monitoring with triggered active mitigation, mapping datasets, ML model families, and programmable enforcement mechanisms into a layered SDN defense to improve validity, efficiency, and real-world deployability. | |
| dc.description.fulltext | No | |
| dc.description.harvestedfrom | Manual | |
| dc.description.indexedby | WOS | |
| dc.description.indexedby | Scopus | |
| dc.description.openaccess | Green Submitted, gold | |
| dc.description.publisherscope | International | |
| dc.description.readpublish | N/A | |
| dc.description.sponsoredbyTubitakEu | TÜBİTAK | |
| dc.description.sponsorship | This work was supported in part by TUB & Idot;TAK, the Scientific and Technological Research Council of Turkiye under Grant 123E462 and Grant 124N941; and in part by the National Research Foundation, Prime Minister's Office, Singapore, through the Campus for Research Excellence and Technological Enterprise (CREATE) Program | |
| dc.description.version | Published Version | |
| dc.identifier.WoSQuartile | Q2 | |
| dc.identifier.doi | 10.1109/ACCESS.2026.3673172 | |
| dc.identifier.embargo | No | |
| dc.identifier.endpage | 40787 | |
| dc.identifier.grantno | 123E462 | |
| dc.identifier.grantno | 124N941 | |
| dc.identifier.issn | 2169-3536 | |
| dc.identifier.scopus | 2-s2.0-105032799050 | |
| dc.identifier.startpage | 40769 | |
| dc.identifier.uri | https://doi.org/10.1109/ACCESS.2026.3673172 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.14288/33128 | |
| dc.identifier.volume | 14 | |
| dc.identifier.wos | 001719526900013 | |
| dc.keywords | Security | |
| dc.keywords | Taxonomy | |
| dc.keywords | Software | |
| dc.keywords | Virtualization | |
| dc.keywords | Band-pass filters | |
| dc.keywords | Software defined networking | |
| dc.keywords | Anomaly detection | |
| dc.keywords | Analytical models | |
| dc.keywords | Threat assessment | |
| dc.keywords | Reviews | |
| dc.keywords | Intrusion detection system | |
| dc.keywords | Machine learning | |
| dc.keywords | Network functions virtualization | |
| dc.keywords | Software-defined networking | |
| dc.language | eng | |
| dc.publisher | IEEE | |
| dc.relation.affiliation | Koç University | |
| dc.relation.collection | Koç University Institutional Repository | |
| dc.relation.ispartof | IEEE Access | |
| dc.relation.openaccess | N/A | |
| dc.rights | N/A | |
| dc.rights.uri | N/A | |
| dc.subject | Computer science | |
| dc.subject | Information systems | |
| dc.subject | Engineering, electrical and electronic | |
| dc.subject | Telecommunications | |
| dc.title | SoK: Software-Defined Networks Security with machine learning | |
| dc.type | Journal Article | |
| dspace.entity.type | Publication | |
| relation.isOrgUnitOfPublication | 3fc31c89-e803-4eb1-af6b-6258bc42c3d8 | |
| relation.isOrgUnitOfPublication | 89352e43-bf09-4ef4-82f6-6f9d0174ebae | |
| relation.isOrgUnitOfPublication | 77d67233-829b-4c3a-a28f-bd97ab5c12c7 | |
| relation.isOrgUnitOfPublication.latestForDiscovery | 3fc31c89-e803-4eb1-af6b-6258bc42c3d8 | |
| relation.isParentOrgUnitOfPublication | 434c9663-2b11-4e66-9399-c863e2ebae43 | |
| relation.isParentOrgUnitOfPublication | 8e756b23-2d4a-4ce8-b1b3-62c794a8c164 | |
| relation.isParentOrgUnitOfPublication | d437580f-9309-4ecb-864a-4af58309d287 | |
| relation.isParentOrgUnitOfPublication.latestForDiscovery | 434c9663-2b11-4e66-9399-c863e2ebae43 |
