{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,13]],"date-time":"2026-05-13T16:40:28Z","timestamp":1778690428290,"version":"3.51.4"},"reference-count":62,"publisher":"Springer Science and Business Media LLC","issue":"1-2","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,2,27]],"date-time":"2025-02-27T00:00:00Z","timestamp":1740614400000},"content-version":"vor","delay-in-days":57,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100007511","name":"Universidad Rey Juan Carlos","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100007511","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Wireless Pers Commun"],"published-print":{"date-parts":[[2025,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>SDN controllers become the main advantage of the architecture because they present a centralized control decision-making and general view of the network. They are, however, also a critical point that an attacker could exploit. More review of the body of research is needed regarding the types of attacks on SDN controllers, methods to detect them, and mitigation techniques directed specifically to the controller, particularly considering the approach of machine learning detection methods. This survey addresses the topics of attacks targeting the SDN controller, methods for their detection, what types of controllers are used in different studies, and datasets used in machine learning detection methods. The findings highlight that most attacks exploit vulnerabilities inherent in the OpenFlow protocol, while the detection methodologies remain primarily statistical and machine learning approaches. Additionally, the review shows that while outdated controllers like Floodlight and Ryu are still widely used in studies, actively supported controllers such as ONOS and ODL are used much less. Finally, the survey finds only two publicly available datasets tailored for SDN environments, none considering attacks directed at the controllers, illustrating a notable gap in the existing research. This survey also highlights the need for further research focusing on modern SDN controllers and developing comprehensive datasets to advance effective security solutions.<\/jats:p>","DOI":"10.1007\/s11277-025-11748-w","type":"journal-article","created":{"date-parts":[[2025,2,28]],"date-time":"2025-02-28T15:40:18Z","timestamp":1740757218000},"page":"739-775","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["Assessing SDN Controller Vulnerabilities: A Survey on Attack Typologies, Detection Mechanisms, Controller Selection, and Dataset Application in Machine Learning"],"prefix":"10.1007","volume":"140","author":[{"given":"Juliana","family":"Arevalo-Herrera","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jorge","family":"Camargo Mendoza","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jose Ignacio","family":"Mart\u00ednez Torre","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tatiana","family":"Zona-Ortiz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Juan M.","family":"Ramirez","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,2,27]]},"reference":[{"issue":"1","key":"11748_CR1","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/JPROC.2014.2371999","volume":"103","author":"D Kreutz","year":"2014","unstructured":"Kreutz, D., Ramos, F. M., Verissimo, P. E., Rothenberg, C. E., Azodolmolky, S., & Uhlig, S. (2014). Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 103(1), 14\u201376.","journal-title":"Proceedings of the IEEE"},{"issue":"2","key":"11748_CR2","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1145\/1355734.1355746","volume":"38","author":"N McKeown","year":"2008","unstructured":"McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., & Turner, J. (2008). Openflow: Enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38(2), 69\u201374.","journal-title":"ACM SIGCOMM Computer Communication Review"},{"key":"11748_CR3","unstructured":"The P4 Language Consortium: P4\u00a016\u00a0Language Specification. Accessed July 18, 2023, fromhttps:\/\/p4.org\/p4-spec\/docs\/p4-16-working-draft.html"},{"key":"11748_CR4","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2019.106984","volume":"167","author":"AA Barakabitze","year":"2020","unstructured":"Barakabitze, A. A., Ahmad, A., Mijumbi, R., & Hines, A. (2020). 5g network slicing using sdn and nfv: A survey of taxonomy, architectures and future challenges. Computer Networks, 167, 106984.","journal-title":"Computer Networks"},{"key":"11748_CR5","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11107-018-0803-7","volume":"37","author":"J Benabbou","year":"2019","unstructured":"Benabbou, J., Elbaamrani, K., & Idboufker, N. (2019). Security in openflow-based sdn, opportunities and challenges. Photonic Network Communications, 37, 1\u201323.","journal-title":"Photonic Network Communications"},{"issue":"2","key":"11748_CR6","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1007\/s40860-022-00171-8","volume":"9","author":"Y Maleh","year":"2023","unstructured":"Maleh, Y., Qasmaoui, Y., El Gholami, K., Sadqi, Y., & Mounir, S. (2023). A comprehensive survey on sdn security: Threats, mitigations, and future directions. Journal of Reliable Intelligent Environments, 9(2), 201\u2013239.","journal-title":"Journal of Reliable Intelligent Environments"},{"key":"11748_CR7","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1016\/j.future.2021.03.011","volume":"122","author":"LF Eliyan","year":"2021","unstructured":"Eliyan, L. F., & Di Pietro, R. (2021). Dos and ddos attacks in software defined networks: A survey of existing solutions and research challenges. Future Generation Computer Systems, 122, 149\u2013171.","journal-title":"Future Generation Computer Systems"},{"key":"11748_CR8","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2022.107706","volume":"99","author":"B Alhijawi","year":"2022","unstructured":"Alhijawi, B., Almajali, S., Elgala, H., Salameh, H. B., & Ayyash, M. (2022). A survey on dos\/ddos mitigation techniques in sdns: Classification, comparison, solutions, testing tools and datasets. Computers and Electrical Engineering, 99, 107706.","journal-title":"Computers and Electrical Engineering"},{"key":"11748_CR9","doi-asserted-by":"publisher","first-page":"91550","DOI":"10.1109\/ACCESS.2023.3307467","volume":"11","author":"ZA Bhuiyan","year":"2023","unstructured":"Bhuiyan, Z. A., Islam, S., Islam, M. M., Ullah, A. A., Naz, F., & Rahman, M. S. (2023). On the (in) security of the control plane of sdn architecture: A survey. IEEE Access, 11, 91550\u201391582.","journal-title":"IEEE Access"},{"key":"11748_CR10","doi-asserted-by":"publisher","first-page":"45820","DOI":"10.1109\/ACCESS.2022.3168972","volume":"10","author":"M Rahouti","year":"2022","unstructured":"Rahouti, M., Xiong, K., Xin, Y., Jagatheesaperumal, S. K., Ayyash, M., & Shaheed, M. (2022). Sdn security review: Threat taxonomy, implications, and open challenges. IEEE Access, 10, 45820\u201345854.","journal-title":"IEEE Access"},{"key":"11748_CR11","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2020.100279","volume":"37","author":"J Singh","year":"2020","unstructured":"Singh, J., & Behal, S. (2020). Detection and mitigation of ddos attacks in sdn: A comprehensive review, research challenges and future directions. Computer Science Review, 37, 100279.","journal-title":"Computer Science Review"},{"issue":"16","key":"11748_CR12","doi-asserted-by":"publisher","first-page":"5300","DOI":"10.1002\/cpe.5300","volume":"32","author":"T Han","year":"2020","unstructured":"Han, T., Jan, S. R. U., Tan, Z., Usman, M., Jan, M. A., Khan, R., & Xu, Y. (2020). A comprehensive survey of security threats and their mitigation techniques for next-generation sdn controllers. Concurrency and Computation: Practice and Experience, 32(16), 5300.","journal-title":"Concurrency and Computation: Practice and Experience"},{"key":"11748_CR13","doi-asserted-by":"crossref","unstructured":"Brooks, M., & Yang, B. (2015). A man-in-the-middle attack against opendaylight sdn controller. In Proceedings of the 4th annual ACM conference on research in information technology (pp. 45\u201349).","DOI":"10.1145\/2808062.2808073"},{"key":"11748_CR14","doi-asserted-by":"crossref","unstructured":"Shan-Shan, J., & Ya-Bin, X. (2018). The apt detection method based on attack tree for sdn. In Proceedings of the 2nd international conference on cryptography, security and privacy (pp. 116\u2013121).","DOI":"10.1145\/3199478.3199481"},{"issue":"7","key":"11748_CR15","doi-asserted-by":"publisher","first-page":"2146","DOI":"10.1109\/LCOMM.2021.3075898","volume":"25","author":"N Ravi","year":"2021","unstructured":"Ravi, N., & Shalinie, S. M. (2021). Blacknurse-sc: A novel attack on sdn controller. IEEE Communications Letters, 25(7), 2146\u20132150. https:\/\/doi.org\/10.1109\/LCOMM.2021.3075898","journal-title":"IEEE Communications Letters"},{"issue":"1","key":"11748_CR16","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/TNET.2021.3105187","volume":"30","author":"K-Y Chen","year":"2021","unstructured":"Chen, K.-Y., Liu, S., Xu, Y., Siddhrau, I. K., Zhou, S., Guo, Z., & Chao, H. J. (2021). Sdnshield: nfv-based defense framework against ddos attacks on sdn control plane. IEEE\/ACM Transactions on Networking, 30(1), 1\u201317.","journal-title":"IEEE\/ACM Transactions on Networking"},{"issue":"3","key":"11748_CR17","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/s10922-023-09749-w","volume":"31","author":"M Cherian","year":"2023","unstructured":"Cherian, M., & Varma, S. L. (2023). Secure sdn-iot framework for ddos attack detection using deep learning and counter based approach. Journal of Network and Systems Management, 31(3), 54.","journal-title":"Journal of Network and Systems Management"},{"key":"11748_CR18","doi-asserted-by":"crossref","unstructured":"Singh, V., Rajarajeswari, S., Kanavalli, A., & Sanjeetha, R. (2022). Mitigation of ddos attack in sdn using table miss-entry. In 2022 4th international conference on circuits, control, communication and computing (I4C) (pp. 6\u201311). IEEE.","DOI":"10.1109\/I4C57141.2022.10057725"},{"issue":"1","key":"11748_CR19","doi-asserted-by":"publisher","first-page":"745","DOI":"10.1109\/TNSM.2020.3037124","volume":"18","author":"N Ravi","year":"2020","unstructured":"Ravi, N., Shalinie, S. M., Lal, C., & Conti, M. (2020). Aegis: Detection and mitigation of tcp syn flood on sdn controller. IEEE Transactions on Network and Service Management, 18(1), 745\u2013759.","journal-title":"IEEE Transactions on Network and Service Management"},{"issue":"7","key":"11748_CR20","doi-asserted-by":"publisher","first-page":"1174","DOI":"10.1109\/LCOMM.2019.2896928","volume":"23","author":"AS Alshra\u2019a","year":"2019","unstructured":"Alshra\u2019a, A. S., & Seitz, J. (2019). Using inspector device to stop packet injection attack in sdn. IEEE Communications Letters, 23(7), 1174\u20131177.","journal-title":"IEEE Communications Letters"},{"key":"11748_CR21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s13673-019-0176-7","volume":"9","author":"M Imran","year":"2019","unstructured":"Imran, M., Durad, M. H., Khan, F. A., & Derhab, A. (2019). Reducing the effects of dos attacks in software defined networks using parallel flow installation. Human-Centric Computing and Information Sciences, 9, 1\u201319.","journal-title":"Human-Centric Computing and Information Sciences"},{"key":"11748_CR22","doi-asserted-by":"crossref","unstructured":"Mehr, S. Y., & Ramamurthy, B. (2019). An svm based ddos attack detection method for ryu sdn controller. In Proceedings of the 15th international conference on emerging networking experiments and technologies (pp. 72\u201373).","DOI":"10.1145\/3360468.3368183"},{"key":"11748_CR23","doi-asserted-by":"crossref","unstructured":"Goksel, N., & Demirci, M. (2019). Dos attack detection using packet statistics in sdn. In 2019 international symposium on networks, computers and communications (ISNCC) (pp. 1\u20136). IEEE.","DOI":"10.1109\/ISNCC.2019.8909114"},{"issue":"2","key":"11748_CR24","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1007\/s10922-020-09580-7","volume":"29","author":"N Agrawal","year":"2021","unstructured":"Agrawal, N., & Tapaswi, S. (2021). An sdn-assisted defense mechanism for the shrew ddos attack in a cloud computing environment. Journal of Network and Systems Management, 29(2), 12.","journal-title":"Journal of Network and Systems Management"},{"key":"11748_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10207-023-00685-z","volume":"22","author":"S Ahmad","year":"2023","unstructured":"Ahmad, S., & Mir, A. H. (2023). Protection of centralized sdn control plane from high-rate packet-in messages. International Journal of Information Security, 22, 1\u201310.","journal-title":"International Journal of Information Security"},{"key":"11748_CR26","doi-asserted-by":"crossref","unstructured":"Khamaiseh, S., Serra, E., Li, Z., & Xu, D. (2019). Detecting saturation attacks in sdn via machine learning. In 2019 4th international conference on computing, communications and security (ICCCS) (pp. 1\u20138). IEEE.","DOI":"10.1109\/CCCS.2019.8888049"},{"key":"11748_CR27","doi-asserted-by":"crossref","unstructured":"Cui, J., Zhang, J., He, J., Zhong, H., & Lu, Y. (2020). Ddos detection and defense mechanism for sdn controllers with k-means. In 2020 IEEE\/ACM 13th international conference on utility and cloud computing (UCC) (pp. 394\u2013401). IEEE.","DOI":"10.1109\/UCC48980.2020.00062"},{"issue":"3","key":"11748_CR28","doi-asserted-by":"publisher","first-page":"1103","DOI":"10.3390\/app12031103","volume":"12","author":"J Li","year":"2022","unstructured":"Li, J., Qin, S., Tu, T., Zhang, H., & Li, Y. (2022). Packet injection exploiting attack and mitigation in software-defined networks. Applied Sciences, 12(3), 1103.","journal-title":"Applied Sciences"},{"key":"11748_CR29","doi-asserted-by":"crossref","unstructured":"Zhan, X., Chen, M., Yu, S., & Zhang, Y. (2019). Adaptive detection method for packet-in message injection attack in sdn. In Algorithms and architectures for parallel processing: 19th international conference, ICA3PP 2019, Melbourne, VIC, Australia, December 9\u201311, Proceedings, Part II 19 (pp. 482\u2013495) (2020). Springer.","DOI":"10.1007\/978-3-030-38961-1_42"},{"key":"11748_CR30","doi-asserted-by":"publisher","first-page":"6797","DOI":"10.1007\/s00500-018-3407-3","volume":"22","author":"D Gao","year":"2018","unstructured":"Gao, D., Liu, Z., Liu, Y., Foh, C. H., Zhi, T., & Chao, H.-C. (2018). Defending against packet-in messages flooding attack under sdn context. Soft Computing, 22, 6797\u20136809.","journal-title":"Soft Computing"},{"issue":"11","key":"11748_CR31","doi-asserted-by":"publisher","first-page":"9349","DOI":"10.1007\/s13369-019-04059-3","volume":"44","author":"F Khellah","year":"2019","unstructured":"Khellah, F. (2019). Control plane packet-in arrival rate analysis for denial-of-service saturation attacks detection and mitigation in software-defined networks. Arabian Journal for Science and Engineering, 44(11), 9349\u20139362.","journal-title":"Arabian Journal for Science and Engineering"},{"key":"11748_CR32","doi-asserted-by":"publisher","first-page":"155859","DOI":"10.1109\/ACCESS.2020.3019330","volume":"8","author":"JA Perez-Diaz","year":"2020","unstructured":"Perez-Diaz, J. A., Valdovinos, I. A., Choo, K.-K.R., & Zhu, D. (2020). A flexible sdn-based architecture for identifying and mitigating low-rate ddos attacks using machine learning. IEEE Access, 8, 155859\u2013155872.","journal-title":"IEEE Access"},{"issue":"4","key":"11748_CR33","doi-asserted-by":"publisher","first-page":"3011","DOI":"10.1007\/s10586-021-03309-0","volume":"24","author":"H Aldabbas","year":"2021","unstructured":"Aldabbas, H., & Amin, R. (2021). A novel mechanism to handle address spoofing attacks in sdn based iot. Cluster Computing, 24(4), 3011\u20133026.","journal-title":"Cluster Computing"},{"key":"11748_CR34","doi-asserted-by":"crossref","unstructured":"Soltani, S., Shojafar, M., Mostafaei, H., Pooranian, Z., & Tafazolli, R. (2021). Link latency attack in software-defined networks. In 2021 17th international conference on network and service management (CNSM) (pp. 187\u2013193). IEEE.","DOI":"10.23919\/CNSM52442.2021.9615598"},{"issue":"1","key":"11748_CR35","doi-asserted-by":"publisher","first-page":"39","DOI":"10.26599\/TST.2021.9010077","volume":"28","author":"Y Gao","year":"2022","unstructured":"Gao, Y., & Xu, M. (2022). Defense against software-defined network topology poisoning attacks. Tsinghua Science and Technology, 28(1), 39\u201346.","journal-title":"Tsinghua Science and Technology"},{"issue":"1","key":"11748_CR36","doi-asserted-by":"publisher","first-page":"510","DOI":"10.1109\/TNSM.2021.3109099","volume":"19","author":"P Shrivastava","year":"2021","unstructured":"Shrivastava, P., & Kataoka, K. (2021). Topology poisoning attacks and prevention in hybrid software-defined networks. IEEE Transactions on Network and Service Management, 19(1), 510\u2013523.","journal-title":"IEEE Transactions on Network and Service Management"},{"key":"11748_CR37","doi-asserted-by":"crossref","unstructured":"Bui, T., Antikainen, M., & Aura, T. (2019). Analysis of topology poisoning attacks in software-defined networking. In Secure IT systems: 24th Nordic conference, NordSec 2019, Aalborg, Denmark, November 18\u201320, 2019, Proceedings 24 (pp. 87\u2013102). Springer.","DOI":"10.1007\/978-3-030-35055-0_6"},{"key":"11748_CR38","doi-asserted-by":"crossref","unstructured":"Kaur, N., Singh, A. K., Kumar, N., & Srivastava, S. (2017). Performance impact of topology poisoning attack in sdn and its countermeasure. In Proceedings of the 10th international conference on security of information and networks (pp. 179\u2013184).","DOI":"10.1145\/3136825.3136881"},{"issue":"2","key":"11748_CR39","doi-asserted-by":"publisher","first-page":"904","DOI":"10.1109\/TNET.2022.3203561","volume":"31","author":"D Kong","year":"2022","unstructured":"Kong, D., Shen, Y., Chen, X., Cheng, Q., Liu, H., Zhang, D., Liu, X., Chen, S., & Wu, C. (2022). Combination attacks and defenses on sdn topology discovery. IEEE\/ACM Transactions on Networking, 31(2), 904\u2013919.","journal-title":"IEEE\/ACM Transactions on Networking"},{"key":"11748_CR40","doi-asserted-by":"crossref","unstructured":"Macwan, S., & Lung, C.-H. (2019). Investigation of moving target defense technique to prevent poisoning attacks in sdn. In 2019 IEEE World Congress on Services (SERVICES) (Vol. 2642, pp. 178\u2013183). IEEE.","DOI":"10.1109\/SERVICES.2019.00050"},{"issue":"1","key":"11748_CR41","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1007\/s10922-022-09714-z","volume":"31","author":"D Smyth","year":"2023","unstructured":"Smyth, D., Scott-Hayward, S., Cionca, V., McSweeney, S., & O\u2019Shea, D. (2023). Secap switch-defeating topology poisoning attacks using p4 data planes. Journal of Network and Systems Management, 31(1), 28.","journal-title":"Journal of Network and Systems Management"},{"key":"11748_CR42","doi-asserted-by":"crossref","unstructured":"Alimohammadifar, A., Majumdar, S., Madi, T., Jarraya, Y., Pourzandi, M., Wang, L., & Debbabi, M. (2018). Stealthy probing-based verification (spv): An active approach to defending software defined networks against topology poisoning attacks. In Computer Security: 23rd European symposium on research in computer security, ESORICS 2018, Barcelona, Spain, September 3\u20137, 2018, Proceedings, Part II 23 (pp. 463\u2013484). Springer.","DOI":"10.1007\/978-3-319-98989-1_23"},{"issue":"4","key":"11748_CR43","doi-asserted-by":"publisher","first-page":"839","DOI":"10.1007\/s11390-022-1495-0","volume":"37","author":"X-B Huang","year":"2022","unstructured":"Huang, X.-B., Xue, K.-P., Xing, Y.-T., Hu, D.-W., Li, R., & Sun, Q.-B. (2022). An efficient scheme to defend data-to-control-plane saturation attacks in software-defined networking. Journal of Computer Science and Technology, 37(4), 839\u2013851.","journal-title":"Journal of Computer Science and Technology"},{"issue":"1","key":"11748_CR44","doi-asserted-by":"publisher","first-page":"607","DOI":"10.1109\/TNSM.2019.2959268","volume":"17","author":"Z Li","year":"2019","unstructured":"Li, Z., Xing, W., Khamaiseh, S., & Xu, D. (2019). Detecting saturation attacks based on self-similarity of openflow traffic. IEEE Transactions on Network and Service Management, 17(1), 607\u2013621.","journal-title":"IEEE Transactions on Network and Service Management"},{"issue":"5","key":"11748_CR45","doi-asserted-by":"publisher","first-page":"2158","DOI":"10.1109\/TNET.2022.3169136","volume":"30","author":"R Xie","year":"2022","unstructured":"Xie, R., Cao, J., Li, Q., Sun, K., Gu, G., Xu, M., & Yang, Y. (2022). Disrupting the sdn control channel via shared links: Attacks and countermeasures. IEEE\/ACM Transactions on Networking, 30(5), 2158\u20132172.","journal-title":"IEEE\/ACM Transactions on Networking"},{"key":"11748_CR46","doi-asserted-by":"publisher","first-page":"34885","DOI":"10.1109\/ACCESS.2019.2904236","volume":"7","author":"RU Rasool","year":"2019","unstructured":"Rasool, R. U., Ashraf, U., Ahmed, K., Wang, H., Rafique, W., & Anwar, Z. (2019). Cyberpulse: A machine learning based link flooding attack mitigation system for software defined networks. IEEE Access, 7, 34885\u201334899. https:\/\/doi.org\/10.1109\/ACCESS.2019.2904236","journal-title":"IEEE Access"},{"key":"11748_CR47","doi-asserted-by":"crossref","unstructured":"Dixit, V. H., Doup\u00e9, A., Shoshitaishvili, Y., Zhao, Z., & Ahn, G.-J. (2018). Aim-sdn: Attacking information mismanagement in sdn-datastores. In Proceedings of the 2018 ACM SIGSAC conference on computer and communications security (pp. 664\u2013676).","DOI":"10.1145\/3243734.3243799"},{"issue":"2","key":"11748_CR48","doi-asserted-by":"publisher","first-page":"1851","DOI":"10.1109\/COMST.2019.2891891","volume":"21","author":"A Alshamrani","year":"2019","unstructured":"Alshamrani, A., Myneni, S., Chowdhary, A., & Huang, D. (2019). A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities. IEEE Communications Surveys & Tutorials, 21(2), 1851\u20131877.","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"11748_CR49","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2023.109642","volume":"225","author":"H Zhou","year":"2023","unstructured":"Zhou, H., Zheng, Y., Jia, X., & Shu, J. (2023). Collaborative prediction and detection of ddos attacks in edge computing: A deep learning-based approach with distributed sdn. Computer Networks, 225, 109642.","journal-title":"Computer Networks"},{"key":"11748_CR50","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2022.107757","volume":"99","author":"N Ahuja","year":"2022","unstructured":"Ahuja, N., Singal, G., Mukhopadhyay, D., & Nehra, A. (2022). Ascertain the efficient machine learning approach to detect different arp attacks. Computers and Electrical Engineering, 99, 107757.","journal-title":"Computers and Electrical Engineering"},{"key":"11748_CR51","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1007\/s41635-020-00105-x","volume":"5","author":"VK Tchendji","year":"2021","unstructured":"Tchendji, V. K., Mvah, F., Djamegni, C. T., & Yankam, Y. F. (2021). E2basep: Efficient bayes based security protocol against arp spoofing attacks in sdn architectures. Journal of Hardware and Systems Security, 5, 58\u201374.","journal-title":"Journal of Hardware and Systems Security"},{"key":"11748_CR52","doi-asserted-by":"crossref","unstructured":"Xu, Y., Ma, J., & Zhong, S. (2020). Detection and defense against ddos attack on sdn controller based on spatiotemporal feature. In Security and privacy in digital economy: First international conference, SPDE 2020, Quzhou, China, October 30\u2013November 1, 2020, Proceedings 1 (pp. 3\u201318). Springer.","DOI":"10.1007\/978-981-15-9129-7_1"},{"issue":"4","key":"11748_CR53","doi-asserted-by":"publisher","first-page":"3147","DOI":"10.1007\/s10586-021-03328-x","volume":"24","author":"AK Rangisetti","year":"2021","unstructured":"Rangisetti, A. K., Dwivedi, R., & Singh, P. (2021). Denial of arp spoofing in sdn and nfv enabled cloud-fog-edge platforms. Cluster Computing, 24(4), 3147\u20133172.","journal-title":"Cluster Computing"},{"issue":"6","key":"11748_CR54","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3421764","volume":"53","author":"L Zhu","year":"2020","unstructured":"Zhu, L., Karim, M. M., Sharif, K., Xu, C., Li, F., Du, X., & Guizani, M. (2020). Sdn controllers: A comprehensive analysis and performance evaluation study. ACM Computing Surveys (CSUR), 53(6), 1\u201340.","journal-title":"ACM Computing Surveys (CSUR)"},{"key":"11748_CR55","doi-asserted-by":"crossref","unstructured":"Arevalo\u00a0Herrera, J., & Camargo, J. E. (2019). A survey on machine learning applications for software defined network security. In Applied Cryptography and Network Security Workshops: ACNS 2019 Satellite Workshops, SiMLA, Cloud S &P, AIBlock, and AIoTS, Bogota, Colombia, June 5\u20137, 2019, Proceedings 17 (pp. 70\u201393). Springer.","DOI":"10.1007\/978-3-030-29729-9_4"},{"key":"11748_CR56","doi-asserted-by":"crossref","unstructured":"Sarica, A. K., Angin, P. (2020). A novel sdn dataset for intrusion detection in iot networks. In 2020 16th international conference on network and service management (CNSM) (pp. 1\u20135). IEEE.","DOI":"10.23919\/CNSM50824.2020.9269042"},{"key":"11748_CR57","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1016\/j.comnet.2018.03.021","volume":"137","author":"N Anand","year":"2018","unstructured":"Anand, N., Babu, S., & Manoj, B. (2018). On detecting compromised controller in software defined networks. Computer Networks, 137, 107\u2013118.","journal-title":"Computer Networks"},{"key":"11748_CR58","doi-asserted-by":"publisher","first-page":"165263","DOI":"10.1109\/ACCESS.2020.3022633","volume":"8","author":"MS Elsayed","year":"2020","unstructured":"Elsayed, M. S., Le-Khac, N.-A., & Jurcut, A. D. (2020). Insdn: A novel sdn intrusion dataset. IEEE Access, 8, 165263\u2013165284.","journal-title":"IEEE Access"},{"key":"11748_CR59","doi-asserted-by":"crossref","unstructured":"Draper-Gil, G., Lashkari, A. H., Mamun, M. S. I., & Ghorbani, A. A. (2016). Characterization of encrypted and vpn traffic using time-related. In Proceedings of the 2nd international conference on information systems security and privacy (ICISSP) (pp. 407\u2013414).","DOI":"10.5220\/0005740704070414"},{"key":"11748_CR60","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2021.103108","volume":"187","author":"N Ahuja","year":"2021","unstructured":"Ahuja, N., Singal, G., Mukhopadhyay, D., & Kumar, N. (2021). Automated ddos attack detection in software defined networking. Journal of Network and Computer Applications, 187, 103108.","journal-title":"Journal of Network and Computer Applications"},{"key":"11748_CR61","doi-asserted-by":"crossref","unstructured":"Huang, C.-H., Lee, T.-H., Chang, L.-h., Lin, J.-R., & Horng, G. (2019). Adversarial attacks on sdn-based deep learning ids system. In Mobile and wireless technology 2018: International conference on mobile and wireless technology (ICMWT 2018) (pp. 181\u2013191). Springer.","DOI":"10.1007\/978-981-13-1059-1_17"},{"issue":"16","key":"11748_CR62","doi-asserted-by":"publisher","first-page":"5402","DOI":"10.1002\/cpe.5402","volume":"32","author":"R Santos","year":"2020","unstructured":"Santos, R., Souza, D., Santo, W., Ribeiro, A., & Moreno, E. (2020). Machine learning algorithms to detect ddos attacks in sdn. Concurrency and Computation: Practice and Experience, 32(16), 5402.","journal-title":"Concurrency and Computation: Practice and Experience"}],"container-title":["Wireless Personal Communications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11277-025-11748-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11277-025-11748-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11277-025-11748-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,12]],"date-time":"2025-03-12T12:50:45Z","timestamp":1741783845000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11277-025-11748-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1]]},"references-count":62,"journal-issue":{"issue":"1-2","published-print":{"date-parts":[[2025,1]]}},"alternative-id":["11748"],"URL":"https:\/\/doi.org\/10.1007\/s11277-025-11748-w","relation":{},"ISSN":["0929-6212","1572-834X"],"issn-type":[{"value":"0929-6212","type":"print"},{"value":"1572-834X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1]]},"assertion":[{"value":"6 February 2025","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 February 2025","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that there are no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical Approval"}}]}}