{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,8]],"date-time":"2026-06-08T14:01:28Z","timestamp":1780927288370,"version":"3.54.1"},"reference-count":190,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computer Networks"],"published-print":{"date-parts":[[2025,11]]},"DOI":"10.1016\/j.comnet.2025.111711","type":"journal-article","created":{"date-parts":[[2025,9,13]],"date-time":"2025-09-13T14:18:48Z","timestamp":1757773128000},"page":"111711","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":3,"special_numbering":"C","title":["A comprehensive survey of DDoS attack defense systems for different SDN architectures"],"prefix":"10.1016","volume":"272","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7650-2010","authenticated-orcid":false,"given":"Mitali","family":"Sinha","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"issue":"3","key":"10.1016\/j.comnet.2025.111711_bib0001","doi-asserted-by":"crossref","first-page":"1617","DOI":"10.1109\/SURV.2014.012214.00180","article-title":"A survey of software-defined networking: past, present, and future of programmable networks","volume":"16","author":"Astuto","year":"2014","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"10.1016\/j.comnet.2025.111711_bib0002","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1145\/1355734.1355746","article-title":"OpenFlow: enabling innovation in campus networks","volume":"38","author":"McKeown","year":"2008","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"10.1016\/j.comnet.2025.111711_bib0003","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1145\/1096536.1096541","article-title":"A clean slate 4D approach to network control and management","volume":"35","author":"Greenberg","year":"2005","journal-title":"ACM SIGCOMM, Comput. Commun. Rev."},{"issue":"4","key":"10.1016\/j.comnet.2025.111711_bib0004","doi-asserted-by":"crossref","first-page":"3542","DOI":"10.1109\/COMST.2018.2839348","article-title":"Comparative analysis of control plane security of SDN and conventional networks","volume":"20","author":"Abdou","year":"2018","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"10.1016\/j.comnet.2025.111711_bib0005","series-title":"2015 IFIP\/IEEE International Symposium on Integrated Network Management (IM)","first-page":"1322","article-title":"Denial-of-service attacks in OpenFlow SDN networks","author":"Kandoi","year":"2015"},{"issue":"4","key":"10.1016\/j.comnet.2025.111711_bib0006","doi-asserted-by":"crossref","first-page":"2317","DOI":"10.1109\/COMST.2015.2474118","article-title":"Security in software defined networks: a survey","volume":"17","author":"Ahmad","year":"2015","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"1","key":"10.1016\/j.comnet.2025.111711_bib0007","doi-asserted-by":"crossref","first-page":"623","DOI":"10.1109\/COMST.2015.2453114","article-title":"A survey of security in software defined networks","volume":"18","author":"Scott-Hayward","year":"2016","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"10.1016\/j.comnet.2025.111711_bib0008","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2021.102423","article-title":"A comprehensive survey of DDoS defense solutions in SDN: taxonomy, research challenges, and future directions","volume":"110","author":"Kaur","year":"2021","journal-title":"Comput. Secur."},{"key":"10.1016\/j.comnet.2025.111711_bib0009","doi-asserted-by":"crossref","DOI":"10.1016\/j.jnca.2021.103093","article-title":"Emerging DDoS attack detection and mitigation strategies in software-defined networks: taxonomy, challenges and future directions","volume":"187","author":"Valdovinos","year":"2021","journal-title":"J. Netw. Comput. Appl."},{"key":"10.1016\/j.comnet.2025.111711_bib0010","doi-asserted-by":"crossref","DOI":"10.1016\/j.jnca.2021.103156","article-title":"Towards DDoS detection mechanisms in software-defined networking","volume":"190","author":"Cui","year":"2021","journal-title":"J. Netw. Comput. Appl."},{"key":"10.1016\/j.comnet.2025.111711_bib0011","doi-asserted-by":"crossref","DOI":"10.1016\/j.comnet.2023.109895","article-title":"A comprehensive survey on DDoS defense systems: new trends and challenges","volume":"233","author":"Li","year":"2023","journal-title":"Comput. Netw."},{"key":"10.1016\/j.comnet.2025.111711_bib0012","series-title":"Machine Learning for Cyber Security","article-title":"Overview of DDoS attack research under SDN","volume":"13656","author":"Guo","year":"2023"},{"key":"10.1016\/j.comnet.2025.111711_bib0013","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1016\/j.comcom.2024.04.035","article-title":"DoS\/DDoS attacks in software defined networks: current situation, challenges and future directions","volume":"222","author":"Setitra","year":"2024","journal-title":"Comput. Commun."},{"key":"10.1016\/j.comnet.2025.111711_bib0014","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103652","article-title":"DDOS attack detection in SDN: method of attacks, detection techniques, challenges and research gaps","volume":"139","author":"Wabi","year":"2024","journal-title":"Comput. Secur."},{"key":"10.1016\/j.comnet.2025.111711_bib0015","doi-asserted-by":"crossref","first-page":"35253","DOI":"10.1007\/s11042-023-16781-0","article-title":"A comprehensive survey on low-rate and high-rate DDoS defense approaches in SDN: taxonomy, research challenges, and opportunities","volume":"83","author":"Karnani","year":"2024","journal-title":"Multimed. Tools Appl."},{"key":"10.1016\/j.comnet.2025.111711_bib0016","doi-asserted-by":"crossref","first-page":"6386","DOI":"10.1002\/sec.1759","article-title":"Research trends in security and DDoS in SDN","volume":"9","author":"Dayal","year":"2016","journal-title":"Secur. Commun. Netw."},{"key":"10.1016\/j.comnet.2025.111711_bib0017","doi-asserted-by":"crossref","first-page":"80813","DOI":"10.1109\/ACCESS.2019.2922196","article-title":"A survey on distributed denial of service (DDoS) attacks in SDN and cloud computing environments","volume":"7","author":"Dong","year":"2019","journal-title":"IEEE Access"},{"key":"10.1016\/j.comnet.2025.111711_bib0018","doi-asserted-by":"crossref","first-page":"122016","DOI":"10.1109\/ACCESS.2021.3109564","article-title":"A survey of the main security issues and solutions for the SDN architecture","volume":"9","author":"Jim\u00e9nez","year":"2021","journal-title":"IEEE Access"},{"key":"10.1016\/j.comnet.2025.111711_bib0019","doi-asserted-by":"crossref","first-page":"1949","DOI":"10.1007\/s10207-023-00728-5","article-title":"Investigation of application layer DDoS attacks in legacy and software-defined networks: a comprehensive review","volume":"22","author":"Kaur","year":"2023","journal-title":"Int. J. Inf. Secur."},{"key":"10.1016\/j.comnet.2025.111711_bib0020","article-title":"A comprehensive survey on DDoS attacks detection & mitigation in SDN-IoT network","volume":"8","author":"Singh","year":"2024","journal-title":"e Prime Adv. Electr. Eng. Electron. Energy"},{"key":"10.1016\/j.comnet.2025.111711_bib0021","doi-asserted-by":"crossref","DOI":"10.1016\/j.jnca.2024.104081","article-title":"A comprehensive plane-wise review of DDoS attacks in SDN: leveraging detection and mitigation through machine learning and deep learning","volume":"235","author":"Kalambe","year":"2025","journal-title":"J. Netw. Comput. Appl."},{"key":"10.1016\/j.comnet.2025.111711_bib0022","doi-asserted-by":"crossref","DOI":"10.1016\/j.cosrev.2024.100692","article-title":"A comprehensive review on software-defined networking (SDN) and DDoS attacks: ecosystem, taxonomy, traffic engineering, challenges and research directions","volume":"55","author":"Kaur","year":"2025","journal-title":"Comput. Sci. Rev."},{"key":"10.1016\/j.comnet.2025.111711_bib0023","doi-asserted-by":"crossref","first-page":"3533","DOI":"10.1007\/s13369-023-08075-2","article-title":"A comprehensive analysis of machine learning- and deep learning-based solutions for DDoS attack detection in SDN","volume":"49","author":"Aslam","year":"2024","journal-title":"Arab. J. Sci. Eng."},{"key":"10.1016\/j.comnet.2025.111711_bib0024","doi-asserted-by":"crossref","first-page":"634","DOI":"10.1007\/s43538-022-00126-w","article-title":"Review of game theory approaches for DDoS mitigation by SDN","volume":"88","author":"Rathore","year":"2022","journal-title":"Proc. Indian Natl. Sci. Acad."},{"key":"10.1016\/j.comnet.2025.111711_bib0025","article-title":"A survey on DoS\/DDoS attacks mathematical modelling for traditional, SDN and virtual networks","volume":"31","author":"Balarezo","year":"2022","journal-title":"Eng. Sci. Technol., Int. J."},{"key":"10.1016\/j.comnet.2025.111711_bib0026","series-title":"Towards new e-Infrastructure and e-Services for Developing Countries","article-title":"Mathematical analysis of DDoS attacks in SDN-based 5G","volume":"499","author":"Biaou","year":"2023"},{"key":"10.1016\/j.comnet.2025.111711_bib0027","series-title":"2023 International Conference on Wireless Communications Signal Processing and Networking (WiSPNET)","first-page":"1","article-title":"DDoS vulnerabilities analysis in SDN controllers: understanding the attacking strategies","author":"Sinha","year":"2023"},{"key":"10.1016\/j.comnet.2025.111711_bib0028","doi-asserted-by":"crossref","first-page":"43","DOI":"10.1007\/s10922-023-09732-5","article-title":"On profiling, benchmarking and behavioral analysis of SDN architecture under DDoS attacks","volume":"31","author":"Thanh","year":"2023","journal-title":"J. Netw. Syst. Manag."},{"key":"10.1016\/j.comnet.2025.111711_bib0029","doi-asserted-by":"crossref","first-page":"509","DOI":"10.1016\/j.comcom.2020.02.085","article-title":"New-flow based DDoS attacks in SDN: taxonomy, rationales, and research challenges","volume":"154","author":"Singh","year":"2020","journal-title":"Comput. Commun."},{"issue":"4","key":"10.1016\/j.comnet.2025.111711_bib0030","first-page":"103:1","article-title":"When SDN meets low-rate threats: a survey of attacks and countermeasures in programmable networks","volume":"57","author":"Tang","year":"2024","journal-title":"ACM Comput. Surv."},{"key":"10.1016\/j.comnet.2025.111711_bib0031","series-title":"2021 Mohammad Ali Jinnah University International Conference on Computing (MAJICC)","first-page":"1","article-title":"Comparative analysis of traditional and software defined networks","author":"Awais","year":"2021"},{"issue":"1","key":"10.1016\/j.comnet.2025.111711_bib0032","doi-asserted-by":"crossref","first-page":"325","DOI":"10.1109\/COMST.2016.2618874","article-title":"Software defined networking architecture, security and energy efficiency: a survey","volume":"19","author":"Rawat","year":"2017","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"10.1016\/j.comnet.2025.111711_bib0033","series-title":"Proceedings of the 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM)","first-page":"1","article-title":"Ethane: taking control of the enterprise","volume":"37","author":"Casado","year":"2007"},{"key":"10.1016\/j.comnet.2025.111711_bib0034","series-title":"8th European Conference on Electrotechnics, Conference Proceedings on Area Communication","first-page":"343","article-title":"The SOFTNET project: a retrospect","author":"Zander","year":"1988"},{"key":"10.1016\/j.comnet.2025.111711_bib0035","series-title":"Proceedings DARPA Active Networks Conference and Exposition","first-page":"2","article-title":"Towards an active network architecture","author":"Tennenhouse","year":"2002"},{"issue":"1","key":"10.1016\/j.comnet.2025.111711_bib0036","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1109\/TSMCC.2003.818493","article-title":"Active networking: one view of the past, present, and future","volume":"34","author":"Smith","year":"2004","journal-title":"IEEE Trans. Syst., Man, Cybern., Part C (Appl. Rev.)"},{"key":"10.1016\/j.comnet.2025.111711_bib0037","series-title":"2015 IEEE Trustcom\/BigDataSE\/ISPA","first-page":"834","article-title":"A secure northbound interface for SDN applications","volume":"1","author":"Banse","year":"2015"},{"key":"10.1016\/j.comnet.2025.111711_bib0038","unstructured":"OpenDaylight: a linux foundation collaborative project, accessed on: 3-September-2020. [Online]. available: https:\/\/www.opendaylight.org."},{"issue":"1","key":"10.1016\/j.comnet.2025.111711_bib0039","doi-asserted-by":"crossref","first-page":"493","DOI":"10.1109\/SURV.2013.081313.00105","article-title":"Network innovation using OpenFlow: a survey","volume":"16","author":"Lara","year":"2014","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"2","key":"10.1016\/j.comnet.2025.111711_bib0040","doi-asserted-by":"crossref","first-page":"488","DOI":"10.1109\/TNET.2011.2165323","article-title":"Bit weaving: a non-prefix approach to compressing packet classifiers in tcams","volume":"20","author":"Meiners","year":"2012","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"10.1016\/j.comnet.2025.111711_bib0041","unstructured":"Open vSwitch, accessed on:26-April-2020. [Online]. Available: http:\/\/openvswitch.org\/."},{"key":"10.1016\/j.comnet.2025.111711_bib0042","unstructured":"Pantou: Openflow 1.3 for OpenWRT, accessed on:26-April-2020. [Online]. Available: http:\/\/github.com\/CPqD\/ofsoftswitch13\/wiki\/OpenFlow-1.3-for-OpenWRT."},{"key":"10.1016\/j.comnet.2025.111711_bib0043","unstructured":"Ofsoftswitch13, accessed on: 26-April-2020. [Online]. Available: https:\/\/github.com\/CPqD\/ofsoftswitch13."},{"key":"10.1016\/j.comnet.2025.111711_bib0044","unstructured":"Indigo: Open Source OpenFlow Switches, accessed on: 26-April-2020. [Online]. Available: https:\/\/floodlight.atlassian.net\/wiki\/spaces\/HOME\/overview."},{"key":"10.1016\/j.comnet.2025.111711_bib0045","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1016\/j.jnca.2019.03.006","article-title":"Analytical modelling of software and hardware switches with internal buffer in software-defined networks","volume":"136","author":"Singh","year":"2019","journal-title":"J. Netw. Comput. Appl."},{"key":"10.1016\/j.comnet.2025.111711_bib0046","unstructured":"OpenFlow Switch Specifications Version 1.0, accessed on: 31-July-2020. [Online]. Available: https:\/\/opennetworking.org\/wp-content\/uploads\/2013\/04\/openflow-spec-v1.0.0.pdf."},{"key":"10.1016\/j.comnet.2025.111711_bib0047","unstructured":"OpenFlow Switch Specifications Version 1.3, accessed on: 31-July-2020. [Online]. Available: https:\/\/opennetworking.org\/wp-content\/uploads\/2014\/10\/openflow-switch-v1.3.5.pdf."},{"key":"10.1016\/j.comnet.2025.111711_bib0048","unstructured":"OpenFlow Switch Specifications Version 1.2, accessed on: 31-July-2020. [Online]. Available: https:\/\/opennetworking.org\/wp-content\/uploads\/2014\/10\/openflow-spec-v1.2.pdf."},{"key":"10.1016\/j.comnet.2025.111711_bib0049","unstructured":"OpenFlow Switch Specifications Version 1.1, accessed on: 31-July-2020. [Online]. Available: https:\/\/opennetworking.org\/wp-content\/uploads\/2014\/10\/openflow-spec-v1.1.0.pdf."},{"key":"10.1016\/j.comnet.2025.111711_bib0050","unstructured":"OpenFlow Switch Specifications Version 1.4, accessed on: 31-July-2020. [Online]. Available: https:\/\/opennetworking.org\/wp-content\/uploads\/2014\/10\/openflow-spec-v1.4.0.pdf."},{"key":"10.1016\/j.comnet.2025.111711_bib0051","unstructured":"OpenFlow Switch Specifications Version 1.5, accessed on: 31-July-2020. [Online]. Available: https:\/\/opennetworking.org\/wp-content\/uploads\/2014\/10\/openflow-switch-v1.5.1.pdf."},{"key":"10.1016\/j.comnet.2025.111711_bib0052","unstructured":"B. Pfaff, B. Davie, The Open vSwitch Database Management Protocol, accessed on:13-January-2020. [Online]. Available: http:\/\/www.ietf.org\/rfc\/rfc7047.txt."},{"key":"10.1016\/j.comnet.2025.111711_bib0053","series-title":"Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking","first-page":"127","article-title":"Protocol-oblivious forwarding: unleash the power of SDN through a future-proof forwarding plane","author":"Song","year":"2013"},{"key":"10.1016\/j.comnet.2025.111711_bib0054","unstructured":"M. Smith, M. Dvorkin, V. Laribi, V. Pandey, P. Gerg, N. Weidenbacher, OpFlex Control Protocol, accessed on:12-January-2021. [Online]. Available: https:\/\/tools.ietf.org\/html\/draft-smith-opflex-03, 2018."},{"issue":"2","key":"10.1016\/j.comnet.2025.111711_bib0055","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1145\/2602204.2602211","article-title":"Openstate: programming platform-independent stateful openflow applications inside the switch","volume":"44","author":"Bianchi","year":"2014","journal-title":"SIGCOMM Comput. Commun. Rev."},{"key":"10.1016\/j.comnet.2025.111711_bib0056","doi-asserted-by":"crossref","first-page":"539","DOI":"10.1016\/j.procs.2017.10.051","article-title":"Efficient topology discovery in software defined networks: revisited","volume":"116","author":"Hasan","year":"2017","journal-title":"Procedia Comput. Sci."},{"key":"10.1016\/j.comnet.2025.111711_bib0057","unstructured":"POX, accessed on 16-January-2020. [Online]. Available: https:\/\/openflow.stanford.edu\/display\/ONL\/POX+Wiki."},{"key":"10.1016\/j.comnet.2025.111711_bib0058","series-title":"2014 8th International Conference on Signal Processing and Communication Systems (ICSPCS)","first-page":"1","article-title":"Efficient topology discovery in software defined networks","author":"Pakzad","year":"2014"},{"issue":"2","key":"10.1016\/j.comnet.2025.111711_bib0059","doi-asserted-by":"crossref","first-page":"1375","DOI":"10.1109\/TNSM.2020.3047623","article-title":"Efficient topology discovery for software-defined networks","volume":"18","author":"Chang","year":"2021","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"10.1016\/j.comnet.2025.111711_bib0060","unstructured":"A Java based OpenFlow Controller, accessed on: 31-July-2020. [Online]. Available: https:\/\/www.projectfloodlight.org\/floodlight\/."},{"key":"10.1016\/j.comnet.2025.111711_bib0061","series-title":"2014 IEEE Network Operations and Management Symposium (NOMS)","first-page":"1","article-title":"Disco: distributed multidomain sdn controllers","author":"Phemius","year":"2014"},{"key":"10.1016\/j.comnet.2025.111711_bib0062","series-title":"Proceedings of the Third Workshop on Hot Topics in Software Defined Networking","first-page":"1","article-title":"ONOS: towards an open, distributed SDN OS","author":"Berde","year":"2014"},{"key":"10.1016\/j.comnet.2025.111711_bib0063","series-title":"Internet Draft","article-title":"SDNi: A Message Exchange Protocol for Software Defined Networks (SDNs) across Multiple Domains","author":"Yin","year":"2012"},{"key":"10.1016\/j.comnet.2025.111711_bib0064","unstructured":"Advance Message Queuing Protocol, accessed on: 31-July-2020. [Online]. Available: https:\/\/www.amqp.org."},{"key":"10.1016\/j.comnet.2025.111711_bib0065","unstructured":"An Open Source Messaging Protocol, accessed on: 31-July-2020. [Online]. Available: https:\/\/www.rabbitmq.com\/."},{"issue":"3","key":"10.1016\/j.comnet.2025.111711_bib0066","doi-asserted-by":"crossref","first-page":"105","DOI":"10.1145\/1384609.1384625","article-title":"Nox: towards an operating system for networks","volume":"38","author":"Gude","year":"2008","journal-title":"SIGCOMM Comput. Commun. Rev."},{"key":"10.1016\/j.comnet.2025.111711_bib0067","unstructured":"Ryu, accessed on: 10-April-2020.[Online]. Available: https:\/\/ryu-sdn.org\/."},{"key":"10.1016\/j.comnet.2025.111711_bib0068","series-title":"Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking","first-page":"13","article-title":"The beacon OpenFlow controller","author":"Erickson","year":"2013"},{"key":"10.1016\/j.comnet.2025.111711_bib0069","series-title":"Proceedings of the First Workshop on Hot Topics in Software Defined Networks, ser. HotSDN \u201912. New York, NY, USA: ACM","first-page":"19","article-title":"Kandoo: a framework for efficient and scalable offloading of control applications","author":"Yeganeh","year":"2012"},{"key":"10.1016\/j.comnet.2025.111711_bib0070","series-title":"Proceedings of the 2010 Internet Network Management Conference on Research on Enterprise Networking","article-title":"Hyperflow: a distributed control plane for OpenFlow","author":"Tootoonchian","year":"2010"},{"key":"10.1016\/j.comnet.2025.111711_bib0071","series-title":"Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation","first-page":"351","article-title":"Onix: a distributed control platform for large-scale production networks","author":"Koponen","year":"2010"},{"issue":"4","key":"10.1016\/j.comnet.2025.111711_bib0072","doi-asserted-by":"crossref","first-page":"327","DOI":"10.1145\/2534169.2486003","article-title":"Participatory networking: an API for application control of SDNs","volume":"43","author":"Ferguson","year":"2013","journal-title":"SIGCOMM Comput. Commun. Rev."},{"key":"10.1016\/j.comnet.2025.111711_bib0073","series-title":"2016 10th International Symposium on Communication Systems, Networks and Digital Signal Processing (CSNDSP)","first-page":"1","article-title":"Dynamic load-balanced path optimization in SDN-based data center networks","author":"Lan","year":"2016"},{"key":"10.1016\/j.comnet.2025.111711_bib0074","series-title":"2014 IEEE 22nd International Symposium of Quality of Service (IWQoS)","first-page":"141","article-title":"The joint optimization of rules allocation and traffic engineering in software defined network","author":"Huang","year":"2014"},{"issue":"4","key":"10.1016\/j.comnet.2025.111711_bib0075","doi-asserted-by":"crossref","first-page":"1545","DOI":"10.1109\/TNSM.2018.2861741","article-title":"SAFETY: Early detection and mitigation of TCP SYN flood utilizing entropy in SDN","volume":"15","author":"Kumar","year":"2018","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"10.1016\/j.comnet.2025.111711_bib0076","series-title":"2021 26th International Computer Conference, Computer Society of Iran (CSICC)","first-page":"1","article-title":"An SDN-based firewall for networks with varying security requirements","author":"Rezaei","year":"2021"},{"key":"10.1016\/j.comnet.2025.111711_bib0077","unstructured":"Network Functions Virtualisation (NFV), accessed on: 17-April-2020. [Online]. Available: https:\/\/portal.etsi.org\/NFV\/NFV_White_Paper2.pdf."},{"key":"10.1016\/j.comnet.2025.111711_bib0078","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1145\/2602204.2602216","article-title":"Opportunities and research challenges of hybrid software defined networks","volume":"44","author":"Vissicchio","year":"2014","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"10.1016\/j.comnet.2025.111711_bib0079","unstructured":"Big virtual switch network virtualization with the open SDN architecture, [Online]. Available: http:\/\/www.bigswitch.com\/sites\/default\/files\/sdnresources\/bvsdatasheet.pdf."},{"key":"10.1016\/j.comnet.2025.111711_bib0080","series-title":"2019 28th International Conference on Computer Communication and Networks (ICCCN)","first-page":"1","article-title":"Enabling shared control and trust in hybrid SDN\/legacy networks","author":"Shi","year":"2019"},{"key":"10.1016\/j.comnet.2025.111711_bib0081","series-title":"Proceedings of the First Workshop on Hot Topics in Software Defined Networks","first-page":"19","article-title":"Kandoo: a framework for efficient and scalable offloading of control applications","author":"Yeganeh","year":"2012"},{"key":"10.1016\/j.comnet.2025.111711_bib0082","series-title":"39th Annual IEEE Conference on Local Computer Networks","first-page":"402","article-title":"Decentralizing SDN\u2019s control plane","author":"Santos","year":"2014"},{"key":"10.1016\/j.comnet.2025.111711_bib0083","series-title":"2015 IEEE 29th International Conference on Advanced Information Networking and Applications","first-page":"148","article-title":"A scalable inter-AS QoS routing architecture in software-defined network (SDN)","author":"Karakus","year":"2015"},{"key":"10.1016\/j.comnet.2025.111711_bib0084","series-title":"2014 IEEE 22nd International Conference on Network Protocols","first-page":"569","article-title":"Orion: a hybrid hierarchical control plane of software-defined networking for large-scale networks","author":"Fu","year":"2014"},{"issue":"2","key":"10.1016\/j.comnet.2025.111711_bib0085","doi-asserted-by":"crossref","first-page":"328","DOI":"10.1007\/s10922-014-9325-5","article-title":"Flowbroker: a software-defined network controller architecture for multi-domain brokering and reputation","volume":"23","author":"Marconett","year":"2015","journal-title":"J. Netw. Syst. Manag."},{"key":"10.1016\/j.comnet.2025.111711_bib0086","series-title":"Proceedings of the ACM SIGCOMM Conference on SIGCOMM","first-page":"3","article-title":"B4: experience with a globally deployed software defined WAN","author":"Jain","year":"2013"},{"key":"10.1016\/j.comnet.2025.111711_bib0087","series-title":"10th International Conference on Network and Service Management (CNSM) and Workshop","first-page":"127","article-title":"IGP-as-a-backup for robust SDN networks","author":"Tilmans","year":"2014"},{"key":"10.1016\/j.comnet.2025.111711_bib0088","series-title":"2012 IEEE 13th International Conference on High Performance Switching and Routing","first-page":"216","article-title":"ORAN: OpenFlow routers for academic networks","author":"Rostami","year":"2012"},{"key":"10.1016\/j.comnet.2025.111711_bib0089","series-title":"2015 24th International Conference on Computer Communication and Networks (ICCCN)","first-page":"1","article-title":"OpenRouteFlow: enable legacy router as a software-defined routing service for hybrid SDN","author":"Feng","year":"2015"},{"key":"10.1016\/j.comnet.2025.111711_bib0090","series-title":"Proceedings of the First Workshop on Hot Topics in Software Defined Networks","first-page":"85","article-title":"Fabric: a retrospective on evolving SDN","author":"Casado","year":"2012"},{"key":"10.1016\/j.comnet.2025.111711_bib0091","series-title":"CCS \u201913: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security","first-page":"413","article-title":"AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks","author":"Shin","year":"2013"},{"issue":"2","key":"10.1016\/j.comnet.2025.111711_bib0092","doi-asserted-by":"crossref","first-page":"1206","DOI":"10.1109\/TNET.2016.2626287","article-title":"LineSwitch: tackling control plane saturation attacks in software-defined networking","volume":"25","author":"Ambrosin","year":"2017","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"10.1016\/j.comnet.2025.111711_bib0093","series-title":"International Workshop on Information Security Applications","first-page":"29","article-title":"SD-OVS: SYN flooding attack defending open vSwitch for SDN","author":"Liu","year":"2017"},{"key":"10.1016\/j.comnet.2025.111711_bib0094","series-title":"2015 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks","first-page":"239","article-title":"FloodGuard: a DoS attack prevention extension in software-defined networks","author":"Wang","year":"2015"},{"key":"10.1016\/j.comnet.2025.111711_bib0095","doi-asserted-by":"crossref","first-page":"89","DOI":"10.1016\/j.comnet.2015.08.038","article-title":"OPERETTA: an OPEnflow-based REmedy to mitigate TCP SYNFLOOD attacks against web servers","volume":"92","author":"Fichera","year":"2015","journal-title":"Comput. Netw."},{"issue":"2","key":"10.1016\/j.comnet.2025.111711_bib0096","doi-asserted-by":"crossref","first-page":"487","DOI":"10.1109\/TNSM.2017.2701549","article-title":"SLICOTS: an SDN-based lightweight countermeasure for TCP SYN flooding attacks","volume":"14","author":"Mohammadi","year":"2017","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"10.1016\/j.comnet.2025.111711_bib0097","doi-asserted-by":"crossref","first-page":"1366","DOI":"10.1007\/s10922-020-09540-1","article-title":"ISDSDN: mitigating SYN flood attacks in software defined networks","volume":"28","author":"Al-Duwairi","year":"2020","journal-title":"J. Netw. Syst. Manag."},{"key":"10.1016\/j.comnet.2025.111711_bib0098","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1007\/s10922-025-09934-z","article-title":"SynFloWatch: an entropy-based live defense system against SYN spoofing DDoS attacks in hybrid SDN","volume":"33","author":"Sinha","year":"2025","journal-title":"J. Netw. Syst. Manag."},{"key":"10.1016\/j.comnet.2025.111711_bib0099","doi-asserted-by":"crossref","first-page":"122","DOI":"10.1016\/j.bjp.2013.10.014","article-title":"Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments","volume":"62","author":"Giotis","year":"2014","journal-title":"Comput. Netw."},{"key":"10.1016\/j.comnet.2025.111711_bib0100","series-title":"2015 IEEE Trustcom\/BigDataSE\/ISPA","first-page":"310","article-title":"An entropy-based distributed DDoS detection mechanism in software-defined networking","volume":"1","author":"Wang","year":"2015"},{"issue":"10","key":"10.1016\/j.comnet.2025.111711_bib0101","doi-asserted-by":"crossref","first-page":"2358","DOI":"10.1109\/JSAC.2018.2869997","article-title":"JESS: joint entropy-based DDoS defense scheme in SDN","volume":"36","author":"Kalkan","year":"2018","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"10.1016\/j.comnet.2025.111711_bib0102","doi-asserted-by":"crossref","first-page":"685","DOI":"10.1016\/j.future.2018.07.017","article-title":"An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics","volume":"89","author":"Sahoo","year":"2018","journal-title":"Future Gener. Comput. Syst."},{"issue":"1","key":"10.1016\/j.comnet.2025.111711_bib0103","first-page":"373","article-title":"Entropy-based approach to detect DDoS attacks on software defined networking controller","volume":"69","author":"Aladaileh","year":"2021","journal-title":"Comput., Mater. Contin."},{"key":"10.1016\/j.comnet.2025.111711_bib0104","series-title":"2015 International Conference on Computing, Networking and Communications (ICNC)","first-page":"77","article-title":"Early detection of DDoS attacks against SDN controllers","author":"Mousavi","year":"2015"},{"key":"10.1016\/j.comnet.2025.111711_bib0105","series-title":"2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications\/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom\/BigDataSE)","first-page":"237","article-title":"DDoS flooding attack detection based on joint-entropy with multiple traffic features","author":"Mao","year":"2018"},{"key":"10.1016\/j.comnet.2025.111711_bib0106","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1002\/dac.4461","article-title":"Efficient and low-cost defense against distributed denial-of-service attacks in SDN-based networks","volume":"33","author":"Wang","year":"2020","journal-title":"Int. J. Commun. Syst."},{"key":"10.1016\/j.comnet.2025.111711_bib0107","doi-asserted-by":"crossref","DOI":"10.1186\/s13638-021-01957-9","article-title":"A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN","author":"Yu","year":"2021","journal-title":"EURASIP J. Wirel. Commun. Netw."},{"issue":"1","key":"10.1016\/j.comnet.2025.111711_bib0108","doi-asserted-by":"crossref","DOI":"10.3390\/app12010370","article-title":"Detection of DDoS attacks in software defined networking using entropy","volume":"12","author":"Fan","year":"2022","journal-title":"Appl. Sci."},{"key":"10.1016\/j.comnet.2025.111711_bib0109","series-title":"Proceedings of the 25th International Conference on Distributed Computing and Networking, ICDCN 2024, Chennai, India, January 4\u20137, 2024","first-page":"359","article-title":"SynFloWatch: a detection system against TCP-SYN based DDoS attacks using entropy in hybrid SDN","author":"Sinha","year":"2024"},{"key":"10.1016\/j.comnet.2025.111711_bib0110","doi-asserted-by":"crossref","DOI":"10.1016\/j.comnet.2024.110327","article-title":"SYNTROPY: TCP SYN DDoS attack detection for software defined network based on R\u00e9nyi entropy","volume":"244","author":"Shirsath","year":"2024","journal-title":"Comput. Netw."},{"key":"10.1016\/j.comnet.2025.111711_bib0111","article-title":"Entropy based earlier detection and mitigation of DDOS attack using stochastic method in SDN_IOT","volume":"39","author":"Varalakshmi","year":"2025","journal-title":"Measurement"},{"key":"10.1016\/j.comnet.2025.111711_bib0112","series-title":"IEEE Local Computer Network Conference","first-page":"408","article-title":"Lightweight DDoS flooding attack detection using NOX\/OpenFlow","author":"Braga","year":"2010"},{"key":"10.1016\/j.comnet.2025.111711_bib0113","series-title":"2014 Sixth International Conference on Advanced Computing (ICoAC)","first-page":"205","article-title":"DDoS detection and analysis in SDN-based environment using support vector machine classifier","author":"Kokila","year":"2014"},{"key":"10.1016\/j.comnet.2025.111711_bib0114","series-title":"2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing","first-page":"350","article-title":"A novel hybrid flow-based handler with DDoS attacks in software-defined networking","author":"Phan","year":"2016"},{"key":"10.1016\/j.comnet.2025.111711_bib0115","doi-asserted-by":"crossref","DOI":"10.1016\/j.jnca.2021.103108","article-title":"Automated DDOS attack detection in software defined networking","volume":"187","author":"Ahuja","year":"2021","journal-title":"J. Netw. Comput. Appl."},{"key":"10.1016\/j.comnet.2025.111711_bib0116","doi-asserted-by":"crossref","first-page":"3537","DOI":"10.1007\/s10586-023-04152-1","article-title":"A novel DDoS detection and mitigation technique using hybrid machine learning model and redirect illegitimate traffic in SDN network","volume":"27","author":"Singh","year":"2024","journal-title":"Cluster Comput."},{"key":"10.1016\/j.comnet.2025.111711_bib0117","first-page":"1","article-title":"A DDoS attack detection method based on SVM in software defined network","volume":"2018","author":"Ye","year":"2018","journal-title":"Secur. Commun. Netw."},{"key":"10.1016\/j.comnet.2025.111711_bib0118","first-page":"1","article-title":"Advanced support vector machine-(ASVM-) based detection for distributed denial of service (DDoS) attack on software defined networking (SDN)","volume":"2019","author":"OoSinchai","year":"2019","journal-title":"J. Comput. Netw. Commun."},{"key":"10.1016\/j.comnet.2025.111711_bib0119","series-title":"2020 17th International Conference on Electrical Engineering\/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON)","first-page":"122","article-title":"Anomaly detection in SDN\u2019s control plane using combining entropy with SVM","author":"Aung","year":"2020"},{"issue":"6","key":"10.1016\/j.comnet.2025.111711_bib0120","doi-asserted-by":"crossref","first-page":"7802","DOI":"10.1109\/TII.2023.3240586","article-title":"ADAM: an adaptive DDoS attack mitigation scheme in software-defined cyber-physical system","volume":"19","author":"Cai","year":"2023","journal-title":"IEEE Trans. Ind. Inf."},{"key":"10.1016\/j.comnet.2025.111711_bib0121","doi-asserted-by":"crossref","first-page":"3193","DOI":"10.1007\/s10489-018-1141-2","article-title":"Semi-supervised machine learning approach for DDoS detection","volume":"48","author":"Idhammad","year":"2018","journal-title":"Appl. Intell."},{"issue":"6","key":"10.1016\/j.comnet.2025.111711_bib0122","doi-asserted-by":"crossref","first-page":"4458","DOI":"10.1109\/TNSE.2022.3202147","article-title":"Entropy-KL-ML:enhancing the entropy-KL-based anomaly detection on software-defined networks","volume":"9","author":"Niknami","year":"2022","journal-title":"IEEE Trans. Netw. Sci. Eng."},{"key":"10.1016\/j.comnet.2025.111711_bib0123","doi-asserted-by":"crossref","DOI":"10.1007\/s11227-021-04253-x","article-title":"A hybrid machine learning approach for detecting unprecedented DDoS attacks","volume":"78","author":"Najafimehr","year":"2022","journal-title":"J. Supercomput."},{"issue":"4","key":"10.1016\/j.comnet.2025.111711_bib0124","doi-asserted-by":"crossref","first-page":"1952","DOI":"10.1109\/TNSE.2023.3236970","article-title":"A detection and mitigation scheme of LDoS attacks via SDN based on the FSS-RSR algorithm","volume":"10","author":"Tang","year":"2023","journal-title":"IEEE Trans. Netw. Sci. Eng."},{"key":"10.1016\/j.comnet.2025.111711_bib0125","first-page":"1627","article-title":"Machine learning assisted snort and zeek in detecting DDoS attacks in software-defined networking","volume":"16","author":"AbdulRaheem","year":"2024","journal-title":"Int. J. Inf. Technol."},{"issue":"3","key":"10.1016\/j.comnet.2025.111711_bib0126","doi-asserted-by":"crossref","DOI":"10.3390\/technologies9030044","article-title":"Multi-Agent reinforcement learning framework in SDN-IoT for transient load detection and prevention","volume":"9","author":"Dake","year":"2021","journal-title":"Technologies"},{"issue":"6","key":"10.1016\/j.comnet.2025.111711_bib0127","doi-asserted-by":"crossref","first-page":"4052","DOI":"10.1109\/TDSC.2021.3118081","article-title":"RL-shield: mitigating target link-Flooding attacks using SDN and deep reinforcement learning routing algorithm","volume":"19","author":"Rezapour","year":"2022","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"10.1016\/j.comnet.2025.111711_bib0128","doi-asserted-by":"crossref","first-page":"2781","DOI":"10.1007\/s11277-022-09685-z","article-title":"DDoS attack detection in SDN: optimized deep convolutional neural network with optimal feature set","volume":"125","author":"Singh","year":"2022","journal-title":"Wirel. Pers. Commun."},{"key":"10.1016\/j.comnet.2025.111711_bib0129","doi-asserted-by":"crossref","first-page":"393","DOI":"10.1007\/s11082-023-04553-x","article-title":"Detecting distributed denial of service (DDoS) in SD-IoT environment with enhanced firefly algorithm and convolution neural network","volume":"55","author":"Sivanesan","year":"2023","journal-title":"Opt. Quantum Electron."},{"key":"10.1016\/j.comnet.2025.111711_bib0130","doi-asserted-by":"crossref","first-page":"637","DOI":"10.1016\/j.future.2023.08.007","article-title":"SDN\/NFV-based framework for autonomous defense against slow-rate DDoS attacks by using reinforcement learning","volume":"149","author":"Yungaicela-Naula","year":"2023","journal-title":"Future Gener. Comput. Syst."},{"key":"10.1016\/j.comnet.2025.111711_bib0131","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1016\/j.future.2021.11.009","article-title":"Software-defined DDoS detection with information entropy analysis and optimized deep learning","volume":"129","author":"Liu","year":"2022","journal-title":"Future Gener. Comput. Syst."},{"key":"10.1016\/j.comnet.2025.111711_bib0132","first-page":"2623","article-title":"An efficient DDoS attack detection mechanism in SDN environment","volume":"15","author":"Hnamte","year":"2023","journal-title":"Int. J. Inf. Technol."},{"key":"10.1016\/j.comnet.2025.111711_bib0133","article-title":"A deep learning based DDoS detection system in software-defined networking (SDN)","volume":"4","author":"Niyaz","year":"2017","journal-title":"EAI Endorsed Trans. Secur. Saf."},{"key":"10.1016\/j.comnet.2025.111711_bib0134","doi-asserted-by":"crossref","DOI":"10.1016\/j.jnca.2024.103903","article-title":"Enhanced detection of low-rate DDoS attack patterns using machine learning models","volume":"227","author":"Bocu","year":"2024","journal-title":"J. Netw. Comput. Appl."},{"key":"10.1016\/j.comnet.2025.111711_bib0135","doi-asserted-by":"crossref","DOI":"10.1016\/j.jnca.2022.103444","article-title":"A flexible SDN-based framework for slow-rate DDoS attack mitigation by using deep reinforcement learning","volume":"205","author":"Yungaicela-Naula","year":"2022","journal-title":"J. Netw. Comput. Appl."},{"key":"10.1016\/j.comnet.2025.111711_bib0136","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.103716","article-title":"Cyber-secure SDN: a CNN-based approach for efficient detection and mitigation of DDoS attacks","volume":"139","author":"Najar","year":"2024","journal-title":"Comput. Secur."},{"key":"10.1016\/j.comnet.2025.111711_bib0137","series-title":"2018 IEEE 23rd International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD)","first-page":"1","article-title":"Deep reinforcement learning based smart mitigation of DDoS flooding in software-defined networks","author":"Liu","year":"2018"},{"issue":"3","key":"10.1016\/j.comnet.2025.111711_bib0138","doi-asserted-by":"crossref","first-page":"1349","DOI":"10.1109\/TNSM.2020.3004415","article-title":"DeepGuard: efficient anomaly detection in SDN with fine-grained traffic flow monitoring","volume":"17","author":"Phan","year":"2020","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"10.1016\/j.comnet.2025.111711_bib0139","doi-asserted-by":"crossref","first-page":"32367","DOI":"10.1007\/s11042-023-16894-6","article-title":"Ensemble of deep reinforcement learning with optimization model for DDoS attack detection and classification in cloud based software defined networks","volume":"83","author":"Paidipati","year":"2024","journal-title":"Multimed. Tools Appl."},{"key":"10.1016\/j.comnet.2025.111711_bib0140","doi-asserted-by":"crossref","DOI":"10.1016\/j.jnca.2025.104203","article-title":"A DDoS attack detection method based on IQR and DFFCNN in SDN","author":"Yue","year":"2025","journal-title":"J. Netw. Comput. Appl."},{"key":"10.1016\/j.comnet.2025.111711_bib0141","doi-asserted-by":"crossref","first-page":"643","DOI":"10.1016\/j.procs.2025.01.024","article-title":"A hybrid deep learning model with consensus-based feature selection for DDoS attacks detection in SDN","volume":"252","author":"Kachavimath","year":"2025","journal-title":"Procedia Comput. Sci."},{"key":"10.1016\/j.comnet.2025.111711_bib0142","doi-asserted-by":"crossref","DOI":"10.1016\/j.jnca.2025.104168","article-title":"Enhancing DDoS defense in SDN using hierarchical machine learning models","volume":"239","author":"Kaur","year":"2025","journal-title":"J. Netw. Comput. Appl."},{"key":"10.1016\/j.comnet.2025.111711_bib0143","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1007\/s10922-021-09633-5","article-title":"Machine-learning-enabled DDoS attacks detection in P4 programmable networks","volume":"30","author":"Musumeci","year":"2022","journal-title":"J. Netw. Syst. Manag."},{"key":"10.1016\/j.comnet.2025.111711_bib0144","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1186\/s42400-022-00128-7","article-title":"A lightweight DDoS detection scheme under SDN context","volume":"5","author":"Jia","year":"2022","journal-title":"Cybersecurity"},{"issue":"1","key":"10.1016\/j.comnet.2025.111711_bib0145","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1109\/TNSM.2019.2960202","article-title":"Per-host DDoS mitigation by direct-control reinforcement learning","volume":"17","author":"Simpson","year":"2020","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"10.1016\/j.comnet.2025.111711_bib0146","doi-asserted-by":"crossref","first-page":"156","DOI":"10.1016\/j.future.2021.06.047","article-title":"Adversarial deep learning approach detection and defense against DDoS attacks in SDN environments","volume":"125","author":"Novaes","year":"2021","journal-title":"Future Gener. Comput. Syst."},{"key":"10.1016\/j.comnet.2025.111711_bib0147","doi-asserted-by":"crossref","DOI":"10.1016\/j.compeleceng.2024.109282","article-title":"DDoS SourceTracer: an intelligent application for DDoS attack mitigation in SDN","volume":"117","author":"Aslam","year":"2024","journal-title":"Comput. Electr. Eng."},{"issue":"3","key":"10.1016\/j.comnet.2025.111711_bib0148","doi-asserted-by":"crossref","first-page":"695","DOI":"10.1109\/TIFS.2017.2765506","article-title":"Packet injection attack and its defense in software-defined networks","volume":"13","author":"Deng","year":"2018","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"7","key":"10.1016\/j.comnet.2025.111711_bib0149","doi-asserted-by":"crossref","first-page":"1174","DOI":"10.1109\/LCOMM.2019.2896928","article-title":"Using INSPECTOR device to stop packet injection attack in SDN","volume":"23","author":"Alshra\u2019a","year":"2019","journal-title":"IEEE Commun. Lett."},{"key":"10.1016\/j.comnet.2025.111711_bib0150","doi-asserted-by":"crossref","first-page":"209","DOI":"10.1016\/j.jnca.2018.10.011","article-title":"DoS vulnerabilities and mitigation strategies in software-defined networks","volume":"125","author":"Deng","year":"2019","journal-title":"J. Netw. Comput. Appl."},{"key":"10.1016\/j.comnet.2025.111711_bib0151","doi-asserted-by":"crossref","first-page":"1061","DOI":"10.3390\/s22031061","article-title":"DoSGuard: mitigating denial-of-service attacks in software-defined networks","volume":"22","author":"Li","year":"2022","journal-title":"Sensors"},{"key":"10.1016\/j.comnet.2025.111711_bib0152","series-title":"2016 IEEE Symposium on Computers and Communication (ISCC)","first-page":"409","article-title":"SAVSH: IP source address validation for SDN hybrid networks","author":"Chen","year":"2016"},{"key":"10.1016\/j.comnet.2025.111711_bib0153","doi-asserted-by":"crossref","first-page":"22764","DOI":"10.1109\/ACCESS.2017.2785236","article-title":"Towards a SDN-based integrated architecture for mitigating IP spoofing attack","volume":"6","author":"Zhang","year":"2018","journal-title":"IEEE Access"},{"key":"10.1016\/j.comnet.2025.111711_bib0154","series-title":"Proceedings of the 2016 ACM SIGCOMM Conference","article-title":"Source address validation in software defined networks","author":"Liu","year":"2016"},{"key":"10.1016\/j.comnet.2025.111711_bib0155","doi-asserted-by":"crossref","DOI":"10.35940\/ijitee.L2632.1081219","article-title":"SIPAV-SDN: source internet protocol address validation for software defined network","author":"Meena","year":"2019","journal-title":"Int. J. Innov. Technol. Explor. Eng."},{"key":"10.1016\/j.comnet.2025.111711_bib0156","first-page":"32","article-title":"An event based technique for detecting spoofed IP packets","volume":"35","author":"Hubballi","year":"2017","journal-title":"J. Inf. Secur. Appl."},{"key":"10.1016\/j.comnet.2025.111711_bib0157","doi-asserted-by":"crossref","DOI":"10.1016\/j.phycom.2022.101902","article-title":"HyPASS: design of hybrid-SDN prevention of attacks of source spoofing with host discovery and address validation","volume":"55","author":"Meena","year":"2022","journal-title":"Phys. Commun."},{"key":"10.1016\/j.comnet.2025.111711_bib0158","doi-asserted-by":"crossref","DOI":"10.1016\/j.comnet.2025.111078","article-title":"DDoSBlocker: enhancing SDN security with time-based address mapping and AI-driven approach","volume":"259","author":"Sinha","year":"2025","journal-title":"Comput. Netw."},{"key":"10.1016\/j.comnet.2025.111711_bib0159","series-title":"Proceedings of the IEEE Conference on Local Computer Networks (LCN)","first-page":"523","article-title":"Securing ARP in software defined networks","author":"Alharbi","year":"2016"},{"key":"10.1016\/j.comnet.2025.111711_bib0160","series-title":"Proceedings of the IEEE International Conference on Advances in Computing and Communications (ICACC)","first-page":"24","article-title":"Scalable ethernet architecture using SDN by suppressing broadcast traffic","author":"Jehan","year":"2015"},{"key":"10.1016\/j.comnet.2025.111711_bib0161","series-title":"Proceedings of the IEEE SoutheastCon","first-page":"1","article-title":"Leveraging SDN for ARP security","author":"Cox","year":"2016"},{"key":"10.1016\/j.comnet.2025.111711_bib0162","doi-asserted-by":"crossref","first-page":"172","DOI":"10.1049\/cje.2017.12.002","article-title":"An active defense solution for ARP spoofing in OpenFlow network","volume":"28","author":"Xia","year":"2019","journal-title":"Chin. J. Electron."},{"key":"10.1016\/j.comnet.2025.111711_bib0163","series-title":"Proceedings of the IEEE International Conference on Information Networking, Kuala Lumpur, Malaysia","first-page":"366","article-title":"ARP poisoning attack detection based on ARP update state in software-defined networks","author":"Kim","year":"2019"},{"key":"10.1016\/j.comnet.2025.111711_bib0164","doi-asserted-by":"crossref","first-page":"3147","DOI":"10.1007\/s10586-021-03328-x","article-title":"Denial of ARP spoofing in SDN and NFV enabled cloud-fog-edge platforms","volume":"24","author":"Rangisetti","year":"2021","journal-title":"Cluster Comput."},{"key":"10.1016\/j.comnet.2025.111711_bib0165","doi-asserted-by":"crossref","DOI":"10.1016\/j.compeleceng.2021.106990","article-title":"Implementing an intrusion detection and prevention system using software-defined networking: defending against ARP spoofing attacks and blacklisted MAC addresses","volume":"90","author":"Girdler","year":"2021","journal-title":"Comput. Electr. Eng."},{"key":"10.1016\/j.comnet.2025.111711_bib0166","doi-asserted-by":"crossref","first-page":"124","DOI":"10.26682\/sjuod.2019.22.1.14","article-title":"Efficient mechanism for securing software defined network against ARP spoofing attack","volume":"22","author":"Khalid","year":"2019","journal-title":"J. Duhok Univ."},{"key":"10.1016\/j.comnet.2025.111711_bib0167","series-title":"2014 International Conference on Information and Communication Technology Convergence (ICTC)","first-page":"325","article-title":"Mitigating denial of service (DoS) attacks in OpenFlow networks","author":"Oktian","year":"2014"},{"issue":"4","key":"10.1016\/j.comnet.2025.111711_bib0168","doi-asserted-by":"crossref","first-page":"688","DOI":"10.1109\/LCOMM.2017.2766636","article-title":"SDN-assisted slow HTTP DDoS attack defense method","volume":"22","author":"Hong","year":"2018","journal-title":"IEEE Commun. Lett."},{"key":"10.1016\/j.comnet.2025.111711_bib0169","series-title":"Security and Privacy in Communication Networks. SecureComm 2018","first-page":"93","article-title":"SDN-assisted network-based mitigation of slow DDoS attacks","volume":"255","author":"Lukaseder","year":"2018"},{"issue":"1","key":"10.1016\/j.comnet.2025.111711_bib0170","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1007\/s10922-020-09580-7","article-title":"An SDN-assisted defense mechanism for the shrew DDoS attack in a cloud computing environment","volume":"29","author":"Agrawal","year":"2021","journal-title":"J. Netw. Syst. Manag."},{"key":"10.1016\/j.comnet.2025.111711_bib0171","series-title":"2020 IEEE Wireless Communications and Networking Conference (WCNC)","first-page":"1","article-title":"Robust self-protection against application-layer (D)DoS attacks in SDN environment","author":"Benza\u00efd","year":"2020"},{"key":"10.1016\/j.comnet.2025.111711_bib0172","doi-asserted-by":"crossref","DOI":"10.1002\/ett.4534","article-title":"ONOS flood defender: an intelligent approach to mitigate DDoS attack in SDN","author":"Aslam","year":"2022","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"10.1016\/j.comnet.2025.111711_bib0173","doi-asserted-by":"crossref","first-page":"8047","DOI":"10.1007\/s10586-024-04407-5","article-title":"P4httpGuard: detection and prevention of slow-rate DDoS attacks using machine learning techniques in P4 switch","volume":"27","author":"Kapourchali","year":"2024","journal-title":"Cluster Comput."},{"issue":"1","key":"10.1016\/j.comnet.2025.111711_bib0174","doi-asserted-by":"crossref","DOI":"10.1007\/s10922-022-09704-1","article-title":"A protection system against HTTP flood attacks using software defined networking","volume":"31","author":"Gon\u00e7alves","year":"2023","journal-title":"J. Netw. Syst. Manag."},{"issue":"1","key":"10.1016\/j.comnet.2025.111711_bib0175","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s13677-022-00308-3","article-title":"Low-rate denial of service attack detection method based on time-frequency characteristics","volume":"11","author":"Fu","year":"2022","journal-title":"J. Cloud Comput."},{"key":"10.1016\/j.comnet.2025.111711_bib0176","series-title":"Proceedings of the SIGCOMM Posters and Demos (SIGCOMM \u201917)","first-page":"141","article-title":"FTGuard: a priority-aware strategy against the flow table overflow attack in SDN","author":"Zhang","year":"2017"},{"key":"10.1016\/j.comnet.2025.111711_bib0177","first-page":"1","article-title":"A table overflow LDoS attack defending mechanism in software-defined networks","author":"Xie","year":"2021","journal-title":"Secur. Commun. Netw."},{"key":"10.1016\/j.comnet.2025.111711_bib0178","series-title":"GLOBECOM 2022\u20132022 IEEE Global Communications Conference","first-page":"4167","article-title":"TableGuard: a novel security mechanism against flow table overflow attacks in SDN","author":"Kong","year":"2022"},{"key":"10.1016\/j.comnet.2025.111711_bib0179","doi-asserted-by":"crossref","first-page":"17404","DOI":"10.1109\/ACCESS.2020.2967478","article-title":"Low-rate DDoS attack detection based on factorization machine in software defined network","volume":"8","author":"Zhijun","year":"2020","journal-title":"IEEE Access"},{"issue":"3","key":"10.1016\/j.comnet.2025.111711_bib0180","doi-asserted-by":"crossref","first-page":"1416","DOI":"10.1109\/TNET.2022.3225211","article-title":"The LOFT attack: overflowing SDN flow tables at a low rate","volume":"31","author":"Cao","year":"2023","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"10.1016\/j.comnet.2025.111711_bib0181","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2023.121460","article-title":"FTODefender: an efficient flow table overflow attacks defending system in SDN","volume":"237","author":"Tang","year":"2024","journal-title":"Expert Syst. Appl."},{"key":"10.1016\/j.comnet.2025.111711_bib0182","doi-asserted-by":"crossref","first-page":"41614","DOI":"10.1109\/ACCESS.2024.3383877","article-title":"Research on detection and mitigation methods of adaptive flow table overflow attacks in software-defined networks","volume":"12","author":"Zeng","year":"2024","journal-title":"IEEE Access"},{"issue":"6","key":"10.1016\/j.comnet.2025.111711_bib0183","doi-asserted-by":"crossref","first-page":"6670","DOI":"10.1109\/TNSM.2024.3446178","article-title":"FloRa: flow table low-rate overflow reconnaissance and detection in SDN","volume":"21","author":"Mudgal","year":"2024","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"issue":"2","key":"10.1016\/j.comnet.2025.111711_bib0184","doi-asserted-by":"crossref","first-page":"231","DOI":"10.1109\/TSC.2016.2602861","article-title":"Defending against flow table overloading attack in software-defined networks","volume":"12","author":"Yuan","year":"2019","journal-title":"IEEE Trans. Serv. Comput."},{"issue":"4","key":"10.1016\/j.comnet.2025.111711_bib0185","doi-asserted-by":"crossref","first-page":"5073","DOI":"10.1109\/TNSM.2023.3270339","article-title":"FTMaster: a detection and mitigation system of low-rate flow table overflow attacks via SDN","volume":"20","author":"Tang","year":"2023","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"10.1016\/j.comnet.2025.111711_bib0186","doi-asserted-by":"crossref","first-page":"2490","DOI":"10.1016\/j.procs.2025.04.511","article-title":"SDN_Guard: an advanced machine learning based defense system against packet injection attacks in SDN","volume":"258","author":"Sinha","year":"2025","journal-title":"Procedia Comput. Sci."},{"key":"10.1016\/j.comnet.2025.111711_bib0187","doi-asserted-by":"crossref","DOI":"10.1145\/3736657","article-title":"DDoSBlocker: a protocol-independent and lightweight defense mechanism against multi-layer DDoS attacks in SDN","author":"Sinha","year":"2025","journal-title":"Distrib. Ledger Technol."},{"key":"10.1016\/j.comnet.2025.111711_bib0188","series-title":"ESORICS","first-page":"135","article-title":"Preventing DNS amplification attacks using the history of DNS queries with SDN","author":"Kim","year":"2017"},{"key":"10.1016\/j.comnet.2025.111711_bib0189","series-title":"2019 3rd International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT)","first-page":"1","article-title":"SDN-based detection and mitigation system for DNS amplification attacks","author":"\u00d6zdin\u00e7er","year":"2019"},{"key":"10.1016\/j.comnet.2025.111711_bib0190","series-title":"2018 IEEE 43rd Conference on Local Computer Networks (LCN)","first-page":"299","article-title":"An SDN-based approach for defending against reflective DDoS attacks","author":"Lukaseder","year":"2018"}],"container-title":["Computer Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128625006772?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128625006772?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T22:27:28Z","timestamp":1762381648000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S1389128625006772"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11]]},"references-count":190,"alternative-id":["S1389128625006772"],"URL":"https:\/\/doi.org\/10.1016\/j.comnet.2025.111711","relation":{},"ISSN":["1389-1286"],"issn-type":[{"value":"1389-1286","type":"print"}],"subject":[],"published":{"date-parts":[[2025,11]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"A comprehensive survey of DDoS attack defense systems for different SDN architectures","name":"articletitle","label":"Article Title"},{"value":"Computer Networks","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.comnet.2025.111711","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2025 Elsevier B.V. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"111711"}}