Survey: Intrusion Detection System in Software-Defined Networking

In the rapidly evolving field of network architecture, Software-Defined Networking (SDN) has emerged as a transformative approach, providing unprecedented flexibility and control over network resources. While SDN enhances efficiency and programmability, it also introduces various security vulnerabilities, primarily due to its architecture, which distinctly separates the control plane from the data plane. This division enables dynamic and adaptable network management but also exposes networks to sophisticated cyber threats, including Distributed Denial of Service (DDoS) attacks, SQL injections, and other forms of intrusion targeting the centralised SDN controllers and open interfaces of its switches. This paper explores the complex security landscape of SDN, identifying critical vulnerabilities within this modern networking model. By analysing prevalent network attacks such as DDoS, DoS, Probe, and SQL Injection, we underscore the pressing need for resilient intrusion detection systems (IDS) that are specifically designed to meet the unique security challenges of SDN environments. Our investigation highlights significant gaps in current research, particularly in the development of real-time traffic processing and system overload mitigation strategies, both of which are vital for establishing durable and resilient SDN architectures. This study contributes to the discourse on SDN security by proposing a strategic framework for developing sophisticated IDS solutions that can adapt to the evolving dynamics of network threats. Our findings emphasise the importance of continuous innovation and a focus on sustainable, secure infrastructure within Software-Defined Networking, supporting its role as a safe and efficient foundation for future network developments.