Research Area:  Software Defined Networks
Software defined network (SDN) decouples the network control and data planes. Despite various advantages of SDNs, they are vulnerable to various security attacks such anomalies, intrusions, and Denial-of-Service (DoS) attacks and so on. On the other hand, any anomaly and intrusion in SDNs can affect many important domains such as banking system and national security. Therefore, the anomaly detection topic is a broad research domain, and to mitigate these security problems, a great deal of research has been conducted in the literature. In this paper, the state-of-the-art schemes applied in detecting and mitigating anomalies in SDNs are explained, categorized, and compared. This paper categorizes the SDN anomaly detection mechanisms into five categories: (1) flow counting scheme, (2) information-based scheme, (3) entropy-based scheme, (4) deep learning, and (5) hybrid scheme. The research gaps and major existing research issues regarding SDN anomaly detection are highlighted. We hope that the analyses, comparisons, and classifications might provide directions for further research.
Keywords:  
Sdns
OpenFlow
Anomaly detection
Data plane
Security challenges
Virtual networks
Author(s) Name:   Tohid Jafarian, Mohammad Masdari, Ali Ghaffari & Kambiz Majidzadeh
Journal name:  Cluster Computing
Conferrence name:  
Publisher name:  Springer
DOI:  10.1007/s10586-020-03184-1
Volume Information:  volume 24, pages 1235–1253 (2021)
Paper Link:   https://link.springer.com/article/10.1007/s10586-020-03184-1