loading page

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques --A Comprehensive Survey
  • +2
  • Md. Rayhan Ahmed ,
  • salekul Islam ,
  • Swakkhar Shatabda ,
  • A. K. M. Muzahidul Islam ,
  • Md. Towhidul Islam Robin
Md. Rayhan Ahmed
United International University, United International University

Corresponding Author:[email protected]

Author Profile
salekul Islam
Author Profile
Swakkhar Shatabda
Author Profile
A. K. M. Muzahidul Islam
Author Profile
Md. Towhidul Islam Robin
Author Profile


At present, the Internet is facing numerous attacks of different kinds that put its data at risk. The safety of information within the network is, therefore, a significant concern. To prevent the loss of incredibly valuable information, the Intrusion Detection System (IDS) was developed to recognize the outbreak of a stream of attacks and notify the network system administrator providing network security. IDS is a predictive model which detect network traffic as routine or deviated. Software-Defined Networks (SDN) is a revolutionary paradigm that isolates the control plane from the data plane, transforming the concept of a software-driven network. Through this data and control plane separation, SDN provides us the opportunity to create a manageable and programmable network, allowing applications in the top plane to access physical devices via the controller. The controller residing in the control plane, executes the network modules, and establishes flow rules to forward packets in the switches residing in the data plane. Often adversaries target the SDN controller to subdue the control plane, which is considered the brain of the SDN, which provides a plethora of functionalities such as regulating flow control to switches or routers in the data plane below via southbound Application Programming Interfaces (APIs) and business and application logic in the application plane above via northbound APIs to implement sophisticated networks. However, the control plane becomes a tempting prospect for security attacks from adversaries because of its centralization feature. This paper includes an in-depth overview of the notable published articles from 2015 to 2021 that used traditional Machine Learning (ML) and Deep Learning (DL) techniques to construct an IDS solution to provide security for SDN. We also present two detailed taxonomic studies regarding IDS, and ML-DL techniques based on their learning categories, exploring various IDS solutions to secure the SDN paradigm. We have also conducted brief research on a few benchmark datasets used to construct IDS in the SDN paradigm. To conclude the survey, we provide a discussion that sheds light on continuous challenges and IDS issues for SDN security.