Publication Date
11-10-2025
Abstract
Software Defined Networking (SDN) revolutionizes network control by separating the control plane from the data plane. Although the latter improves SDN agility and scalability, it creates a security hole, particularly in a central control plane, leading to SDN environments becoming high-profile targets for advanced cybersecurity threats. Due to static and signature-based point-in-time behavior, traditional security methods are unable to keep up with modern attacks that are an anomaly to SDNs. Artificial Intelligence (AI) with its different applications and techniques, has the capability of detecting SDN cyber threats’ anomalies. This paper presents the results of a literature scoping exercise that used a total of 54 papers that looked at AI-driven anomaly detection in SDN. The findings showed that control theory, activity theory, and anomaly detection theory are three theoretical aspects that contribute to the topic of AI-driven anomaly detection in SDN. Furthermore, different machine learning algorithms give different results. In this regard, Random Forest (RF), Support Vector Machine (SVM), and Multi-Layer Perceptron would help in detecting threats of a familiar nature, while autoencoders and K-means can detect unfamiliar threats. While deep learning architectures such as Long Short-Term Memory (LSTM) networks and Convolutional Neural Networks (CNN) support low-latency anomaly detection while maintaining throughput and network stability. The findings could be the basis of providing a conceptual framework on how an intelligent, adaptive, and resilient SDN with real-time threat defense mechanisms could be designed, developed, and deployed.
Included in
Information Security Commons, Management Information Systems Commons, Technology and Innovation Commons