Assessing SDN Controller Vulnerabilities: A Survey on Attack Typologies, Detection Mechanisms, Controller Selection, and Dataset Application in Machine Learning
Juliana Arevalo-Herrera, Jorge Mendoza, José Ignacio Martínez Torre, Angela Tatiana Zona Ortiz, Juan Marcos Ramírez
Abstract
Abstract SDN controllers become the main advantage of the architecture because they present a centralized control decision-making and general view of the network. They are, however, also a critical point that an attacker could exploit. More review of the body of research is needed regarding the types of attacks on SDN controllers, methods to detect them, and mitigation techniques directed specifically to the controller, particularly considering the approach of machine learning detection methods. This survey addresses the topics of attacks targeting the SDN controller, methods for their detection, what types of controllers are used in different studies, and datasets used in machine learning detection methods. The findings highlight that most attacks exploit vulnerabilities inherent in the OpenFlow protocol, while the detection methodologies remain primarily statistical and machine learning approaches. Additionally, the review shows that while outdated controllers like Floodlight and Ryu are still widely used in studies, actively supported controllers such as ONOS and ODL are used much less. Finally, the survey finds only two publicly available datasets tailored for SDN environments, none considering attacks directed at the controllers, illustrating a notable gap in the existing research. This survey also highlights the need for further research focusing on modern SDN controllers and developing comprehensive datasets to advance effective security solutions.