Table 3.
Summary of network security and management.
| Studies | Techniques | Description | Strengths | Weaknesses |
|---|---|---|---|---|
| Advance reservation access control [110] | Ryu controller, OVS switches, ESNet 100 G SDN testbed | Guarantees exclusive access of network resources to a certain flow for which the user/app is authorized | Efficiently protects authorized flows from competing with the network traffic | Need to consider path computation and resource scheduling functions, QoS |
| Verifying reachability [111] | Z3 version 4.4.2, z Intel Xeon processors with 256 GB of RAM | Verifies reachability by slicing complex networks into small networks according to the network-wide verifications | Provides tool to verify networks in the presence of middleboxes | Middlebox code is not verified, which can affect network traffic by sending packets to invalid interfaces |
| Systematically troubleshoot networks [112] | OpenFlow, TCAM | Helps network administrators to troubleshoot bugs and their root causes to verify that networks are operating correctly | Provides a useful tool to troubleshoot bugs and their root causes | Does not suggest integrating the program semantics into network troubleshooting tools |
| SRV [113] | Floodlight, Java, OpenFlow App | Forwards warning messages and refuses the identified flow rule instantly on detection of malicious flow rules | Helpful to detect malicious flow rules | Only discusses priority-based mechanism; other attack scenarios should be analyzed |
| SDN-Actors [114] | Erlang, Scala, Akka, OpenFlow | Models network applications using actors and verifies various correctness properties via existing model-checking mechanisms | Offers framework to model and verify SDN programs using static and dynamic verification tools to validate network behaviour | Proposed mechanism only tries to uncover programming errors by checking only the SDN program |
| Reverse update [115] | Python, OpenFlow switch, naive controller | Ensures maintenance of flow rules characteristics during the transition time | Provides a technique to preserve flow rule properties during the network policy change | Lacks an investigation of the effects of network policy change by analyzing packet violations |
| SVM [116] | Mininet emulator, Floodlight controller | Support vector machine (SVM) algorithm is utilized to judge the traffic and carry out DDoS attack detection | Detects DDoS attacks in SDN to enhance network security | Although this research has the ability to detect DDoS attacks of ICMP traffic, it is less efficient |
| FUPE [127] | iFogSim, MATLAB R2018a, OpenFlow protocol | Security enhancement against TCP SYN flood attacks in fog nodes via SDN paradigm | Node trust profiling | Fault tolerance not considered |
| Security architecture [128] | Mininet-WiFi/ethernet, Openday light | Secure and energy-consumption-aware communication in cyber-physical systems (CPS) | Transactional alteration localized using blockchains | No real testbed, only simulation-based evaluation |
| DHCPguard [131] | Floodlight, ONOS, POX | Sends messages to controller and blocks malicious nodes at forwarding device interfaces | POX controller is designed for DHCP starvation attack mitigation | DHCP failure mitigation not considered |
| Strengthen SDN security [132] | Mininet, POX controller | Strengthening security assurance via protocol dialect approach | Enterprise security | Scalability limitation |
| SDN-based edge computing [137] | MATLAB, SDN controller | SDN-supported authentication, routing from end device to edge server, and inter-edge servers’ communication | Lightweight authentication method, activity migration | Single SDN control channel, low performance of edge server with scaled malicious attempts |
| Near-real-time security [138] | Python, Keras, Mininet, Floodlight, Mininet | Coagulation of the SDN controller using CNN, deployed in any ISP from malicious IoTs | Control channel security | Control channel overhead not discussed |
| On-the-fly [139] | Floodlight controller, Java, Mininet | Integrates online learning method to limit packet-in rate while tending to the controller queue and switch space capacity | Malicious nodes remain restricted until they are identified as trustworthy | Scalability (hybrid controller placement) |
| Securing a smart healthcare system [143] | Android, Arduino Nano V3.0 ATMEGA328, Linux, Python | Helpful for patient data preservation and blocking unauthorized access | Provision of healthcare system security | Lacking in integration of SDN control function |