SDN-based solutions for malware analysis and detection: State-of-the-art, open issues and research challenges

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-07-02 DOI:10.1016/j.jisa.2025.104145

Cristian H.M. Souza , Túlio Pascoal , Emidio P. Neto , Galileu B. Sousa , Francisco S.L. Filho , Daniel M. Batista , Felipe S. Dantas Silva

{"title":"SDN-based solutions for malware analysis and detection: State-of-the-art, open issues and research challenges","authors":"Cristian H.M. Souza , Túlio Pascoal , Emidio P. Neto , Galileu B. Sousa , Francisco S.L. Filho , Daniel M. Batista , Felipe S. Dantas Silva","doi":"10.1016/j.jisa.2025.104145","DOIUrl":null,"url":null,"abstract":"<div><div>Software-Defined Networking (SDN) has emerged as a key technology for countering evolving malware threats in 5G and Internet-of-Things (IoT) environments. This paper provides a comprehensive survey of SDN-based strategies for malware analysis and detection, consolidating several hundred candidate works and distilling a focused set of studies published up to April 2025. We examine approaches ranging from static code inspection and heuristic traffic monitoring to advanced machine learning and deep learning frameworks, demonstrating that these methods consistently achieve high detection accuracy with low false-positive rates while imposing only modest latency and resource overhead. We illustrate how SDN’s centralized control and programmable data plane enable rapid policy updates and real-time mitigation of malicious flows, surpassing traditional network defense mechanisms. Our review clarifies how AI-driven techniques enhance the identification of novel and obfuscated malware, and highlights persistent challenges such as the need for standardized datasets, controller scalability, and privacy-preserving inspection. By synthesizing key insights, open issues, and future research directions, this survey underscores the essential role of SDN in fortifying contemporary cybersecurity architectures.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104145"},"PeriodicalIF":3.8000,"publicationDate":"2025-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625001826","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Software-Defined Networking (SDN) has emerged as a key technology for countering evolving malware threats in 5G and Internet-of-Things (IoT) environments. This paper provides a comprehensive survey of SDN-based strategies for malware analysis and detection, consolidating several hundred candidate works and distilling a focused set of studies published up to April 2025. We examine approaches ranging from static code inspection and heuristic traffic monitoring to advanced machine learning and deep learning frameworks, demonstrating that these methods consistently achieve high detection accuracy with low false-positive rates while imposing only modest latency and resource overhead. We illustrate how SDN’s centralized control and programmable data plane enable rapid policy updates and real-time mitigation of malicious flows, surpassing traditional network defense mechanisms. Our review clarifies how AI-driven techniques enhance the identification of novel and obfuscated malware, and highlights persistent challenges such as the need for standardized datasets, controller scalability, and privacy-preserving inspection. By synthesizing key insights, open issues, and future research directions, this survey underscores the essential role of SDN in fortifying contemporary cybersecurity architectures.

查看原文本刊更多论文

基于sdn的恶意软件分析和检测解决方案：最先进的、开放的问题和研究挑战

软件定义网络（SDN）已成为应对5G和物联网（IoT）环境中不断发展的恶意软件威胁的关键技术。本文提供了基于sdn的恶意软件分析和检测策略的全面调查，整合了数百个候选作品，并提炼了截至2025年4月发表的一组重点研究。我们研究了从静态代码检查和启发式流量监控到先进的机器学习和深度学习框架的方法，证明这些方法始终如一地实现高检测精度和低误报率，同时只带来适度的延迟和资源开销。我们说明了SDN的集中控制和可编程数据平面如何实现快速策略更新和实时缓解恶意流量，超越传统的网络防御机制。我们的综述阐明了人工智能驱动技术如何增强对新型和模糊恶意软件的识别，并强调了诸如标准化数据集、控制器可扩展性和隐私保护检查等持续存在的挑战。通过综合关键见解、开放问题和未来研究方向，本调查强调了SDN在加强当代网络安全架构中的重要作用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.