针对不同SDN架构的DDoS攻击防御系统综述

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-09-12 DOI:10.1016/j.comnet.2025.111711

Mitali Sinha

{"title":"针对不同SDN架构的DDoS攻击防御系统综述","authors":"Mitali Sinha","doi":"10.1016/j.comnet.2025.111711","DOIUrl":null,"url":null,"abstract":"<div><div>Software-Defined Networking (SDN) is gaining popularity as the new generation networking platform across diverse domains such as 5G, IoT, and cloud computing. Its widespread acceptance is due to the innovative principle of decoupling the network’s control logic from its data-forwarding hardware. This decoupling allows network administrators to dynamically configure and manage network resources through software, providing unparalleled flexibility and agility. SDN has two types of architectures: pure SDN and hybrid SDN, each designed to meet specific requirements like pure SDN is often used in environments where there is a need for dynamic network management, such as data centers and cloud computing environments, hybrid SDN is commonly implemented in existing network infrastructures where organizations want to gradually adopt SDN without completely overhauling their network architecture. This study aims to present a comprehensive survey of Distributed Denial of Service (DDoS) attack defense systems for different types of SDN architectures. Specifically, this research (a) classifies DDoS defense systems based on the SDN architectures and conducts a comparative analysis of existing studies for each architecture, (b) develops a set of guidelines to enhance current DDoS defense solutions, and (c) identifies several future research directions for designing DDoS defense mechanisms against emerging DDoS attack types in the context of SDN. This work is distinct from previous studies as DDoS defense solutions are analyzed based on the specific architectures of SDN, an aspect not addressed in prior surveys.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111711"},"PeriodicalIF":4.6000,"publicationDate":"2025-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A comprehensive survey of DDoS attack defense systems for different SDN architectures\",\"authors\":\"Mitali Sinha\",\"doi\":\"10.1016/j.comnet.2025.111711\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Software-Defined Networking (SDN) is gaining popularity as the new generation networking platform across diverse domains such as 5G, IoT, and cloud computing. Its widespread acceptance is due to the innovative principle of decoupling the network’s control logic from its data-forwarding hardware. This decoupling allows network administrators to dynamically configure and manage network resources through software, providing unparalleled flexibility and agility. SDN has two types of architectures: pure SDN and hybrid SDN, each designed to meet specific requirements like pure SDN is often used in environments where there is a need for dynamic network management, such as data centers and cloud computing environments, hybrid SDN is commonly implemented in existing network infrastructures where organizations want to gradually adopt SDN without completely overhauling their network architecture. This study aims to present a comprehensive survey of Distributed Denial of Service (DDoS) attack defense systems for different types of SDN architectures. Specifically, this research (a) classifies DDoS defense systems based on the SDN architectures and conducts a comparative analysis of existing studies for each architecture, (b) develops a set of guidelines to enhance current DDoS defense solutions, and (c) identifies several future research directions for designing DDoS defense mechanisms against emerging DDoS attack types in the context of SDN. This work is distinct from previous studies as DDoS defense solutions are analyzed based on the specific architectures of SDN, an aspect not addressed in prior surveys.</div></div>\",\"PeriodicalId\":50637,\"journal\":{\"name\":\"Computer Networks\",\"volume\":\"272 \",\"pages\":\"Article 111711\"},\"PeriodicalIF\":4.6000,\"publicationDate\":\"2025-09-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Networks\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1389128625006772\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625006772","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

软件定义网络（SDN）作为5G、物联网、云计算等跨领域的新一代网络平台，越来越受欢迎。它的广泛接受是由于将网络的控制逻辑与其数据转发硬件解耦的创新原理。这种解耦允许网络管理员通过软件动态配置和管理网络资源，提供无与伦比的灵活性和敏捷性。SDN有两种类型的架构：纯SDN和混合SDN，每一种都是为了满足特定的需求而设计的。纯SDN通常用于需要动态网络管理的环境，如数据中心和云计算环境，混合SDN通常在现有的网络基础设施中实现，组织希望逐步采用SDN，而不需要彻底改变其网络架构。本研究旨在对不同类型SDN架构的分布式拒绝服务（DDoS）攻击防御系统进行全面调查。具体而言，本研究(a)基于SDN架构对DDoS防御系统进行分类，并对每种架构的现有研究进行比较分析；(b)制定了一套指导方针，以增强当前的DDoS防御解决方案；(c)确定了针对SDN背景下新兴的DDoS攻击类型设计DDoS防御机制的几个未来研究方向。这项工作与以前的研究不同，因为DDoS防御解决方案是基于SDN的特定架构进行分析的，这是以前的调查没有解决的一个方面。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A comprehensive survey of DDoS attack defense systems for different SDN architectures

Software-Defined Networking (SDN) is gaining popularity as the new generation networking platform across diverse domains such as 5G, IoT, and cloud computing. Its widespread acceptance is due to the innovative principle of decoupling the network’s control logic from its data-forwarding hardware. This decoupling allows network administrators to dynamically configure and manage network resources through software, providing unparalleled flexibility and agility. SDN has two types of architectures: pure SDN and hybrid SDN, each designed to meet specific requirements like pure SDN is often used in environments where there is a need for dynamic network management, such as data centers and cloud computing environments, hybrid SDN is commonly implemented in existing network infrastructures where organizations want to gradually adopt SDN without completely overhauling their network architecture. This study aims to present a comprehensive survey of Distributed Denial of Service (DDoS) attack defense systems for different types of SDN architectures. Specifically, this research (a) classifies DDoS defense systems based on the SDN architectures and conducts a comparative analysis of existing studies for each architecture, (b) develops a set of guidelines to enhance current DDoS defense solutions, and (c) identifies several future research directions for designing DDoS defense mechanisms against emerging DDoS attack types in the context of SDN. This work is distinct from previous studies as DDoS defense solutions are analyzed based on the specific architectures of SDN, an aspect not addressed in prior surveys.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.