Challenges and Opportunities in Anomaly Detection in SDN Using Computational Intelligence
Abstract
The increasing complexity of computer networks, driven by Software-Defined Networking (SDN), necessitates advanced Computational Intelligence (CI) techniques to enhance security and reliability. In this context, this study conducts a systematic literature mapping on the application of CI for anomaly detection in SDN. The analysis highlights various techniques and architectures, emphasizing the importance of diverse datasets—including real-world networks—to ensure model generalization. Key challenges such as high computational costs, the security of CI modules, and model interpretability are discussed. Finally, the study underscores emerging opportunities and the need for flexible architectures that integrate multiple CI techniques to improve anomaly detection in SDN.
References
Abd Al-Ameer, A. A. and Bhaya, W. S. (2023). Enhanced intrusion detection in softwaredefined networks through federated learning and deep learning. Ingenierie des Systemes d’Information, 28(5):1213.
Abubakar, A. and Pranggono, B. (2017). Machine learning based intrusion detection system for software defined networks. In 2017 seventh international conference on emerging security technologies (EST), pages 138–143. IEEE, IEEE.
Al-Ameer, A., Asraa, A., and Bhaya, W. S. (2023). Intelligent intrusion detection based on multi-model federated learning for software defined network. International Journal of Safety & Security Engineering, 13(6).
Alshammari, N. et al. (2024). Security monitoring and management for the network services in the orchestration of sdn-nfv environment using machine learning techniques. Computer Systems Science and Engineering, 48(2):363–394.
AĞCA, M. A., Faye, S., and Khadraoui, D. (2023). Trusted distributed artificial intelligence (tdai). IEEE Access, 11:113307–113323.
Bagaa, M., Taleb, T., Bernabe, J. B., and Skarmeta, A. (2020). A machine learning security framework for iot systems. IEEE Access, 8:114066–114077.
Bittencourt, L., Immich, R., Sakellariou, R., Fonseca, N., Madeira, E., Curado, M., Villas, L., DaSilva, L., Lee, C., and Rana, O. (2018). The internet of things, fog and cloud continuum: Integration and challenges. Internet of Things, 3-4:134 – 155.
Boero, L., Marchese, M., and Zappatore, S. (2017). Support vector machine meets software defined networking in ids domain. In Inter. Teletraffic Congress (ITC). IEEE.
Das, T., Shukla, R., and Sengupta, S. (2021). The devil is in the details: Confident & explainable anomaly detector for software-defined networks. pages 1–5.
Dawoud, A. A., Shahristani, S. S., and Raun, C. (2018). A deep learning framework to enhance software defined networks security. In 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA). IEEE.
Dinh, P. T. and Park, M. (2021). R-edos: Robust economic denial of sustainability detection in an sdn-based cloud through stochastic recurrent neural network. IEEE Access.
do Prado, P. F., Peixoto, M. L. M., Araújo, M. C., Gama, E. S., Gonçalves, D. M., Silva, M. V. S., Immich, R., Madeira, E. R. M., and Bittencourt, L. F. (2021). Mobile Edge Computing for Content Distribution and Mobility Support in Smart Cities, pages 473–500. Springer International Publishing, Cham.
Dybå, T. and Dingsøyr, T. (2008). Empirical studies of agile software development: A systematic review. Information and Software Technology, 50(9-10):833–859.
Jagadeesan, L. J. and Mendiratta, V. (2016). Programming the network: Application software faults in software-defined networks. In 2016 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pages 125–131. IEEE.
Krzemien, W., Jedrasiak, K., Nawrat, A., and Daniec, K. (2021). Anomaly detection in software-defined networks using cross-validation. In 2021 International Conference on Electrical, Computer and Energy Technologies (ICECET), pages 1–7. IEEE.
Le, D.-H., Tran, H.-A., Souihi, S., and Mellouk, A. (2021). An ai-based traffic matrix prediction solution for software-defined network. In ICC 2021 - IEEE International Conference on Communications, pages 1–6. IEEE.
Mathas, C. M., Segou, O. E., Xylouris, G., Christinakis, D., Kourtis, M.-A., Vassilakis, C., and Kourtis, A. (2018). Evaluation of apache spot’s machine learning capabilities in an sdn/nfv enabled environment. In Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES 2018.
Min, W., Almughalles, W., Muthanna, M. S. A., Ouamri, M. A., Muthanna, A., Hong, S., and Abd El-Latif, A. A. (2024). An sdn-orchestrated artificial intelligence-empowered framework to combat intrusions in the next generation cyber-physical systems. HUMAN-CENTRIC COMPUTING AND INFORMATION SCIENCES, 14.
Nobakht, M., Sivaraman, V., and Boreli, R. (2016). A host-based intrusion detection and mitigation framework for smart home iot using openflow. In 2016 11th International Conference on Availability, Reliability and Security (ARES), pages 147–156. IEEE.
Oliveira, I., Neto, E., Immich, R., Fontes, R., Neto, A., Rodriguez, F., and Rothenberg, C. E. (2021). dh-aes-p4: On-premise encryption and in-band key-exchange in p4 fully programmable data planes. In 2021 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pages 148–153.
Pan, X., Yang, H., Xu, Z., and Zhu, Z. (2022). Adversarial analysis of ml-based anomaly detection in multi-layer network automation. In Journal of Lightwave Technology, volume 40, pages 4934–4944. IEEE.
Petersen, K., Feldt, R., Mujtaba, S., and Mattsson, M. (2008). Systematic mapping studies in software engineering. In Proceedings of the 12th International Conference on Evaluation and Assessment in Software Engineering, EASE’08.
Phan, T. V., Nguyen, T. G., Dao, N.-N., Huong, T. T., Thanh, N. H., and Bauschert, T. (2020). Deepguard: Efficient anomaly detection in sdn with fine-grained traffic flow monitoring. IEEE Transactions on Network and Service Management, 17(3).
Protogerou, A. and et. al. (2022). Time series network data enabling distributed intelligence. a holistic iot security platform solution. In Electronics. MDPI.
Qi, Q., Shen, R., Wang, J., Sun, H., Guo, S., and Liao, J. (2021). Spatial-temporal learning-based artificial intelligence for it operations in the edge network. In IEEE Network, volume 35, pages 197–203. IEEE.
Santos da Silva, A., Wickboldt, J. A., Granville, L. Z., and Schaeffer-Filho, A. (2016). Atlantic: A framework for anomaly traffic detection, classification, and mitigation in sdn. In 2016 IEEE/IFIP Network Operations and Management Symposium. IEEE.
Silva, D., Fontes, R., Neto, A., Silva, G., and Immich, R. (2023). Esquema de autenticação e acordo de chaves para internet das coisas. In Anais do XXVIII Workshop de Gerência e Operação de Redes e Serviços, pages 125–138, Porto Alegre, RS, Brasil. SBC.
Song, C., Park, Y., Golani, K., Kim, Y., Bhatt, K., and Goswami, K. (2017). Machine-learning based threat-aware system in software defined networks. In 2017 26th International Conference on Computer Communication and Networks (ICCCN). IEEE.
Starke, A., McNair, J., Trevizan, R., Bretas, A., Peeples, J., and Zare, A. (2018). Toward resilient smart grid communications using distributed sdn with ml-based anomaly detection. In Wired/Wireless Internet Communications.
Tsogbaatar, E., Bhuyan, M. H., Taenaka, Y., Fall, D., Gonchigsumlaa, K., Elmroth, E., and Kadobayashi, Y. (2020). SDN-Enabled IoT Anomaly Detection Using Ensemble Learning. IFIP Advances in Information and Communication Technology. Springer.
Zabeehullah, Arif, F., Khan, N. A., Haq, Q. M. u., Asim, M., and Ahmad, S. (2024). An sdn-ai-based approach for detecting anomalies in imbalance data within a network of smart medical devices. IEEE Consumer Electronics Magazine, 13(6):28–36.
Zhao, Y., Yan, B., Liu, D., He, Y., Wang, D., and Zhang, J. (2018). Soon: self-optimizing optical networks with machine learning. Opt. Express, 26(22):28713–28726.
Abubakar, A. and Pranggono, B. (2017). Machine learning based intrusion detection system for software defined networks. In 2017 seventh international conference on emerging security technologies (EST), pages 138–143. IEEE, IEEE.
Al-Ameer, A., Asraa, A., and Bhaya, W. S. (2023). Intelligent intrusion detection based on multi-model federated learning for software defined network. International Journal of Safety & Security Engineering, 13(6).
Alshammari, N. et al. (2024). Security monitoring and management for the network services in the orchestration of sdn-nfv environment using machine learning techniques. Computer Systems Science and Engineering, 48(2):363–394.
AĞCA, M. A., Faye, S., and Khadraoui, D. (2023). Trusted distributed artificial intelligence (tdai). IEEE Access, 11:113307–113323.
Bagaa, M., Taleb, T., Bernabe, J. B., and Skarmeta, A. (2020). A machine learning security framework for iot systems. IEEE Access, 8:114066–114077.
Bittencourt, L., Immich, R., Sakellariou, R., Fonseca, N., Madeira, E., Curado, M., Villas, L., DaSilva, L., Lee, C., and Rana, O. (2018). The internet of things, fog and cloud continuum: Integration and challenges. Internet of Things, 3-4:134 – 155.
Boero, L., Marchese, M., and Zappatore, S. (2017). Support vector machine meets software defined networking in ids domain. In Inter. Teletraffic Congress (ITC). IEEE.
Das, T., Shukla, R., and Sengupta, S. (2021). The devil is in the details: Confident & explainable anomaly detector for software-defined networks. pages 1–5.
Dawoud, A. A., Shahristani, S. S., and Raun, C. (2018). A deep learning framework to enhance software defined networks security. In 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA). IEEE.
Dinh, P. T. and Park, M. (2021). R-edos: Robust economic denial of sustainability detection in an sdn-based cloud through stochastic recurrent neural network. IEEE Access.
do Prado, P. F., Peixoto, M. L. M., Araújo, M. C., Gama, E. S., Gonçalves, D. M., Silva, M. V. S., Immich, R., Madeira, E. R. M., and Bittencourt, L. F. (2021). Mobile Edge Computing for Content Distribution and Mobility Support in Smart Cities, pages 473–500. Springer International Publishing, Cham.
Dybå, T. and Dingsøyr, T. (2008). Empirical studies of agile software development: A systematic review. Information and Software Technology, 50(9-10):833–859.
Jagadeesan, L. J. and Mendiratta, V. (2016). Programming the network: Application software faults in software-defined networks. In 2016 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pages 125–131. IEEE.
Krzemien, W., Jedrasiak, K., Nawrat, A., and Daniec, K. (2021). Anomaly detection in software-defined networks using cross-validation. In 2021 International Conference on Electrical, Computer and Energy Technologies (ICECET), pages 1–7. IEEE.
Le, D.-H., Tran, H.-A., Souihi, S., and Mellouk, A. (2021). An ai-based traffic matrix prediction solution for software-defined network. In ICC 2021 - IEEE International Conference on Communications, pages 1–6. IEEE.
Mathas, C. M., Segou, O. E., Xylouris, G., Christinakis, D., Kourtis, M.-A., Vassilakis, C., and Kourtis, A. (2018). Evaluation of apache spot’s machine learning capabilities in an sdn/nfv enabled environment. In Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES 2018.
Min, W., Almughalles, W., Muthanna, M. S. A., Ouamri, M. A., Muthanna, A., Hong, S., and Abd El-Latif, A. A. (2024). An sdn-orchestrated artificial intelligence-empowered framework to combat intrusions in the next generation cyber-physical systems. HUMAN-CENTRIC COMPUTING AND INFORMATION SCIENCES, 14.
Nobakht, M., Sivaraman, V., and Boreli, R. (2016). A host-based intrusion detection and mitigation framework for smart home iot using openflow. In 2016 11th International Conference on Availability, Reliability and Security (ARES), pages 147–156. IEEE.
Oliveira, I., Neto, E., Immich, R., Fontes, R., Neto, A., Rodriguez, F., and Rothenberg, C. E. (2021). dh-aes-p4: On-premise encryption and in-band key-exchange in p4 fully programmable data planes. In 2021 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pages 148–153.
Pan, X., Yang, H., Xu, Z., and Zhu, Z. (2022). Adversarial analysis of ml-based anomaly detection in multi-layer network automation. In Journal of Lightwave Technology, volume 40, pages 4934–4944. IEEE.
Petersen, K., Feldt, R., Mujtaba, S., and Mattsson, M. (2008). Systematic mapping studies in software engineering. In Proceedings of the 12th International Conference on Evaluation and Assessment in Software Engineering, EASE’08.
Phan, T. V., Nguyen, T. G., Dao, N.-N., Huong, T. T., Thanh, N. H., and Bauschert, T. (2020). Deepguard: Efficient anomaly detection in sdn with fine-grained traffic flow monitoring. IEEE Transactions on Network and Service Management, 17(3).
Protogerou, A. and et. al. (2022). Time series network data enabling distributed intelligence. a holistic iot security platform solution. In Electronics. MDPI.
Qi, Q., Shen, R., Wang, J., Sun, H., Guo, S., and Liao, J. (2021). Spatial-temporal learning-based artificial intelligence for it operations in the edge network. In IEEE Network, volume 35, pages 197–203. IEEE.
Santos da Silva, A., Wickboldt, J. A., Granville, L. Z., and Schaeffer-Filho, A. (2016). Atlantic: A framework for anomaly traffic detection, classification, and mitigation in sdn. In 2016 IEEE/IFIP Network Operations and Management Symposium. IEEE.
Silva, D., Fontes, R., Neto, A., Silva, G., and Immich, R. (2023). Esquema de autenticação e acordo de chaves para internet das coisas. In Anais do XXVIII Workshop de Gerência e Operação de Redes e Serviços, pages 125–138, Porto Alegre, RS, Brasil. SBC.
Song, C., Park, Y., Golani, K., Kim, Y., Bhatt, K., and Goswami, K. (2017). Machine-learning based threat-aware system in software defined networks. In 2017 26th International Conference on Computer Communication and Networks (ICCCN). IEEE.
Starke, A., McNair, J., Trevizan, R., Bretas, A., Peeples, J., and Zare, A. (2018). Toward resilient smart grid communications using distributed sdn with ml-based anomaly detection. In Wired/Wireless Internet Communications.
Tsogbaatar, E., Bhuyan, M. H., Taenaka, Y., Fall, D., Gonchigsumlaa, K., Elmroth, E., and Kadobayashi, Y. (2020). SDN-Enabled IoT Anomaly Detection Using Ensemble Learning. IFIP Advances in Information and Communication Technology. Springer.
Zabeehullah, Arif, F., Khan, N. A., Haq, Q. M. u., Asim, M., and Ahmad, S. (2024). An sdn-ai-based approach for detecting anomalies in imbalance data within a network of smart medical devices. IEEE Consumer Electronics Magazine, 13(6):28–36.
Zhao, Y., Yan, B., Liu, D., He, Y., Wang, D., and Zhang, J. (2018). Soon: self-optimizing optical networks with machine learning. Opt. Express, 26(22):28713–28726.
Published
2025-07-20
How to Cite
FERNANDES, Rivaldo; KREUTZ, Diego; FONTES, Ramon; GOMES, Rafael Lopes; IMMICH, Roger.
Challenges and Opportunities in Anomaly Detection in SDN Using Computational Intelligence. In: PROCEEDINGS OF BRAZILIAN SYMPOSIUM ON UBIQUITOUS AND PERVASIVE COMPUTING (SBCUP), 17. , 2025, Maceió/AL.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 101-110.
ISSN 2595-6183.
DOI: https://doi.org/10.5753/sbcup.2025.9106.
