Research Information System
INTERNATIONAL JOURNAL OF INFORMATION SECURITY, vol.24, no.5, 2025 (SCI-Expanded)
This systematic literature review provides an extensive examination of Machine Learning (ML), Deep Learning (DL), and hybrid approaches for detecting and mitigating cyber-attacks in Software-Defined Networks (SDN). Covering studies from 2020 to 2024, this review systematically analyzes existing research, classifies methodologies, and identifies key challenges, open issues, and future research directions. A total of 433 research articles were reviewed, with 163 selected for an in-depth taxonomy that categorizes studies based on dataset types, mitigation techniques, feature selection methods, preprocessing strategies, SDN controller types, and attack classifications. This taxonomy, presented in structured tables, enables researchers to conduct comparative analyses and gain deeper insights into ML/DL-based Intrusion Detection and Prevention Systems within SDN environments. Key findings highlight the crucial role of high-quality datasets in ensuring the robustness and accuracy of security models. Despite the advantages of these techniques, challenges such as real-time threat detection, scalable multi-controller platforms, and the lack of comprehensive SDN-specific datasets remain unresolved. Our review underscores the need for adaptive, intelligent security frameworks that can effectively mitigate evolving cyber threats. This study stands as one of the most comprehensive and up-to-date reviews in the field, offering the broadest coverage of ML/DL-based SDN security research and presenting the most detailed taxonomy to date. By synthesizing recent advancements and identifying research gaps, this review serves as a valuable reference for future investigations into enhancing SDN security through AI-driven methodologies.