Software-Defined Networking Security Detection Strategies and Their Limitations with a Focus on Distributed Denial-of-Service for Small to Medium-Sized Enterprises

Software-defined Networking (SDN) has immense potential for network security due to its centralized control and programmability. However, this concentration provides an attractive attack vector for Distributed Denial-of-Service (DDoS), particularly in small and medium-sized enterprises (SMEs) with limited budget and network security resources. This study presents a systematic review of the articles reporting SDN-based DDoS detection and mitigation, focusing on SMEs. Querying eight major databases (2020–2025) resulted in 59 articles (14 reviews, 45 experimental). Two distinct models emerged: (i) lightweight and efficient models and (ii) high-accuracy hybrid deep learning models, with lower resource efficiency. These models were predominantly validated through simulations, raising concerns around their overfitting as SME traffic is heterogeneous and bursty. Mitigation of the attacks leveraged the programmability of SDN but has been rarely evaluated alongside detection models and almost never in live SDN-SME settings. This study’s findings highlighted a lightweight screening solution at the network edge, which is resource-aware and employs a minimal trigger interface to the controller for mitigation rule insertion. This conceptual design aligns well with the constraints of SMEs by minimising the computational load on the central controller while enabling an efficient and rapid response to network security.