Software defined network (SDN) decouples the network control and data planes. Despite various advantages of SDNs, they are vulnerable to various security attacks such anomalies, intrusions, and Denial-of-Service (DoS) attacks and so on. On the other hand, any anomaly and intrusion in SDNs can affect many important domains such as banking system and national security. Therefore, the anomaly detection topic is a broad research domain, and to mitigate these security problems, a great deal of research has been conducted in the literature. In this paper, the state-of-the-art schemes applied in detecting and mitigating anomalies in SDNs are explained, categorized, and compared. This paper categorizes the SDN anomaly detection mechanisms into five categories: (1) flow counting scheme, (2) information-based scheme, (3) entropy-based scheme, (4) deep learning, and (5) hybrid scheme. The research gaps and major existing research issues regarding SDN anomaly detection are highlighted. We hope that the analyses, comparisons, and classifications might provide directions for further research.

软件定义的网络（SDN）使网络控制和数据平面分离。尽管SDN具有多种优势，但它们仍容易受到各种安全攻击的影响，例如异常，入侵和拒绝服务（DoS）攻击等。另一方面，SDN中的任何异常和入侵都会影响许多重要领域，例如银行系统和国家安全。因此，异常检测主题是一个广泛的研究领域，并且为了减轻这些安全问题，文献中进行了大量的研究。在本文中，将解释，分类和比较在SDN中检测和缓解异常的最新方案。本文将SDN异常检测机制分为五类：（1）流量计数方案，（2）基于信息的方案，（3）基于熵的方案，（4）深度学习，和（5）混合方案。重点介绍了与SDN异常检测有关的研究差距和主要存在的研究问题。我们希望分析，比较和分类可以为进一步研究提供指导。