Software-defined networking (SDN) is a network paradigm that decouples control and data planes from network devices and places them into separate entities. In SDN, the controller is responsible for controlling the logic of the entire network while network switches become forwarding elements that follow rules to dispatch flows. There are, however, several limitations in such a paradigm, as compared to conventional networking. For example, the controller is sensitive to a broad range of attacks, including distributed denial of service (DDoS) attacks. In this paper, we provide a systematic survey of existing DDoS detection and mitigation strategies in SDN. Based on the review of articles published between 2013 and May 2020, we provide a taxonomy of DDoS detection strategies (e.g., statistical, SDN architecture, and machine learning) and emerging approaches (e.g., network function virtualization, blockchain, honeynet, network slicing, and moving target defense). We also discuss existing challenges associated with SDN security and the implementation of security solutions, prior to identifying future research opportunities.

软件定义网络（SDN）是一种网络范例，可将控制平面和数据平面与网络设备分离，并将它们放置在单独的实体中。在SDN中，控制器负责控制整个网络的逻辑，而网络交换机则成为遵循规则调度流量的转发元素。但是，与常规联网相比，这种范例存在一些局限性。例如，控制器对广泛的攻击敏感，包括分布式拒绝服务（DDoS）攻击。在本文中，我们提供了对SDN中现有DDoS检测和缓解策略的系统调查。根据2013年至2020年5月之间发表的文章的回顾，我们提供了DDoS检测策略（例如统计，SDN架构，和机器学习）和新兴方法（例如，网络功能虚拟化，区块链，蜜网，网络切片和移动目标防御）。在确定未来的研究机会之前，我们还将讨论与SDN安全和安全解决方案的实施相关的现有挑战。