The recent emergence of technologies such as Network Functions Virtualization (NFV), Intent based Networking, Internet of Things (IoT), 5G, and Cloud Computing have led to the rapid growth of networks. The inflexibility and vendor-specific nature of traditional network devices are unable to fulfill the requirements of modern data centers. Software-Defined Networking (SDN) has captured data center space due to its innovative features viz. vendor neutrality, programmability, and centralized management. However, SDN is also facing various security threats due to weaknesses in its inherent architecture. This article has attempted to identify various vulnerable points in the SDN framework and has classified the SDN-aimed DDoS attacks based on their impacts. This article presents a systematic literature review on various DDoS defense mechanisms to protect the control plane, data plane, and data-control plane communication channel. In this study, a well-defined methodology is used to select the high-quality research articles of DDoS defense mechanisms in the SDN framework. Among numerous articles published in the last few years, the authors have selected 75 articles with the highest impact factor and citation. Moreover, we present the taxonomy of DDoS defense solutions that classify the reviewed articles based on the attack targets, DDoS defense approaches, testing environment, and traffic generation mechanism. Finally, we identified the research gaps and highlighted various research challenges for future research. This study is intended to serve as a ready reference for the research community to develop more efficient and reliable DDoS defense solutions in the SDN networks.

最近出现的网络功能虚拟化 (NFV)、基于意图的网络、物联网 (IoT)、5G 和云计算等技术导致了网络的快速增长。传统网络设备的不灵活和特定于供应商的性质无法满足现代数据中心的要求。软件定义网络 (SDN) 因其创新功能而占据了数据中心空间。供应商中立性、可编程性和集中管理。然而，SDN由于其固有架构的弱点，也面临着各种安全威胁。本文试图识别 SDN 框架中的各种漏洞，并根据其影响对针对 SDN 的 DDoS 攻击进行分类。本文对保护控制平面、数据平面和数据控制平面通信通道的各种 DDoS 防御机制进行了系统的文献综述。在本研究中，使用定义明确的方法来选择 SDN 框架中 DDoS 防御机制的高质量研究文章。在近几年发表的众多文章中，作者选出了影响因子和引用次数最高的75篇。此外，我们介绍了 DDoS 防御解决方案的分类法，根据攻击目标、DDoS 防御方法、测试环境和流量生成机制对评论文章进行分类。最后，我们确定了研究差距，并强调了未来研究的各种研究挑战。