Sage Journals: Discover world-class research

Abstract

Wireless sensor networks (WSNs) are very prone to ongoing security threats due to its resource constraints and unprotected transmission medium. WSN contains hundreds and thousands of resource-constrained and self-organized sensor nodes. These sensor nodes are usually organized in a distributed manner; thus, it permits the creation of an ad hoc network without predefined infrastructure or centralized management. As WSNs are going to get control of real-time applications, where a malicious activity can cause serious damage, the inherent challenge is to fortify the security enforcement in these networks. As a solution, software-defined network (SDN) has come out and has been merged with WSN to form what is known as software-defined wireless sensor network (SDWSN). SDWSN has come into existence, and it legitimizes network operators with more flexibility and control over the network. SDWSN has more tightened the security enforcement based on the global view and centralized control of the network topology. Moreover, machine learning (ML)–based and deep learning (DL)–based network intrusion detection systems (NIDS) have been introduced to the SDN environment to protect the networks against anomaly threats. In this review article, we illustrated the SDN–based security approaches to WSN followed by its architectures, advantages, and possible security threats. Finally, ML/DL–based NIDS integrated with the SDN controller is proposed as a complete solution for the WSN environment to confront the ongoing anomaly threats and to sufficiently protect the network against both known and unknown attacks.

Keywords

Software-defined network wireless sensor network software-defined wireless sensor network network intrusion detection systems machine learning deep learning

Introduction

Wireless sensor network (WSN) is the accumulation of several wireless devices (nodes) used to deploy in different applications for information monitoring or control applications. The WSN was primarily proposed for the areas where wired network was not possible due to nodes’ mobility or for infrastructure-lacking environment. It comprises hundreds and thousands of resource-constrained and self-organized sensor nodes. The dispersed nature of these sensor nodes allows the institution of an ad hoc network,¹ which does not adapt to any fixed infrastructure or centralized management. Numerous applications of WSN have been emerged, particularly for monitoring² and tracking³ purpose. Several challenges arise while managing these highly distributed and dynamic networks. Especially, due to the dynamic nature of topology, the networks are more vulnerable to different types of threats. Moreover, the nature of communication is unprotected and unsafe inside WSN due to its limited processing capacities.^4,5 There may be higher chances of security attacks to such networks. As WSNs are very prone to security attacks, security is one of the top concerns in this domain.

Several methods have been researched and built up to solve these challenges in WSN; some of these methods revolve around the concept of software-defined network (SDN). SDN is a new paradigm shift in networking architecture.^6–8 The concept is simply based on separating the control and data plane. The network routes are determined by the control plane, and the data plane is simply given to forward the network packets.⁹

Some efforts have been made to apply the concept of SDN to WSN called software-defined wireless sensor network (SDWSN). SDWSN brings the management flexibility and programmability to the network.¹⁰ Integration of SDN provides module-based functionalities to the controller where the functionality can be added or removed according to application requirements. Due to its tremendous advantages for the sensor-based networks, SDWSN is being constantly researched and developed.^10,11 Several management approaches for WSN have been proposed in the last few years.^12,13 However, it is still not freed from security challenges and faced a multitude of security challenges inherited from both SDN and WSN,¹⁴ which has become a bottleneck in its operations and applicability. However, there has been a little emphasis on how SDN may improve the security issues in WSN environment.¹⁵

SDN features are facilitating innovative applications, dictating a new networking paradigm capable of implementing network intrusion detection systems (NIDSs).¹⁶ Furthermore, machine learning (ML) and deep learning (DL) approaches can be used in NIDS integrated with SDN controllers to enhance network monitoring and security.¹⁷ The attackers always try to generate new form of attacks that cannot be detected by signature-based intrusion detection schemes. To tackle with these anomaly threats, ML- and DL-based trained model is the sole manner to identify these unknown threats based on the previous data knowledge.^18–20 It has also been argued that ML/DL-based NIDS provides more satisfactory results to protect the SDNs against anomaly threats.^16,21,22

In this follow-up article, first, we briefly presented the concept of WSN, SDN, and its combined approach called SDWSN. Different types of SDN-based approaches are given by following its architectures and benefits to the WSN environment, from a security perspective. The possible security challenges in both SDN and WSN, which are transferable to SDWSN, have also been identified. In addition, the possibility of security threats to SDWSN is highlighted in detail. As a solution, ML/DL-based NIDS has been proposed to completely secure the SDWSN against different anomaly-based attacks. Finally, the current research gap is introduced along with future research directions to catch the attention of researcher in this highly demanded area.

The remainder of this article has been organized as follows: the concept of SDN and WSN followed by a discussion of network softwarization for wireless network environment has been introduced in “Wireless network softwarization” section. The current possible security threats and challenges to the SDWSN have been presented in “Security threats and challenges to SDWSN” section. In “Network intrusion detection system” section, the ML/DL concept is given along with its integration to NIDS for SDN platform. “Research issues and future work” section proposes ML/DL-based NIDS to completely secure the SDWSN and also highlights the current security loopholes in the proposed system along with future research directions, and the article is concluded in “Conclusion” section.

Wireless network softwarization

The concept of wireless network sofwarization has been planned with an architecture featuring a clean-cut separation between a data and a control plane. The architecture was realized by considering several limitations in WSN—the limtations, including resource underutilization, that are rigid to policy changes, hard to manage, and so on. In this section, we first discussed the concept of SDN, WSN, and SDWSN in details, and then briefly presented the SDN-based solutions that are presently being used for WSNs.

Software-defined network

Traffic control and packet forwarding remained the principle focal point of every networking device. Traditionally, each networking device first takes routing decision by consulting stored information of the topology and then performs packet forwarding according to a configured protocol mechanism. All the traditional devices running on the same concept build the information first on its routing table. The routing table acts as a feedback provider and packet routing decisions are made based on this structured data. The finalized rules are inserted by the controller to the network switch using OpenFlow protocol.²³ With the increasing data traffic, sensor nodes faced a lot of challenges in terms of energy consumption, limited power source, delay tolerance, and topology management.^24–26 Several methods are proposed for energy efficiency, delay and fault tolerance, and scalability issues.^24,27,28 But the notable point is that the traditional network equipment performs dual jobs: controlling and forwarding. The node consumes most of the resources in decision-making process. It is an effort-demanding task to manage dense networks and become extremely difficult in case of any fault occurrence to track the desired one. The dramatic increase in Internet traffic demands for efficient resource utilization. However, network design is also proposed for efficient management.²⁹ But the main hurdle is the combination of the control plane and data plane residing at the same device as shown in Figure 1(a).

Figure 1.

SDN controlled switch versus traditional network switch.

SDN³⁰ concept proposed to provide the solution by splitting the control plane from the data plane is shown in Figure 1(b). Networking devices are used to control virtually from a centralized software which is called control layer, while the data traveling process is performed by the device itself. SDN is a paradigm shift³¹ to shape the limitation of current network infrastructure. Separation of control logic and data logic of underlying network devices is performed first, and then the device is dedicated for forwarding plane in the second phase. It simplifies the device to obtain the instruction from the virtual controller rather to take intelligent decision by itself. The controller work as a central policy management system to manage a range of control function for the whole network. In first generation, the SDN was based on OpenFlow;²³ currently, it is being kept up by the Open Network Foundation (ONF).³² A high-level architecture overview for SDN is shown in Figure 2.

Figure 2.

SDN architecture.

The SDN architecture mainly consists of three layers: application, control, and data forwarding. The application layer is dedicated for operators to monitor and configure the network in an abstract way. It consists of application services, interacting with controller switch through the northbound interface. The control switch consists of one or a combination of controllers (e.g. Open Network Operating System (ONOS)³³ and OpenDayLight), which keeps the network in a virtual dynamic form. Controller switch exists in the middle and listens to the user request to convey with the physical network via southbound interfaces (e.g. ForSA,³⁴ OpenFlow, and ForCES).³⁵ SDN controller is simply like a software entity that receives abstract knowledge about data plane resources. SDN controller can be deployed same as a software element on any number of physical device, and distributed elements are necessary to synchronize at peak and keep a flexible aspect of data.

The significant result of SDN principles is the break-up of data commands and data flow in the middle of network procedure in switch. This leads to better monitoring and flexible management, divides the network fault into traceable pieces, makes the network more dynamic, and simplifies the evolution of network. SDN got interest from both academia and industry for its notable compatibility to provide a common platform for heterogeneous networks.³⁶

Wireless sensor network

WSN are the sensor node networks deployed in various areas like atmosphere monitoring,³⁷ working environment monitoring,³⁸ industrial process monitoring,³⁹ and health care monitoring.⁴⁰ Each node has three main physical components: radio (for signaling), power source (battery), and micro-controller (for processing). These networks consist of small individual sensors cooperatively pass data through hopes to its sink or controller for further processing and acting. A sensor node can be stable or moving, aware of its location or not. The sink node is considered as a controller for its local network to perform desired operations. There are two types of sink node in WSN, single sink and multiple sink as shown in Figure 3.

Figure 3.

Sink node–based topology of WSN.

Single sink mode has scalability issue. With the increase in network size, the single sink node might become overloaded to handle the heavy data traffic. It also has delay-tolerant issue, and in case of any fault occurrence, the whole network might be unavailable. The multiple sink mode ensures better performance for a network. It overcomes the single mode limitations by increasing the probability of delivery if one path unavailable the other may active.

WSN got interest for its simplicity of deployment and cost-effectiveness. However, it has a little measure of resource particular of memory and processing capacities. A better management is a difficult task due to its resource constraints. Nevertheless, the usage of WSN increases and is adopted on a large scale with thousands of sensors working cooperatively for different tasks. From the future perspective, it will be in millions. Table 1 provides some WSN technology implementation in different applications.

Table 1.

WSN technologies in various applications.

Application	Objectives	Technology	Benefits
Military⁴¹	Surveillance for safety and security purpose	Ultra-stable tripods, radar and EcoKit, etc.	Help to reduce the loss from enemy side
Health⁴²	To improve patient care	Three-dimensionally printed biological materials, Optogenetics, iMONNIT and Wisense	Made the patient able to be self-managed by improving his knowledge and also improved the patient compliance
Home	To control your home equipments, for example, lights, heating, and air cooling systems, and to also monitor data consumption of appliance	Bluetooth, WiFi and ZigBee	Ensure the security, energy efficiency, increase convenience and saving time
Agriculture	Used for weather condition and soil properties measurement, for example, temperature, soil moisture, humidity and wind status	PIR sensor, water-level sensor, IR sensor, rain drop sensor, and moisture sensor	Increased production and water conservation, lowered operation costs, accurate farm and field evaluation, remote monitoring

PIR: passive infrared; IR: infrared.

The above table shows that WSN is not limited to specific applications, but take place in almost all major areas of our life. The Internet has billions of interconnected devices over the world. These devices share the information among each other in the form of digital packets. Different networking protocols are designed for communication among them.⁴³ Sometimes, in a same network, the devices may exist in sparse mode. Network protocol and policy for on-the-fly network is a major challenge. Network management is also complicated when it comes to large quantities of devices. As sensor node has constraints of memory size and processing capability, such flexible managing system is required to relieve the individual device from overhead of complex routing. The concept of SDN has been introduced to sensor networks with the realization that all these low-powered devices should be managed from a central entity in a bidirectional way to use the resource allocation in well manner.⁴⁴ SDN is going to emerge as the future of networking by offering simplicity, security, flexibility, scalability, and innovation over the traditional network model. SDN separates the control plane from data plane and keeps the control plane centrally from where the network nodes control remotely. The routing decisions are made by controller and insert the rules to the SDN switch to route the nodes’ packet. SDN reserves the resources of individual node for forwarding purpose. The whole network can be overlooked from controller in an abstract way. The best route is determined by the controller by considering the whole topology.

Software-defined wireless sensor network

The SDN paradigm has been merged with the WSN to form what is known as SDWSN,¹⁰ shown in Figure 4. SDN provides the control part of the network to the application end; thus, a complex network can be centrally managed. Also, it provides an energy-efficient solution to WSN.⁴⁶ The sensor nodes may have deployed in areas where physical access might not be easy and where the device runs at low-powered battery which may not have any renewable energy source. Traditionally, running complex protocols and high computational task is not possible for these low-powered node. SDN provides a broad model to overcome these issues, and above all, it is also very reliable from a security perspective. It is obvious that these tremendous features are highly desirable for WSN nodes. There are many approaches designed^47,48 to implement the SDN concept for WSN. The WSN devices usually seem application specific which creates the need to design a common framework for SDN. It is also necessary to integrate different vendors with different devices for better deployment. For example, when a node is hijacked, the controller may notify to direct the traffic to the NIDS⁴⁹ for further analysis.

Figure 4.

SDWSN architecture.⁴⁵

SDN benefits appropriate for WSN include, but are not limited to, the following:

SDN for energy efficiency of WSN: energy consumption is an increasing trend, mainly for IoT (Internet of Things) appliance. Several methods have been proposed for better energy efficiency of low-powered devices. The energy constraints affect the performance of the whole network. SDN relieves the individual nodes to save its energy considerably.⁴⁶ In traditional network, the node consumes most of its energy in the decision-making process. In the SDN environment, the controller takes the path determination responsibility while the node just consumes the energy for forwarding process. As a result, traffic management, quality of service, and resource allocation can be achieved with lower energy overhead.

SDN for dynamic topology network: in an MANET (mobile ad hoc networks), a VANET (vehicular ad hoc networks), or an FANET (flying ad-hoc networks) scenario, the node appears and disappears simultaneously in the network. At the same time, the multiple node may appear or disappear, which results in dynamic nature of topology. With SDN, the controller can modify or append policy on the fly, but it may generate a lot of control packets exchange between the ordinary nodes and the control plane. This may lead to additional energy consumption. a fuzzy logic–based solution, called Fuzzy Topology Discovery Protocol (FTDP) is proposed⁵⁰ to make the SDN-based WSN more efficient by increasing lifetime of network and decreasing the packet loss.

SDN for network management: network management is more challenging in case of IoT scenario. Normally, different vendor’s devices are implemented with different applications to realize the heterogeneous network. Furthermore, this complex network sub-splits up into software heterogeneous, which focuses on the use of different wireless hardware, and hardware heterogeneous, which focuses on the use of multi-protocols and standards. SDN-based cross layer architecture provides the support to communicate between different devices and protocols.⁵¹ The usage of different vendor components makes the management process more complicated. The cost of managing WSN is relatively high, and tracing the specific fault by physically locating individual component is an additional effort. Therefore, SDN offers the most appropriate approach to reduce the administration effort and cost.

SDN for routing protocol: routing mechanism can be highly improved in OpenFlow-based SDWSN. A new OpenFlow-based hybrid routing protocol is proposed for wireless environment, which runs faster and is able to run independently in case of controller failure.¹⁶ The routing protocol integrated with SDN has outperformed the traditional protocols in terms of death node number, network lifetime, and, more specifically, the better transmission rate.

SDN-based architectures for WSN

Some of the notable, proposed architectures for using SDN in WSN are as follows:

SDWSN:

SDN was essentially proposed for wired network and the OpenFlow protocol did not possess the capacity to fulfill WSN requirement. Therefore, with some modifications, a new protocol called Sensor OpenFlow was proposed, which is the core component of SDWSN.⁵² Sensor OpenFlow was the first approach to consider the technical challenges of WSN. It enabled the communication between control plane and data plane in the context of WSN. It also made the resource-constrained device configurable via high-level programming language. The architecture considered the possible challenges and offered fruitful features. SDN was designed with the assumption that underlying network is composed of high-speed switches such as Ethernet/MPLS (multiprotocol label switching) switches and IP (Internet protocol) routers. Therefore, it represents significant challenges while designing for WSN:

Creating flow which should be data centric in WSN. Whereas in actual (wired), OpenFlow is address centric. Therefore, attribute-based scheme should be implemented.

Sensor OpenFlow controls the channel which is based on end-to-end connection in OpenFlow. However, it should provide TCP/IP (transmission control protocol/Internet protocol) connectivity.

Traffic overhead tends to be large in sensor network due to the dynamic nature of WSN.

Sensor always generates continuous data traffic.

Data aggregation should be performed on sensor node to reduce the data redundancy.

The above-identified challenges have been resolved with a suite of preliminary solutions, which are as follows:

Two optional cases are presented: the first case is to redefine a flow table (non-IP scheme) using predefined addressing scheme. For this purpose, OpenFlow extendible Match (OXM) field is used to match the flow. Furthermore, two new features are added, OXM-SOF-SRC and OXM-SOF-DST, for source and destination matching purpose, respectively. The second case is to augment WSN with IP address for which IPv4 and IPv6 stack are recommended.

Two solutions for control plane: if non-IP solution is chosen by operator, then channel can offer at the top of transport protocols. Otherwise, channel would be self-supplied in case of IP base solution. The addresses scheme was generally unavailable in WSN, which is addressed by SDWSN to ensure orderly message delivery by deploying TCP-IP stack.

The control traffic mainly comprises packet-in and packet-out. When an unknown packet received by sensor node, it generates packet-in (lookup request) toward controller. The controller sends back a packet-out (response) toward sensor node for its query. Hence, in case of multi sensors, multiple request would generate from different sensors simultaneously, which may result in traffic overhead. To tackle with this issue, SDWSN presents a mechanism, that is, once a packet-in is generated by a node, all any other packets will be withdrawn by nodes having same destination address until the corresponding packet-out is received.

To reduce traffic overhead, the packet-in (a flow request to controller) is only sent until the corresponding packet-out (response from controller) is received.

SDWSN presents a mechanism to control the continuous data generation by maintaining the sensor node in different states. For instance, in blocking state, the node would have to synchronously wait until the sensory data become available, and round-ribbon has to periodically check if the sensory data are available.

Data aggregation module is implemented by SDWSN to perform in-network processing if needed when the new data are received and then to send it to flow table. Data aggregation can be obtained via standard operators such as mean, mode, min, and max. The aggregated flows can be managed in flow table but they remained an open issue for researchers.

2. Tiny SDN:

SDWSN does not support the characteristics of interruption, smaller link frame, and communication delay in WSN. Furthermore, in a traditional sensor device, just one radio module exists, which performs transmission and receiving at certain frequency in a specific time. Therefore, the control packet and data packet travel on same path (a feature known as in-band control).

TinySDN⁵³ was proposed to deploy SDN paradigm in WSN by running multiple small controllers within the network. It makes the sensor node to be able to support SDN paradigm, and the sensor node now can work as a node and an SDN switch as well. The communication standard IEEE 802.15.4⁵⁴ (which is being currently used) had very limited bandwidth, which often results in network overhead. The solution is achieved by placing multiple controllers in the network, one of them work as sink per area to further simplify the network. Thus, the network overhead has been significantly reduced. SDN sensor node and SDN sensor controller are the core components of proposed architecture.

SDN node consists of the followings:

Application layer (generate data and place on API) for which it uses TinyOS,⁵³

Controller within sensor node to check whether the incoming packet matches the flow table,

ActiveMessageC which ensures the sensor node communication with radio module.

SDN controller node consists of the followings:

Sensor mote module which works as a communication enabler between sensor network and the central controller,

Control server which holds the control logic of the network and injects rules via mote to the physical network.

For network topology discovery, the TinySDN uses Collection Tree Protocol,⁵⁵ a well-known route discovery protocol for WSN. TCP collects data from one or more nodes and sends to one or more root nodes. The support of multiple root controllers and hardware independence are the prominent features of this scheme.

3. SDN-WISE:

SDN-WISE was the first attempt to create node environment that can support SDN functionalities. The node would take forwarding decision without querying controller when the information is locally available. This tremendous feature is enabled by network function virtualization (NFV) in sensor node and thus it can considerably reduce the network overhead. The node executes a trusted firmware that has full control on node peripheral. This firmware is responsible to restrict node execution behavior according to instruction directed by trusted platform module (TPM). TPM ensures the node current context and instructs accordingly. For instance, Apple proposed⁵⁶ a solution to disable all the recording functionalities of smart phone in prohibited area.

SDN-WISE architecture⁵⁶ was presented with the following objectives:

To enhance the existing solution functionalities,

To control the network traffic flow in more flexible way,

To control duty cycle of nodes via SDN controller,

To increase energy efficiency of sensor node,

To provide API on node side for information access,

To enable virtualization on node side for geographic routing, and

To support on-the-spot operation on node side to behave according to the context.

The topology discovery protocol also runs on node side to gather neighbor nodes information and build a path toward controller. The packet contains the identity of node/sink, current battery level, and distance from the node to sink or sink to controller. The generated information is use to deliver to the controller for topology making and best path determination. The network overhead problem has been solved by introducing geographic routing feature,⁵⁷ which reduces the signaling overhead and flow entries the table has to sustain. A new type of packet format has been introduced for this geographic routing feature. In geographic routing, the node relays the incoming packet to its connected neighbor which is near to destination.

ONOS³³ is the core component of the framework for all these functionalities. It is an open source network operating system for SDN. ONOS is extended for SDN architecture which consists of Northbound, Distributed Core, and Southbound. Northbound API has concern with end user and provides access to SDN-WISE’s services, which is independent of hardware characteristic. The Distributed Core relies between Northbound and Southbound APIs which host computational services, for example, context discovery, topology discovery, best path planning, and rule identification. Southbound lies between physical network and Core Distributing. Southbound provides higher layer of resource-supported services, for example, layer 2 packet format and sensor-generated data format.

SDN-WISE is a comprehensive architecture for resource-constrained networks. It enabled visualization functionalities by leveraging operating system, which can further have used to implement any function in the network like geographic routing. The second accomplishment is that the node can be regulated via TPM mechanism to behave in the network context accordingly. Thus, SDN-WISE is the most appropriate solution for future wireless sensor networking whose behavior can be limited to comply with current setting. The overview and detailed comparison for different SDN based WSN architectures have been presented in Table 2.

Table 2.

Overview and comparison of SDN-based WSN architectures.

Paper	Core component	Target challenges	Addressed features	Special point	Limitation
SDWSN	Sensor OpenFlow	Resource underutilization, counter productivity, rigidity in policy changes and network management in WSN.	Source/destination-based matching, deployed TCP/IP stack via SDN for end-to-end connectivity, reduced network overhead by controlling simultaneous request, run sensor node in different states to reduce data generation and data aggregation module for in-network processing.	First effort to combine SDN with WSN.	Cannot support variety of protocols.
TinySDN	TinyOS, sensors, and controller which are based on SDN.	Energy supply, communication latency, and smaller link layer frames.	CTP for topology discovery, provides flexibility in the SDN communication, memory allocation does not compromise the use of other device features and does not introduce delay in the forwarding task after establishment of data flow.	Introduces a new model in which multiple SDN controllers can be used in WSN; node can work as controller switch and end device at same time, and support SDN across different platforms.
SDN-WISE	ONOS, NFV, TPM	To render WSN module in communication and processing and to define on the fly operation for node.	Each node maintains its state, rules support operators for flow identification, consumes power according to current transmission condition, controls duty cycle of node, provides software abstraction of node’s resources on both controller and switch, highly molder design, geographic routing for overhead reduction	Enables NFV to apply any network function andnode behaves according to current context via remote regulation.

SDN: software-defined network; WSN: wireless sensor network; SDWSN: software-defined wireless sensor network; TCP/IP: transmission control protocol/Internet protocol; CTP: collection tree protocol; ONOS: open network operating system; NFV: network function virtualization; TPM: trusted platform module.

Security threats and challenges to SDWSN

Security is one of the top concerns in WSN. A new network paradigm of trust, security, and privacy is required to address the possible threats to the wireless networks. Consequently, SDN provides an efficient, reliable, and flexible network management solution. OpenFlow is the most commonly used protocol for communication between controller and switches, which defines control messages to enable secure communication path. Moreover, OpenFlow enables fast response to security threats and the flow rules (forwarding decisions). Using OpenFlow, the network switches can be dynamically modified in order to adapt to different network changes.

SDN has been merged with WSN to control and manage highly densified sensor networks. Although it has achieved greater efficiency and sustainable heterogeneity in the WSN,⁵⁸ the security challenges inherited from both SDN and WSN are combined in SDWSN. In this section, we first presented the possible threats to SDN and WSN separately and then reviewed security advantages and challenges brought by SDN to WSN environment.

Security in SDN

Although SDN offers numerous advantages for securing networks, it also raises questions about new vulnerabilities.⁶ SDN itself is intended to introduce new security mechanisms that were not previously possible. It might detect the attacks in an easier and reliable way, but also increase the attack surface.⁵⁹ There are opposite opinions that security problems in SDN are manageable or even more complex to properly secure.⁶⁰ For example, inconsistencies of network policies can be ensured with centralization, but the central controller is single point of failure and the attacker may able to gain entire view of the network from a single location. Attacks against SDN controllers and the introduction of malicious controller apps are probably the most severe threats to SDN.⁶¹ The possible security threats to the SDN environment are as highlighted below:

Attack by host and switch: when a malicious data packet does not match by flow regulation at the switch, the switch immediately transmits it to the controller. The processing of malicious packet creates opportunity for the malicious hosts to take over the network access. Second, in case DoS/DDoS (denial of service/distributed denial of service) attack,⁶² the controller might be resulted in failure of the whole network. Finally, the flow rules information can be captured from the switch via side channel attacking techniques.⁶³

Network topology: the controller builds up its topology record by looking at the topology protocol’s packet, for example, LLDP (Link Layer Discovery Protocol), IGMP (Internet Group Management Protocol), and ARP (Address Resolution Protocol) generated by the switches. There are possibilities of spoofing these packets by malicious hosts, which can result in network topology corruption and illegitimate flow rules to the switch.

Data plane forwarding: malicious hosts try to consume the resources of controller and switches by generating DoS/DDoS attacks in the network.

The FS-OpenSecurity⁶⁴ model is a protocol-independent defense framework, which addresses the above challenges and prevents attacks on all three planes in the SDN platform. Moreover, SDN network can be protected against different types of known vulnerabilities using rosemary⁶⁴ and the security can be more strengthened with range of frameworks,^15,65–68 but the common drawback is that all these cannot work against unknown threats.

Security in WSN

WSNs are more vulnerable to a range of security threats due to resource limitations and physical exposure of sensor devices. The networks are often deployed in a publicly accessible environment and lack the computational resource availability. In general, the attacks can be broadly categorized into goal oriented, performance oriented, and layer oriented.^69,70 Active and passive attack are the types of goal oriented. In passive attacks, the malicious host monitors network activity without any privileged access; in active attacks, the attacker uses passively generated information against the network to obtain admission. Outside and inside attacks are the types of performance oriented. The outside attacks are where the attacker monitors transmission medium and tries to inject false data to cause failure in the network. In the inside attack, the intruder tries to get privileges as a legitimate user and then tries to launch their desired attacks. The outside or inside attacks boundaries are not so clear and easy, as they often cause similar behavior. Therefore, we discussed the attack types for individual layer. Finally, the layer-oriented attacks target various layers of the network stack.⁷¹

Physical layer: the lowest layer where the packets are transmitted in the form of signals. The signals are wirelessly broadcasted, which makes it more susceptible to range of attacks such as eavesdropping, jamming, and hardware hacking.

Data link layer: it offers a shared access to the medium for nodes, also check for transmission errors. Jamming and collision attacks can be launched against this layer.

Network layer: it creates a routing path for node communication where a malicious node access in the network can cause a broad range of internal attacks. Spoofing, replaying, and selective forwarding are the common attacks for this layer.

Transport layer: if offers the end-to-end reliability to the data transmission. The data can be compromised during transmission by altering the content or injecting false data.

Application layer: it deals with the end user and is susceptible to application bugs or range of malware attacks.

Multilayer attacks: it can be the combination of previously defined attacks residing on different layers to target the WSN protocol. DoS and man in the middle attacks are the well-known example.

A considerable consideration has been given to WSN protocols to satisfy the communication needs of diverse applications.^72,73 Although the sensor node resources can be used with kind of lightweight protocols, it cannot fulfill the diverse range of security requirements for each layer.⁷¹ For example, physical and media access control (MAC) layer security is based on cryptographic algorithms, network layer security is based on identity authentication, and the transport layer required two-way authentication scheme. Neither WSN protocols have been designed with the security goal in mind, nor it can fulfill the security demand of individual layer. Therefore, it is highly desirable to take the security requirements into account as a whole and design an appropriate solution.

Security in SDWSN

SDN approaches toward WSN resulted to form a new paradigm called SDWSN.¹⁴ In SDWSN, the control logic is used to handle a central controller, and the sensor node is dedicated for packet forwarding purpose. Many problems have been resolved using this approach in terms of sustainability and interoperability in WSNs. Especially, this new paradigm presents many advantages while considering security in WSN.

The centralized programmable control plane resulted in centralized security management. The security policy configuration of two to seven layers can be centrally controlled. The required changes can be made effectively based on the abstract view of the entire network. Also, it frees up the sensor node resources significantly. As a result, it allows the implementation of effective security algorithms in the WSNs. Moreover, the abstract view of network speeds up the process of malicious activity identification. The most significant characteristic is that sensor node is only committed to taking control commands from the controller and hence it cannot be used for malicious purpose. Nevertheless, it is possible to use it as a gateway for other nodes.

The use of SDN is gaining high momentum and has been widely adopted by security research communities. The Flowvisor⁷⁴ framework offers security feature on top of the controller to verify each incoming/outgoing connection according to predefined security policies. By doing so, the malicious traffic generated by cybercriminals can be blocked using access list. Moreover, several strategies have been used to timely detect DDoS attacks in a centralized manner.^75,76 The network programmability feature of SDN controller increased the deployment of security applications and also provided several advantages to extend the network functionalities.⁷⁷

The dynamic updates of flow rules are the key feature of SDN, which raise the challenges of appropriate security mechanism in network applications. Therefore, various SDN-based security functions such as firewall and IDS/IPS (intrusion detection system/intrusion prevention system) have been designed and implemented.⁷⁸ Moreover, the SDN-based flow management feature is extremely important where the objects communicate more frequently, for example, industrial control system (ICS). An IDS has been positioned to analyze traffic flow of the sensitive or unknown traffic stream in the network.⁷⁹

The WSN devices are susceptible to range of attacks, especially due to open radio access and the plain text of metadata. The SDN can bring the advantages of protection and reconfiguration to these devices. Founded on these motivations, a computational framework is suggested to offer a program to control and secure information exchanges for devices in an ad hoc network.⁸⁰ The cluster-based mechanism is used in the proposed system, where each cluster has a cluster head to control the devices in its own cluster. The cluster heads are also able to communicate with each other and with the controller via an inter-domain link. In addition, a dynamic firewall is attached with each cluster head to monitor the network traffic for malicious activities.

A hierarchical framework is offered for the WSN environment, which improves the security in the network by taking low complexity and high security requirements into account.⁸¹ The framework of the proposed system consists of low level and high level of attack detection. The sensor node has simple rules installed to perform low-level detection. Sensor node reports the sink node in case of unknown event occurrence. High-level detection is performed on sink node, programmed with complex rules. Grounded along the high-level rules, the sink node determines whether the event is suspected to malicious user or normal. The role of the SDN controller in the framework is to generate the current probabilities for the attacks. It performs the attack mitigation based on the topology and vulnerability information from the network. The scheme resulted in better feasibility and efficiency.

However, SDN offered considerable security features and architectures to WSN environment, but it is not free from security challenges. SDWSN is more vulnerable to security attacks due to lack of major security components like middleware and transport layer security (TLS).⁸² The centralized controller also poses a single point of failure and is also prone to DoS and intrusion attacks. However, efforts have been to mitigate the possible attacks in SDWSN but not completely mitigated.⁸² Some threats can be adopted from SDN and WSN. The threats which are inherited from SDN are forged traffic flow, forwarding device attacks, DoS attack against control plane, and lack of trust between controller and management applications.⁸³

In after mentioning work, the security issues have been carefully considered and resolved considerably. But all of the existing approaches are designed for well-known attacks and are still unable to respond to unknown threats. So it can be argued that all these methods are even prone to anomaly threats and thus are not the perfect security solutions.

Network intrusion detection system

In the response to increasing cyber-attacks, NIDS has been one of the top concerns among research communities. Detection and protection against cyber-attacks at early stage is on the focused issue. NIDS is used to detect intending activities trying to get unauthorized access or creating network failure by generating malicious traffic. Abnormality detection speed, accuracy, and reliability are the common factors on which the performance and success rate of an NIDS can be quantified. Effort has been made to improve the detection accuracy based on ML techniques.⁸⁴ And DL has likewise been adopted¹⁸ as an advanced stream of ML. The recent approaches focus on the deployment of ML-based NIDS to the SDN environment.¹⁶ Hence, the network monitoring and security can be advanced by implementing ML approaches into the SDN environment.

Research work has been done for the integration of DL approaches with NIDS. A deep neural network is made to classify the characteristics of normal and abnormal traffic, and integrated this anomaly detection algorithm into OpenFlow switch using a controller.¹⁶ In addition, a DDoS detection system is proposed, which comprises three different modules implemented on the top of the controller.⁸⁵ The DL model is further used to extract the features from the traffic and perform real-time classification task.

The performance of algorithms in NIDS can be compared based on performance metrics. The metrics includes accuracy, false negative rate (FNR), false positive rate (FPR), time used, and memory consumption. The detection is always performed based on two common techniques called signature and anomalies based. The signature-based techniques are based on predefined set of rules. The signatures are used to store into the database where it checks for the packets known to be malicious. The disadvantage is that it requires detailed knowledge of each attack pattern and is not capable of discovering new types of attacks on its own. Unlike the signature-based techniques, the anomaly-based IDS is event driven. First, it defines the normal network and then continuously monitors the activities inside the network. If it finds any activity differs from normal behavior, then it marks the event susceptible. A comparison of these two methods is presented in Table 3, based on different performance metrics.

Table 3.

Comparison of detection method.

Mechanism	Speed	Robustness	Reliability	Flexibility	Scalability	Alarm rate
Signature-based detection	Higher	Lower	Higher	Lower	Lower	Lower
Anomaly-based detection	Lower	Higher	Moderate level	Higher	Higher	Higher

ML/DL in NIDS

ML is used to create a trained model by implicitly identifying hidden pattern from the data.⁸⁶ The trained model is used for further data analysis. ML-based techniques resulted in improved performance of autonomous systems in terms of better detection rate and decreased computation cost as well.⁸⁷ There are three types of ML techniques called supervised, unsupervised, and semi-supervised learning.⁸⁸

In supervised learning, the algorithm predicts unknown data based on defined input labels. In intrusion detection systems, support vector machine (SVM) and random forest are being widely applied for classification and regression problems, respectively. These both algorithms are preferred due to its better classification power and practicality in computation.⁸⁶

In unsupervised learning technique, the algorithms model the underlying structure or distribution in the data in order to find out more about the data. The example of unsupervised learning includes clustering (self-organizing map (SOM)) and feature reduction (principal component analysis). These are used to speed up the unlabeled feature learning process.⁸⁹ Also, these have been used for feature selection before classification.⁹⁰ Moreover, SOM has been used for payload size reduction in NIDS.⁹¹

Semi-supervised learning is the combination of both supervised and unsupervised learning that uses both labeled and unlabeled data, usually mostly unlabeled. Two semi-supervised-based approaches called Spectral Graph Transducer and Gaussian Fields are used for anomaly detection. One semi-supervised clustering method called metric pairwise constrained K-means (MPCK-means) is used to improve the performance of the detection system.⁹² In addition, the accuracy of NIDS has been improved via semi-supervised SVM.⁹³

ML/DL-based NIDS in SDN

ML-based intrusion detection systems in SDN environment provide better security enforcement. The abstract view of network provides a better chance to strengthen the network security. A block diagram of intrusion detection system in the SDN architecture is shown in Figure 5. DL algorithms are the advanced approach that permits the systems to learn the data with various levels of generalization. It has been applied to intrusion detection and many other domains.⁹⁴ Table 4 presents an overview of methods and usage of different DL approaches used for NIDS in SDN.

Figure 5.

NIDS in SDN environment.

Table 4.

DL-based approaches for NIDS in SDN environment.

Author	Method	Usage
Mehdi⁸⁴	Anomaly detection techniques: TRW-CB, rate limiting, maximum entropy detector, and NETAD.	Detect unknown threats from traffic
Tang¹⁶	Anomaly detection in traffic flow using DL	Detect unknown threats from traffic
Braga⁷⁵	SOM and unsupervised ANN	Lightweight DDoS Flooding Attack
Jankowski⁹⁵	SOM and learning vector quantization.	Intrusion detection
Niyaz⁸⁵	Stack auto-encoder feature reduction with DL	Detect denial of service threats

DL: deep learning; NIDS: network intrusion detection systems; SDN: software-defined network; SOM: self-organizing map; ANN: artificial neural network; DDoS: distributed denial of service.

It can be seen that DL techniques are gaining more interest by research community compared to ML. It performed better than ML techniques when applied to classification problems in SDN.⁸⁵ It takes more inputs to form an output that results in better finding correlation in the data. So it is more adaptable method for advance intrusion detection techniques.⁸⁶ As most of the attacks are unknown to systems, unsupervised learning algorithms are the only feasible solution to undertake. Therefore, recurrent neural network (RNN)-based⁹⁶ and hybrid-based algorithms⁹⁷ would be the finest solutions for NIDS implementation in SDN platform.

Research issues and future work

An intelligent threat detection system is highly desirable but is less explored in WSN domain. Developing an exhaustive detection solution is highly demanded, which can endure the continuing anomaly threats in the WSN. According to the research work on ML/DL-based intrusion detection system in the SDN environment, it can be arguing that detection accuracy has significantly improved. Hence, it would be the finest solution to implement this ML/DL-based NIDS approach to the SDWSN. By doing so, each controller would have an NIDS attached to continuously monitor the traffic behavior at bottom level. In large distributed environment, the network can be divided into clusters where each cluster head⁸⁰ would have an NIDS attached. Moreover, the detection capability should also be provided to the sensor node to some extent. In the development of targeted system, there are some challenges in developing flexible and efficient protection system for the WSN environment:

The ML/DL-based system is the only quick fix to confront the unknown threats in the network. However, the potent challenge is to use a proper feature selection method that can match the significance of features to intrusion detection and the excess between features.⁸¹ Hence, it is a research challenge in ML/DL to determine the perfect number of model parameters and improve the computation practicality.

The efficient packet processing is the bottom-line challenge in the NIDS integrated with SDN controller.

The implementation of ML/DL-based NIDS with high volume of data is also a big challenge that needs to be addressed.⁹⁸

The SDN controller performance degradation is due to the control packets overhead in large networks. The integration of NIDS with SDN controller might increase the control packets for monitoring purpose, which will put more packets overhead on the controller. Therefore, to cut back the controller bottleneck and implement NIDS is another research challenge.⁷⁶

The sensor node has limited resources in terms of power and computational capabilities, which can be easily compromised and can be encountered to its own network for malicious actions. Therefore, effective and lightweight security algorithm is required to perform low-level detection in the network. In Wu et al.,⁸¹ a simple rule-based mechanism is used at the node level to detect some common attacks, but it cannot respond to anomaly threats. To completely address this issue, the controller needs to generate probabilities from the whole network behavior and distribute the dynamic rules to the end nodes in distributed manner.

Conclusion

In this review article, we briefly provided the concept of network softwarization, followed by its importance and security approaches toward sensor-based networks. It is stated that SDN has an integral role in overseeing and protecting the complex network particular to WSN. The role of SDN in the wireless network environment is shown along with its existing architectures, advantages, and research challenges. It has been argued that ML/DL-based NIDS is more appropriate solution to the SDN environment to keep the network protected against anomaly threats. Also, we introduced the research challenges associated with the ML/DL systems to NIDS. Ultimately, the ML/DL learning–based NIDS is proposed as a complete protection solution to the SDWSN platform to cope with growing anomaly threats.

Footnotes

Handling Editor: Mohsin Iftikhar

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work has supported by the Xiamen University Malaysia Research Fund (XMUMRF) (Grant No. XMUMRF/2019-C3/IECE/0007).

ORCID iD

Raja Majid Mehmood

References

Al-Sultan

Al-Doori

Al-Bayatti

, et al. A comprehensive survey on vehicular ad hoc network. J Netw Comput Appl 2014; 37: 380–392.

Kanagaraj

Kamarudin

Zakaria

, et al. Cloud-based remote environmental monitoring system with distributed WSN weather stations. In: Proceedings of the 2015 IEEE Sensors, Busan, South Korea, 1–4 November 2015. New York: IEEE.

Calafate

Lino

Diaz-Ramirez

, et al. An integral model for target tracking based on the use of a WSN. Sensors 2013; 13(6): 7250–7278.

Alam

. Analysis of security threats in wireless sensor network. https://arxiv.org/ftp/arxiv/papers/1406/1406.0298.pdf

Pathan

A-SK

. Security of self-organizing networks: MANET, WSN, WMN, VANET. London: CRC Press, 2015.

Kreutz

Ramos

FMV

Veríssimo

, et al. Software-defined networking: a comprehensive survey. Proc IEEE 2015; 103(1): 14–76.

Jararweh

Al-Ayyoub

Darabesh

, et al. Software defined cloud: survey, system and evaluation. Fut Generat Comput Syst 2016; 58: 56–74.

Gao

Zeng

Luo

, et al. Scalable control plane for intra-domain communication in software defined information centric networking. Fut Generat Comput Syst 2016; 56: 110–120.

Orfanidis

Increasing robustness in WSN using software defined network architecture. In: Proceedings of the 2016 15th ACM/IEEE international conference on information processing in sensor networks (IPSN), Vienna, 11–14 April 2018. New York: IEEE.

10.

Letswamotse

Malekian

Chen

C-Y

, et al. Software defined wireless sensor networks (SDWSN): a review on efficient resources, applications and technologies. J Internet Technol 2018; 19(5): 1303–1313.

11.

Pritchard

Hancke

Abu-Mahfouz

AM.

Security in software-defined wireless sensor networks: threats, challenges and potential solutions. In: Proceedings of the 2017 IEEE 15th international conference on industrial informatics (INDIN), Emden, 24–26 July 2017. New York: IEEE.

12.

Alves

Oliveira

DAG

Pereira

GCCF

, et al. WS3N: wireless secure SDN-based communication for sensor networks. Secur Communi Netw 2018; 2018: 8734389.

13.

Wang

Zhang

, et al. ETMRM: an energy-efficient trust management and routing mechanism for SDWSNs. Comput Netw 2018; 139: 119–135.

14.

Kobo

Abu-Mahfouz

Hancke

. A survey on software-defined wireless sensor networks: challenges and design requirements. IEEE Access 2017; 5: 1872–1899.

15.

Farris

Taleb

Khettab

, et al. A survey on emerging SDN and NFV security mechanisms for IoT systems. IEEE Communi Surv Tut 2018; 21(1): 812–837.

16.

Tang

Mhamdi

McLernon

, et al. Deep learning approach for network intrusion detection in software defined networking. In: Proceedings of the 2016 international conference on wireless networks and mobile communications (WINCOM), Fez, 26–29 October 2016. New York: IEEE.

17.

Sultana

Chilamkurti

Peng

, et al. Survey on SDN based network intrusion detection system using machine learning approaches. Peer Peer Netw Appl 2019; 12(2): 493–501.

18.

Kasongo

Sun

. A deep learning method with filter based feature engineering for wireless intrusion detection system. IEEE Access 2019; 7: 38597–38607.

19.

Naseer

Saleem

Khalid

, et al. Enhanced network anomaly detection based on deep neural networks. IEEE Access 2018; 6: 48231–48246.

20.

Mishra

Varadharajan

Tupakula

, et al. A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Commun Surv Tut 2018; 21(1): 686–728.

21.

Thaseen

Kumar

. An analysis of supervised tree based classifiers for intrusion detection system. In: Proceedings of the 2013 international conference on pattern recognition, informatics and mobile engineering, Salem, India, 21–22 February 2013. New York: IEEE.

22.

Guo

Wang

Zha

, et al. BotSifter: an SDN-based online bot detection framework in data centers. https://www.nist.gov/publications/botsifter-sdn-based-online-bot-detection-framework-data-centers

23.

McKeown

Anderson

Balakrishnan

, et al. OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput Commun Rev 2008; 38(2): 69–74.

24.

Vieira

MAM

Coelho

da Silva

, et al. Survey on wireless sensor network devices. In: Proceedings of the EFTA 2003. 2003 IEEE conference on emerging technologies and factory automation (Cat. No.03TH8696), Lisbon, 16–19 September 2003. New York: IEEE.

25.

Doherty

Simon

Watteyne

. Wireless sensor network challenges and solutions. Microw J 2012; 55(8): 22–34.

26.

Aziz

Sekercioglu

Fitzpatrick

, et al. A survey on distributed topology control techniques for extending the lifetime of battery powered wireless sensor networks. IEEE Commun Surv Tut 2012; 15(1): 121–144.

27.

Yun

Xia

. Maximizing the lifetime of wireless sensor networks with mobile sink in delay-tolerant applications. IEEE Trans Mob Comput 2010; 9(9): 1308–1318.

28.

Raghuwanshi

Mishra

. A self-adaptive clustering based algorithm for increased energy-efficiency and scalability in wireless sensor networks. In: Proceedings of the 2003 IEEE 58th vehicular technology conference. VTC 2003-Fall (IEEE Cat. No.03CH37484), Orlando, FL, 6–9 October 2003. New York: IEEE.

29.

Raz

Shavitt

. An active network approach to efficient network management. https://link.springer.com/chapter/10.1007/978-3-540-48507-0_20

30.

McKeown

. How SDN will shape networking. Open Networking Summit, 2011. https://www.networkworld.com/article/2220912/open-networking-summit-day-2-cisco-says-we-see-sdn-as-the-next-evolution-of-networkin.html

31.

Manzalini

Saracco

. Software networks at the edge: a shift of paradigm. In: Proceedings of the 2013 IEEE SDN for future networks and services (SDN4FNS), Trento, 11–13 November 2013. New York: IEEE.

32.

Open Network Foundation. https://www.opennetworking.org/

33.

Berde

Gerola

Hart

, et al. ONOS: towards an open, distributed SDN OS. In: Proceedings of the 3rd workshop on hot topics in software defined networking, Chicago, IL, 22 August 2014. New York: ACM.

34.

Cen

Gong

, et al. ForSA-A new software defined network architecture based on forCES. China Commun 2016; 13(Suppl. 1): 16–31.

35.

Doria

Salim

Haas

, et al. Forwarding and control element separation (Forces) protocol specification, 2010. https://tools.ietf.org/html/rfc5810

36.

Sun

Gong

Rong

, et al. An intelligent SDN framework for 5G heterogeneous networks. IEEE Commun Mag 2015; 53(11): 142–147.

37.

Boubrima

Bechkit

Rivano

. Optimal WSN deployment models for air pollution monitoring. IEEE Trans Wirel Commun 2017; 16(5): 2723–2735.

38.

Zhang

Yang

Han

, et al. An integrated environment monitoring system for underground coal mines—wireless sensor network subsystem with multi-parameter monitoring. Sensors 2014; 14(7): 13149–13170.

39.

Chen

Yan

, et al. Ubiquitous monitoring for industrial cyber-physical systems over relay-assisted wireless sensor networks. IEEE Trans Emerg Top Comput 2015; 3(3): 352–362.

40.

Adame

Bel

Carreras

, et al. CUIDATS: an RFID–WSN hybrid monitoring system for smart health care environments. Fut Generat Comput Syst 2018; 78: 602–615.

41.

Ahmad

Shah

Ullah

. Military applications using wireless sensor networks: a survey. Int. J Eng. Sci 2016; 6(6): 7039.

42.

Natarajan

Prasath

Kokila

. Smart health care system using internet of things. J Netw Commun Emerg Technol 2016; 6(3). https://www.jncet.org/Manuscripts/Volume-6/Issue-3/Vol-6-issue-3-M-10.pdf

43.

Wang

Sohraby

, et al. A survey of transport protocols for wireless sensor networks. IEEE Netw 2006; 20(3): 34–40.

44.

Gante A

Aslan

Matrawy

. Smart wireless sensor network management based on software-defined networking. In: Proceedings of the 2014 27th biennial symposium on communications (QBSC), Kingston, ON, Canada, 1–4 June 2014. New York: IEEE.

45.

Modieginyane

Letswamotse

Malekian

, et al. Software defined wireless sensor networks application opportunities for efficient network management: a survey. Comput Elect Eng 2018; 66: 274–287.

46.

Wang

Chen

, et al. An energy-efficient SDN based sleep scheduling algorithm for WSNs. J Netw Comput Appl 2016; 59: 39–45.

47.

Hassan

Vien

Q-T

Aiash

. Software defined networking for wireless sensor networks: a survey. Adv Wirel Commun Netw 2017; 3(2): 10–22.

48.

Anadiotis

A-C

Galluccio

Milardo

, et al. SD-WISE: a software-defined wireless sensor network. Comput Netw 2019; 159: 84–95.

49.

Manso

Moura

Serrão

. SDN-based intrusion detection system for early detection and mitigation of DDoS attacks. Information 2019; 10(3): 106.

50.

Abdolmaleki

Ahmadi

Malazi

, et al. Fuzzy topology discovery protocol for SDN-based wireless sensor networks. Simulat Model Pract Theory 2017; 79: 54–68.

51.

Vahabi

Fotouhi

Björkman

Network management in heterogeneous wireless sensor network applications. In: 2016 3rd smart cloud networks & systems (SCNS), Dubai, United Arab Emirates, 19–21 December 2016. New York: IEEE.

52.

Luo

Tan

H-P

Quek

. Sensor OpenFlow: enabling software-defined wireless sensor networks. IEEE Comm Lett 2012; 16(11): 1896–1899.

53.

De Oliveira

Gabriel

Margi

. TinySDN: enabling multiple controllers for software-defined wireless sensor networks. IEEE Latin Am Trans 2015; 13(11): 3690–3696.

54.

Khalili

Sallent

Piney

, et al. A proposal for an SDN-based SIEPON architecture. Opt Comm 2017; 403: 9–21.

55.

Fonseca

Gnawali

Jamieson

, et al. The collection tree protocol (CTP). Tinyos TEP 2006; 123(2), https://sing.stanford.edu/gnawali/ctp/

56.

Galluccio

Milardo

Morabito

, et al. SDN-WISE: design, prototyping and experimentation of a stateful SDN solution for WIreless SEnsor networks. In: 2015 IEEE conference on computer communications (INFOCOM), Kowloon, Hong Kong, 26 April–1 May 2015. New York: IEEE.

57.

Lee

Bhattacharjee

Banerjee

Efficient geographic routing in multihop wireless networks. In: Proceedings of the 6th ACM international symposium on mobile ad hoc networking and computing, Urbana, IL, 25–27 May 2005. New York: ACM.

58.

Zhu

Yan

Zhang

, et al. SDN-based anchor scheduling scheme for localization in heterogeneous WSNs. IEEE Comm Lett 2017; 21(5): 1127–1130.

59.

Cwalinski

Koenig

. Radiator-an approach for controllable wireless networks. In: 2016 IEEE NetSoft conference and workshops (NetSoft), Seoul, South Korea, 6–10 June 2016. New York: IEEE.

60.

Dacier

Dietrich

Kargl

, et al. Network attack detection and defense: security challenges and opportunities of software-defined networking. Dagstuhl Rep 2017; 6: 1–28.

61.

Scott-Hayward

Natarajan

Sezer

. A survey of security in software defined networks. IEEE Comm Surv Tutor 2015; 18(1): 623–654.

62.

Mousavi

St-Hilaire

. Early detection of DDoS attacks against SDN controllers. In: 2015 international conference on computing, networking and communications (ICNC), Garden Grove, CA, 16–19 February 2015. New York: IEEE.

63.

Liu

Reiter

Sekar

. Flow reconnaissance via timing attacks on SDN switches. In: 2017 IEEE 37th international conference on distributed computing systems (ICDCS), Atlanta, GA, 5–8 June 2017. New York: IEEE.

64.

Shin

Song

Lee

, et al. Rosemary: a robust, secure, and high-performance network operating system. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, Scottsdale, Arizona, 3–7 November 2014, pp.78–89. New York: ACM.

65.

Fawcett

Scott-Hayward

Broadbent

, et al. Tennison: a distributed SDN framework for scalable network security. IEEE J Select Areas Comm 2018; 36(12): 2805–2818.

66.

McGettrick

Slyne

Kitsuwan

, et al. Experimental end-to-end demonstration of shared N: M dual-homed protection in SDN-controlled long-reach PON and pan-European core. J Lightwave Tech 2016; 34(18): 4205–4213.

67.

Abdou

Van Oorschot

Wan

. Comparative analysis of control plane security of SDN and conventional networks. IEEE Comm Surv Tutor 2018; 20(4): 3542–3559.

68.

Lim

Yang

Kim

, et al. Controller scheduling for continued SDN operation under DDoS attacks. Electr Lett 2015; 51(16): 1259–1261.

69.

Chelli

. Security issues in wireless sensor networks: attacks and countermeasures. In: Proceedings of the world congress on engineering, vol. I, London, 1–3 July 2015. London: WCE.

70.

Modares

Salleh

Moravejosharieh

. Overview of security issues in wireless sensor networks. In: 2011 third international conference on computational intelligence, modelling & simulation, Langkawi, Malaysia, 20–22 September 2011. New York: IEEE.

71.

Tomić

McCann

. A survey of potential security issues in existing wireless sensor network protocols. IEEE Internet Things J 2017; 4(6): 1910–1923.

72.

Kumar

Zhao

Wong

, et al. A comprehensive study of IoT and WSN MAC protocols: research issues, challenges and opportunities. IEEE Access 2018; 6: 76228–76262.

73.

Fröhlich

Scheffel

Kozhaya

, et al. Byzantine resilient protocol for the IoT. IEEE Internet Things J 2018; 6(2): 2506–2517.

74.

Sherwood

Gibb

Yap

, et al. Flowvisor: a network virtualization layer. Openflow Switch Consortium Technical Report, 2009, http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.467.4309

75.

Braga

de Souza Mota

Passito

Lightweight DDoS flooding attack detection using NOX/OpenFlow. In: IEEE local computer network conference, Denver, CO, 10–14 October 2010. New York: IEEE.

76.

Yan

Gong

, et al. Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Comm Surv Tutor 2015; 18(1): 602–622.

77.

Trois

del Fabrio

de Bona

LCE

, et al. A survey on SDN programming languages: toward a taxonomy. IEEE Comm Surv Tutor 2016; 18(4): 2687–2712.

78.

Yoon

Park

Lee

, et al. Enabling security functions with SDN: a feasibility study. Comp Netw 2015; 85: 19–35.

79.

di Lallo

Griscioli

Lospoto

, et al. Leveraging SDN to monitor critical infrastructure networks in a smarter way. In: 2017 IFIP/IEEE symposium on integrated network and service management (IM), Lisbon, 8–12 May 2017. New York: IEEE.

80.

Gonzalez

Charfadine

Flauzac

, et al. SDN-based security framework for the IoT in distributed grid. In: 2016 international multidisciplinary conference on computer and energy science (SpliTech), Split, 13–15 July 2016. New York: IEEE.

81.

Ota

Dong

, et al. A hierarchical security framework for defending against sophisticated attacks on wireless sensor networks in smart cities. IEEE Access 2016; 4: 416–424.

82.

Rawat

Reddy

. Recent advances on software defined wireless networking. In: SoutheastCon 2016, Norfolk, VA, 30 March–3 April 2016. New York: IEEE.

83.

Chan

Guizani

. Securing software defined wireless networks. IEEE Comm Mag 2016; 54(1): 20–25.

84.

Mehdi

Khalid

Khayam

. Revisiting traffic anomaly detection using software defined networking. In: Sommer

Balzarotti

Maier

. (eds) International workshop on recent advances in intrusion detection. London: Springer, 2011, pp.161–180.

85.

Niyaz

Sun

Javaid

. A deep learning based DDoS detection system in software-defined networking (SDN). arXiv, 2016, https://arxiv.org/abs/1611.07400

86.

Hodo

Bellekens

Hamilton

, et al. Shallow and deep networks intrusion detection system: a taxonomy and survey. arXiv, 2017, https://arxiv.org/abs/1701.02145

87.

Zamani

Movahedi

. Machine learning techniques for intrusion detection. arXiv, 2013, https://arxiv.org/abs/1312.2177

88.

Aburomman

Reaz

MBI

. Survey of learning methods in intrusion detection systems. In: 2016 international conference on advances in electrical, electronic and systems engineering (ICAEES), Putrajaya, Malaysia, 14–16 November 2016. New York: IEEE.

89.

Heba

Darwish

Hassanien

, et al. Principle components analysis and support vector machine based intrusion detection system. In: 2010 10th international conference on intelligent systems design and applications, Cairo, Egypt, 29 November–1 December 2010. New York: IEEE.

90.

Javaid

Ngoc

Phai

, et al. A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI international conference on bio-inspired information and communications technologies (formerly BIONETICS), New York, 3–5 December 2015. ICST.

91.

Zanero

Savaresi

. Unsupervised learning techniques for an intrusion detection system. In: Proceedings of the 2004 ACM symposium on applied computing, Nicosia, Cyprus, 14–17 March 2004. New York: ACM.

92.

Chen

Gong

Tian

. Semi-supervised learning methods for network intrusion detection. In: 2008 IEEE international conference on systems, man and cybernetics, Singapore, 12–15 October 2008. New York: IEEE.

93.

Haweliya

Nigam

. Network intrusion detection using semi supervised support vector machine. Int J Comp Appl 2014; 85(9): 27–31.

94.

LeCun

Bengio

Hinton

. Deep learning. Nature 2015; 521(7553): 436.

95.

Jankowski

Amanowicz

. On efficiency of selected machine learning algorithms for intrusion detection in software defined networks. Int J Electr Telecomm 2016; 62(3): 247–252.

96.

Yin

Zhu

Fei

, et al. A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 2017; 5: 21954–21961.

97.

Salama

Eid

Ramadan

, et al. Hybrid intelligent intrusion detection scheme. In: Gaspar-Cunha

Takahashi

Schaefer

, et al. (eds) Soft computing in industrial applications. London: Springer, 2011, pp.293–303.

98.

Hao

Bao

. A survey on software-defined network and openflow: from concept to implementation. IEEE Comm Surv Tutor 2014; 16(4): 2181–2206.

A critical review on security approaches to software-defined wireless sensor networking

Abstract

Keywords

Introduction

Wireless network softwarization

Software-defined network

Wireless sensor network

Software-defined wireless sensor network

SDN-based architectures for WSN

Security threats and challenges to SDWSN

Security in SDN

Security in WSN

Security in SDWSN

Network intrusion detection system

ML/DL in NIDS

ML/DL-based NIDS in SDN

Research issues and future work

Conclusion

Footnotes

Declaration of conflicting interests

Funding

ORCID iD

References