A Review of Cyber Threat Detection in Software-Defined and Virtualized Networking Infrastructures

Abstract

The convergence of Software-Defined Networking (SDN) and Network Function Virtualization (NFV) has transformed the design and management of modern networks by enabling programmability, flexibility, and scalability. While these technologies bring significant advantages for cloud computing, IoT, and 5G, they also expand the cyber-attack surface and expose critical vulnerabilities in control, data, and virtualization layers. Attackers are increasingly exploiting centralized controllers, open APIs, and hypervisors, resulting in advanced persistent threats, malicious virtual functions, denial-of-service (DoS/DDoS) campaigns, and intrusions targeting multi-tenant infrastructures. Detecting such threats is particularly challenging because traditional methods, such as signature-based and rule-driven intrusion detection, often fail against novel, stealthy, or polymorphic attacks. Consequently, adaptive and intelligent mechanisms such as machine learning models, real-time monitoring, and distributed detection systems have emerged to mitigate risks effectively. This paper reviews cyber threat detection in SDN and NFV environments, analyzing vulnerabilities, detection methods, and research contributions. It also highlights the advantages and limitations of traditional and modern techniques while emphasizing the growing role of AI-enabled approaches in enhancing network resilience against evolving threats. Future research must focus on intelligent, automated, and scalable security frameworks for next-generation SDN/NFV ecosystems.