Lightweight Machine Learning Models For Smurf DDos Attack Detection In Software-Defined Networks: A Systematic Review
Musa Asmau Mamah, V. O Waziri, S. Ahmed, Noel M. D
Published on October 26th, 2025

DOI: https://doi.org/10.5281/zenodo.18153223

Abstract

Lightweight machine learning models are pivotal in detecting Smurf DDoS attacks within software-defined networks (SDNs), offering an adaptive framework to manage unique traffic patterns and protocol-specific challenges. This paper systematically reviews lightweight machine learning models for Smurf DDoS detection in SDNs, analysing studies published between 2014 and 2025 from ScienceDirect, Web of Science, and Google Scholar. The review identifies key methodologies such as supervised learning, feature selection, and distributed detection architectures, emphasising their scalability and real-time applicability. Despite high reported accuracy levels, challenges persist in computational overhead, latency, and the standardisation of datasets. A significant gap is evident in protocol-specific detection approaches, particularly for ICMP-reflective Smurf attacks, which have critical implications for SDN environments. These gaps highlight the need for specialised, protocol-aware machine learning techniques that can seamlessly integrate into SDN frameworks. This study underscores the necessity of addressing existing limitations to enhance detection systems' efficiency and reliability. Interdisciplinary collaboration and innovative research are essential to developing robust solutions that cater to the dynamic and evolving nature of network security threats. Advanced detection models, capable of adapting to diverse conditions, will be instrumental in reinforcing SDN security and mitigating the impact of Smurf DDoS attacks effectively. The findings contribute to the ongoing discourse on leveraging machine learning for intrusion detection, setting the stage for further advancements in the field.

Keywords

Software-defined networks
Smurf ddos attack
Lightweight machine learning
Intrusion detection systems
Network security

License

This is an open access article distributed under the terms of the Creative Commons Attribution License 4.0 (CC BY 4.0).