Abstract

As Software-Defined Networking (SDN) gained traction in 2018, its separation of the control and data planes introduced both architectural flexibility and new security challenges. This research investigates the attack vectors specific to SDN environments—such as controller hijacking, flow rule manipulation, and DoS targeting centralized control. The study evaluates threat detection techniques including flow anomaly analysis, policy validation, and controller redundancy. It also proposes a hybrid intrusion prevention model that combines machine learning with rule-based policies for real-time mitigation. Using a real-world case study of an SDN deployment in a university campus network, this paper analyzes the effectiveness of layered security mechanisms in securing programmable infrastructure. The findings contribute to a more secure deployment strategy for SDN in enterprise and carrier-grade networks.