Software-defined networking SDN has the potential to revolutionize the management capabilities of a highly distributed military communications environment. Yet, military adoption of SDN is contingent on a thorough analysis of security implications. In this thesis, we investigate a man-in-the-middle MITM attack that exploits the centralized topological view critical to SDN operations. In particular, we present a new scheme for detection and classification of the attack at the network layer. We apply wavelet analysis to detect anomalous conditions introduced by the MITM attack at traffic signals collected at network switch ports. Furthermore, we identify unique characteristics of reported anomalies in the collected traffic signals to build a classification framework. Other cyber events, such as a distributed denial-of-service attack and network congestion, are presented to the detection scheme to validate its general applicability. Overall, we successfully demonstrate the capability to detect and classify the MITM attack in addition to other cyber events at the network layer, thereby contributing to the security of SDN.