"SDN网络中饱和攻击的检测与应对策略研究：机器学习方法与时间窗口优化"

The dissertation titled "Detection and Countermeasure of Saturation Attacks in Software-Defined Networks" by Samer Yousef Khamaiseh explores the issue of DoS saturation attacks in Software-Defined Networks (SDN) and proposes solutions to detect and mitigate such attacks. SDN, with its separation of control plane and data plane, has revolutionized network traffic management, but it also introduces security vulnerabilities, such as DoS saturation attacks that can deplete resources in both control and data planes. Existing machine learning detection methods for saturation attacks in SDN often rely on predefined time windows to analyze network traffic, particularly focusing on TCP-SYN flooding attacks. However, the duration of saturation attacks can vary widely, and prolonged attacks can significantly impact the entire SDN environment. Balancing the time window size is crucial as a too large window may delay detection response, while a too small window might result in unreliable detection results and increased performance overhead. One of the key challenges in detecting saturation attacks is the limited adoption of machine learning detection systems in real-world scenarios, particularly in identifying unknown attacks not represented in the training dataset. Addressing these unknown attacks is essential to enhance the overall security posture of SDN environments. In conclusion, this dissertation provides valuable insights into the detection and mitigation of saturation attacks in SDN through machine learning methodologies. By addressing the challenges of time window sizing and unknown attack detection, the research contributes to strengthening the security of SDN networks against DoS saturation attacks.