w-disaster/svm-ddos-sdn

The project is a classic academic-style prototype for SDN security, likely created for a thesis or coursework. With only 30 stars and zero activity for over four years, it lacks any community momentum or production-grade hardening. The use of SVM for network anomaly detection was a common research topic circa 2015-2018 but has since been superseded by more robust deep learning approaches (CNNs, LSTMs) and Graph Neural Networks (GNNs) that better capture network topology. From a competitive standpoint, this project has no moat; the logic is a standard application of scikit-learn on network flow features (likely derived from OpenFlow stats). Large-scale platforms like AWS (Shield), Cloudflare, and enterprise SDN vendors (Cisco, Juniper) provide far more sophisticated, hardware-accelerated, and globally distributed DDoS mitigation. The 'displacement horizon' is marked as 6 months because the technology is already effectively obsolete in a production context, and any developer could replicate this functionality in a few days using modern ML libraries and SDN controllers like Ryu or ONOS.