Describe the typical end-to-end process of detecting and responding to a DDoS attack using machine learning in an SDN network.

The end-to-end process typically involves several stages. First, **data collection**: The SDN controller instructs switches to collect and forward flow statistics and other network metrics to a monitoring module. Second, **feature extraction**: Relevant features are extracted from the raw network data, such as packet rates, unique IP counts, and entropy values. Third, **ML model inference**: These features are fed into a pre-trained machine learning model (e.g., classification or anomaly detection model) that continuously analyzes the traffic patterns. Fourth, **detection**: If the model identifies an anomaly or classifies traffic as a DDoS attack, it triggers an alert. Finally, **mitigation**: The SDN controller receives the alert and dynamically pushes new flow rules to the network switches to block, rate-limit, or redirect the malicious traffic, effectively neutralizing the attack in real-time or near real-time.