To search, Click below search items.


All Published Papers Search Service


Adaptive Query Rate for Anomaly Detection with SDN




Vol. 16  No. 6  pp. 43-51


In traditional approach, extracting important features for the application to analyze the anomaly detection problem, introduce significant overhead on the way of switch handling. Furthermore, high volumes of network traffic introduce notable issues that affect the performance and anomaly detection accuracy. Taking advantage of centralized control plane of Software Defined Networking (SDN), the task to handle the flow information is much more simplified programmatically. The accuracy of the measured flow statistic plays important role in anomaly detection. While the use of sampling is capable to lessen the scalability problem of traffic monitoring, the insufficiency of sampled flow statistic may have led to inaccurate detection rate of anomaly. In this paper, we propose an adaptive sampling strategy that is able to provide essential traffic statistics for more accurate anomaly detection in SDN. Our sampling mechanism utilizes the clustering analysis, which is used to classify the attack in the network to determine the severity of monitored traffic. By manipulating the type of service of incoming packet together, these two important parameter formulate our sampling mechanism algorithm. We show experimentally that by putting higher polling frequency on detected anomalous flow, we able to detect network attacks much more accurate.


adaptive poll, anomaly detection, network security, OpenFlow, SDN.