Detecting Anomalies Efficiently in SDN Using Adaptive Mechanism

Monitoring and measurement of network traffic flows in SDN is key requirement for maintaining the integrity of our data in network. It plays a vital role in management task of SDN controller for controlling the traffic. Anomaly detection considered as one of the important issues while monitoring the traffic. More efficiently we detect the anomalies, easier it will be for us, to manage the traffic. However we have to consider the workload, response time and overhead on network while applying the network monitoring policies, so that our network perform with similar efficiency. To reduce the overhead, it is required to perform analysis on certain portion of traffic instead of analyzing each and every packet in the network. This paper presents an adaptive mechanism for dynamically updating the policies for aggregation of flow entries and anomaly detection, so that monitoring overhead can be reduced and anomalies can be detected with greater accuracy. In previous work, rules for expansion and contraction of aggregation policies according to adaptive behavior are defined. This paper represents a work towards reducing the complexity of dynamic algorithm for updating policies of flow counting rules for anomaly detection.