Abstract
The enormous number of network packets transferred in modern networks together with the high speed of transmissions hamper the implementation of successful IT security mechanisms. In addition, virtual networks create highly dynamic and flexible environments which differ widely from well-known infrastructures of the past decade. Network forensic investigation that aims at the detection of covert channels, malware usage or anomaly detection is faced with new problems and is thus a time-consuming, error-prone and complex process. Machine learning provides advanced techniques to perform this work faster, more precise and, simultaneously, with fewer errors. Depending on the learning technique, algorithms work nearly without any interaction to detect relevant events in the transferred network packets. Current algorithms work well in static environments, but the highly dynamic environments of virtual networks create additional events which might confuse anomaly detection algorithms. This paper analyzes highly flexible networks and their inherent on-demand changes like the migration of virtual machines, SDN-programmability or user customization and the resulting effect on the detection rate of anomalies in the environment. Our research shows the need for adapted pre-processing of the network data and improved cooperation between IT security and IT administration departments.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
