|Publication type:||Conference paper|
|Conference:||NetSoft 2020: IEEE International Conference on Network Softwarization|
|Online publication date:||2020-08-12|
The enormous number of network packets transferred in modern networks together with the high-speed transmissions hamper the implementation of successful IT security mechanisms. In addition to this, virtual networks create highly dynamic and flexible environments, which differ widely from well-known infrastructures of the past decade. Network forensic investigation aiming at the detection of covert channels, malware usage or anomaly detection is faced with new problems and gets a time-consuming, error-prone and complex process. Machine learning provides advanced techniques to perform this work faster with a lower error rate. Depending on the learning technique, algorithms work nearly without any necessary interaction to detect relevant events in the transferred network packets. Occurring changes are noticed and additional processes might be started. Current algorithms work well in static environments, but the highly-dynamic environments of virtual networks create additional events, which might irritate the anomaly detection algorithms. This paper analyses virtual network protocols like VXLAN, GRE and GENVE and their impact of the detection rate of anomalies in the environment. Our research shows the need for adapted pre-processing of the network data, in the worst case on demand if changes are detected.
- Daniel Spiekermann
- Jörg Keller
FernUniversität in Hagen