Impact of Virtual Networks on Anomaly Detection with Machine Learning

Download paper


DOI: 10.1109/NetSoft48620.2020.9165325
Publication type: Conference paper
Conference: NetSoft 2020: IEEE International Conference on Network Softwarization
Location: Virtual
Online publication date: 2020-08-12


The enormous number of network packets transferred in modern networks together with the high-speed transmissions hamper the implementation of successful IT security mechanisms. In addition to this, virtual networks create highly dynamic and flexible environments, which differ widely from well-known infrastructures of the past decade. Network forensic investigation aiming at the detection of covert channels, malware usage or anomaly detection is faced with new problems and gets a time-consuming, error-prone and complex process. Machine learning provides advanced techniques to perform this work faster with a lower error rate. Depending on the learning technique, algorithms work nearly without any necessary interaction to detect relevant events in the transferred network packets. Occurring changes are noticed and additional processes might be started. Current algorithms work well in static environments, but the highly-dynamic environments of virtual networks create additional events, which might irritate the anomaly detection algorithms. This paper analyses virtual network protocols like VXLAN, GRE and GENVE and their impact of the detection rate of anomalies in the environment. Our research shows the need for adapted pre-processing of the network data, in the worst case on demand if changes are detected.


  • Daniel Spiekermann
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    Polizeiakademie Niedersachsen
    Oldenburg, Germany
  • Jörg Keller
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    FernUniversität in Hagen
    Hagen, Germany