In order to better balance the monitoring overhead and the anomaly detection accuracy, this paper proposes a prediction based algorithm that dynamically change the granularity of measurement along both the spatial and the temporal dimensions. To control the load on each individual switch, this paper carefully delegates monitoring rules in the network wide.
An SDN based Flow Counting Framework for Anomaly Detection
The accuracy and granularity of network flow measurement play a critical role in many network management tasks, especially for anomaly detection. This work proposes a novel method that performs adaptive zooming in the aggregation of flows to be measured.