Anomaly detection in software defined networking

Assignee

• NOKIA SOLUTIONS AND NETWORKS OY · FI

Inventors

• Mehrnoosh MONSHIZADEH · Saint-Germain-lès-Arpajon, FR
• Vikramajeet Khatri · Espoo, FI
• Kimmo Hatonen · Helsinki, FI
• Aapo Kalliola · Helsinki, FI

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04W28/10
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A network apparatus of a communication system classifies traffic flows containing packets based on packet features. The network apparatus provides a copy of a packet contained in a traffic flow to a cluster node, and controls the cluster node to select at least one detector node based on the features of the packet and to forward said copy to the selected detector node to find out based on said copy whether the packet is malicious or not. In response to receiving from the detector node a flow indication on the traffic flow, the network apparatus controls a switch node to perform at least one flow control action on the traffic flow, the action including one or more of flow removal, flow modification and flow installation.