Anomaly detection in software defined networking

  • US 10,986,067 B2
  • Filed: 07/03/2017
  • Issued: 04/20/2021
  • Est. Priority Date: 08/10/2016
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising performing, in a network apparatus, the steps ofclassifying traffic flows containing packets based on packet features;

  • providing a copy of a packet contained in a traffic flow to a cluster node;

    controlling the cluster node to select at least one detector node based on the features of the packet and to forward said copy to the selected detector node to find out based on said copy whether the packet is malicious or not; and

    in response to receiving from the detector node a flow indication on the traffic flow, controlling a switch node to perform at least one flow control action on the traffic flow, the action including one or more of flow removal, flow modification and flow installation.

View all claims

    Thank you for your feedback