Efficient Forwarding Anomaly Detection in Software-Defined Networks

Data centers, the critical infrastructure underpinning Cloud computing, often employ Software-Defined Networks (SDN) to manage cluster, wide-area and enterprise networks. As network forwarding in SDN is dynamically programmed by controllers, it crucial ensure that controller intent correctly translated into underlying rules. Therefore, detecting locating anomalies a fundamental problem production Existing research proposals, roughly categorized probing-based, packet piggybacking-based, flow statistics analysis-based, either impose significant overhead or do not provide sufficient coverage for certain anomalies. In this article, we propose ${\sf FADE}$ , controllable passive measuring scheme simultaneously deliver detection efficiency accuracy. first analyzes entire topology rules, then computes minimal set of flows can cover all For each selected flow, decides optimal number monitoring positions on its path (much less than total hops), installs dedicated rules collect statistics. controls installation expiration these along with unique labels, guarantee accuracy collected statistics, based which algorithmically whether anomaly detected, if so further locates anomaly. On top iFADE}$ (a more scalable version ) optimize usage deployment measurement achieves over 40 percent rule reduction compared . We implement prototype both about 12000 lines code evaluate extensively. The experiment results demonstrate (i)}$ are accurate, e.g., they achieve 95 true positive rate 99 negative detection; (ii)}$ lightweight, reduce control messages state-of-the-art 50 90 percent, respectively.