Unsupervised packet-based anomaly detection in virtual networks

The enormous number of network packets transferred in modern networks together with the high speed transmissions hamper implementation successful IT security mechanisms. In addition, virtual create highly dynamic and flexible environments which differ widely from well-known infrastructures past decade. Network forensic investigation that aims at detection covert channels, malware usage or anomaly is faced new problems thus a time-consuming, error-prone complex process. Machine learning provides advanced techniques to perform this work faster, more precise and, simultaneously, fewer errors. Depending on technique, algorithms nearly without any interaction detect relevant events packets. Current well static environments, but additional might confuse algorithms. This paper analyzes their inherent on-demand changes like migration machines, SDN-programmability user customization resulting effect rate anomalies environment. Our research shows need for adapted pre-processing data improved cooperation between administration departments.