Traffic Measurement and Anomaly Detection as an NFV Service

In this project, we aim at detecting abnormal, and potentially malicious behavior in large-scale data centers by monitoring traffic patterns. The scope of this work is not restricted to network failures, instead, we aim at detecting anomalous behavior caused by distributed applications, hardware failures, and potential misconfigurations. Our ultimate goal is to identify the root cause of detected threats and confine their damage to the network by using various mitigation techniques.

To evaluate our design we are building a testbed with tens of X86-based servers connected to commodity switches and we rely on smart NICs to monitor the traffic and detect potential abnormal patterns.