A Probabilistic Data Structures-Based Anomaly Detection Scheme for Software-Defined Internet of Vehicles

Internet of Vehicles (IoV) has escalated the movement of big data across moving vehicles which create a huge burden on the network infrastructure. In IoV environment, effective handling of streaming data has to face various challenges like; traffic monitoring, flow management, re-configuration and security. Software-defined networks (SDN) provides improved flexibility, and centralized control of the network to overcome (almost) the above-mentioned challenges. However, it can lead to an easy target (node or controller) for malicious agents. So, to detect the anomalous behaviour of the nodes in the IoV environment, a hybrid approach using probabilistic data structures is proposed which works in the following phases. In phase I, a traffic monitoring scheme using Count-Min-Sketch is designed to identify the suspicious nodes. In phase II, to detect an anomaly, a Bloom filter-based control scheme is used for signature verification of suspicious nodes. In phase III, a Quotient filter is used for fast and efficient storage of malicious nodes. In phase IV, to detect the super points (malicious hosts that are connected to a large number of destinations), a Hyperloglog counter is used to measure the cardinality of each flow passing through the switches. The proposed scheme has been evaluated in a simulated environment. The results obtained depict that the proposed scheme is faster, accurate, and efficient concerning detection ratio and false-positive ratio.