Heuristics for Joint Optimization of Monitor Location and Network Anomaly Detection
To reduce monitoring cost, the number of monitors to be deployed have to be minimized and the overhead of monitoring flows on the underlying network have to be reduced. In a recent work, the authors described, using ILP formulations, that there is a trade-off between theses two minimization objectives. However, they have shown that the trade-off could be efficiently balanced by jointly optimizing monitor location and anomaly detection costs. The problem is NP-complete, hence ILPs could not deliver solutions for large networks.