We present SBAR, a monitoring system compliant with OpenFlow that provides flow-level measurement reports similar to those of NetFlow in traditional networks, but additionally enriched with labels that classify flows at the application layer. For the sake of scalability, we implement flow sampling to control both, the processing overhead in SDN controllers and the memory needed in switches to maintain the flow measurements. Moreover, we leverage the particularities of OpenFlow networks to implement a combination of classification techniques based on DPI and Machine Learning without incurring in high overheads. In particular, we accurately classify the traffic at two different levels: (i) every monitored flow is classified by application protocol, and (ii) for web and encrypted traffic, we apply specific DPI techniques to identify the applications generating each flow. In our demo, we will use real-world traffic to generate flow-level reports with SBAR that are then processed by a commercial monitoring tool to provide a comprehensive high-level view of the traffic in the network [6].

Peer Reviewed