Computer security is a growing problem. Over the last years, the number and variety of security attacks in IP-based network infrastructures have increasingly grown, leading to the need of developing new security architectures. In this scenario, the use of intrusion detection systems (IDSs) has emerged as a key element, since it permits to tackle security threats by masquerader, misfeasor, and clandestine users. In this paper, we address the problem considering some new statistical techniques for detecting network anomalies. In more detail, the paper discusses the use of several statistical models to characterize the normal behavior of the network traffic running over TCP, so that anomalies can be revealed as significant deviations from such behavior. Namely, our proposal is based on the use of Markov chains, co-occurrence matrices, and compression algorithms, for modeling the TCP connections, in terms of statistical analysis of some of the packet header fields. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed methods.
New Statistical Approaches for Anomaly Detection
CALLEGARI, CHRISTIAN;GIORDANO, STEFANO;PAGANO, MICHELE
2009-01-01
Abstract
Computer security is a growing problem. Over the last years, the number and variety of security attacks in IP-based network infrastructures have increasingly grown, leading to the need of developing new security architectures. In this scenario, the use of intrusion detection systems (IDSs) has emerged as a key element, since it permits to tackle security threats by masquerader, misfeasor, and clandestine users. In this paper, we address the problem considering some new statistical techniques for detecting network anomalies. In more detail, the paper discusses the use of several statistical models to characterize the normal behavior of the network traffic running over TCP, so that anomalies can be revealed as significant deviations from such behavior. Namely, our proposal is based on the use of Markov chains, co-occurrence matrices, and compression algorithms, for modeling the TCP connections, in terms of statistical analysis of some of the packet header fields. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed methods.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.