Computer security is a growing problem. Over the last years, the number and variety of security attacks in IP-based network infrastructures have increasingly grown, leading to the need of developing new security architectures. In this scenario, the use of intrusion detection systems (IDSs) has emerged as a key element, since it permits to tackle security threats by masquerader, misfeasor, and clandestine users. In this paper, we address the problem considering some new statistical techniques for detecting network anomalies. In more detail, the paper discusses the use of several statistical models to characterize the normal behavior of the network traffic running over TCP, so that anomalies can be revealed as significant deviations from such behavior. Namely, our proposal is based on the use of Markov chains, co-occurrence matrices, and compression algorithms, for modeling the TCP connections, in terms of statistical analysis of some of the packet header fields. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed methods.

New Statistical Approaches for Anomaly Detection

CALLEGARI, CHRISTIAN;GIORDANO, STEFANO;PAGANO, MICHELE
2009-01-01

Abstract

Computer security is a growing problem. Over the last years, the number and variety of security attacks in IP-based network infrastructures have increasingly grown, leading to the need of developing new security architectures. In this scenario, the use of intrusion detection systems (IDSs) has emerged as a key element, since it permits to tackle security threats by masquerader, misfeasor, and clandestine users. In this paper, we address the problem considering some new statistical techniques for detecting network anomalies. In more detail, the paper discusses the use of several statistical models to characterize the normal behavior of the network traffic running over TCP, so that anomalies can be revealed as significant deviations from such behavior. Namely, our proposal is based on the use of Markov chains, co-occurrence matrices, and compression algorithms, for modeling the TCP connections, in terms of statistical analysis of some of the packet header fields. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed methods.
2009
Callegari, Christian; Giordano, Stefano; Pagano, Michele
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/196996
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 7
  • ???jsp.display-item.citation.isi??? 4
social impact