In the last few years the number and impact of security attacks over the Internet have been continuously increasing. Since it is impossible to guarantee complete protection to a system by means of the "classical" prevention mechanisms, the use of Intrusion Detection Systems (IDSs) has emerged as a key element in network security. In this paper we address the problem considering some techniques for detecting network anomalies, based on the use of co-occurrence matrices, to model the "normal" behavior of the TCP connections. The performance analysis, shows a comparison among the different solutions, which demonstrates the effectiveness of the proposed methods.
On the Use of Co-Occurrence Matrices for Network Anomaly Detection
CALLEGARI, CHRISTIAN;GIORDANO, STEFANO;PAGANO, MICHELE
2009-01-01
Abstract
In the last few years the number and impact of security attacks over the Internet have been continuously increasing. Since it is impossible to guarantee complete protection to a system by means of the "classical" prevention mechanisms, the use of Intrusion Detection Systems (IDSs) has emerged as a key element in network security. In this paper we address the problem considering some techniques for detecting network anomalies, based on the use of co-occurrence matrices, to model the "normal" behavior of the TCP connections. The performance analysis, shows a comparison among the different solutions, which demonstrates the effectiveness of the proposed methods.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.