Statistical Approaches to Intrusion Detection: an Overview of Selected Methods

In recent years Internet has become the playground for providing sensitive services to an ever growing amount of end-users, most of them only partially aware of the risks deriving from information sharing on the net. Along with the wide proliferation of new services, the number and impact of security attacks have been continuously increasing. Indeed, the knowledge required to carry out an attack has been decreasing, since software tools for this aim are largely available on Web sites all over the world [1]. Recent advances in encryption, public key exchange, digital signatures, and the development of related standards have set a foundation for network security. However, network security goes beyond, because it must include security of computer systems and networks, at all levels, top to bottom. To this aim, the use of an Intrusion Detection System (IDS) is of primary importance to reveal ongoing intrusions in a network or in a system. The goal of this paper is to provide an introduction to intrusion detection to non experts in the field, highlighting how advanced statistical techniques can be used to cope with known and unknown attacks.