Detecting anomalous traffic (and above all new ad-hoc attacks) with low false alarm rates is of primary interest in IP networks management. To this aim a key research topic in network security is represented by anomaly-based IDSs (Intrusion Detection Systems) thanks to their ability to face unknown attacks. Starting from more than a decade of research experience by the authors, the aim of this paper is to revise some of the most promising statistical approaches, namely Wavelets, Principal Component Analysis, CUSUM (cumulative sum control chart) and Information Theoretical methods (based on different definitions of the Entropy). Moreover, issues related to the choice of the relevant traffic parameters, use of sketches and availability of dataset for performance comparison are also discussed to highlight the main problems in intrusion detection.

Anomaly detection: An overview of selected methods

Christian Callegari;Stefano Giordano;Michele Pagano
2017-01-01

Abstract

Detecting anomalous traffic (and above all new ad-hoc attacks) with low false alarm rates is of primary interest in IP networks management. To this aim a key research topic in network security is represented by anomaly-based IDSs (Intrusion Detection Systems) thanks to their ability to face unknown attacks. Starting from more than a decade of research experience by the authors, the aim of this paper is to revise some of the most promising statistical approaches, namely Wavelets, Principal Component Analysis, CUSUM (cumulative sum control chart) and Information Theoretical methods (based on different definitions of the Entropy). Moreover, issues related to the choice of the relevant traffic parameters, use of sketches and availability of dataset for performance comparison are also discussed to highlight the main problems in intrusion detection.
2017
978-1-5386-1596-6
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/896840
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? 2
social impact