26 May 2017
San Francesco - Via della Quarquonia 1 (Classroom 1 )
Cyber Security is attracting ever greater attention, also because of the new scenarios offered by the Internet-of-Things and Industry 4.0, where security must be re-engineered to cope with the new communication paradigms. In such a context, Anomaly-based Intrusion Detection is a key research topic due to its ability to face unknown attacks and new security threats. For this reason, many works on the topic have been proposed in the last decade. Nonetheless, an ultimate solution, able to provide a high detection rate with an acceptable false alarm rate, has still to be identified. In this talk, after a primer on Network Anomaly Detection, we will focus on some recent works, highlighting the challenges that arise when applying Statistical Network Anomaly Detection in the field. In more detail, we will present some of the most promising methods, e.g., a Principal Component Analysis (PCA) based method and an information-theoretic one, discussing their working criteria and the offered performance. Particular attention will be paid to the discussion of the applicability of such methods in a real network, where there is the need, as an example, of dealing with huge quantities of data, and distributed environments.
Callegari, Christian - Università di Pisa - Pisa