DETECTING ANOMALOUS TRAFFIC USING STATISTICAL PROCESSING AND SELF-ORGANIZING MAPS

Paola Baldassarri; Anna Montesanto; Paolo Puliti

doi:10.5220/0002123500740079

DETECTING ANOMALOUS TRAFFIC USING STATISTICAL PROCESSING AND SELF-ORGANIZING MAPS

Paola Baldassarri, Anna Montesanto, Paolo Puliti

2007

Abstract

The main idea of the present work is to create a system able to detect intrusions in computer networks. For this purpose we propose a novel intrusion detection system (IDS) based on an anomaly approach. We analyzed the network traffic from (outbound traffic) and towards (inbound traffic) a victim host through another host. Besides we realized an architecture consisted of two subsystems: a statistical subsystem and a neural networks based subsystem. The first elaborates chosen features extracted from the network traffic and it allows determining if an attack occurs through a preliminary visual inspection. The neural subsystem receives in input the output of the statistical subsystem and it has to indicate the status of the monitored host. It classifies the network traffic distinguishing the background traffic from the anomalous one. Moreover the system has to be able to classify different instances of the same attack in the same class, distinguishing in a completely autonomous way different typology of attack.

Download

Paper Citation

in Harvard Style

Baldassarri P., Montesanto A. and Puliti P. (2007). DETECTING ANOMALOUS TRAFFIC USING STATISTICAL PROCESSING AND SELF-ORGANIZING MAPS . In Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007) ISBN 978-989-8111-12-8, pages 74-79. DOI: 10.5220/0002123500740079

in Bibtex Style

@conference{secrypt07,
author={Paola Baldassarri and Anna Montesanto and Paolo Puliti},
title={DETECTING ANOMALOUS TRAFFIC USING STATISTICAL PROCESSING AND SELF-ORGANIZING MAPS},
booktitle={Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)},
year={2007},
pages={74-79},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002123500740079},
isbn={978-989-8111-12-8},
}

in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)
TI - DETECTING ANOMALOUS TRAFFIC USING STATISTICAL PROCESSING AND SELF-ORGANIZING MAPS
SN - 978-989-8111-12-8
AU - Baldassarri P.
AU - Montesanto A.
AU - Puliti P.
PY - 2007
SP - 74
EP - 79
DO - 10.5220/0002123500740079