|Title:||High-Speed Self-Learning Network Intrusion Detection|
PhD project description
Intrusion Detection (ID) aims to recognise malicious activities in the monitored system, through the analysis of massive quantities of data (audit data, log files, network packets, flows). In particular, in the past few year there has been an increasing interest in ID for IP networks, in order to provide a secure network environment and services. The first phase of ID saw 10/100Mbps networks as protagonists: the wire speed permitted a deep inspection of all the traffic, as well as the amount of data allowed the researchers to consider payload based analysis methodologies. Nowadays, this scenario is not exhaustive anymore. This PhD project, in front of the the spread of 1-10Gbps technology and the offer of new on-line services, faces the necessity of developing systems that can cope with the always increasing network speed and quantity of data to be analysed. The most promising approach to this problem is in our opinion the use of aggregated network information, as it is with flow-based techniques. At the same time, this PhD project also aims to address the problem of adaptability in high-speed networks, i.e. self-learning solutions that permit a fast reconfiguration of the system in order to recognise new threats and reduce the need of human interaction.
- Rick Hofstede, Anna Sperotto, Tiago Fioreze, Aiko Pras, "The Network Data Handling War: MySQL vs NfDump", Proceedings of the 16th EUNICE Open European Summer School 2010 (EUNICE 2010), 28-30 June 2010, Trondheim, Norway. (to appear)
- Sperotto, A., Schaffrath, G.,Sadre, R., Morariu, C., Pras, A., Stiller, B. "An Overview of IP Flow-based Intrusion Detection" In: IEEE Communications Surveys & Tutorials. (to appear)
- Pras, A., Sadre, R., Sperotto, A., Fioreze, T., Hausheer, D., Schönwälder, J.: "Using NetFlow/IPFIX for Network Management" In: Journal of Network and Systems Management
- Sperotto, A., Sadre, R., de Boer, P.-T., Pras, A. "Hidden Markov Model modeling of SSH brute-force attacks" In: 20th IEEE/IFIP International Workshop on Distributed Systems: Operation and Management (DSOM 09). Best paper award
- Sperotto, A., Sadre, R., van Vliet, F., Pras, A. "A Labeled Data Set For Flow-based Intrusion Detection" In: 9th IEEE International Workshop on IP Operations and Management (IPOM 09).
- Sperotto, A., Vliek, G., Sadre, R., Pras, A. "Detecting spam at the network level" In: Eunice workshop 2009
- Fioreze, T., Zambenedetti Granville,L. Pras, A., Sperotto,A. and Sadre, R. "Self-management of Hybrid Networks: can we trust NetFlow data?" In: Mini-conference proceedings of the 11th IFIP/IEEE International Symposium on Integrated Network Management (IM 2009)
- [_URL_ Homepage] of Anna Sperotto
- Publications of Anna Sperotto, as indexed by DBLP