Intrusion detection in computer networks

Computer security is now becoming a major concern of modern society as a large fraction of information flows through computer networks. Standard protection mechanisms such as user authentication, service control, and traffic filtering cannot guarantee from the risk of computer attacks. The main reason of the weakness of computer networks lies in the great variability of network traffic, and in the so-called “bugs” always contained in system and application software. As a consequence, it is extremely difficult to design rules apt to selectively block intruders’ traffic while allowing legitimate traffic.

To design more flexible systems, a number of research papers recently proposed approaches to intrusion detection based on pattern recognition techniques. The pattern recognition approach is expected to help in extracting complex decision rules, that can hardly be implemented by human experts through rule-based systems. Results presented in the literature clearly show the potential of the pattern recognition approach as well as its drawbacks. In fact, while pattern recognition approaches can detect intrusions for which no specific training data were available, they often produce a large number of false alarms, as legitimate traffic can be classified as being intrusive.

The challenges posed by this novel pattern recognition application involve all the design phases of a pattern recognition system, i.e., data collection, feature extraction and selection, classifier design, and performance evaluation.

To date, our principal research interest involves:

  • anomaly detection techniques
  • multiple classifier systems
  • learning in an adversarial environment
  • detection reliability enhancement and alert verification applied to detect intrusions in computer systems. 

People working on this topic:

  • Davide Ariu
  • Igino Corona
  • Giorgio Giacinto

Publications on Intrusion detection in computer networks

Book Chapter
Igino Corona, Giorgio Giacinto, Fabio Roli , "Intrusion Detection in Computer Systems using Multiple Classifer Systems", Supervised and Unsupervised Ensemble Methods and Their Applications, O. Okun and G. Valentini, no. 126: Springer-Verlag, Berlin/Heidelberg , pp. 91-114, 2008  .
 Export: Tagged XML BibTex
F. Roli, G. Giacinto , "Pattern Recognition for Intrusion Detection in Computer Networks", Pattern Recognition and String Matching: Kluwer Academic Publishers, 2002  .
 Export: Tagged XML BibTex
Journal Article
Roberto Perdisci, Davide Ariu, P. Fogla, Giorgio Giacinto, W. Lee , "McPAD: A Multiple Classifier System for Accurate Payload-based Anomaly Detection", Computer Networks, vol. 53, pp. 864-881, 2009  . Abstract
 Export: Tagged XML BibTex
Giorgio Giacinto, Roberto Perdisci, Mauro Del Rio, Fabio Roli , "Intrusion detection in computer networks by a modular ensemble of one-class classifiers", Information Fusion, vol. 9, issue 1: Elsevier, 2008  .
 Export: Tagged XML BibTex
R. Perdisci, G. Giacinto, F. Roli , "Alarm clustering for intrusion detection systems in computer networks", Engineering Applications of Artificial Intelligence, vol. 19, issue 4, pp. 429-438, 2006  .
 Export: Tagged XML BibTex
Giorgio Giacinto, Fabio Roli, Luca Didaci , "Fusion of multiple classifiers for intrusion detection in computer networks", Pattern Recognition Letters, vol. 24, issue 12: Elsevier, pp. 1795-1803, 2003  .
 Export: Tagged XML BibTex
Conference Paper
Igino Corona, Davide Ariu, Giorgio Giacinto , "HMM-Web: a framework for the detection of attacks against Web applications", IEEE ICC 2009, Dresden, Germany, 14/06/2009. Abstract
 Export: Tagged XML BibTex
Davide Ariu, Igino Corona, Giorgio Giacinto, Roberto Perdisci, Fabio Roli , "Intrusion Detection Systems based on anomaly detection techniques", Italian Workshop on Privacy and Security (PRISE), Rome, 2007  .
 Export: Tagged XML BibTex
Igino Corona, Giorgio Giacinto, Fabio Roli , "Intrusion detection in computer systems as a pattern recognition task in adversarial environment: a critical review", Workshop on Neural Information Processing Systems (NIPS), Whistler, British Columbia, Canada, 08/12/2007.
 Export: Tagged XML BibTex
Davide Ariu, Giorgio Giacinto, Roberto Perdisci , "Sensing attacks in Computers Network with Hidden Markov Models", Machine Learning and Data Mining in Pattern Recognition, MLDM 2007, vol. 4571, Leipzig, Springer-Verlag, pp. 449-463, 2007  .
 Export: Tagged XML BibTex
G. Giacinto, R. Perdisci, F. Roli , "Alarm Clustering for Intrusion Detection Systems in Computer Networks", Machine Learning and Data Mining in Pattern Recognition (MLDM 2005), vol. 3587, Leipzig, Germany, Springer-Verlag, pp. 184-193, 2005  .
 Export: Tagged XML BibTex
G. Giacinto, R. Perdisci, F. Roli , "Network Intrusion Detection by Combining One-class Classifiers", 13th International Conference on Image Analysis and Processing (ICIAP 2005), vol. 3617, Cagliari, Italy, Springer-Verlag, pp. 58-65, 2005  .
 Export: Tagged XML BibTex
Giorgio Giacinto, Fabio Roli, Luca Didaci , "A Modular Multiple Classifier System for the Detection of Intrusions in Computer Networks", 4th Int. Workshop on Multiple Classifier Systems (MCS 2003), vol. 2709, Guildford, United Kingdom, Springer-Verlag, pp. 346-355, 11/06/2003.
 Export: Tagged XML BibTex
Luca Didaci, Giorgio Giacinto, Fabio Roli , "Ensemble Learning for Intrusion Detection in Computer Networks", AI*IA, Workshop on "Apprendimento automatico: metodi e applicazioni", Siena, Italy, 11/09/2002.
 Export: Tagged XML BibTex
G. Giacinto, F. Roli , "Intrusion Detection in Computer Networks by Multiple Classifier Systems", 16th International Conference on Pattern Recognition (ICPR 2002), vol. II, Quebec City, Canada, IEEE Computer Society Press, pp. 390-393, 2002  .
 Export: Tagged XML BibTex
Thesis
Davide Ariu , "Host and Network based Anomaly Detectors for HTTP Attacks", DIEE, Department of Electrical and Electronic Engineering, Cagliari (Italy), University of Cagliari, 2010  .
 Export: Tagged XML BibTex
Roberto Perdisci , "Statistical Pattern Recognition Techniques for Intrusion Detection in Computer Networks. Challenges and Solutions.", DIEE, Cagliari (Italy), pp. 142, 2007  .
 Export: Tagged XML BibTex