Intrusion detection in computer networks

Computer security is now becoming a major concern of modern society as a large fraction of information flows through computer networks. Standard protection mechanisms such as user authentication, service control, and traffic filtering cannot guarantee from the risk of computer attacks. The main reason of the weakness of computer networks lies in the great variability of network traffic, and in the so-called “bugs” always contained in system and application software. As a consequence, it is extremely difficult to design rules apt to selectively block intruders’ traffic while allowing legitimate traffic.

To design more flexible systems, a number of research papers recently proposed approaches to intrusion detection based on pattern recognition techniques. The pattern recognition approach is expected to help in extracting complex decision rules, that can hardly be implemented by human experts through rule-based systems. Results presented in the literature clearly show the potential of the pattern recognition approach as well as its drawbacks. In fact, while pattern recognition approaches can detect intrusions for which no specific training data were available, they often produce a large number of false alarms, as legitimate traffic can be classified as being intrusive.

The challenges posed by this novel pattern recognition application involve all the design phases of a pattern recognition system, i.e., data collection, feature extraction and selection, classifier design, and performance evaluation.

To date, our principal research interest involves:

  • anomaly detection techniques
  • multiple classifier systems
  • learning in an adversarial environment
  • detection reliability enhancement and alert verification applied to detect intrusions in computer systems. 

People working on this topic:

  • Davide Ariu
  • Igino Corona
  • Giorgio Giacinto

Publications on Intrusion detection in computer networks

Book Chapter
Davide Ariu, Igino Corona, Roberto Tronci, Giorgio Giacinto , "Machine Learning in Security Applications", Machine Learning, Software Engineering and Standardization: Springer Verlag, In Press  .
 Export: Tagged XML BibTex
Igino Corona, Giorgio Giacinto, Fabio Roli , "Intrusion Detection in Computer Systems using Multiple Classifer Systems", Supervised and Unsupervised Ensemble Methods and Their Applications, O. Okun and G. Valentini, no. 126: Springer-Verlag, Berlin/Heidelberg , pp. 91-114, 2008  .
 Export: Tagged XML BibTex
F. Roli, G. Giacinto , "Pattern Recognition for Intrusion Detection in Computer Networks", Pattern Recognition and String Matching: Kluwer Academic Publishers, 2002  .
 Export: Tagged XML BibTex
Journal Article
Roberto Perdisci, Davide Ariu, Giorgio Giacinto , "Scalable Fine-Grained Behavioral Clustering of HTTP-Based Malware", Computer Networks - Special Issue on Botnet Activity: Analysis, Detection and Shutdown, In Press  . Abstract
 Export: Tagged XML BibTex
Roberto Perdisci, Igino Corona, Giorgio Giacinto , "Early Detection of Malicious Flux Networks via Large-Scale Passive DNS Traffic Analysis", IEEE Transactions on Dependable and Secure Computing, vol. 9, issue 5: IEEE Computer Society, Los Alamitos, CA, USA, pp. 714-726, 2012  .
 Export: Tagged XML BibTex
Davide Ariu, Roberto Tronci, Giorgio Giacinto , "HMMpayl: An Intrusion Detection System Based On Hidden Markov Models", Computers & Security, vol. 30, issue 4: Elsevier, pp. 221 - 241, 2011  . Abstract
 Export: Tagged XML BibTex
Igino Corona, Giorgio Giacinto, Claudio Mazzariello, Fabio Roli, Carlo Sansone , "Information fusion for computer security: State of the art and open issues", Information Fusion, vol. 10, pp. 274-284, 2009  .
 Export: Tagged XML BibTex
Roberto Perdisci, Davide Ariu, P. Fogla, Giorgio Giacinto, W. Lee , "McPAD: A Multiple Classifier System for Accurate Payload-based Anomaly Detection", Computer Networks, vol. 53, pp. 864-881, 2009  . Abstract
 Export: Tagged XML BibTex
Giorgio Giacinto, Roberto Perdisci, Mauro Del Rio, Fabio Roli , "Intrusion detection in computer networks by a modular ensemble of one-class classifiers", Information Fusion, vol. 9, issue 1: Elsevier, 2008  .
 Export: Tagged XML BibTex
R. Perdisci, G. Giacinto, F. Roli , "Alarm clustering for intrusion detection systems in computer networks", Engineering Applications of Artificial Intelligence, vol. 19, issue 4, pp. 429-438, 2006  .
 Export: Tagged XML BibTex
Giorgio Giacinto, Fabio Roli, Luca Didaci , "Fusion of multiple classifiers for intrusion detection in computer networks", Pattern Recognition Letters, vol. 24, issue 12: Elsevier, pp. 1795-1803, 2003  .
 Export: Tagged XML BibTex
Conference Paper
Davide Maiorca, Giorgio Giacinto, Igino Corona , "A Pattern Recognition System for Malicious PDF Files Detection", MLDM - International Conference on Machine Learning and Data Mining (Acceptance Ratio: 71/212 = 33.5%), vol. 7376, Berlin, Springer, pp. 510-524, 16/07/2012.
 Export: Tagged XML BibTex
Davide Ariu, Giorgio Giacinto , "A modular architecture for the analysis of HTTP payloads based on Multiple Classifiers", 10th Int. Workshop on Multiple Classifier Systems (MCS 2011), Naples, Italy, 15/06/2011. Abstract
 Export: Tagged XML BibTex
Davide Ariu, Giorgio Giacinto, Fabio Roli , "Machine Learning in Computer Forensics (and the Lessons Learned from Machine Learning in Computer Security)", AISec 2011: 4th ACM Workshop on Artificial Intelligence and Security, Chicago, IL, USA, 21/10/2011. Abstract
 Export: Tagged XML BibTex
Davide Ariu, Giorgio Giacinto , "HMMPayl: an application of HMM to the analysis of the HTTP Payload", Workshop on Applications of Pattern Analysis, 09/2010. Abstract
 Export: Tagged XML BibTex
Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee , "Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces", Annual Computer Security Applications Conference (ACSAC), Honolulu, Hawaii, USA, 07/12/2009. Abstract
 Export: Tagged XML BibTex
Igino Corona, Davide Ariu, Giorgio Giacinto , "HMM-Web: a framework for the detection of attacks against Web applications", IEEE ICC 2009, Dresden, Germany, 14/06/2009. Abstract
 Export: Tagged XML BibTex
Davide Ariu, Igino Corona, Giorgio Giacinto, Roberto Perdisci, Fabio Roli , "Intrusion Detection Systems based on anomaly detection techniques", Italian Workshop on Privacy and Security (PRISE), Rome, 2007  .
 Export: Tagged XML BibTex
Igino Corona, Giorgio Giacinto, Fabio Roli , "Intrusion detection in computer systems as a pattern recognition task in adversarial environment: a critical review", Workshop on Neural Information Processing Systems (NIPS), Whistler, British Columbia, Canada, 08/12/2007.
 Export: Tagged XML BibTex
Davide Ariu, Giorgio Giacinto, Roberto Perdisci , "Sensing attacks in Computers Network with Hidden Markov Models", Machine Learning and Data Mining in Pattern Recognition, MLDM 2007, vol. 4571, Leipzig, Springer-Verlag, pp. 449-463, 2007  .
 Export: Tagged XML BibTex
G. Giacinto, R. Perdisci, F. Roli , "Alarm Clustering for Intrusion Detection Systems in Computer Networks", Machine Learning and Data Mining in Pattern Recognition (MLDM 2005), vol. 3587, Leipzig, Germany, Springer-Verlag, pp. 184-193, 2005  .
 Export: Tagged XML BibTex
G. Giacinto, R. Perdisci, F. Roli , "Network Intrusion Detection by Combining One-class Classifiers", 13th International Conference on Image Analysis and Processing (ICIAP 2005), vol. 3617, Cagliari, Italy, Springer-Verlag, pp. 58-65, 2005  .
 Export: Tagged XML BibTex
Giorgio Giacinto, Fabio Roli, Luca Didaci , "A Modular Multiple Classifier System for the Detection of Intrusions in Computer Networks", 4th Int. Workshop on Multiple Classifier Systems (MCS 2003), vol. 2709, Guildford, United Kingdom, Springer-Verlag, pp. 346-355, 11/06/2003.
 Export: Tagged XML BibTex
Luca Didaci, Giorgio Giacinto, Fabio Roli , "Ensemble Learning for Intrusion Detection in Computer Networks", AI*IA, Workshop on "Apprendimento automatico: metodi e applicazioni", Siena, Italy, 11/09/2002.
 Export: Tagged XML BibTex
G. Giacinto, F. Roli , "Intrusion Detection in Computer Networks by Multiple Classifier Systems", 16th International Conference on Pattern Recognition (ICPR 2002), vol. II, Quebec City, Canada, IEEE Computer Society Press, pp. 390-393, 2002  .
 Export: Tagged XML BibTex
12next ›last »