SPECTS 2010

Abstract

This tutorial provides an overview of some of the most relevant statistical approaches for network anomaly detection. In the first part, starting from the seminal work by Denning, the basic concepts about anomaly detection will be introduced. In the second part of the tutorial, some of the most recent and relevant works about statistical anomaly detection will be discussed. For each of the presented methods the description of the theoretical background, focusing on why the method should be effective in detecting network anomalies, will be accompanied by a discussion on the anomalies that can be detected and on the achievable results.

Scope

Due to the wide literature available on the topic, it is impossible to give an in-depth course on network anomaly detection in a 1.5 hours tutorial. Hence, we do not intend to provide an extensive review of all ongoing approaches, but rather to focus on a couple of the most promising examples, with some references to the speaker experience in the field.

Intended Audience

This tutorial is addressed to all researchers and practitioners working in the field of networking, who can be interested in detecting an anomalous behavior in the network, and in particular to those dealing with intrusion detection systems, anomaly detection, DoS/DDoS attack detection. In addition to this,the tutorial may be of interest to all those people also dealing with statistical approaches for traffic classification.

Since all the theoretical notions necessary to understand the covered topics will be provided in the tutorial, no particular knowledge is required for attendees, except for some basics of networking (IP/ TCP architecture).

About the presenter

Christian CALLEGARI was born in La Spezia, Italy, in 1980. He received the B.E. and the M.E. degrees in telecommunications engineering and the PhD degree in information engineering from the University of Pisa, Pisa, Italy, in 2002, 2004, and 2008, respectively. He was recipient of a scholarship issued by the Italian Ministry of Education for his PhD program.

Since 2005, he has been with the Department of Information Engineering at the University of Pisa. In 2006/07, he was a visiting student research collaborator at the Department of Computer Science at ENST Bretagne, France.

Dr. Callegari is currently a post-doc research fellow and a teaching assistant at the University of Pisa for the Network Security course of the M.E. degree in telecommunications engineering and has given lectures about Anomaly Detection and statistical traffic classification in the framework of a PhD course organized twice by the Euro-NGI Network of Excellence funded by the European Community.

His research interests are in the area of network security, statistical traffic classification, and network simulation.

Moreover, he has co-authored more than 40 papers presented in leading international journals and conferences, and he serves as a TPC member for several international conferences (e.g., IEEE Globecom and IEEE ICC) and as a reviewer for several international journals (e.g., International Journal of Communication System, Computer Networks Journal) and conferences.