Network Anomaly Detection

During the last years, we all developed a growing dependency on communication services. In turn, the number of connected devices is increasing and the security threat scenario is constantly evolving. This creates the need for new and effective security solutions. For this reason, the definition of new approaches for the detection of network anomalies has become a key research topic to investigate on.

But what is an anomaly in the first place?!

An anomaly can be defined as an unusual behavior of a system. This could be due to malicious actions or to genuine but atypical ones. A legitimate user with no intention to compromise the network security, in fact, could cause an unusual network behavior.

Due to its complex nature, anomaly detection and the distinction between malicious and genuine anomalies is a challenging task.

Concerning anomaly detection techniques, they can be split in two groups: signature-based and profile-based. The first category tries to detect known anomalies thanks to a prior definition of their features. Profile-based approaches, on the contrary, exploit the history of the normal network behavior for creating a normal network profile. Following this principle, we consider an “anomaly” as a network behavior that is significantly different from the modeled one.

Key research areas include:

• Definition of  an effective two-dimensional representation of network traffic which allows to characterize the traffic of the monitored network in a compact form.  
• Design and implementation of a profile-based network anomaly detection system based on the processing of the 2D traffic representation which exploits techniques usually employed for images.

These activities are carried out in the context of the ISEEYOO project. If you are curious, you can find out more in the “Projects” page.

Recent publications:

@article{Baldoni2022,

title = {Analysis of a 2D Representation for CPS Anomaly Detection in a Context-Based Security Framework},

author = {Sara Baldoni and Marco Carli and Federica Battisti},

year  = {2022},

date = {2022-01-01},

urldate = {2022-01-01},

journal = {Frontiers in Signal Processing},

volume = {1},

pages = {19},

publisher = {Frontiers},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@inproceedings{Casarin2022,

title = {Unsupervised Network Anomaly Detection by Learning on 2D Data Representations},

author = {Sofia Casarin and Sara Baldoni and Marco Carli and Pietro Zanuttigh and Federica Battisti},

year  = {2022},

date = {2022-01-01},

urldate = {2022-01-01},

booktitle = {2022 9th Swiss Conference on Data Science (SDS)},

pages = {53--58},

organization = {IEEE},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}