Detecting anomalous traffic using statistical processing and self-organizing maps

TitleDetecting anomalous traffic using statistical processing and self-organizing maps
Publication TypeConference Paper
Year of Publication2007
AuthorsBaldassarri P, Montesanto A., Puliti P
Conference NameSECRYPT 2007 - International Conference on Security and Cryptography, Proceedings

The main idea of the present work is to create a system able to detect intrusions in computer networks. For this purpose we propose a novel intrusion detection system (IDS) based on an anomaly approach. We analyzed the network traffic from (outbound traffic) and towards (inbound traffic) a victim host through another host. Besides we realized an architecture consisted of two subsystems: a statistical subsystem and a neural networks based subsystem. The first elaborates chosen features extracted from the network traffic and it allows determining if an attack occurs through a preliminary visual inspection. The neural subsystem receives in input the output of the statistical subsystem and it has to indicate the status of the monitored host. It classifies the network traffic distinguishing the background traffic from the anomalous one. Moreover the system has to be able to classify different instances of the same attack in the same class, distinguishing in a completely autonomous way different typology of attack.