Present position: Assistant Professor
|Thesis title:||Unsupervised Learning Algorithms for Intrusion Detection|
|Research area:||Performance Evaluation o Systems Architectures|
We deal with the application of unsupervised learning algorithms to the problem of intrusion detection. We introduce briefly the key concepts and problems of information security, and we characterize the main types of attacks against networked computer systems. This analysis brings us naturally to the problem of tamper evidence in computer systems, and to the definition of intrusion detection. We analyze the different technologies and types of intrusion detection systems, the problems and open issues to be solved, and the state of the art of the research in the field, focusing on earlier studies on the application of unsupervised learning algorithms to intrusion detection. We introduce then our research results, both in network and host based intrusion detection. We propose a novel, two tier architecture for network intrusion detection, capable of clustering packet payloads and correlate anomalies in the packet stream. We show the experiments we conducted on such architecture and give performance results and compare our achievements with other comparable existing systems. We also propose a framework for detecting anomalous system calls in an operating system, capable of tracing anomalies both in the parameters of system calls and in their sequence, through the use of statistical models, clustering and a Markov Chain model used for time correlation.
We show the results such system obtains and compare them with earlier studies.