Statistical approaches for network anomaly detection

Ing. Christian Callegari
Dipartimento di Ingegneria dell'Informazione: Elettronica, Informatica, Telecomunicazioni, Università di Pisa

15 hours, 4 credits

April 26 - April 30, 2010

Dipartimento di Ingegneria dell'Informazione: Elettronica, Informatica, Telecomunicazioni, Largo Lucio Lazzarino, meeting room



In the last few years Internet has experienced an explosive growth. Along with the wide proliferation of new services, the quantity and impact of attacks have been continuously increasing. Recent advances in encryption, public key exchange, digital signature, and the development of related standards have set a foundation for network security. However, security on a network goes beyond these issues. Indeed it must include security of computer systems and networks, at all levels, top to bottom.

Since it seems impossible to guarantee complete protection to a system by means of prevention mechanisms (e.g. authentication techniques), the use of an Intrusion Detection System (IDS) is of primary importance to reveal intrusions in a network or in a system. The aim of this series of lectures is to provide an overview of the most relevant statistical approaches for network anomaly detection.


  • Motivation
  • Basics of statistical intrusion detection systems
  • General concepts about anomaly detection
  • IDES - Intrusion Detection Expert System
  • Statistical approaches for anomaly detection
  • Clustering
  • Markovian models
  • Sketch
  • PCA
  • Wavelet analysis
  • Entropy analysis