The growing systems complexity calls for dedicated monitoring and data analysis strategies aiming to detect faults, attacks and errors before they escalate into failures. Distributed and heterogeneous systems are more likely to expose vulnerabilities that attackers may target to get unauthorized access to a system, make it unavailable or steal sensitive data. As countermeasure, traditionally techniques for attacks and intrusion detection are based on signature recognition and requires knowledge on the attacks pattern: therefore, they are not well-suited to detect zero-days attacks. A viable alternative is anomaly detection, where deviation from the expected behavior are suspected as attacks. However, anomaly detection is generally not applicable in systems where the expected behavior changes through time. In this paper we explore anomaly detection strategies based on sliding windows, which are intended for evolving and dynamic systems as IoT, in which system configuration and behavior may change continuously. We first describe the context and the key features of sliding windows, and then we proceed detailing their possible drawbacks. Discussion is substantiated by quantitative analyses directed to evaluate detection capabilities. The experimental campaign is based on state-of-the-art algorithms and datasets, and results have been made publicly available.

An Initial Investigation on Sliding Windows for Anomaly-Based Intrusion Detection / tommaso zoppi, andrea ceccarelli, andrea bondavalli. - ELETTRONICO. - (2019), pp. 99-104. (Intervento presentato al convegno Workshop on Cyber Security & Resilience in the Internet of Things (CSRIoT 2019) tenutosi a Milan, Italy nel 8-11/7/2019) [10.1109/SERVICES.2019.00031].

An Initial Investigation on Sliding Windows for Anomaly-Based Intrusion Detection

tommaso zoppi
;
andrea ceccarelli;andrea bondavalli
2019

Abstract

The growing systems complexity calls for dedicated monitoring and data analysis strategies aiming to detect faults, attacks and errors before they escalate into failures. Distributed and heterogeneous systems are more likely to expose vulnerabilities that attackers may target to get unauthorized access to a system, make it unavailable or steal sensitive data. As countermeasure, traditionally techniques for attacks and intrusion detection are based on signature recognition and requires knowledge on the attacks pattern: therefore, they are not well-suited to detect zero-days attacks. A viable alternative is anomaly detection, where deviation from the expected behavior are suspected as attacks. However, anomaly detection is generally not applicable in systems where the expected behavior changes through time. In this paper we explore anomaly detection strategies based on sliding windows, which are intended for evolving and dynamic systems as IoT, in which system configuration and behavior may change continuously. We first describe the context and the key features of sliding windows, and then we proceed detailing their possible drawbacks. Discussion is substantiated by quantitative analyses directed to evaluate detection capabilities. The experimental campaign is based on state-of-the-art algorithms and datasets, and results have been made publicly available.
2019
Proceedings of the Workshop on Cyber Security & Resilience in the Internet of Things (CSRIoT 2019)
Workshop on Cyber Security & Resilience in the Internet of Things (CSRIoT 2019)
Milan, Italy
8-11/7/2019
tommaso zoppi, andrea ceccarelli, andrea bondavalli
File in questo prodotto:
File Dimensione Formato  
SlidingAnomalyDetection_V3.pdf

Accesso chiuso

Tipologia: Pdf editoriale (Version of record)
Licenza: Tutti i diritti riservati
Dimensione 717.7 kB
Formato Adobe PDF
717.7 kB Adobe PDF   Richiedi una copia

I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificatore per citare o creare un link a questa risorsa: https://hdl.handle.net/2158/1159825
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? 4
social impact