StefanZanero: 360 Anomaly Based Unsupervised Intrusion Detection

"In this talk, after briefly reviewing why we should build a good
anomaly-based intrusion detection system, we will briefly present twIDS prototypes developed at the Politecnicdi Milanfor network and host based intrusion detection through unsupervised algorithms.
We will then use them as a case study for presenting the difficulties in integrating anomaly based IDS systems (as if integrating usual misuse based IDS system was not complex enough...).
We will then present our ideas, based on fuzzy aggregation and causality analysis, for extracting meaningful attack scenarios from alert streams, building the core of the first 360anomaly based IDS.
Also, we will introduce some brand new ideas for correlation based on statistical fitting tests."