Andrea Ceccarelli
University of Firenze, Italy

On anomaly-based intrusion detection: from algorithms evaluation to algorithms selection

Anomaly detection aims at finding patterns in data that do not conform to the expected behaviour. It is largely adopted in intrusion detection systems, relying on unsupervised algorithms that have the potential to detect zero-day attacks; however, efficacy of algorithms varies depending on the observed system and the attacks. The talk presents the recent experiences and results of the Resilient Computing Lab at the University of Florence on evaluating and selecting algorithms for anomaly-based intrusion detection. The talk first discusses basics on anomaly detection, and proposes an analysis on unsupervised algorithms with respect to different intrusion detection dataset. Then it introduces ongoing works on selecting the proper algorithm(s) for the target system, based on profiling attack models and the anomalies generated by such attack models.

Andrea Ceccarelli is a Research Associate at University of Florence. His main research interests are the design, monitoring and experimental evaluation of critical and secure systems and systems of systems. His scientific activities originated around 100 papers appeared in International Conferences, Workshops and Journals. He regularly serves as member of Program Committees of International Conferences and Workshops including DSN, SRDS and as reviewer for International conferences and journals. He was TPC co-chair of SRDS 2017 and LADC 2018, and publication chair of SAFECOMP 2014, SRDS 2016, and co-chair of the Workshops RADIANCE @ DSN 2015, RADIANCE @ DSN 2016, RADIANCE @ DSN 2017, IRENE Workshop on Tools for Smart Grid Design and Assessment” @ SmartGift 2017, IRENE: resilient and secure urban power systems@ISC2 2016, poster chair of EDCC 2019. He has been involved in several European and National funded projects, currently in the H2020 ADVANCE. He served as expert for the European Commission in the review of H2020 projects in 2014, 2016, 2017, 2018. Starting 2009 he is involved in the Academic Spinoff Resiltech S.r.l.

