Anomaly detection: An overview of selected methods

Detecting anomalous traffic (and above all new ad-hoc attacks) with low false alarm rates is of primary interest in IP networks management. To this aim a key research topic in network security is represented by anomaly-based IDSs (Intrusion Detection Systems) thanks to their ability to face unknown attacks. Starting from more than a decade of research experience by the authors, the aim of this paper is to revise some of the most promising statistical approaches, namely Wavelets, Principal Component Analysis, CUSUM (cumulative sum control chart) and Information Theoretical methods (based on different definitions of the Entropy). Moreover, issues related to the choice of the relevant traffic parameters, use of sketches and availability of dataset for performance comparison are also discussed to highlight the main problems in intrusion detection.