Robust and Secure Distributed Computing

Threat and Anomaly Detection and Mitigation

Threat and anomaly detection play crucial roles in safeguarding systems and networks from potential risks and are essential components of a robust cybersecurity strategy. Threat detection involves identifying and recognising potential cyber threats such as malware, hacking attempts, or other malicious activities that can compromise the security and integrirty of computer systems, networks, or data. Anomaly detection, on the other hand, focuses on discovering abnormal or unusual patterns in data that deviate significantly from the expected behavior. Applications fiels include networks and cloud infrastructure, industrial control systems, automotive, healthcare systems and many others.

Our focus:

  • Monitoring of network and computing devices through software-defined networks and programmable data planes (e.g. eBPF, P4)
  • Design and development of AI-based threat and anomaly detection algorithms
  • Analysis of the effectiveness of the monitoring-detection-mitigation pipeline

Selected Tools

  • FLAD: Adaptive Federated Learning for DDoS Attack Detection [documentation]
  • LUCID: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection [documentation]

Selected Publications

  • Roberto Doriguzzi Corin, Luis Augusto Dias Knob, Luca Mendozzi, Domenico Siracusa, Marco Savi
    Introducing packet-level analysis in programmable data planes to advance Network Intrusion Detection
    In: Computer Networks (DOI)
  • Roberto Doriguzzi Corin, Domenico Siracusa
    FLAD: Adaptive Federated Learning for DDoS Attack Detection
    In: Computers & Security (DOI)
  • Damu Ding, Marco Savi, Domenico Siracusa
    Tracking Normalized Network Traffic Entropy to Detect DDoS Attacks in P4
    In: IEEE Transactions on Dependable and Secure Computing (DOI)
  • Maged Abdelaty, Roberto Doriguzzi Corin, Domenico Siracusa
    DAICS: A Deep Learning Solution for Anomaly Detection in Industrial Control Systems
    In: IEEE Transactions on Emerging Topics in Computing (DOI)
  • Roberto Doriguzzi Corin, Stuart Millar, Sandra Scott-Hayward, Jesus Martinez-Del-Rinc√≥n, Domenico Siracusa
    LUCID: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection
    In: IEEE Transactions on Network and Service Management (DOI)