"There are two ways of detecting an intrusion or an attack on a network", says the senior lecturer in network security at the Distributed Services, Architecture, Modeling, Validation and Administration of Networks (SAMOVAR*) laboratory at Télécom SudParis. " Either by detecting signatures characteristic of each attack, or by detecting anomalies on the network". As attacks evolve and their perpetrators seek to bypass signature detection, Gregory Blanc and his team are focusing their research on anomaly detection.

Know your network's characteristics

The scientist has therefore developed a specific detection methodology requiring a few explanations of context: each object communicating in a network produces flows - packets of data - which it will be possible to reconstruct using an anomaly detector. This is actually an autoencoder (a neural network) trained with the network data. If the network streams are fed into the encoder, the encoder compresses the corresponding data in an optimized way, then a decoder reconstructs them as accurately as possible after decompression. In this way, any unknown data packets entering the encoder (attack, intrusion) will generate output differences that can easily be identified among the reconstructed data packets.

Read the full article on the Institut Polytechnique de Paris blog