Intrusion Detection System

If you are interested in network intrusion detection, you probably know that current defenses rely on rule-based intrusion detection systems (IDS) like Snort, Zeek or Suricata. They work very fine once you have the right rules but writing these rules is only possible when attacks are accurately known. That's where anomaly-based IDS come in! netspot is such an IDS.

Many previous works have proposed such solutions but netspot is different because of its simplicity and above all its lack of ambition. Keep in mind that netspot won't flag all zero-day attacks, but it will find relevant anomalies on your network.

This work has been published at IEEE TrustCom 2020.

Cite

Siffer, A., Fouque, P. A., Termier, A., & Largouet, C. (2020, December). Netspot: a simple Intrusion Detection System with statistical learning. In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (pp. 911-918). IEEE.