Integrated detection of anomalous behavior of computer infrastructures

Our research concentrates on anomaly detection techniques, which have both industrial applications such as network monitoring and protection, as well as research applications such as software behavioral analysis or malware classification. During our doctoral research, we worked on anomaly detection from three different perspective, as a complex computer infrastructure has several weak spots that must be protected. We first focused on the operating system, central to any computer, to avoid malicious code to subvert its normal activity. Secondly, we concentrated on web applications, which are the main interface to modern computing: Because of their immense popularity, they have indeed become the most targeted entry point of intrusions. Last, we developed novel techniques with the aim of identifying related events (e.g., alerts reported by intrusion detection systems) to build new and more compact knowledge to detect malicious activity on large-scale systems. During our research we enhanced existing anomaly detection tools and also contributed with new ones. Such tools have been tested over different datasets, both synthetic data and real network traffic, and lead to interesting results that were accepted for publication at main security venues.