Speaker Name Dr. Christian Callegari
Title Network Security and Beyond: Network Anomaly Detection in the Field


Christian CALLEGARI received the B.E. and the M.E. degrees in telecommunications engineering and the PhD degree in information engineering from the University of Pisa, in 2002, 2004, and 2008, respectively. Since 2005, he has been with the Dept. of Information Engineering at the University of Pisa, where he is currently a postdoc research fellow. In 2006/07, he was a visiting student research collaborator at the Dept. of Computer Science at ENST Bretagne, France and in 2013 he was a visiting researcher at Eurecom, SophiaAntipolis, France. He has given several PhD courses about anomaly detection, network security, and statistical traffic classification (both at national and international level) and he has also given several tutorials about anomaly detection in leading international conferences.

His research interests are in the area of network security and monitoring. He has participated to several research projects related to the Anomaly Detection topic, both at national (e.g., PRIN RECIPE) and European level (FP7 STREP PRISM, FP7 IP DEMONS, NGI/NFI Networks of Excellence, and the COST TMA action). Moreover he has been technical coordinator of several regional and local projects related to network security and monitoring.

Christian Callegari has coauthored more than 70 journal and conference papers and he is editor of the book “Data Traffic Monitoring and Analysis: From Measurement, Classification, and Anomaly Detection to Quality of Experience” (LNCS 7754, Springer, 2013). He is the general chair of the international workshop on traffic analysis and classification (TRAC) and the TPC co-chair of several conferences and tracks in leading international conferences. Moreover he is member of the editorial board of several international journals (e.g., International Journal of Trust Management in Computing and Communications) and serves as a TPC member for several international conferences (e.g., IEEE Globecom and ICC) and as a reviewer for several journals (e.g., IEEE/ACM Transactions on Networking, IEEE Communication surveys and tutorials, Wiley Security and Communication Networks, Elsevier Computer Networks Journal) and conferences.


This tutorial provides an overview of the most relevant approaches to network anomaly detection, as well as of the main challenges in applying anomaly detection to “real world” scenarios. The tutorial is structured into three main parts: in the first one, starting from the seminal work by Denning, the basic concepts about anomaly detection will be introduced. Then, in the second part, some of the most recent and relevant works about statistical anomaly detection will be discussed. For each of the presented methods, the description of the theoretical background, focusing on why the method should be effective in detecting network anomalies and attacks, will be accompanied by a discussion on the anomalies that can be detected and on the achievable results, as well as on the main limitations of the method. Finally, the third part of the tutorial will focus on the challenges that arise when applying Anomaly Detection in the field, e.g., how to deal with huge quantities of data or with the privacy concerns typical of highly distributed scenarios.


Introduction and Motivation (10 min)

Basics of Statistical Intrusion Detection Systems (20 min)

Statistical approaches for anomaly detection (90 min)

Anomaly Detection in the Field (90min)

Discussion and perspectives (30min)