Network Anomaly Detection is the tool conceived and created by TIESSE to check customer network traffic and check if there are any anomalies.
This is a machine-learning tool, conceived by the Ivrea-based company specializing in wireless network technologies, in particular entirely Italian routers. “The goal is to recognize anomalies in network traffic and thus identify the presence of intrusions or potential risks to corporate networks,” said Francesco Lucrezia, TIESSE Software Research & Development Engineer, with a PhD at the Polytechnic of Turin.
Know your data
The goal for client companies, especially SMEs, is to know the typical characteristics of the network traffic they normally produce. “Knowing company data and traffic flows has become a must for all companies – said Lucrezia – our Network Anomaly Detection allows us to identify anomalous facts concerning traffic and thus prevent potential dangers and external attacks”.
Everything works with a system of “training” on customer data. “Within a few days, weeks or months, depending on the needs, we apply a training phase to customer traffic – continues Lucrezia – the goal is to create a form of traffic normality”.
Subsequently, through a neural network, the anomaly indices are compared with the predetermined traffic thresholds. Once trained, the system allows comparisons to be made and anomalous situations to be identified.
In this context, the task of the data scientist is to search for increasingly optimal models and to “calibrate” the weights of the system.
Phase two, on the other hand, concerns the system notification of any anomaly, considering that, for example, even the saturation of download bandwidth caused by entertainment content represents an anomaly in terms of increased traffic. And this is where other criteria come into play to check the type of traffic and distinguish the “good” from the “bad” one.
Time in this context must also be managed. “For some companies, 10 thousand connections in the middle of the night can represent an anomaly – adds Lucrezia – You need to use time as a feature and identify traffic based on the times”.
For example, a post office and a tobacconist have different traffic hours. This is why specific inputs must be given based on the average customer connections, defining the maximum connection ceilings to be analyzed.
The phases of the system are firstly the detection of the anomaly, secondly, when necessary, the Notification and finally the Feedback control loop, in which action is taken to block a possible attack.
In fact, this TIESSE solution is suitable for all companies, large and small, that manage data flows and in particular for the monitoring of mission-critical applications. “In 2021, having knowledge of your company data is essential”, Lucrezia closes