yet another paper has been published so I can finally upgrade my blog with some interesting results.
In 2009 we (Network Security abs @ University of Bologna) studied a new way to analyze attacks using Data Mining over SNMP artificial variables. Artificial means forged by us, over natural SNMP variables.
This pictures show how our approach (we still don't have a name ) reacts to a DOS hidden under "normal traffic".
The described approach can also detect many different attacks utilizing the not intrusive SNMP. SNMP is ubiquitous; it runs on every platforms, from CellPhone to Washing Machines, we don't have to configure IDS, nasty systems or exoteric firewalls; what we need is just analyze SNMP data.
So far we don't have a presentable framework, the current version is in pre-alpha, basically we have a set of scripts which made all the computations. We're looking forward to new students that wanna implement a nice framework. If you are interested on this project (even if you are not a student :D ) please contact me.