Implementation of novel intrustion protection algorithms

The study of the behavior of ICT networks under normal use, and the quantitative measurement of parameters that characterize the network itself, allows us to report intrusion attempts. Through anomaly detection techniques, we are able to analyze characteristics of individual protocols, such as for example the number of email messages sent, the number of TCP reset packets exchanged, or the amount and type of DNS requests/replies. Over the years we also defined more complex features computed by aggregating multiple network packets, in order to identify advanced threats.