Skip to main content

Signal processing for network forensics and security

Networks are by far the dominating paradigm to exchange information across spatially dispersed individuals and entities. Therefore, network safeguard emerges distinctly as one of the fundamental challenges of modern times: Whether we are talking of website attacks, power network sabotages, or even of terrorist attacks, protecting our “interconnected” lives is of paramount importance.
While it is true that clever interaction among the individual network agents brings steadily new possibilities to share information, such an enhancement is not for free. New doors are concurrently opened to the attacker, multiplying the challenges at the defender’s side. Therefore, it is not surprising that networks have become the preferential attacker’s habitat to hide and launch a rich variety of threats. For instance, a dangerous attack to a powerful target site (e.g., a big e-commerce portal) is often launched through a series of apparently innocuous attacks to some powerless, but most vulnerable, sites (e.g., some personal computers).

Different kinds of networks (e.g., communications/social/sensor networks, distributed big data depositories, power grids) are more and more exposed to an increasingly large variety of threats. Correspondingly, the design of useful defense strategies might require fruitful interaction among several disciplines and communities, including: signal processing, networking, machine learning, optimization, statistics, physics, economics, computer, and social sciences. In particular, signal processing is called to play a primary role in the realm of network security and forensics. To mention a few related examples: decision making in the presence of adversaries that can corrupt the data; universal algorithms for tracing information flows across the network; sparsity-aware algorithms for unveiling traffic volume anomalies.

At a more general level, signal processing can offer principled approaches, theories and algorithms necessary to: (a) disclosing significant relationships hidden in the network data, in order to enable a fast and reliable threat identification; (b) ensuring proper performance guarantees, also in terms of robustness, versatility and adaptation; c) envisaging descriptive indicators with a clear physical interpretation, a crucial requirement to make the output of the inference process usable to forensic purposes.

Edited by: Vincenzo Matta, Ting He and Gonzalo Mateos

There are currently no articles in this collection.