Atualização Confiável dos Modelos de Detecção de Intrusão Baseada em Aprendizagem de Máquina
Resumo
Este trabalho apresenta um novo método para atualizar modelos de detecção de intrusões usando aprendizado de fluxo, reduzindo eventos para atualização e custos computacionais. Instâncias rejeitadas na classificação são armazenadas para atualização incremental, permitindo rotulação automática a partir de repositórios públicos. Experimentos mostraram que a proposta reduz os falsos-positivos em até 12%, rejeitando 8% das instâncias, em uma base de dados de 2.6 TB. A abordagem consome apenas 3,2% do tempo de processamento e 2% de novas instâncias em comparação com técnicas tradicionais.
Referências
Adhikari, U., Morris, T. H., and Pan, S. (2018). Applying hoeffding adaptive trees for real-time cyber-power event and intrusion classification. IEEE Transactions on Smart Grid, 9(5):4049–4060.
Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J., and Ahmad, F. (2021). Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies, 32(1):e4150.
Blaise, A., Bouet, M., Conan, V., and Secci, S. (2020). Detection of zero-day attacks: An unsupervised port-based approach. Computer Networks, 180:107391.
Das, S., Saha, S., Priyoti, A. T., Roy, E. K., Sheldon, F. T., Haque, A., and Shiva, S. (2022). Network intrusion detection and comparative analysis using ensemble machine learning and feature selection. IEEE Transactions on Network and Service Management, 19(4):4821–4833.
de Oliveira, P. R., Santin, A. O., Horchulhack, P., and Viegas, E. K. (2023). A dynamic network-based intrusion detection model for industrial control systems. In IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom).
de Oliveira, P. R., Viega, E., Santin, A., Horchulhack, P., and de Matos, E. (2024). Toward a reliable network-based intrusion detection model for scada: A classification with reject option approach. In International Joint Conference on Neural Networks (IJCNN).
Din, S. U., Shao, J., Kumar, J., Ali, W., Liu, J., and Ye, Y. (2020). Online reliable semi-supervised learning on evolving data streams. 525:153–171.
Gates, C. and Taylor, C. (2006). Challenging the anomaly detection paradigm: A provocative discussion. In Proc. of the Workshop on New Security Paradigms (NSPW), pages 21–29.
Geremias, J., Viegas, E. K., Santin, A. O., Britto, A., and Horchulhack, P. (2022). Towards multi-view android malware detection through image-based deep learning. In International Wireless Communications and Mobile Computing (IWCMC), pages 572–577.
Geremias, J., Viegas, E. K., Santin, A. O., Britto, A., and Horchulhack, P. (2023). Towards a reliable hierarchical android malware detection through image-based cnn. In 2023 IEEE 20th Consumer Communications & Networking Conference (CCNC), pages 242–247. IEEE.
Horchulhack, P., Viegas, E., Santin, A., and Ramos, F. (2023). Kubemon: extrator de métricas de desempenho de sistema operacional e aplicações conteinerizadas em ambientes de nuvem no domínio do provedor. In Anais Estendidos do XXIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 25–32.
Horchulhack, P., Viegas, E. K., and Lopez, M. A. (2022a). A stream learning intrusion detection system for concept drifting network traffic. In 2022 6th Cyber Security in Networking Conference (CSNet), pages 1–7. IEEE.
Horchulhack, P., Viegas, E. K., and Santin, A. O. (2022b). Detection of service provider hardware over-commitment in container orchestration environments. In GLOBECOM 2022 - 2022 IEEE Global Communications Conference. IEEE.
Horchulhack, P., Viegas, E. K., and Santin, A. O. (2022c). Toward feasible machine learning model updates in network-based intrusion detection. Computer Networks, 202:108618.
Horchulhack, P., Viegas, E. K., Santin, A. O., and Geremias, J. (2022d). Intrusion detection model updates through gan data augmentation and transfer learning. In GLOBECOM 2022 - 2022 IEEE Global Communications Conference. IEEE.
Horchulhack, P., Viegas, E. K., Santin, A. O., Ramos, F. V., and Tedeschi, P. (2024a). Detection of quality of service degradation on multi-tenant containerized services. Journal of Network and Computer Applications, 224:103839.
Horchulhack, P., Viegas, E. K., Santin, A. O., and Simioni, J. A. (2024b). Fortalecendo a segurança de redes: Um olhar profundo na detecção de intrusões com cnn baseada em imagens e aprendizado por transferência. In SBRC 2024 - XLII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos.
Horchulhack, P., Viegas, E. K., Santin, A. O., and Simioni, J. A. (2024c). Network-based intrusion detection through image-based cnn and transfer learning. In International Wireless Communications & Mobile Computing Conference (IWCMC).
Kaspersky (2020). Kaspersky Security Bulletin 2020. Statistics.
Li, X., Chen, W., Zhang, Q., and Wu, L. (2020). Building auto-encoder intrusion detection system based on random forest feature selection. Computers & Security, 95:101851.
Martindale, N., Ismail, M., and Talbert, D. A. (2020). Ensemble-based online machine learning algorithms for network intrusion detection systems using streaming data. Information, 11(6):315.
MAWI (2021). MAWI Working Group Traffic Archive Samplepoint F.
Molina-Coronado, B., Mori, U., Mendiburu, A., and Miguel-Alonso, J. (2020). Survey of network intrusion detection methods from the perspective of the knowledge discovery in databases process. IEEE Trans. on Network and Service Management, 17(4):2451–2479.
Moore, A. W. and Zuev, D. (2005). Internet traffic classification using bayesian analysis techniques. In Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems - SIGMETRICS '05. ACM Press.
Oliveira, J., Santin, A., Viega, E., and Horchulhack, P. (2024). A non-interactive one-time password-based method to enhance the vault security. In The 38th International Conference on Advanced Information Networking and Applications (AINA).
Ramos, F., Viegas, E., Santin, A., Horchulhack, P., dos Santos, R. R., and Espindola, A. (2021). A machine learning model for detection of docker-based app overbooking on kubernetes. In IEEE International Conference on Communications, pages 1–6.
Sommer, R. and Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy. IEEE.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Viegas, E. K., Santin, A. O., Cogo, V. V., and Abreu, V. (2020). A reliable semi-supervised intrusion detection model: One year of network traffic anomalies. In ICC 2020 2020 IEEE International Conference on Communications (ICC). IEEE.
Viegas, E. K., Santin, A. O., and Oliveira, L. S. (2017). Toward a reliable anomaly-based intrusion detection in real-world environments. Computer Networks, 127:200–216.
Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J., and Ahmad, F. (2021). Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies, 32(1):e4150.
Blaise, A., Bouet, M., Conan, V., and Secci, S. (2020). Detection of zero-day attacks: An unsupervised port-based approach. Computer Networks, 180:107391.
Das, S., Saha, S., Priyoti, A. T., Roy, E. K., Sheldon, F. T., Haque, A., and Shiva, S. (2022). Network intrusion detection and comparative analysis using ensemble machine learning and feature selection. IEEE Transactions on Network and Service Management, 19(4):4821–4833.
de Oliveira, P. R., Santin, A. O., Horchulhack, P., and Viegas, E. K. (2023). A dynamic network-based intrusion detection model for industrial control systems. In IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom).
de Oliveira, P. R., Viega, E., Santin, A., Horchulhack, P., and de Matos, E. (2024). Toward a reliable network-based intrusion detection model for scada: A classification with reject option approach. In International Joint Conference on Neural Networks (IJCNN).
Din, S. U., Shao, J., Kumar, J., Ali, W., Liu, J., and Ye, Y. (2020). Online reliable semi-supervised learning on evolving data streams. 525:153–171.
Gates, C. and Taylor, C. (2006). Challenging the anomaly detection paradigm: A provocative discussion. In Proc. of the Workshop on New Security Paradigms (NSPW), pages 21–29.
Geremias, J., Viegas, E. K., Santin, A. O., Britto, A., and Horchulhack, P. (2022). Towards multi-view android malware detection through image-based deep learning. In International Wireless Communications and Mobile Computing (IWCMC), pages 572–577.
Geremias, J., Viegas, E. K., Santin, A. O., Britto, A., and Horchulhack, P. (2023). Towards a reliable hierarchical android malware detection through image-based cnn. In 2023 IEEE 20th Consumer Communications & Networking Conference (CCNC), pages 242–247. IEEE.
Horchulhack, P., Viegas, E., Santin, A., and Ramos, F. (2023). Kubemon: extrator de métricas de desempenho de sistema operacional e aplicações conteinerizadas em ambientes de nuvem no domínio do provedor. In Anais Estendidos do XXIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 25–32.
Horchulhack, P., Viegas, E. K., and Lopez, M. A. (2022a). A stream learning intrusion detection system for concept drifting network traffic. In 2022 6th Cyber Security in Networking Conference (CSNet), pages 1–7. IEEE.
Horchulhack, P., Viegas, E. K., and Santin, A. O. (2022b). Detection of service provider hardware over-commitment in container orchestration environments. In GLOBECOM 2022 - 2022 IEEE Global Communications Conference. IEEE.
Horchulhack, P., Viegas, E. K., and Santin, A. O. (2022c). Toward feasible machine learning model updates in network-based intrusion detection. Computer Networks, 202:108618.
Horchulhack, P., Viegas, E. K., Santin, A. O., and Geremias, J. (2022d). Intrusion detection model updates through gan data augmentation and transfer learning. In GLOBECOM 2022 - 2022 IEEE Global Communications Conference. IEEE.
Horchulhack, P., Viegas, E. K., Santin, A. O., Ramos, F. V., and Tedeschi, P. (2024a). Detection of quality of service degradation on multi-tenant containerized services. Journal of Network and Computer Applications, 224:103839.
Horchulhack, P., Viegas, E. K., Santin, A. O., and Simioni, J. A. (2024b). Fortalecendo a segurança de redes: Um olhar profundo na detecção de intrusões com cnn baseada em imagens e aprendizado por transferência. In SBRC 2024 - XLII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos.
Horchulhack, P., Viegas, E. K., Santin, A. O., and Simioni, J. A. (2024c). Network-based intrusion detection through image-based cnn and transfer learning. In International Wireless Communications & Mobile Computing Conference (IWCMC).
Kaspersky (2020). Kaspersky Security Bulletin 2020. Statistics.
Li, X., Chen, W., Zhang, Q., and Wu, L. (2020). Building auto-encoder intrusion detection system based on random forest feature selection. Computers & Security, 95:101851.
Martindale, N., Ismail, M., and Talbert, D. A. (2020). Ensemble-based online machine learning algorithms for network intrusion detection systems using streaming data. Information, 11(6):315.
MAWI (2021). MAWI Working Group Traffic Archive Samplepoint F.
Molina-Coronado, B., Mori, U., Mendiburu, A., and Miguel-Alonso, J. (2020). Survey of network intrusion detection methods from the perspective of the knowledge discovery in databases process. IEEE Trans. on Network and Service Management, 17(4):2451–2479.
Moore, A. W. and Zuev, D. (2005). Internet traffic classification using bayesian analysis techniques. In Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems - SIGMETRICS '05. ACM Press.
Oliveira, J., Santin, A., Viega, E., and Horchulhack, P. (2024). A non-interactive one-time password-based method to enhance the vault security. In The 38th International Conference on Advanced Information Networking and Applications (AINA).
Ramos, F., Viegas, E., Santin, A., Horchulhack, P., dos Santos, R. R., and Espindola, A. (2021). A machine learning model for detection of docker-based app overbooking on kubernetes. In IEEE International Conference on Communications, pages 1–6.
Sommer, R. and Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy. IEEE.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Viegas, E. K., Santin, A. O., Cogo, V. V., and Abreu, V. (2020). A reliable semi-supervised intrusion detection model: One year of network traffic anomalies. In ICC 2020 2020 IEEE International Conference on Communications (ICC). IEEE.
Viegas, E. K., Santin, A. O., and Oliveira, L. S. (2017). Toward a reliable anomaly-based intrusion detection in real-world environments. Computer Networks, 127:200–216.
Publicado
21/07/2024
Como Citar
HORCHULHACK, Pedro; SANTIN, Altair Olivo; VIEGAS, Eduardo Kugler.
Atualização Confiável dos Modelos de Detecção de Intrusão Baseada em Aprendizagem de Máquina. In: CONCURSO DE TESES E DISSERTAÇÕES (CTD), 37. , 2024, Brasília/DF.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 98-107.
ISSN 2763-8820.
DOI: https://doi.org/10.5753/ctd.2024.2275.
