Towards Reliable Intrusion Detection in High Speed Networks

Eduardo K. Viegas; Altair O. Santin

doi:10.5753/ctd.2019.6330

Eduardo K. Viegas SAMSUNG Research Institute
Altair O. Santin PUC-PR

DOI: https://doi.org/10.5753/ctd.2019.6330

Resumo

Existing machine learning solutions for network-based intrusion detection cannot maintain their reliability over time in production environments. In such context, detection schemes must be able to detect intrusion attempts at a high network bandwidth, besides having to deal with the lack of realistic training/testing data, changes in network traffic behavior, unreliable classifications over time and adversarial settings. In this work a new intrusion detection model, namely reliable intrusion detection, is introduced, whose main characteristic is the usage of both batch and stream learning algorithms coupled together. The proposed model advances the state- of-the-art in intrusion detection, providing reliable detection even in the presence of network traffic behavior changes and lack of model updates. The work relevance was recognized in the publication of 5 international top-tier journals, 6 international and national conference papers, and 1 registered patent.

Palavras-chave: Machine learning, network-based intrusion detection

Referências

Cardoso, A.M.P.; Silva, S.A.A. Web Social: Aspectos culturais e interações de estudantes universitários em redes sociais. Anais do III Workshop sobre Aspectos da Interação Humano-Computador para a Web Social, 2011.

CISCO (2017). Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2016 – 2021

C. Gates and C. Taylor (2007). “Challenging the Anomaly Detection Paradigm: A Provocative Discussion,” Proc. 2006 Work. New Secur. Paradig., pp. 21–29, 2007.

E. K. Viegas, A. O. Santin, and L. S. Oliveira (2017-1). “Toward a reliable anomaly- based intrusion detection in real-world environments,” Comput. Networks, vol. 127.

E. K. Viegas, A. Santin, V. Abreu, and L. S. Oliveira (2017-2), “Stream learning and anomaly-based intrusion detection in the adversarial settings,” in Proceedings - IEEE Symposium on Computers and Communications.

E. K. Viegas, A. Santin, N. Neves, and A. Bessani (2019). “BigFlow: Real-time and Reliable Anomaly-based Intrusion Detection for High-speed Networks”. in Future Generation Computer System.

E. K. Viegas, A. Santin, N. Neves, A. Bessani, and V. Abreu (2017-3). “A Resilient Stream Learning Intrusion Detection Mechanism for Real-time Analysis of Network Traffic”. In. proc. of IEEE GLOBECOM.

E. K. Viegas, A. Santin, L. S. Oliveira, A. França, R. Jasinki, and V. Pedroni (2018), “A reliable and Energy-Efficient Classifier Combination Scheme for Intrusion Detection in Embedded Systems”. In: Computers & Security

P802.3cd (2017). P802.3cd Standard for Ethernet Amendment. Available at: http://ieeexplore.ieee.org/document/8115318/

R. Sommer and V. Paxson (2010). “Outside the Closed World: On Using Machine Learning for Network Intrusion Detection,” 2010 IEEE Symp. Secur. Priv., vol. 0, no. May, pp. 305–316.