Comparative Study of Different Feature Sets for Intrusion Detection in Computer Networks
Resumo
A detecção de intrusão em redes de computadores é uma tarefa fundamental para garantir a segurança da informação em sistemas digitais. Porém, a eficácia dos sistemas de detecção de intrusão depende da qualidade dos dados e da escolha dos atributos utilizados para treinamento dos modelos de classificação. Este trabalho tem como objetivo identificar o impacto das diferentes seleções de grupos de atributos na tarefa de detecção de intrusão para cenários de fluxos contínuos de dados. Um estudo experimental foi realizado usando a base de dados CICIDS2017, diferentes conjuntos de atributos encontrados na literatura, bem como um conjunto proposto neste trabalho, e diferente atrasos na entrega dos rótulos. Os resultados indicam que o desempenho do classificador é afetado pelo atraso na entrega dos rótulos, mas também pelo conjunto de atributos usados no seu treinamento.
Palavras-chave:
detecção de intrusão, conjunto de atributos, fluxo contínuo de dados
Referências
Amudha, P. et al. (2013). Classification techniques for intrusion detection-an overview. International Journal of Computer Applications, 76(16).
Bhuyan, M. H. et al. (2017). Network anomaly detection: Methods, systems and tools. IEEE Communications Surveys & Tutorials, 16(1):303–336.
Bifet, A., Holmes, G., and Pfahringer, B. (2010). Leveraging bagging for evolving data streams. In Proceedings of the 2010th European Conference on Machine Learning and Knowledge Discovery in Databases - Volume Part I, pages 135–150. Springer.
Breve, F. and Zhao, L. (2013). Semi-supervised learning with concept drift using particle dynamics applied to network intrusion detection data. In 2013 BRICS Congress on Computational Intelligence and 11th Brazilian Congress on Computational Intelligence, pages 335–340. Ieee.
Check Point Research (2023). Cyber security report 2023.
da Costa, V. G. T., Zarpelão, B. B., Miani, R. S., and Junior, S. B. (2018). Online detection of botnets on network flows using stream mining. In Anais do XXXVI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 225–238. SBC.
Fayyad, U. M. et al. (1996). From data mining to knowledge discovery in databases. AI magazine, 17(3):37.
Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45:100–123.
Hernández-Pereira, E., Suárez-Romero, J. A., Fontenla-Romero, O., and Alonso-Betanzos, A. (2009). Conversion methods for symbolic features: A comparison applied to an intrusion detection problem. Expert Systems with Applications, 36(7):10612–10617.
Molina, D. R. et al. (2020). A survey of data mining and knowledge discovery process models and methodologies. Journal of Computing Sciences in Colleges, 35(5):62–80.
Nwagu, I. et al. (2017). Knowledge discovery from databases: An overview. Journal of Applied Sciences and Environmental Management, 21(5):887–893.
Olímpio, G., Camargos, L., Miani, R. S., and Faria, E. R. (2023). Model update for intrusion detection: Analyzing the performance of delayed labeling and active learning strategies. Computers & Security, 134:103451.
Prasath, S., Sethi, K., Mohanty, D., Bera, P., and Samantaray, S. R. (2022). Analysis of continual learning models for intrusion detection system. IEEE Access, 10:121444–121464.
Ribeiro, G. H., de Faria Paiva, E. R., and Miani, R. S. (2020). A comparison of stream mining algorithms on botnet detection. In Proceedings of the 15th International Conference on Availability, Reliability and Security, ARES ’20, New York, NY, USA. Association for Computing Machinery.
Schuartz, F. C., Munaretto, A., and Fonseca, M. (2019). Uma comparação entre os sistemas de detecção de ameaças distribuídas de rede baseado no processamento de dados em fluxo e em lotes. In Anais do XXIV Workshop de Gerência e Operação de Redes e Serviços, pages 29–42. SBC.
Shao, Z., Yuan, S., and Wang, Y. (2021). Adaptive online learning for IoT botnet detection. Information Sciences, 574:84–95.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108–116.
Sousa, W. T. M. and Silva, C. A. (2022). Análise de desempenho em algoritmos de aprendizagem de máquina na detecção de intrusão baseada em fluxo de rede usando o conjunto de dados unsw-nb15. Revista de Sistemas e Computação-RSC, 12(2).
Stolfo, S., Fan, W., Lee, W., Prodromidis, A., and Philip, C. (1999). KDD Cup 1999 Data. UCI Machine Learning Repository. DOI: 10.24432/C51C7N.
Torres, J. L. G., Catania, C. A., and Veas, E. (2019). Active learning approach to label network traffic datasets. Journal of Information Security and Applications, 49:102388.
Wang, W., Guyet, T., Quiniou, R., Cordier, M.-O., Masseglia, F., and Zhang, X. (2014). Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks. Knowledge-Based Systems, 70:103–117.
Yuan, X., Wang, R., Zhuang, Y., Zhu, K., and Hao, J. (2018). A concept drift based ensemble incremental learning approach for intrusion detection. In 2018 IEEE International Conference on Internet of things (IThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPS-Com) and IEEE Smart Data (SmartData), pages 350–357. IEEE.
Bhuyan, M. H. et al. (2017). Network anomaly detection: Methods, systems and tools. IEEE Communications Surveys & Tutorials, 16(1):303–336.
Bifet, A., Holmes, G., and Pfahringer, B. (2010). Leveraging bagging for evolving data streams. In Proceedings of the 2010th European Conference on Machine Learning and Knowledge Discovery in Databases - Volume Part I, pages 135–150. Springer.
Breve, F. and Zhao, L. (2013). Semi-supervised learning with concept drift using particle dynamics applied to network intrusion detection data. In 2013 BRICS Congress on Computational Intelligence and 11th Brazilian Congress on Computational Intelligence, pages 335–340. Ieee.
Check Point Research (2023). Cyber security report 2023.
da Costa, V. G. T., Zarpelão, B. B., Miani, R. S., and Junior, S. B. (2018). Online detection of botnets on network flows using stream mining. In Anais do XXXVI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 225–238. SBC.
Fayyad, U. M. et al. (1996). From data mining to knowledge discovery in databases. AI magazine, 17(3):37.
Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45:100–123.
Hernández-Pereira, E., Suárez-Romero, J. A., Fontenla-Romero, O., and Alonso-Betanzos, A. (2009). Conversion methods for symbolic features: A comparison applied to an intrusion detection problem. Expert Systems with Applications, 36(7):10612–10617.
Molina, D. R. et al. (2020). A survey of data mining and knowledge discovery process models and methodologies. Journal of Computing Sciences in Colleges, 35(5):62–80.
Nwagu, I. et al. (2017). Knowledge discovery from databases: An overview. Journal of Applied Sciences and Environmental Management, 21(5):887–893.
Olímpio, G., Camargos, L., Miani, R. S., and Faria, E. R. (2023). Model update for intrusion detection: Analyzing the performance of delayed labeling and active learning strategies. Computers & Security, 134:103451.
Prasath, S., Sethi, K., Mohanty, D., Bera, P., and Samantaray, S. R. (2022). Analysis of continual learning models for intrusion detection system. IEEE Access, 10:121444–121464.
Ribeiro, G. H., de Faria Paiva, E. R., and Miani, R. S. (2020). A comparison of stream mining algorithms on botnet detection. In Proceedings of the 15th International Conference on Availability, Reliability and Security, ARES ’20, New York, NY, USA. Association for Computing Machinery.
Schuartz, F. C., Munaretto, A., and Fonseca, M. (2019). Uma comparação entre os sistemas de detecção de ameaças distribuídas de rede baseado no processamento de dados em fluxo e em lotes. In Anais do XXIV Workshop de Gerência e Operação de Redes e Serviços, pages 29–42. SBC.
Shao, Z., Yuan, S., and Wang, Y. (2021). Adaptive online learning for IoT botnet detection. Information Sciences, 574:84–95.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108–116.
Sousa, W. T. M. and Silva, C. A. (2022). Análise de desempenho em algoritmos de aprendizagem de máquina na detecção de intrusão baseada em fluxo de rede usando o conjunto de dados unsw-nb15. Revista de Sistemas e Computação-RSC, 12(2).
Stolfo, S., Fan, W., Lee, W., Prodromidis, A., and Philip, C. (1999). KDD Cup 1999 Data. UCI Machine Learning Repository. DOI: 10.24432/C51C7N.
Torres, J. L. G., Catania, C. A., and Veas, E. (2019). Active learning approach to label network traffic datasets. Journal of Information Security and Applications, 49:102388.
Wang, W., Guyet, T., Quiniou, R., Cordier, M.-O., Masseglia, F., and Zhang, X. (2014). Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks. Knowledge-Based Systems, 70:103–117.
Yuan, X., Wang, R., Zhuang, Y., Zhu, K., and Hao, J. (2018). A concept drift based ensemble incremental learning approach for intrusion detection. In 2018 IEEE International Conference on Internet of things (IThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPS-Com) and IEEE Smart Data (SmartData), pages 350–357. IEEE.
Publicado
17/11/2024
Como Citar
ALCÂNTARA, André Oliveira de; MIANI, Rodrigo S.; FARIA, Elaine Ribeiro de.
Comparative Study of Different Feature Sets for Intrusion Detection in Computer Networks. In: ENCONTRO NACIONAL DE INTELIGÊNCIA ARTIFICIAL E COMPUTACIONAL (ENIAC), 21. , 2024, Belém/PA.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 239-250.
ISSN 2763-9061.
DOI: https://doi.org/10.5753/eniac.2024.245047.