Aplicação de Redes Neurais Convolucionais e Recorrentes na Detecção de Intrusão em Linux Baseada em Chamadas de Sistema
Resumo
A segurança cibernética em sistemas Linux é um desafio crescente devido ao aumento na frequência e sofisticação dos ataques. Os Sistemas de Detecção de Intrusão (IDS) tradicionais, baseados em assinaturas, mostram-se ineficazes contra novas ameaças, motivando a busca por soluções mais avançadas. Este estudo propõe um módulo de detecção de intrusões utilizando técnicas de aprendizado de máquina, combinando Redes Neurais Convolucionais e Redes Neurais Recorrentes, para identificar padrões maliciosos em chamadas de sistema. O modelo foi testado com o conjunto de dados ADFA-LD, alcançando uma revocação de 97% e uma precisão de 95%. Esses resultados demonstram a eficácia da abordagem proposta na detecção de ataques complexos. No entanto, o modelo ainda possui uma taxa de falsos negativos de 17,97%, indicando a necessidade de melhorias. Como trabalhos futuros, planeja-se implementar o módulo em ambientes reais e expandir os testes com bases de dados mais diversas e heterogêneas.
Palavras-chave:
Segurança cibernética, Aprendizado de Máquina, análise de chamadas de sistema, detecção de anomalias, redes neurais profundas, sistemas operacionais
Referências
F. E. Laghrissi, S. Douzi, K. Douzi, and B. Hssina, "Intrusion detection systems using long short-term memory (lstm)", Journal of Big Data, vol. 8, 2021.
G. Amarchand, P. Brown, and T. Mahoney, "Linux security", Advances in Engineering Innovation, vol. 2, pp. 17–20, 10 2023.
A. Imperva, "Consumer password worst practices", 2010. [Online]. Available: [link] Consumer Password Worst Practices.pdf
T. Hunt, "Have i been pwned?" 2019. [Online]. Available: [link]
G1, "Nova falha do ministério da saúde expõe dados de 243 milhões de brasileiros na internet, diz jornal", 2020. [Online]. Available: [link]
C. P. Pfleeger, Security in computing 5th Edition. Prentice-Hall, Inc., 2015.
S. A. V. Jatti and V. J. K. Sontif, "Intrusion detection systems", International Journal of Recent Technology and Engineering, vol. 8, pp. 3976–3983, 9 2019.
A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, "Survey of intrusion detection systems: techniques, datasets and challenges", Cybersecurity, vol. 2, 2019.
A. L. Buczak and E. Guven, "A survey of data mining and machine learning methods for cyber security intrusion detection", IEEE Communications Surveys and Tutorials, vol. 18, 2016.
S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, "Sense of self for unix processes", in Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, 1996.
M. Xie and J. Hu, "Evaluating host-based anomaly detection systems: A preliminary analysis of adfa-ld", Proceedings of the 2013 6th International Congress on Image and Signal Processing, CISP 2013, vol. 3, pp. 1711–1716, 2013.
G. Creech and J. Hu, "A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns", IEEE Transactions on Computers, vol. 63, pp. 807–819, 2014.
A. A. Diro and N. Chilamkurti, "Distributed attack detection scheme using deep learning approach for internet of things", Future Generation Computer Systems, vol. 82, pp. 761–768, 2018. [Online]. Available: DOI: 10.1016/j.future.2017.08.043
T. Lu, X. Liu, J. Chen, N. Hu, and B. Liu, "Afcgdroid: Deep learning based android malware detection using attributed function call graphs", Journal of Physics: Conference Series, vol. 1693, 2020.
B. S. Khater, A. W. B. A. Wahab, M. Y. I. B. Idris, M. A. Hussain, and A. A. Ibrahim, "A lightweight perceptron-based intrusion detection system for fog computing", Applied Sciences (Switzerland), vol. 9, 2019.
R. Vijayanand and D. Devaraj, "A novel feature selection method using whale optimization algorithm and genetic operators for intrusion detection system in wireless mesh network", IEEE Access, vol. 8, 2020.
Z. Wang, Y. Liu, D. He, and S. Chan, "Intrusion detection methods based on integrated deep learning model", Computers and Security, vol. 103, 2021.
Y. Li and Q. Liu, "A comprehensive review study of cyber-attacks and cyber security; emerging trends and recent developments", Energy Reports, vol. 7, 2021.
H. Satilmis, S. Akleylek, and Z. Y. Tok, "A systematic literature review on host-based intrusion detection systems", IEEE Access, vol. 12, 2024.
K. Ilgun, R. A. Kemmerer, and P. A. Porras, "State transition analysis: A rule-based intrusion detection approach", IEEE Transactions on Software Engineering, vol. 21, 1995.
Z. Liu, S. M. Bridges, and R. B. Vaughn, "Combining static analysis and dynamic learning to build accurate intrusion detection models", in Proceedings - 3rd IEEE International Workshop on Information Assurance, IWIA 2005, 2005.
K. S. Ganesh, M. R. Sekar, and V. Vaidehi, "Semantic intrusion detection system using pattern matching and state transition analysis", in International Conference on Recent Trends in Information Technology, ICRTIT 2011, 2011.
T. Vyˇsni¯unas, D. ˇCeponis, N. Goranin, and A. ˇCenys, "Risk-based system-call sequence grouping method for malware intrusion detection", Electronics (Switzerland), vol. 13, 1 2024.
H. He and E. A. Garcia, "Learning from imbalanced data", IEEE Transactions on Knowledge and Data Engineering, vol. 21, 2009.
N. V. Chawla, K. W. Bowyer, L. O. Hall, and W. P. Kegelmeyer, "Smote: Synthetic minority over-sampling technique", Journal of Artificial Intelligence Research, vol. 16, 2002.
A. Fernández, S. García, F. Herrera, and N. V. Chawla, "Smote for learning from imbalanced data: Progress and challenges, marking the 15-year anniversary", 2018.
S. Axelsson, "Base-rate fallacy and its implications for the difficulty of intrusion detection", in Proceedings of the ACM Conference on Computer and Communications Security. ACM, 1999, pp. 1–7.
P. B. Le and Z. T. Nguyen, "Roc curves, loss functions, and distorted probabilities in binary classification", Mathematics, vol. 10, 2022.
S. Kiranyaz, O. Avci, O. Abdeljaber, T. Ince, M. Gabbouj, and D. J. Inman, "1d convolutional neural networks and applications: A survey", Mechanical Systems and Signal Processing, vol. 151, 2021.
Y. Bengio, R. Ducharme, P. Vincent, and C. Jauvin, "A neural probabilistic language model", in Journal of Machine Learning Research, vol. 3, 2003.
A. Vaswani, N. Shazeer, N. Parmar, J. Uszkoreit, L. Jones, A. N. Gomez, Łukasz Kaiser, and I. Polosukhin, "Attention is all you need", in Advances in Neural Information Processing Systems, vol. 2017-December, 2017.
A. Sherstinsky, "Fundamentals of recurrent neural network (rnn) and long short-term memory (lstm) network", Physica D: Nonlinear Phenomena, vol. 404, 2020.
R. Pascanu, T. Mikolov, and Y. Bengio, "On the difficulty of training recurrent neural networks", in 30th International Conference on Machine Learning, ICML 2013, 2013.
G. Amarchand, P. Brown, and T. Mahoney, "Linux security", Advances in Engineering Innovation, vol. 2, pp. 17–20, 10 2023.
A. Imperva, "Consumer password worst practices", 2010. [Online]. Available: [link] Consumer Password Worst Practices.pdf
T. Hunt, "Have i been pwned?" 2019. [Online]. Available: [link]
G1, "Nova falha do ministério da saúde expõe dados de 243 milhões de brasileiros na internet, diz jornal", 2020. [Online]. Available: [link]
C. P. Pfleeger, Security in computing 5th Edition. Prentice-Hall, Inc., 2015.
S. A. V. Jatti and V. J. K. Sontif, "Intrusion detection systems", International Journal of Recent Technology and Engineering, vol. 8, pp. 3976–3983, 9 2019.
A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, "Survey of intrusion detection systems: techniques, datasets and challenges", Cybersecurity, vol. 2, 2019.
A. L. Buczak and E. Guven, "A survey of data mining and machine learning methods for cyber security intrusion detection", IEEE Communications Surveys and Tutorials, vol. 18, 2016.
S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, "Sense of self for unix processes", in Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, 1996.
M. Xie and J. Hu, "Evaluating host-based anomaly detection systems: A preliminary analysis of adfa-ld", Proceedings of the 2013 6th International Congress on Image and Signal Processing, CISP 2013, vol. 3, pp. 1711–1716, 2013.
G. Creech and J. Hu, "A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns", IEEE Transactions on Computers, vol. 63, pp. 807–819, 2014.
A. A. Diro and N. Chilamkurti, "Distributed attack detection scheme using deep learning approach for internet of things", Future Generation Computer Systems, vol. 82, pp. 761–768, 2018. [Online]. Available: DOI: 10.1016/j.future.2017.08.043
T. Lu, X. Liu, J. Chen, N. Hu, and B. Liu, "Afcgdroid: Deep learning based android malware detection using attributed function call graphs", Journal of Physics: Conference Series, vol. 1693, 2020.
B. S. Khater, A. W. B. A. Wahab, M. Y. I. B. Idris, M. A. Hussain, and A. A. Ibrahim, "A lightweight perceptron-based intrusion detection system for fog computing", Applied Sciences (Switzerland), vol. 9, 2019.
R. Vijayanand and D. Devaraj, "A novel feature selection method using whale optimization algorithm and genetic operators for intrusion detection system in wireless mesh network", IEEE Access, vol. 8, 2020.
Z. Wang, Y. Liu, D. He, and S. Chan, "Intrusion detection methods based on integrated deep learning model", Computers and Security, vol. 103, 2021.
Y. Li and Q. Liu, "A comprehensive review study of cyber-attacks and cyber security; emerging trends and recent developments", Energy Reports, vol. 7, 2021.
H. Satilmis, S. Akleylek, and Z. Y. Tok, "A systematic literature review on host-based intrusion detection systems", IEEE Access, vol. 12, 2024.
K. Ilgun, R. A. Kemmerer, and P. A. Porras, "State transition analysis: A rule-based intrusion detection approach", IEEE Transactions on Software Engineering, vol. 21, 1995.
Z. Liu, S. M. Bridges, and R. B. Vaughn, "Combining static analysis and dynamic learning to build accurate intrusion detection models", in Proceedings - 3rd IEEE International Workshop on Information Assurance, IWIA 2005, 2005.
K. S. Ganesh, M. R. Sekar, and V. Vaidehi, "Semantic intrusion detection system using pattern matching and state transition analysis", in International Conference on Recent Trends in Information Technology, ICRTIT 2011, 2011.
T. Vyˇsni¯unas, D. ˇCeponis, N. Goranin, and A. ˇCenys, "Risk-based system-call sequence grouping method for malware intrusion detection", Electronics (Switzerland), vol. 13, 1 2024.
H. He and E. A. Garcia, "Learning from imbalanced data", IEEE Transactions on Knowledge and Data Engineering, vol. 21, 2009.
N. V. Chawla, K. W. Bowyer, L. O. Hall, and W. P. Kegelmeyer, "Smote: Synthetic minority over-sampling technique", Journal of Artificial Intelligence Research, vol. 16, 2002.
A. Fernández, S. García, F. Herrera, and N. V. Chawla, "Smote for learning from imbalanced data: Progress and challenges, marking the 15-year anniversary", 2018.
S. Axelsson, "Base-rate fallacy and its implications for the difficulty of intrusion detection", in Proceedings of the ACM Conference on Computer and Communications Security. ACM, 1999, pp. 1–7.
P. B. Le and Z. T. Nguyen, "Roc curves, loss functions, and distorted probabilities in binary classification", Mathematics, vol. 10, 2022.
S. Kiranyaz, O. Avci, O. Abdeljaber, T. Ince, M. Gabbouj, and D. J. Inman, "1d convolutional neural networks and applications: A survey", Mechanical Systems and Signal Processing, vol. 151, 2021.
Y. Bengio, R. Ducharme, P. Vincent, and C. Jauvin, "A neural probabilistic language model", in Journal of Machine Learning Research, vol. 3, 2003.
A. Vaswani, N. Shazeer, N. Parmar, J. Uszkoreit, L. Jones, A. N. Gomez, Łukasz Kaiser, and I. Polosukhin, "Attention is all you need", in Advances in Neural Information Processing Systems, vol. 2017-December, 2017.
A. Sherstinsky, "Fundamentals of recurrent neural network (rnn) and long short-term memory (lstm) network", Physica D: Nonlinear Phenomena, vol. 404, 2020.
R. Pascanu, T. Mikolov, and Y. Bengio, "On the difficulty of training recurrent neural networks", in 30th International Conference on Machine Learning, ICML 2013, 2013.
Publicado
27/11/2024
Como Citar
BORTOLI, André Augusto; LÓ, Thiago Berticelli; VASATA, Darlon .
Aplicação de Redes Neurais Convolucionais e Recorrentes na Detecção de Intrusão em Linux Baseada em Chamadas de Sistema. In: CONGRESSO LATINO-AMERICANO DE SOFTWARE LIVRE E TECNOLOGIAS ABERTAS (LATINOWARE), 21. , 2024, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 77-85.
DOI: https://doi.org/10.5753/latinoware.2024.245757.
