Aprimorando a Detecção de Ataques Automáticos através de Decomposição Espectral de Pacotes de Rede
Resumo
A classificação de fluxos para a identificação de ataques em redes de computadores por aprendizado de máquina utiliza características quantitativas que sintetizam as informações de pacotes pertencentes a um fluxo. Entretanto, as características convencionais, como tamanho de pacote e número de bytes, geram redundâncias e não representam as correlações temporais entre os pacotes de um fluxo. Ataques de rede automatizados geram padrões periódicos observáveis através da decomposição espectral, o que facilita a classificação. Este artigo propõe o FENED1, um método para extrair características de dados de rede considerando a ordem de chegada dos pacotes dentro de um mesmo fluxo através da transformada rápida de Fourier para a classificação binária. O vetor de características proposto contém o módulo das componentes espectrais do fluxo. Os resultados mostram que a proposta é melhor ou igual às propostas convencionais de extração de características que desconsideram a ordem de chegada dos pacotes em um fluxo.
Referências
AsSadhan, B. and Moura, J. M. (2014). An efficient method to detect periodic behavior in botnet trafc by analyzing control plane trafc. Journal of advanced research, 5(4):435–448.
Batista, G. E., Prati, R. C., and Monard, M. C. (2004). A study of the behavior of several methods for balancing machine learning training data. ACM SIGKDD explorations newsletter, 6(1):20–29.
Bezerra, V. et al. (2018). Providing IoT host-based datasets for intrusion detection research. In Anais do XVIII SBSeg, pages 15–28.
Bian, H. et al. (2019). Host in danger? detecting network intrusions from authentication logs. In 15th International Conference on Network and Service Management (CNSM), pages 1–9. IEEE.
Blaise, A., Bouet, M., Conan, V., and Secci, S. (2020). Botfp: Fingerprints clustering for bot detection. In NOMS IEEE/IFIP Network Operations and Management Symposium, pages 1–7. IEEE.
Bottazzi, G. et al. (2016). Frequency domain analysis of large-scale proxy logs for botnet In Proceedings of the 9th International Conference on Security of trafc detection. Information and Networks, pages 76–80.
Camilo, G. F. et al. (2020). Autavailchain: Automatic and secure data availability through blockchain. In GLOBECOM, pages 1–6. IEEE.
Chen, Y. and Hwang, K. (2007). Spectral analysis of TCP ows for defense against reduction-of-quality attacks. In IEEE International Conference on Communications, pages 1203–1210.
Chimedtseren, E. et al. (2014). Intrusion detection system using Discrete Fourier Transform. In Seventh Symposium on Computational Intelligence for Security and Defense Applications (CISDA), pages 1–5. IEEE.
de Souza, L. A. C., Antonio F. Rebello, G., Camilo, G. F., Guimarães, L. C. B., and Duarte, O. C. M. B. (2020). DFedForest: Decentralized Federated Forest. In 2020 IEEE Blockchain, pages 90–97.
Fouladi, R. F., Ermis¸, O., and Anarim, E. (2019). Anomaly-Based DDoS Attack Detection by Using Sparse Coding and Frequency Domain. In 2019 IEEE 30th Annual International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC), pages 1–6. IEEE.
Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45:100–123.
Guimarães, L. C. et al. (2020). TeMIA-NT: ThrEat Monitoring and Intelligent data AnalyIn 2020 4th Conference on Cloud and Internet of Things tics of Network Traffic. (CIoT), pages 9–16. IEEE.
Guzman, J. A. d., Seneviratne, A., and Thilakarathna, K. (2021). Unravelling Spatial Privacy Risks of Mobile Mixed Reality Data. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 5(1):1–26.
Kwon, J. et al. (2014). PsyBoG: Power spectral density analysis for detecting botnet groups. In 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE), pages 85–92. IEEE.
Liu, W., Liu, X., Di, X., and Qi, H. (2019). A novel network intrusion detection algorithm based on Fast Fourier Transformation. In 2019 1st International Conference on Industrial Artificial Intelligence (IAI), pages 1–6.
Lobato, A., Lopez, M. A., Rebello, G., and Duarte, O. (2017). Um sistema adaptativo de detecção e reação a ameaças. Anais do XVII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais-SBSeg, 17:400–413.
Manasrah, A. M., Domi, W. B., and Suppiah, N. N. (2020). Botnet detection based on DNS traffic similarity. International Journal of Advanced Intelligence Paradigms, 15(4):357–387.
Mantovani, R. G. et al. (2016). Hyper-parameter tuning of a decision tree induction algorithm. In 2016 5th BRACIS, pages 37–42.
Pedregosa, F. et al. (2011). Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12:2825–2830.
Pelloso, M. et al. (2018). A self-adaptable system for DDoS attack prediction based on the metastability theory. In IEEE GLOBECOM, pages 1–6.
Possebon, I. P., Silva, A. S., Granville, L. Z., Schaeffer-Filho, A., and Marnerides, A. (2019). Improved network traffic classication using ensemble learning. In 2019 IEEE Symposium on Computers and Communications (ISCC), pages 1–6. IEEE.
Powell, B. A. (2019). Malicious Overtones: Hunting data theft in the frequency domain with one-class learning. Transactions on Privacy and Security (TOPS), 22(4):1–34.
Sagirlar, G., Carminati, B., and Ferrari, E. (2018). AutoBotCatcher: Blockchain-Based P2P Botnet Detection for the Internet of Things. In 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC), pages 1–8.
Sanz, I. J. et al. (2018). Um sistema de detecção de ameaças distribuídas de rede baseado In Anais do XXXVI Simpósio Brasileiro de Redes de em aprendizagem por grafos. Computadores e Sistemas Distribuídos. SBC.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. FGCS, 93:473–485.
Yu, X. et al. (2009). Online botnet detection by continuous similarity monitoring. In 2009 International Symposium on Information Engineering and Electronic Commerce, pages 145–149. IEEE.
Zhou, M. and Lang, S.-D. (2003). A frequency-based approach to intrusion detection. In Proc. of the Workshop on Network Security Threats and Countermeasures.