Sistema Híbrido e On-line de Detecção e Classificação de Tráfego Malicioso
Abstract
Several Machine Learning methodologies have been proposed to improve security in computer networks and reduce the damage caused by the action of malicious agents. However, detecting and classifying attacks with high accuracy and precision is still a major challenge in today's networks. This paper proposes an online attack detection and network traffic classification system, which hybridly combines Stream Machine Learning, Deep Learning, and Ensemble technique. Using multiple stages of data analysis, the system can detect the presence of malicious traffic flows and classify them according to the type of attack they represent. The system was evaluated in three network security datasets, in which it obtained accuracy and precision above 90% with a reduced false alarm rate.
References
Abreu, D., Carvalho, I., and Abelém, A. (2021). Seleção de Características em Stream para a Detecção de Ataques de Rede. In Anais do XXI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 197–210, Porto Alegre, RS, Brasil. SBC.
Abreu, D., Carvalho, I., Abelém, A. J., Menasché, D., Leão, R. M., and Silva, E. (2020). Seleção de Características por Clusterização para Melhorar a Detecção de Ataques de Rede. In Proceedings of the 38th Brazilian Symposium on Computer Networks and Distributed Systems, pages 295–308, Porto Alegre, RS, Brasil. SBC.
Altman, N. S. (1992). An Introduction to Kernel and Nearest-Neighbor Nonparametric Regression. The American Statistician, volume 46, páginas 175-185(3).
Carvalho, D. V., Pereira, E. M., and Cardoso, J. S. (2019). Machine learning interpretability: A survey on methods and metrics. Electronics, 8(8):832.
Dhanabal, L. and Shantharajah, S. (2015). A study on nsl-kdd dataset for intrusion detection system based on classification algorithms. International Journal of Advanced Research in Computer and Communication Engineering, 4(6):446–452.
Khan, F. A., Gumaei, A., Derhab, A., and Hussain, A. (2019). A novel two-stage deep learning model for efficient network intrusion detection. IEEE Access, 7:30373–30385.
Khraisat, A., Gondal, I., Vamplew, P., and Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1):1–22.
Liang, X. and Kim, Y. (2021). A survey on security attacks and solutions in the iot network. In 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC), pages 0853–0859. IEEE.
Lobato, A. G. P., Andreoni Lopez, M., and Duarte, O. (2016). Um sistema acurado de detecção de ameaças em tempo real por processamento de fluxos. XXXIV Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos-SBRC.
Lorena, A. C. and De Carvalho, A. C. (2007). Uma introdução às support vector machines. Revista de Informática Teórica e Aplicada, 14(2):43–67.
Lucas, T. J., da Costa, K. A., Moraes, E. A., Júnior, P. R. H., and das Neves, M. J. (2021). Stacking-based committees para detecção de ataques em redes de computadores-uma abordagem por exaustão. In Anais do XXXIX Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 644–657. SBC.
Maidamwar, P. R., Bartere, M. M., and Lokulwar, P. P. (2022). Implementation of network intrusion detection system using artificial intelligence: Survey. In Proceedings of the 2nd International Conference on Recent Trends in Machine Learning, IoT, Smart Cities and Applications, pages 185–198. Springer.
Malhotra, P., Vig, L., Shroff, G., Agarwal, P., et al. (2015). Long short term memory networks for anomaly detection in time series. In Proceedings, volume 89, pages 89– 94.
Moustafa, N. and Slay, J. (2015). Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6.
Polikar, R. (2012). Ensemble learning. In Ensemble machine learning, pages 1–34. Springer.
Rego, R. C. S. and Nunes, R. C. (2021). Detecção de ataques web: Explorando redes neurais recorrentes com redutor de dimensionalidade. In Anais do XXI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 183–196. SBC.
Salih, A., Zeebaree, S. T., Ameen, S., Alkhyyat, A., and Shukur, H. M. (2021). A survey on the role of artificial intelligence, machine learning and deep learning for cybersecurity attack detection. In 2021 7th International Engineering Conference “Research & Innovation amid Global Pandemic”(IEC), pages 61–66. IEEE.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In ICISSp, pages 108– 116.
Tian, Q., Han, D., Hsieh, M.-Y., Li, K.-C., and Castiglione, A. (2021). A two-stage intrusion detection approach for software-defined iot networks. Soft Computing, 25(16):10935–10951.
Abreu, D., Carvalho, I., Abelém, A. J., Menasché, D., Leão, R. M., and Silva, E. (2020). Seleção de Características por Clusterização para Melhorar a Detecção de Ataques de Rede. In Proceedings of the 38th Brazilian Symposium on Computer Networks and Distributed Systems, pages 295–308, Porto Alegre, RS, Brasil. SBC.
Altman, N. S. (1992). An Introduction to Kernel and Nearest-Neighbor Nonparametric Regression. The American Statistician, volume 46, páginas 175-185(3).
Carvalho, D. V., Pereira, E. M., and Cardoso, J. S. (2019). Machine learning interpretability: A survey on methods and metrics. Electronics, 8(8):832.
Dhanabal, L. and Shantharajah, S. (2015). A study on nsl-kdd dataset for intrusion detection system based on classification algorithms. International Journal of Advanced Research in Computer and Communication Engineering, 4(6):446–452.
Khan, F. A., Gumaei, A., Derhab, A., and Hussain, A. (2019). A novel two-stage deep learning model for efficient network intrusion detection. IEEE Access, 7:30373–30385.
Khraisat, A., Gondal, I., Vamplew, P., and Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1):1–22.
Liang, X. and Kim, Y. (2021). A survey on security attacks and solutions in the iot network. In 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC), pages 0853–0859. IEEE.
Lobato, A. G. P., Andreoni Lopez, M., and Duarte, O. (2016). Um sistema acurado de detecção de ameaças em tempo real por processamento de fluxos. XXXIV Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos-SBRC.
Lorena, A. C. and De Carvalho, A. C. (2007). Uma introdução às support vector machines. Revista de Informática Teórica e Aplicada, 14(2):43–67.
Lucas, T. J., da Costa, K. A., Moraes, E. A., Júnior, P. R. H., and das Neves, M. J. (2021). Stacking-based committees para detecção de ataques em redes de computadores-uma abordagem por exaustão. In Anais do XXXIX Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 644–657. SBC.
Maidamwar, P. R., Bartere, M. M., and Lokulwar, P. P. (2022). Implementation of network intrusion detection system using artificial intelligence: Survey. In Proceedings of the 2nd International Conference on Recent Trends in Machine Learning, IoT, Smart Cities and Applications, pages 185–198. Springer.
Malhotra, P., Vig, L., Shroff, G., Agarwal, P., et al. (2015). Long short term memory networks for anomaly detection in time series. In Proceedings, volume 89, pages 89– 94.
Moustafa, N. and Slay, J. (2015). Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6.
Polikar, R. (2012). Ensemble learning. In Ensemble machine learning, pages 1–34. Springer.
Rego, R. C. S. and Nunes, R. C. (2021). Detecção de ataques web: Explorando redes neurais recorrentes com redutor de dimensionalidade. In Anais do XXI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 183–196. SBC.
Salih, A., Zeebaree, S. T., Ameen, S., Alkhyyat, A., and Shukur, H. M. (2021). A survey on the role of artificial intelligence, machine learning and deep learning for cybersecurity attack detection. In 2021 7th International Engineering Conference “Research & Innovation amid Global Pandemic”(IEC), pages 61–66. IEEE.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In ICISSp, pages 108– 116.
Tian, Q., Han, D., Hsieh, M.-Y., Li, K.-C., and Castiglione, A. (2021). A two-stage intrusion detection approach for software-defined iot networks. Soft Computing, 25(16):10935–10951.
Published
2022-05-23
How to Cite
ABREU, Diego; ABELÉM, Antônio.
Sistema Híbrido e On-line de Detecção e Classificação de Tráfego Malicioso. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 40. , 2022, Fortaleza.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 322-335.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2022.222320.
