Aprendizado Profundo para a Predição de Ataques de Negação de Serviço Distribuído
Resumo
Dentre as ameaças existentes no ciberespaço, o ataque de negação de serviço distribuído (DDoS) destaca-se por interromper serviços essenciais, negando o acesso a usuários legítimos e causando prejuízos econômicos. A literatura apresenta mecanismos para defender as vítimas. Contudo, os ataques DDoS nem sempre são detectados a tempo para que os mecanismos de defesa evitem os prejuízos. Para aumentar o tempo que a defesa terá para reagir ao ataque, este trabalho propõe um sistema baseado no aprendizado profundo supervisionado para identificar sinais da orquestração de ataques DDoS. Transformando o tráfego de rede em sinais precoces de alerta, este trabalho treinou uma rede neural profunda para identificar anomalias e predizer os ataques DDoS. O sistema proposto foi avaliado no conjunto de dados CTU-13 que contém o tráfego de dois ataques de DDoS. O modelo predisse o lançamento do ataque com 46 minutos de antecedência e uma baixa quantidade de erros.
Referências
Abaid, Z., Sarkar, D., Kaafar, M. A., and Jha, S. (2016). The early bird gets the botnet: A markov chain based early warning system for botnet attacks. In LCN, pages 61–68, UAE. IEEE.
Armor (2018). Armor’s ‘black market’ report highlights the big business of cybercrime. Acesso em: 07/21. [link].
Bhardwaj, A., Subrahmanyam, G. V. B., Avasthi, V., Sastry, H., and Goundar, S. (2016). DDoS attacks, new DDoS taxonomy and mitigation solutions — A survey. In SCOPES, page 5.
Box, G. E., Jenkins, G. M., Reinsel, G. C., and Ljung, G. M. (2015). Time series analysis: forecasting and control. John Wiley & Sons.
Dakos, V., Carpenter, S. R., Brock, W. A., Ellison, A. M., Guttal, V., Ives, A. R., Kéfi, S., Livina, V., Seekell, D. A., van Nes, E. H., and Scheffer, M. (2012). Methods for detecting early warnings of critical transitions in time series illustrated using simulated ecological data. PLOS ONE, 7(7):1–20.
Doriguzzi-Corin, R., Millar, S., Scott-Hayward, S., Martínez-del Rincón, J., and Siracusa, D. (2020). Lucid: A practical, lightweight deep learning solution for DDoS attack detection. TNSM, 17(2):876–889.
Elsayed, M. S., Le-Khac, N.-A., Dev, S., and Jurcut, A. D. (2020). DDoSNet: A deep-learning model for detecting network attacks. In WoWMoM, pages 391–396.
García, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45:100–123.
Hochreiter, S. and Schmidhuber, J. (1997). Long short-term memory. Neural Computation, 9(8):1735–1780.
Holgado, P., Villagrá, V. A., and Vázquez, L. (2020). Real-time multistep attack prediction based on hidden markov models. IEEE Trans. Dependable Secure Comput, 17(1):134–147.
Jyoti, N. and Behal, S. (2021). A meta-evaluation of machine learning techniques for detection of DDoS attacks. In INDIACom, pages 522–526, India. IEEE.
Keshariya, A. and Foukia, N. (2010). DDoS defense mechanisms: A new taxonomy. In DPM, pages 222–236. Springer Berlin Heidelberg.
Koay, A., Welch, I., and Seah, W. (2019). (Short Paper) Effectiveness of entropy-based features in highand low-intensity DDoS attacks detection. In IWSEC, pages 207–217.
Kromkowski, P., Li, S., Zhao, W., Abraham, B., Osborne, A., and Brown, D. E. (2019). Evaluating statistical models for network traffic anomaly detection. In SIEDS, pages 1–6.
Lindemann, B., Müller, T., Vietz, H., Jazdi, N., and Weyrich, M. (2021). A survey on long shortterm memory networks for time series prediction. Procedia CIRP, 99:650–655.
Liu, Y., Zhang, J., Sarabi, A., Liu, M., Karir, M., and Bailey, M. (2015). Predicting cyber security incidents using feature-based characterization of network-level malicious activities. In IWSPA.
Marrow, A. and Stolyarov, G. (2021). Russia’s Yandex says it repelled biggest DDoS attack in history. [Acesso em: 10/2021]. [link].
Nguyen, H., Tran, K., Thomassey, S., and Hamad, M. (2021). Forecasting and anomaly detection approaches using lstm and lstm autoencoder techniques with the applications in supply chain management. IJIM, 57:38.
Nichols, D. (2016). The what and why of DDoS attacks. Acesso em: 07/2021. https://secura.cloud/insights/the-what-and-why-of-ddos-attacks.
Pelloso, M., Vergutz, A., Santos, A., and Nogueira, M. (2018). A self-adaptable system for DDoS attack prediction based on the metastability theory. In GLOBECOM, pages 1–6.
Santos, L. A. F., Campiolo, R., Gerosa, M. A., and Batista, D. M. (2013). Extração de alertas de segurança postados em mensagens de redes sociais. In XXXI SBRC, pages 791–804, Brasil.
Shumway, R. H. and Stoffer, D. S. (2017). Characteristics of Time Series, pages 1–44. Springer.
Srivastava, N., Mansimov, E., and Salakhutdinov, R. (2015). Unsupervised learning of video representations using lstms. CoRR.
Sumathi, S. and Karthikeyan, N. (2021). Detection of distributed denial of service using deep learning neural network. JAIHC, 12.
Tyson, M. (2022). Minecraft DDoS attack leaves small european country without Internet. Acesso em: 01/22. [link].
Wang, Z. and Zhang, Y. (2017). DDoS event forecasting using twitter data. In IJCAI, page 7.
Xie, X.-q., He, W.-P., Gu, B., Mei, Y., and Zhao, S.-s. (2019). Can kurtosis be an early warning signal for abrupt climate change? Climate Dynamics, 52.
Zhai, J.-H., Zhang, S., Chen, J., and He, Q. (2018). Autoencoder and its various variants. SMC, pages 415–419.
Armor (2018). Armor’s ‘black market’ report highlights the big business of cybercrime. Acesso em: 07/21. [link].
Bhardwaj, A., Subrahmanyam, G. V. B., Avasthi, V., Sastry, H., and Goundar, S. (2016). DDoS attacks, new DDoS taxonomy and mitigation solutions — A survey. In SCOPES, page 5.
Box, G. E., Jenkins, G. M., Reinsel, G. C., and Ljung, G. M. (2015). Time series analysis: forecasting and control. John Wiley & Sons.
Dakos, V., Carpenter, S. R., Brock, W. A., Ellison, A. M., Guttal, V., Ives, A. R., Kéfi, S., Livina, V., Seekell, D. A., van Nes, E. H., and Scheffer, M. (2012). Methods for detecting early warnings of critical transitions in time series illustrated using simulated ecological data. PLOS ONE, 7(7):1–20.
Doriguzzi-Corin, R., Millar, S., Scott-Hayward, S., Martínez-del Rincón, J., and Siracusa, D. (2020). Lucid: A practical, lightweight deep learning solution for DDoS attack detection. TNSM, 17(2):876–889.
Elsayed, M. S., Le-Khac, N.-A., Dev, S., and Jurcut, A. D. (2020). DDoSNet: A deep-learning model for detecting network attacks. In WoWMoM, pages 391–396.
García, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45:100–123.
Hochreiter, S. and Schmidhuber, J. (1997). Long short-term memory. Neural Computation, 9(8):1735–1780.
Holgado, P., Villagrá, V. A., and Vázquez, L. (2020). Real-time multistep attack prediction based on hidden markov models. IEEE Trans. Dependable Secure Comput, 17(1):134–147.
Jyoti, N. and Behal, S. (2021). A meta-evaluation of machine learning techniques for detection of DDoS attacks. In INDIACom, pages 522–526, India. IEEE.
Keshariya, A. and Foukia, N. (2010). DDoS defense mechanisms: A new taxonomy. In DPM, pages 222–236. Springer Berlin Heidelberg.
Koay, A., Welch, I., and Seah, W. (2019). (Short Paper) Effectiveness of entropy-based features in highand low-intensity DDoS attacks detection. In IWSEC, pages 207–217.
Kromkowski, P., Li, S., Zhao, W., Abraham, B., Osborne, A., and Brown, D. E. (2019). Evaluating statistical models for network traffic anomaly detection. In SIEDS, pages 1–6.
Lindemann, B., Müller, T., Vietz, H., Jazdi, N., and Weyrich, M. (2021). A survey on long shortterm memory networks for time series prediction. Procedia CIRP, 99:650–655.
Liu, Y., Zhang, J., Sarabi, A., Liu, M., Karir, M., and Bailey, M. (2015). Predicting cyber security incidents using feature-based characterization of network-level malicious activities. In IWSPA.
Marrow, A. and Stolyarov, G. (2021). Russia’s Yandex says it repelled biggest DDoS attack in history. [Acesso em: 10/2021]. [link].
Nguyen, H., Tran, K., Thomassey, S., and Hamad, M. (2021). Forecasting and anomaly detection approaches using lstm and lstm autoencoder techniques with the applications in supply chain management. IJIM, 57:38.
Nichols, D. (2016). The what and why of DDoS attacks. Acesso em: 07/2021. https://secura.cloud/insights/the-what-and-why-of-ddos-attacks.
Pelloso, M., Vergutz, A., Santos, A., and Nogueira, M. (2018). A self-adaptable system for DDoS attack prediction based on the metastability theory. In GLOBECOM, pages 1–6.
Santos, L. A. F., Campiolo, R., Gerosa, M. A., and Batista, D. M. (2013). Extração de alertas de segurança postados em mensagens de redes sociais. In XXXI SBRC, pages 791–804, Brasil.
Shumway, R. H. and Stoffer, D. S. (2017). Characteristics of Time Series, pages 1–44. Springer.
Srivastava, N., Mansimov, E., and Salakhutdinov, R. (2015). Unsupervised learning of video representations using lstms. CoRR.
Sumathi, S. and Karthikeyan, N. (2021). Detection of distributed denial of service using deep learning neural network. JAIHC, 12.
Tyson, M. (2022). Minecraft DDoS attack leaves small european country without Internet. Acesso em: 01/22. [link].
Wang, Z. and Zhang, Y. (2017). DDoS event forecasting using twitter data. In IJCAI, page 7.
Xie, X.-q., He, W.-P., Gu, B., Mei, Y., and Zhao, S.-s. (2019). Can kurtosis be an early warning signal for abrupt climate change? Climate Dynamics, 52.
Zhai, J.-H., Zhang, S., Chen, J., and He, Q. (2018). Autoencoder and its various variants. SMC, pages 415–419.
Publicado
23/05/2022
Como Citar
M. E SILVA, Gabriel Lucas F.; NEIRA, Anderson Bergamini de; NOGUEIRA, Michele.
Aprendizado Profundo para a Predição de Ataques de Negação de Serviço Distribuído. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 40. , 2022, Fortaleza.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 475-488.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2022.222348.
