Aplicação e Análise Comparativa do Desempenho de Classificadores de Padrões para o Sistema de Detecção de Intrusão Snort

Luan N. Utimura; Kelton A. Costa

doi:10.5753/sbrc.2018.2426

Luan N. Utimura Universidade Estadual Paulista "Júlio de Mesquita Filho"
Kelton A. Costa Universidade Estadual Paulista "Júlio de Mesquita Filho"

DOI: https://doi.org/10.5753/sbrc.2018.2426

Abstract

With the evolution of the Internet, the volume of data that travels in computer networks grows day by day, challenging the security of computer systems around the world. Among the main tools used to ensure these systems, stand out the Intrusion Detection Systems (IDS). In an environment where new vulnerabilities are discovered every week [Symantec 2015], anomaly-based detections can reduce damage from unknown attacks. Thus, this work proposes the application of two pattern classiﬁers to replace the default detection scheme of the open-source Snort IDS. The comparative study focused on the performance of both techniques presented high accuracy rates in the connection classiﬁcations.

References

Amato, F., Mazzocca, N., Moscato, F., and Vivenzio, E. (2017). Multilayer perceptron: An intelligent model for classication and intrusion detection. In Advanced Information Networking and Applications Workshops (WAINA), 2017 31st International Conference on, pages 686–691. IEEE.

Biles, S. (2003). Detecting the unknown with snort and the statistical packet anomaly detection engine (spade). Computer Security Online Ltd., Tech. Rep.

Canadian Institute for Cybersecurity (2012). Intrusion detection evaluation dataset (iscxids2012).

da Silva, J. R. C. (2007). Redes neurais articiais para sistemas de detecção de intrusos.

de Leon F de Carvalho, A. P. (2009). Redes neurais articiais.

Devi, S. and Nagpal, R. (2012). Intrusion detection system using genetic algorithm-a review. International Journal of Computing & Business Research.

Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., and Vázquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. computers & security, 28(1):18–28.

Jaggim, R. and Sangade, J. (2014). Detecting and classifying attacks using articial neural network. International Journal on Recent and Innovation Trends in Computing and Communication ISSN, pages 1136–1142.

Kumar, K. and Punia, R. (2013). Improving the performance of ids using genetic algorithm. International Journal of Computer Science and Communication, 4(2).

Kurose, J. F. and Ross, K. W. (2010). Redes de Computadores e a Internet: uma abordagem top-down. Pearson.

Minsky, M. and Papert, S. (1969). Perceptrons.

Papa, J. and Falcão, A. (2009). LibOPF: A library for the design of optimum-path forest classiers.

Papa, J. P. and Falcão, A. X. (2010). Optimum-path forest: A novel and powerful framework for supervised graphbased pattern recognition techniques. Institute of Computing University of Campinas, pages 41–48.

Papa, J. P., Falcão, A. X., and Suzuki, C. T. (2009). Supervised pattern classication based on optimum-path forest. International Journal of Imaging Systems and Technology, 19(2):120–131.

Pereira, C. R. (2012). Detecção de intrusão em redes de computadores utilizando oresta de caminhos ótimos.

Planquart, J.-P. (2001). Application of neural networks to intrusion detection. SANS Institute.

Salem, M. and Buehler, U. (2013). Reinforcing network security by converting massive data ow to continuous connections for ids. In Internet Technology and Secured Transactions (ICITST), 2013 8th International Conference for, pages 570–575. IEEE.

Symantec (2015). A new zero-day vulnerability discovered every week in 2015.

Tanenbaum, A. S. (2003). Redes de computadoras. Pearson educación.

Van Efferen, L. and Ali-Eldin, A. M. (2017). A multi-layer perceptron approach for owIn Networks, Computers and Communications (ISNCC), based anomaly detection. 2017 International Symposium on, pages 1–6. IEEE.