Detecção On-line e Antecipada de Ataques à Rede usando Matrix Profile
Resumo
Na era digital, a crescente sofisticação e variedade de ameaças cibernéticas destacam a importância de fortalecer a cibersegurança para proteger as redes atuais. Este estudo propõe uma abordagem para a detecção antecipada de ataques, utilizando a técnica Matrix Profile (MP) para analisar de forma online fluxos de dados de rede como séries temporais. Este método concentra-se na identificação de anomalias na rede como indicadores de ataques de rede, abordando as limitações dos sistemas de Aprendizado de Máquina existentes que dependem predominantemente de treinamento offline e têm dificuldades em reconhecer padrões de ataques novos ou não treinados. Nossa proposta foi avaliada em diversos cenários de ataque, demonstrando métricas de desempenho superiores quando comparado com métodos tradicionais como CUSUM, EWMA e ARIMA.Referências
Abreu, D. and Abelém, A. (2022). Ominacs: Online ml-based iot network attack detection and classification system. In 2022 IEEE Latin-American Conference on Communications (LATINCOM), pages 1–6. IEEE.
Abreu, D. M., Carvalho, I. F., Abelém, A. J. G., Menasché, D. S., Leão, R. M. M., and Silva, E. S. (2020). Seleção de características por clusterização para melhorar a detecção de ataques de rede. In Anais do XXXVIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 295–308. SBC.
Ahmad, R., Alsmadi, I., Alhamdani, W., and Tawalbeh, L. (2023). Zero-day attack detection: a systematic literature review. Artificial Intelligence Review, pages 1–79.
Alotaibi, F. and Lisitsa, A. (2021). Matrix profile for ddos attacks detection. In 2021 16th Conference on Computer Science and Intelligence Systems (FedCSIS), pages 357–361. IEEE.
Alzahrani, M. A., Alzahrani, A. M., and Siddiqui, M. S. (2022). Detecting ddos attacks in iot-based networks using matrix profile. Applied Sciences, 12(16):8294.
Anton, S. D. D., Hafner, A., and Schotten, H. D. (2019). Devil in the detail: Attack scenarios in industrial applications. In 2019 IEEE Security and Privacy Workshops (SPW), pages 169–174. IEEE.
De Neira, A. B., Borges, L. F., de Araújo, A. M., and Nogueira, M. (2023). Engenharia de sinais precoces de alerta para a predição de ataques ddos. In Anais do XXVIII Workshop de Gerência e Operação de Redes e Serviços, pages 139–152. SBC.
Elbez, G., Nahrstedt, K., and Hagenmeyer, V. (2023). Early attack detection for securing goose network traffic. IEEE Transactions on Smart Grid.
Gharghabi, S., Ding, Y., Yeh, C.-C. M., Kamgar, K., Ulanova, L., and Keogh, E. (2017). Matrix profile viii: Domain agnostic online semantic segmentation at superhuman performance levels. In 2017 IEEE International Conference on Data Mining (ICDM), pages 117–126.
Gomes, H. M., Read, J., Bifet, A., Barddal, J. P., and Gama, J. (2019). Machine learning for streaming data: state of the art, challenges, and opportunities. ACM SIGKDD Explorations Newsletter, 21(2):6–22.
He, K., Kim, D. D., and Asghar, M. R. (2023). Adversarial machine learning for network intrusion detection systems: a comprehensive survey. IEEE Communications Surveys & Tutorials.
Jacobs, A. S., Beltiukov, R., Willinger, W., Ferreira, R. A., Gupta, A., and Granville, L. Z. (2022). Ai/ml for network security: The emperor has no clothes. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pages 1537–1551.
Kim, S., Park, K.-J., and Lu, C. (2022). A survey on network security for cyber–physical systems: From threats to resilient design. IEEE Communications Surveys & Tutorials, 24(3):1534–1573.
Lu, W. and Tong, H. (2009). Detecting network anomalies using cusum and em clustering. In Advances in Computation and Intelligence: 4th International Symposium, ISICA 2009 Huangshi, China, Ocotober 23-25, 2009 Proceedings 4, pages 297–308. Springer.
Nascimento, A., Abreu, D., Riker, A., and Abelém, A. (2023). Aid-sdn: Advanced intelligent defense for sdn using p4 and machine learning. In 2023 IEEE Latin-American Conference on Communications (LATINCOM), pages 1–6. IEEE.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108–116.
Yaacob, A. H., Tan, I. K., Chien, S. F., and Tan, H. K. (2010). Arima based network anomaly detection. In 2010 Second International Conference on Communication Software and Networks, pages 205–209. IEEE.
Yeh, C.-C. M., Kavantzas, N., and Keogh, E. (2017). Matrix profile vi: Meaningful multidimensional motif discovery. In 2017 IEEE international conference on data mining (ICDM), pages 565–574. IEEE.
Yeh, C.-C. M., Zhu, Y., Ulanova, L., Begum, N., Ding, Y., Dau, H. A., Silva, D. F., Mueen, A., and Keogh, E. (2016). Matrix profile i: all pairs similarity joins for time series: a unifying view that includes motifs, discords and shapelets. In 2016 IEEE 16th international conference on data mining (ICDM), pages 1317–1322. Ieee.
Zhou, Z.-G. and Tang, P. (2016). Improving time series anomaly detection based on exponentially weighted moving average (ewma) of season-trend model residuals. In 2016 IEEE International Geoscience and Remote Sensing Symposium (IGARSS), pages 3414–3417. IEEE.
Abreu, D. M., Carvalho, I. F., Abelém, A. J. G., Menasché, D. S., Leão, R. M. M., and Silva, E. S. (2020). Seleção de características por clusterização para melhorar a detecção de ataques de rede. In Anais do XXXVIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 295–308. SBC.
Ahmad, R., Alsmadi, I., Alhamdani, W., and Tawalbeh, L. (2023). Zero-day attack detection: a systematic literature review. Artificial Intelligence Review, pages 1–79.
Alotaibi, F. and Lisitsa, A. (2021). Matrix profile for ddos attacks detection. In 2021 16th Conference on Computer Science and Intelligence Systems (FedCSIS), pages 357–361. IEEE.
Alzahrani, M. A., Alzahrani, A. M., and Siddiqui, M. S. (2022). Detecting ddos attacks in iot-based networks using matrix profile. Applied Sciences, 12(16):8294.
Anton, S. D. D., Hafner, A., and Schotten, H. D. (2019). Devil in the detail: Attack scenarios in industrial applications. In 2019 IEEE Security and Privacy Workshops (SPW), pages 169–174. IEEE.
De Neira, A. B., Borges, L. F., de Araújo, A. M., and Nogueira, M. (2023). Engenharia de sinais precoces de alerta para a predição de ataques ddos. In Anais do XXVIII Workshop de Gerência e Operação de Redes e Serviços, pages 139–152. SBC.
Elbez, G., Nahrstedt, K., and Hagenmeyer, V. (2023). Early attack detection for securing goose network traffic. IEEE Transactions on Smart Grid.
Gharghabi, S., Ding, Y., Yeh, C.-C. M., Kamgar, K., Ulanova, L., and Keogh, E. (2017). Matrix profile viii: Domain agnostic online semantic segmentation at superhuman performance levels. In 2017 IEEE International Conference on Data Mining (ICDM), pages 117–126.
Gomes, H. M., Read, J., Bifet, A., Barddal, J. P., and Gama, J. (2019). Machine learning for streaming data: state of the art, challenges, and opportunities. ACM SIGKDD Explorations Newsletter, 21(2):6–22.
He, K., Kim, D. D., and Asghar, M. R. (2023). Adversarial machine learning for network intrusion detection systems: a comprehensive survey. IEEE Communications Surveys & Tutorials.
Jacobs, A. S., Beltiukov, R., Willinger, W., Ferreira, R. A., Gupta, A., and Granville, L. Z. (2022). Ai/ml for network security: The emperor has no clothes. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pages 1537–1551.
Kim, S., Park, K.-J., and Lu, C. (2022). A survey on network security for cyber–physical systems: From threats to resilient design. IEEE Communications Surveys & Tutorials, 24(3):1534–1573.
Lu, W. and Tong, H. (2009). Detecting network anomalies using cusum and em clustering. In Advances in Computation and Intelligence: 4th International Symposium, ISICA 2009 Huangshi, China, Ocotober 23-25, 2009 Proceedings 4, pages 297–308. Springer.
Nascimento, A., Abreu, D., Riker, A., and Abelém, A. (2023). Aid-sdn: Advanced intelligent defense for sdn using p4 and machine learning. In 2023 IEEE Latin-American Conference on Communications (LATINCOM), pages 1–6. IEEE.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108–116.
Yaacob, A. H., Tan, I. K., Chien, S. F., and Tan, H. K. (2010). Arima based network anomaly detection. In 2010 Second International Conference on Communication Software and Networks, pages 205–209. IEEE.
Yeh, C.-C. M., Kavantzas, N., and Keogh, E. (2017). Matrix profile vi: Meaningful multidimensional motif discovery. In 2017 IEEE international conference on data mining (ICDM), pages 565–574. IEEE.
Yeh, C.-C. M., Zhu, Y., Ulanova, L., Begum, N., Ding, Y., Dau, H. A., Silva, D. F., Mueen, A., and Keogh, E. (2016). Matrix profile i: all pairs similarity joins for time series: a unifying view that includes motifs, discords and shapelets. In 2016 IEEE 16th international conference on data mining (ICDM), pages 1317–1322. Ieee.
Zhou, Z.-G. and Tang, P. (2016). Improving time series anomaly detection based on exponentially weighted moving average (ewma) of season-trend model residuals. In 2016 IEEE International Geoscience and Remote Sensing Symposium (IGARSS), pages 3414–3417. IEEE.
Publicado
20/05/2024
Como Citar
ABREU, Diego; ABELÉM, Antônio.
Detecção On-line e Antecipada de Ataques à Rede usando Matrix Profile. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 211-224.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1304.