RAVEN: Detecção e Classificação Precoce de Atores Maliciosos em uma Rede Acadêmica
Resumo
A varredura de portas é uma importante técnica de coleta de informações sensíveis, por isso, destacamos a necessidade de sistemas aprimorados de segurança e ressaltamos que a varredura, considerada uma anomalia, deve ser identificada e suprimida precocemente, especialmente diante do número significativo de incidentes reportados. Em resposta a esse desafio, propõe-se um sistema inteligente e automatizado que analisa fluxos de rede para detectar e classificar varreduras no menor tempo possível. As contribuições incluem a implementação e avaliação do sistema, a demonstração da melhoria do desempenho com a ampliação das features e a disponibilização de conjuntos de dados para a comunidade acadêmica.Referências
Araujo, A. M., Bergamini de Neira, A., and Nogueira, M. (2023). Autonomous machine learning for early bot detection in the internet of things. Digital Communications and Networks, 9(6):1301–1309.
Bhuyan, M. H., Bhattacharyya, D., and Kalita, J. (2011). Surveying Port Scans and Their Detection Methodologies. The Computer Journal, 54(10):1565–1581.
Bou-Harb, E., Debbabi, M., and Assi, C. (2013). A statistical approach for fingerprinting probing activities. In 2013 International Conference on Availability, Reliability and Security, pages 21–30.
Cabaj, K. et al. (2018). Sdn-based mitigation of scanning attacks for the 5g internet of radio light system. In Proceedings of the 13th Inter. Conference on Availability, Reliability and Security, New York, NY, USA. Association for Computing Machinery.
Camacho, J. et al. (2019). Multivariate big data analysis for intrusion detection: 5 steps from the haystack to the needle. Computers & Security, 87:101603.
CERT.br (2023). Cert.br - estatística de incidentes notificados ao cert.br. [link].
Devan, P. and Khare, N. (2020). An efficient xgboost–dnn-based classification model for network intrusion detection system. Neural Comput. Appl., 32(16):12499–12514.
Do, E. H. and Gadepally, V. N. (2020). Classifying anomalies for network security. In ICASSP 2020 - 2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 2907–2911.
Griffioen, H. and Doerr, C. (2020). Discovering collaboration: Unveiling slow, distributed scanners based on common header field patterns. In NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, pages 1–9.
Habibi Lashkari, A. et al. (2017). Characterization of tor traffic using time based features. In Int. Conference on Information Systems Security and Privacy, pages 253–262.
Liu, J., Gao, Y., and Hu, F. (2021). A fast network intrusion detection system using adaptive synthetic oversampling and lightgbm. Computers & Security, 106:102289.
Mishra, P., Varadharajan, V., Tupakula, U., and Pilli, E. S. (2019). A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Communications Surveys & Tutorials, 21(1):686–728.
Satheesh, N. et al. (2020). Flow-based anomaly intrusion detection using machine learning model with software defined networking for openflow network. Microprocessors and Microsystems, 79:103285.
Strom, B. E. et al. (2018). Mitre att&ck: Design and philosophy. In Technical report. The MITRE Corporation.
Bhuyan, M. H., Bhattacharyya, D., and Kalita, J. (2011). Surveying Port Scans and Their Detection Methodologies. The Computer Journal, 54(10):1565–1581.
Bou-Harb, E., Debbabi, M., and Assi, C. (2013). A statistical approach for fingerprinting probing activities. In 2013 International Conference on Availability, Reliability and Security, pages 21–30.
Cabaj, K. et al. (2018). Sdn-based mitigation of scanning attacks for the 5g internet of radio light system. In Proceedings of the 13th Inter. Conference on Availability, Reliability and Security, New York, NY, USA. Association for Computing Machinery.
Camacho, J. et al. (2019). Multivariate big data analysis for intrusion detection: 5 steps from the haystack to the needle. Computers & Security, 87:101603.
CERT.br (2023). Cert.br - estatística de incidentes notificados ao cert.br. [link].
Devan, P. and Khare, N. (2020). An efficient xgboost–dnn-based classification model for network intrusion detection system. Neural Comput. Appl., 32(16):12499–12514.
Do, E. H. and Gadepally, V. N. (2020). Classifying anomalies for network security. In ICASSP 2020 - 2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 2907–2911.
Griffioen, H. and Doerr, C. (2020). Discovering collaboration: Unveiling slow, distributed scanners based on common header field patterns. In NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, pages 1–9.
Habibi Lashkari, A. et al. (2017). Characterization of tor traffic using time based features. In Int. Conference on Information Systems Security and Privacy, pages 253–262.
Liu, J., Gao, Y., and Hu, F. (2021). A fast network intrusion detection system using adaptive synthetic oversampling and lightgbm. Computers & Security, 106:102289.
Mishra, P., Varadharajan, V., Tupakula, U., and Pilli, E. S. (2019). A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Communications Surveys & Tutorials, 21(1):686–728.
Satheesh, N. et al. (2020). Flow-based anomaly intrusion detection using machine learning model with software defined networking for openflow network. Microprocessors and Microsystems, 79:103285.
Strom, B. E. et al. (2018). Mitre att&ck: Design and philosophy. In Technical report. The MITRE Corporation.
Publicado
20/05/2024
Como Citar
COELHO, Willen B.; ZANOTELLI, Vitor F.; COMARELA, Giovanni; VILLAÇA, Rodolfo S..
RAVEN: Detecção e Classificação Precoce de Atores Maliciosos em uma Rede Acadêmica. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 351-364.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1384.
