Fortalecendo a Segurança de Redes: Um Olhar Profundo na Detecção de Intrusões com CNN Baseada em Imagens e Aprendizado por Transferência
Resumo
A aplicação do aprendizado de máquina (ML) à detecção de intrusão de rede no mundo real tem sido limitada, apesar de seu sucesso relatado na literatura. Para enfrentar os desafios da atualização do modelo, este artigo apresenta uma nova abordagem que usa redes neurais convolucionais (CNNs) e transferência de aprendizagem. A CNN usa uma expansão de características baseada em fluxo para prolongar a vida útil do modelo. Os dados de treinamento e o custo computacional são reduzidos significativamente com a atualização periódica do modelo usando a transferência de aprendizagem. Experimentos com 2,6 TB de tráfego de rede do mundo real demonstram a viabilidade de nossa proposta. Nossa proposta melhora o F1 médio em até 0,19 sem atualização melhorando assim a precisão do sistema.
Referências
Bulle, B. B., Santin, A. O., Viegas, E. K., and dos Santos, R. R. (2020). A host-based intrusion detection model based on os diversity for scada. In IECON 2020 The 46th Annual Conference of the IEEE Industrial Electronics Society. IEEE.
Calugar, A. N., Meng, W., and Zhang, H. (2022). Towards artificial neural network based intrusion detection with enhanced hyperparameter tuning. In IEEE GLOBECOM. IEEE.
de Carvalho Bertoli, G., Junior, L. A. P., Saotome, O., and dos Santos, A. L. (2023). Generalizing intrusion detection for heterogeneous networks: A stacked-unsupervised federated learning approach. Computers & Security, 127:103106.
dos Santos, R. R., Viegas, E. K., Santin, A. O., and Tedeschi, P. (2023). Federated learning for reliable model updates in network-based intrusion detection. Computers amp; Security, 133:103413.
Fontugne, R., Borgnat, P., Abry, P., and Fukuda, K. (2010). MAWILab: Combining diverse anomaly detectors for automated anomaly labeling and performance bench-marking. In Proc. of the 6th Int. Conf. on emerging Networking EXperiments and Technologies (CoNEXT).
Gates, C. and Taylor, C. (2006). Challenging the anomaly detection paradigm: A provocative discussion. In Proceedings of the 2006 Workshop on New Security Paradigms, NSPW ’06, page 21–29, New York, NY, USA. Association for Computing Machinery.
Horchulhack, P., Viegas, E. K., Santin, A. O., Ramos, F. V., and Tedeschi, P. (2024). Detection of quality of service degradation on multi-tenant containerized services. Journal of Network and Computer Applications, 224:103839.
Kamali, A. E., Chougdali, K., and Abdellatif, K. (2023). A new intrusion detection system based on convolutional neural network. In ICC 2023 - IEEE International Conference on Communications. IEEE.
Mehedi, S. T., Anwar, A., Rahman, Z., Ahmed, K., and Islam, R. (2023). Dependable intrusion detection system for IoT: A deep transfer learning based approach. IEEE Transactions on Industrial Informatics, pages 1006–1017.
Molina-Coronado, B., Mori, U., Mendiburu, A., and Miguel-Alonso, J. (2020). Survey of network intrusion detection methods from the perspective of the knowledge discovery in databases process. IEEE Transactions on Network and Service Management, 17(4):2451–2479.
Okey, O. D., Melgarejo, D. C., Saadi, M., Rosa, R. L., Kleinschmidt, J. H., and Rodriguez, D. Z. (2023). Transfer learning approach to IDS on cloud IoT devices using optimized CNN. IEEE Access, pages 1023–1038.
Santos, R. R. d., Viegas, E. K., Santin, A. O., and Cogo, V. V. (2023). Reinforcement learning for intrusion detection: More model longness and fewer updates. IEEE Transactions on Network and Service Management, 20(2):2040–2055.
Sommer, R. and Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy, pages 305–316.
Viegas, E., Santin, A., Abreu, V., and Oliveira, L. S. (2018). Enabling anomaly-based intrusion detection through model generalization. In 2018 IEEE Symposium on Computers and Communications (ISCC). IEEE.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Williams, N., Zander, S., and Armitage, G. (2006). A preliminary performance comparison of five machine learning algorithms for practical ip traffic flow classification. ACM SIGCOMM Computer Communication Review, 36(5):5–16.
Wu, X., Sahoo, D., and Hoi, S. C. (2020). Recent advances in deep learning for object detection. Neurocomputing, 396:39–64.
Yang, L. and Shami, A. (2022). A transfer learning and optimized CNN based intrusion detection system for internet of vehicles. In ICC 2022 - IEEE International Conference on Communications. IEEE.
Zayo (2023). The state of ddos attacks ddos insights from q1 & q2, 2023. Technical report, Zayo. Accessed: 2023-10.
Calugar, A. N., Meng, W., and Zhang, H. (2022). Towards artificial neural network based intrusion detection with enhanced hyperparameter tuning. In IEEE GLOBECOM. IEEE.
de Carvalho Bertoli, G., Junior, L. A. P., Saotome, O., and dos Santos, A. L. (2023). Generalizing intrusion detection for heterogeneous networks: A stacked-unsupervised federated learning approach. Computers & Security, 127:103106.
dos Santos, R. R., Viegas, E. K., Santin, A. O., and Tedeschi, P. (2023). Federated learning for reliable model updates in network-based intrusion detection. Computers amp; Security, 133:103413.
Fontugne, R., Borgnat, P., Abry, P., and Fukuda, K. (2010). MAWILab: Combining diverse anomaly detectors for automated anomaly labeling and performance bench-marking. In Proc. of the 6th Int. Conf. on emerging Networking EXperiments and Technologies (CoNEXT).
Gates, C. and Taylor, C. (2006). Challenging the anomaly detection paradigm: A provocative discussion. In Proceedings of the 2006 Workshop on New Security Paradigms, NSPW ’06, page 21–29, New York, NY, USA. Association for Computing Machinery.
Horchulhack, P., Viegas, E. K., Santin, A. O., Ramos, F. V., and Tedeschi, P. (2024). Detection of quality of service degradation on multi-tenant containerized services. Journal of Network and Computer Applications, 224:103839.
Kamali, A. E., Chougdali, K., and Abdellatif, K. (2023). A new intrusion detection system based on convolutional neural network. In ICC 2023 - IEEE International Conference on Communications. IEEE.
Mehedi, S. T., Anwar, A., Rahman, Z., Ahmed, K., and Islam, R. (2023). Dependable intrusion detection system for IoT: A deep transfer learning based approach. IEEE Transactions on Industrial Informatics, pages 1006–1017.
Molina-Coronado, B., Mori, U., Mendiburu, A., and Miguel-Alonso, J. (2020). Survey of network intrusion detection methods from the perspective of the knowledge discovery in databases process. IEEE Transactions on Network and Service Management, 17(4):2451–2479.
Okey, O. D., Melgarejo, D. C., Saadi, M., Rosa, R. L., Kleinschmidt, J. H., and Rodriguez, D. Z. (2023). Transfer learning approach to IDS on cloud IoT devices using optimized CNN. IEEE Access, pages 1023–1038.
Santos, R. R. d., Viegas, E. K., Santin, A. O., and Cogo, V. V. (2023). Reinforcement learning for intrusion detection: More model longness and fewer updates. IEEE Transactions on Network and Service Management, 20(2):2040–2055.
Sommer, R. and Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy, pages 305–316.
Viegas, E., Santin, A., Abreu, V., and Oliveira, L. S. (2018). Enabling anomaly-based intrusion detection through model generalization. In 2018 IEEE Symposium on Computers and Communications (ISCC). IEEE.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Williams, N., Zander, S., and Armitage, G. (2006). A preliminary performance comparison of five machine learning algorithms for practical ip traffic flow classification. ACM SIGCOMM Computer Communication Review, 36(5):5–16.
Wu, X., Sahoo, D., and Hoi, S. C. (2020). Recent advances in deep learning for object detection. Neurocomputing, 396:39–64.
Yang, L. and Shami, A. (2022). A transfer learning and optimized CNN based intrusion detection system for internet of vehicles. In ICC 2022 - IEEE International Conference on Communications. IEEE.
Zayo (2023). The state of ddos attacks ddos insights from q1 & q2, 2023. Technical report, Zayo. Accessed: 2023-10.
Publicado
20/05/2024
Como Citar
HORCHULHACK, Pedro; VIEGAS, Eduardo Kugler; SANTIN, Altair Olivo; SIMIONI, João André.
Fortalecendo a Segurança de Redes: Um Olhar Profundo na Detecção de Intrusões com CNN Baseada em Imagens e Aprendizado por Transferência. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 449-460.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1420.
