Análise do impacto da agregação dos fluxos IP nos algoritmos de aprendizado de máquina supervisionado voltados para a detecção de intrusão
Resumo
O aprendizado de máquina tem sido utilizado na segurança cibernética para suprir as limitações das técnicas de identificação de padrões no tráfego de rede. A existência de inúmeros algoritmos na literatura faz com que a escolha de qual é o mais adequado para a detecção de intrusão, não seja uma tarefa trivial. Neste trabalho é realizada uma análise comparativa de 6 algoritmos de aprendizado de máquina supervisionado avaliando o impacto da agregação dos fluxos IP nas predições, tempo de treinamento e teste. Os experimentos mostraram que o método de agregação melhora a classificação e reduz o tempo de processamento dos modelos. Nas análises realizadas, o Decision Tree obteve o melhor equilíbrio nos resultados.
Palavras-chave:
Sistema de detecção de intrusão, Aprendizado de máquina, Fluxos IP
Referências
Ahmad, I. (2018). How Much Data Is Generated Per Minute? The Answer Will Blow Your Mind Away. https://www.digitalinformationworld.com/2018/06/infographicsdata- never-sleeps-6.html, accessed on November.
AltexSoft (2018). Machine Learning: Bridging Between Business and Data Science. https://www.altexsoft.com/whitepapers/machine-learning-bridging-betweenbusiness-and-data-science/, accessed on November.
Amaral, A. A., Mendes, L. de S., Zarpelão, B. B. and Junior, M. L. P. (2017). Deep IP flow inspection to detect beyond network anomalies. Computer Communications, v. 98, p. 80–96.
Belouch, M., El Hadaj, S. and Idhammad, M. (2018). Performance evaluation of intrusion detection based on machine learning using Apache Spark. Procedia Computer Science, v. 127, p. 1–6.
Brownlee, J. (2017). What is the Difference Between Test and Validation Datasets? Machine Learning Mastery. https://machinelearningmastery.com/difference-testvalidation- datasets/, accessed on Nov.
Buczak, A. L. and Guven, E. (2016). A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection. IEEE Communications Surveys & Tutorials, v. 18, n. 2, p. 1153–1176.
Cisco (2018). Cisco 2018 Annual Cybersecurity Report. https://www.cisco.com/c/en/us/products/security/security-reports.html, accessed on November.
Das, S. and Nene, M. J. (2017). A survey on types of machine learning techniques in intrusion prevention systems. In 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET). IEEE. http://ieeexplore.ieee.org/document/8300169/, accessed on November.
Hamid, Y., Sugumaran, M. and Journaux, L. (2016). Machine Learning Techniques for Intrusion Detection: A Comparative Analysis. In Proceedings of the International Conference on Informatics and Analytics – ICIA-16. ACM Press. http://dl.a cm.org/citation.cfm?doid=2980258.2980378 , accessed on October.
IETF (2018). IP Flow Information Export (IPFIX). http://datatracker.ietf.org/wg/ipfix/charter/, accessed on Nov.
Lobato, A. G. P., Lopez, M. A. and Duarte, O. C. M. B. (2016). An Accurate Threat Detection System through Real-Time Stream Processing. Grupo de Teleinformática e Automação (GTA), Universidade Federal do Rio de Janeiro (UFRJ), Tech. Rep.
Kakihata, E. M., Sapia, H. M., Oiakawa, R. T., et al. (2017). Intrusion Detection System Based On Flows Using Machine Learning Algorithms. IEEE Latin America Transactions, v. 15, n. 10, p. 1988–1993.
Moro, F. L., Amaral, A. A., Amaral, A. P. M. and Nogueira, R. R. (2018). Detecção e mitigação de um ataque DoS em seu estágio inicial em uma rede definida por software. In IX Congresso Sul Brasileiro de Computação (SULCOMP).
Najafabadi, M. M., Khoshgoftaar, T. M., Calvert, C. and Kemp, C. (2015). Detection of SSH Brute Force Attacks Using Aggregated Netflow Data. In 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA). IEEE. http://ieeexplore.ieee.org/document/7424322/ , accessed on October.
Scikit-learn (2018). Supervised learning – scikit-learn 0.20.0 documentation. https://scikit-learn.org/stable/supervised_learning.html, accessed on November.
AltexSoft (2018). Machine Learning: Bridging Between Business and Data Science. https://www.altexsoft.com/whitepapers/machine-learning-bridging-betweenbusiness-and-data-science/, accessed on November.
Amaral, A. A., Mendes, L. de S., Zarpelão, B. B. and Junior, M. L. P. (2017). Deep IP flow inspection to detect beyond network anomalies. Computer Communications, v. 98, p. 80–96.
Belouch, M., El Hadaj, S. and Idhammad, M. (2018). Performance evaluation of intrusion detection based on machine learning using Apache Spark. Procedia Computer Science, v. 127, p. 1–6.
Brownlee, J. (2017). What is the Difference Between Test and Validation Datasets? Machine Learning Mastery. https://machinelearningmastery.com/difference-testvalidation- datasets/, accessed on Nov.
Buczak, A. L. and Guven, E. (2016). A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection. IEEE Communications Surveys & Tutorials, v. 18, n. 2, p. 1153–1176.
Cisco (2018). Cisco 2018 Annual Cybersecurity Report. https://www.cisco.com/c/en/us/products/security/security-reports.html, accessed on November.
Das, S. and Nene, M. J. (2017). A survey on types of machine learning techniques in intrusion prevention systems. In 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET). IEEE. http://ieeexplore.ieee.org/document/8300169/, accessed on November.
Hamid, Y., Sugumaran, M. and Journaux, L. (2016). Machine Learning Techniques for Intrusion Detection: A Comparative Analysis. In Proceedings of the International Conference on Informatics and Analytics – ICIA-16. ACM Press. http://dl.a cm.org/citation.cfm?doid=2980258.2980378 , accessed on October.
IETF (2018). IP Flow Information Export (IPFIX). http://datatracker.ietf.org/wg/ipfix/charter/, accessed on Nov.
Lobato, A. G. P., Lopez, M. A. and Duarte, O. C. M. B. (2016). An Accurate Threat Detection System through Real-Time Stream Processing. Grupo de Teleinformática e Automação (GTA), Universidade Federal do Rio de Janeiro (UFRJ), Tech. Rep.
Kakihata, E. M., Sapia, H. M., Oiakawa, R. T., et al. (2017). Intrusion Detection System Based On Flows Using Machine Learning Algorithms. IEEE Latin America Transactions, v. 15, n. 10, p. 1988–1993.
Moro, F. L., Amaral, A. A., Amaral, A. P. M. and Nogueira, R. R. (2018). Detecção e mitigação de um ataque DoS em seu estágio inicial em uma rede definida por software. In IX Congresso Sul Brasileiro de Computação (SULCOMP).
Najafabadi, M. M., Khoshgoftaar, T. M., Calvert, C. and Kemp, C. (2015). Detection of SSH Brute Force Attacks Using Aggregated Netflow Data. In 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA). IEEE. http://ieeexplore.ieee.org/document/7424322/ , accessed on October.
Scikit-learn (2018). Supervised learning – scikit-learn 0.20.0 documentation. https://scikit-learn.org/stable/supervised_learning.html, accessed on November.
Publicado
06/05/2019
Como Citar
MORO, Fernando Luiz; AMARAL, Alexandre; AMARAL, Ana Paula; NOGUEIRA, Rodrigo.
Análise do impacto da agregação dos fluxos IP nos algoritmos de aprendizado de máquina supervisionado voltados para a detecção de intrusão. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 37. , 2019, Gramado.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 946-957.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2019.7414.
