Aprendizado de Máquina Aplicado na Classificação de Alertas de Ataques de DoS em Sistemas de Detecção de Intrusão
Abstract
This work contributes with the evolution of intrusion detection systems by proposing a machine learning model capable of identifying denial of service attacks. For this, the Random Forest algorithm was used on a dataset with varied types of attack records, validating the scope of the proposal. During the development of the final model, we observed techniques to reduce the number of false positives and negatives, consequently reaching relevant performance statistics. Preliminary results indicated a good ability to recognize attacks.
Keywords:
Aprendizado de Máquina, Random Forest, Detecção de intrusão, negação de serviço, DoS
References
Borra, S. and Ciaccio, A. (2010). Measuring the prediction error. A comparison of cross-validation, bootstrap and covariance penalty methods. Computational Statistics & DataAnalysis, 54(12):2976-2989.
Brownlee, J. (2018). A Gentle Introduction to k-fold Cross-Validation. | Dis-ponível em: https://machinelearningmastery.com/k-fold-cross-validation/. Acesso em: 1 nov. 2019.
Buczak, A. L. and Guven, E. (2015). A Survey of Data Mining and Machine LearningMethods for Cyber Security Intrusion Detection. IEEE Communications Surveys AndTutorials, 18(2):1153-1176.
Cisco (2018). Cisco Visual Networking Index (VNI) - Complete Forecast Up-date, 2017-2022. Disponível em: https://www.cisco.com/c/dam/m/en us/network-intelligence/service-provider/digital-transformation/knowledge-network-webinars/pdfs/1211.BUSINESS SERVICES CKN PDF .pdf. Acesso em: 19 nov. 2019.
Hadi, A. A. A. (2018). Performance Analysis of Big Data Intrusion Detection System overRandom Forest Algorithm. International Journal of Applied Engineering Research,13(2):1520-1527.
Kaspersky (2019). DDosS attacks in Q4 2018. Disponível em: https: //securelist.com/ddos-attacks-in-q4-2018/89565/. Acesso em: 19 nov. 2019.
Kuhn, M. (2014). Comparing Different Species of Cross-Validation. Dispo-nível em: http: //appliedpredictivemodeling.com/blog/2014/11/27/vpuig0lpgbkImi72b81c13ij5hj2gm. Acesso em: 1 nov. 2019.
Liaw, A. and Wiener, M. (2018). Package “randomForest”. Disponívelem: https://cran.r-project.org/web/packages/randomForest /randomForest . pdf. Acesso em: 19 nov. 2019.
Moraes, E. A., Tojeiro, C. A. C., Miani, R. S., and Zarpelão, B. B. (2017). Análise deAlertas de Sistemas de Detecção de Intrusão: Uso de Aprendizado Supervisionado naRedução de Alertas Falsos Positivos. Simpósio Brasileiro em Segurança da Informaçãoe de Sistemas Computacionais, 17(1):182-195.
Nilsson, N. J. (1996). Introduction to Machine Learning: An early draft of a proposedtextbook. Stanford Press, Stanford.
Ponemon Institute (2015). The Cost of Denial-of-Services Attacks. Disponívelem: https://www.akamai.com/us/en/multimedia/documents/content/the-cost-of-denial-of-services-attacks.pdf. Acessoem: 30 out. 2019.
Prajapati, N. M., Mishra, A., and Bhanodia, P. (2014). Literature survey - ids for ddosattacks. In 2014 Conference on IT in Business, Industry and Government (CSIBIG),pages 1-3.
Rozemblum, D. (2001). Understanding Intrusion Detection Systems. Disponível em:https://www.sans.org/reading-room/whitepapers/detection/understanding-intrusion-detection-systems-337. Acesso em: 2nov. 2018.
Shah, S. A. R. and Issac, B. (2018). Performance Comparison of Intrusion DetectionSystems and Application of Machine Learning to Snort System. Future GenerationComputer Systems, 80:157-170.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a newintrusion detection dataset and intrusion traffic characterization. In ICISSP, pages108-116.
Singh, K. and Nagpal, B. (2018). Random Forest Algorithm in Intrusion DetectionSystem : A Survey. International Journal of Scientific Research in Computer Science,Engineering and Information Technology, 3(5):673-676.
Singh, R. K., Dalal, S., Chauhan, V. K., and Kumar, D. (2019). Optimization of FARin Intrusion Detection System by using Random Forest Algorithm. In 2nd Internatio-nal Conference on Advanced Computing and Software Engineering, pages 274-277,Sultanpur.
Brownlee, J. (2018). A Gentle Introduction to k-fold Cross-Validation. | Dis-ponível em: https://machinelearningmastery.com/k-fold-cross-validation/. Acesso em: 1 nov. 2019.
Buczak, A. L. and Guven, E. (2015). A Survey of Data Mining and Machine LearningMethods for Cyber Security Intrusion Detection. IEEE Communications Surveys AndTutorials, 18(2):1153-1176.
Cisco (2018). Cisco Visual Networking Index (VNI) - Complete Forecast Up-date, 2017-2022. Disponível em: https://www.cisco.com/c/dam/m/en us/network-intelligence/service-provider/digital-transformation/knowledge-network-webinars/pdfs/1211.BUSINESS SERVICES CKN PDF .pdf. Acesso em: 19 nov. 2019.
Hadi, A. A. A. (2018). Performance Analysis of Big Data Intrusion Detection System overRandom Forest Algorithm. International Journal of Applied Engineering Research,13(2):1520-1527.
Kaspersky (2019). DDosS attacks in Q4 2018. Disponível em: https: //securelist.com/ddos-attacks-in-q4-2018/89565/. Acesso em: 19 nov. 2019.
Kuhn, M. (2014). Comparing Different Species of Cross-Validation. Dispo-nível em: http: //appliedpredictivemodeling.com/blog/2014/11/27/vpuig0lpgbkImi72b81c13ij5hj2gm. Acesso em: 1 nov. 2019.
Liaw, A. and Wiener, M. (2018). Package “randomForest”. Disponívelem: https://cran.r-project.org/web/packages/randomForest /randomForest . pdf. Acesso em: 19 nov. 2019.
Moraes, E. A., Tojeiro, C. A. C., Miani, R. S., and Zarpelão, B. B. (2017). Análise deAlertas de Sistemas de Detecção de Intrusão: Uso de Aprendizado Supervisionado naRedução de Alertas Falsos Positivos. Simpósio Brasileiro em Segurança da Informaçãoe de Sistemas Computacionais, 17(1):182-195.
Nilsson, N. J. (1996). Introduction to Machine Learning: An early draft of a proposedtextbook. Stanford Press, Stanford.
Ponemon Institute (2015). The Cost of Denial-of-Services Attacks. Disponívelem: https://www.akamai.com/us/en/multimedia/documents/content/the-cost-of-denial-of-services-attacks.pdf. Acessoem: 30 out. 2019.
Prajapati, N. M., Mishra, A., and Bhanodia, P. (2014). Literature survey - ids for ddosattacks. In 2014 Conference on IT in Business, Industry and Government (CSIBIG),pages 1-3.
Rozemblum, D. (2001). Understanding Intrusion Detection Systems. Disponível em:https://www.sans.org/reading-room/whitepapers/detection/understanding-intrusion-detection-systems-337. Acesso em: 2nov. 2018.
Shah, S. A. R. and Issac, B. (2018). Performance Comparison of Intrusion DetectionSystems and Application of Machine Learning to Snort System. Future GenerationComputer Systems, 80:157-170.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a newintrusion detection dataset and intrusion traffic characterization. In ICISSP, pages108-116.
Singh, K. and Nagpal, B. (2018). Random Forest Algorithm in Intrusion DetectionSystem : A Survey. International Journal of Scientific Research in Computer Science,Engineering and Information Technology, 3(5):673-676.
Singh, R. K., Dalal, S., Chauhan, V. K., and Kumar, D. (2019). Optimization of FARin Intrusion Detection System by using Random Forest Algorithm. In 2nd Internatio-nal Conference on Advanced Computing and Software Engineering, pages 274-277,Sultanpur.
Published
2020-12-07
How to Cite
SILVA, Henrique Cesar Ferreira; PIETRO, Luca Baron; DARIO, Luís Gustavo Beccheri; MORAES, Eduardo Alves; HERNANDES JR., Paulo R. Galego; BAREA, Emerson Rogério Alves.
Aprendizado de Máquina Aplicado na Classificação de Alertas de Ataques de DoS em Sistemas de Detecção de Intrusão. In: WORKSHOP ON SCIENTIFIC INITIATION AND GRADUATION - BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 38. , 2020, Rio de Janeiro.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 241-248.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc_estendido.2020.12425.
