Um sensor baseado em Aprendizado de Máquina para detecção de ataque DDoS em tempo real
Resumo
A negação de serviço distribuído (DDoS) tem como objetivo coordenar um ataque sincronizado a sistemas online utilizando equipamentos infectados (bots), causando lentidão ou indisponibilidade do serviço. Recentemente, este tipo de ataque evoluiu em termos de intensidade, diversidade e impacto econômico. Dentro deste contexto, este trabalho tem como objetivo apresentar uma ferramenta de detecção de DDoS em tempo real com base em um sensor que utiliza algoritmos de Aprendizado de Máquina. Um ambiente de testes foi desenvolvido para validar a eficácia da ferramenta. Serão discutidos o desempenho e os resultados dos diferentes classificadores utilizados na implementação do sensor. Os resultados indicam que o sensor é eficiente na detecção do ataques DDoS em aproximadamente 3 segundos.
Referências
Barki, L., Shidling, A., Meti, N., Narayan, D., and Mulla, M. M. (2016). Detection of distributed denial of service attacks in software defined networks. In Int. Conf. on Advances in Computing, Communications and Informatics, pages 2576–2581.
Cil, A. E., Yildiz, K., and Buldu, A. (2021). Detection of ddos attacks with feed forward based deep neural network model. Expert Systems with Applications, 169:114520.
Dayal, N. and Srivastava, S. (2018). An rbf-pso based approach for early detection of ddos attacks in sdn. In Int. Conf. on Communication Systems & Networks, pages 17–24.
Dey, S. K., Rahman, M. M., and Uddin, M. R. (2018). Detection of flow based anomaly in openflow controller: Machine learning approach in software defined networking. In Int. Conf. Electrical Engineering and Information Com. Technology, pages 416–421.
Draper-Gil, G., Lashkari, A. H., Mamun, M. S. I., and Ghorbani, A. A. (2016). Characterization of encrypted and VPN traffic using time-related features. In International Conference on Information Systems Security and Privacy, pages 407–414. SciTePress.
Ganaie, M., Hu, M., Malik, A., Tanveer, M., and Suganthan, P. (2022). Ensemble deep learning: A review. Engineering Applications of Artificial Intelligence, 115:105151.
Hong, K., Kim, Y., Choi, H., and Park, J. (2017). Sdn-assisted slow http ddos attack defense method. IEEE Communications Letters, 22(4):688–691.
Jajodia, S., Ghosh, A. K., Swarup, V., Wang, C., and Wang, X. S. (2011). Moving target defense: creating asymmetric uncertainty for cyber threats, volume 54. Springer Science & Business Media.
Lashkari, A. H., Draper-Gil, G., Mamun, M. S. I., and Ghorbani, A. A. (2017). Characterization of Tor traffic using time based features. In International Conference on Information Systems Security and Privacy, pages 253–262. SciTePress.
Maheshwari, A., Mehraj, B., Khan, M. S., and Idrisi, M. S. (2022). An optimized weighted voting based ensemble model for ddos attack detection and mitigation in sdn environment. Microprocessors and Microsystems, 89:104412.
Nanda, S., Zafari, F., DeCusatis, C., Wedaa, E., and Yang, B. (2016). Predicting network attack patterns in sdn using machine learning approach. In IEEE Conf. on Network Function Virtualization and Software Defined Networks, pages 167–172. IEEE.
Occhipinti, A., Rogers, L., and Angione, C. (2022). A pipeline and comparative study of 12 machine learning models for text classification. Expert Systems with Applications, 201:117193.
Sahoo, K. S., Iqbal, A., Maiti, P., and Sahoo, B. (2018). A machine learning approach for predicting ddos traffic in software defined networks. In 2018 International Conference on Information Technology (ICIT), pages 199–203.
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (ddos) attack dataset and taxonomy. In 2019 International Carnahan Conference on Security Technology (ICCST), pages 1–8.
Yungaicela-Naula, N. M., Vargas-Rosales, C., Pérez-Díaz, J. A., and Zareei, M. (2022). Towards security automation in software defined networks. Computer Communications, 183:64–82.
Zhou, L., Zhu, Y., Zong, T., and Xiang, Y. (2022). A feature selection-based method for ddos attack flow classification. Future Generation Computer Systems, 132:67–79.
Cil, A. E., Yildiz, K., and Buldu, A. (2021). Detection of ddos attacks with feed forward based deep neural network model. Expert Systems with Applications, 169:114520.
Dayal, N. and Srivastava, S. (2018). An rbf-pso based approach for early detection of ddos attacks in sdn. In Int. Conf. on Communication Systems & Networks, pages 17–24.
Dey, S. K., Rahman, M. M., and Uddin, M. R. (2018). Detection of flow based anomaly in openflow controller: Machine learning approach in software defined networking. In Int. Conf. Electrical Engineering and Information Com. Technology, pages 416–421.
Draper-Gil, G., Lashkari, A. H., Mamun, M. S. I., and Ghorbani, A. A. (2016). Characterization of encrypted and VPN traffic using time-related features. In International Conference on Information Systems Security and Privacy, pages 407–414. SciTePress.
Ganaie, M., Hu, M., Malik, A., Tanveer, M., and Suganthan, P. (2022). Ensemble deep learning: A review. Engineering Applications of Artificial Intelligence, 115:105151.
Hong, K., Kim, Y., Choi, H., and Park, J. (2017). Sdn-assisted slow http ddos attack defense method. IEEE Communications Letters, 22(4):688–691.
Jajodia, S., Ghosh, A. K., Swarup, V., Wang, C., and Wang, X. S. (2011). Moving target defense: creating asymmetric uncertainty for cyber threats, volume 54. Springer Science & Business Media.
Lashkari, A. H., Draper-Gil, G., Mamun, M. S. I., and Ghorbani, A. A. (2017). Characterization of Tor traffic using time based features. In International Conference on Information Systems Security and Privacy, pages 253–262. SciTePress.
Maheshwari, A., Mehraj, B., Khan, M. S., and Idrisi, M. S. (2022). An optimized weighted voting based ensemble model for ddos attack detection and mitigation in sdn environment. Microprocessors and Microsystems, 89:104412.
Nanda, S., Zafari, F., DeCusatis, C., Wedaa, E., and Yang, B. (2016). Predicting network attack patterns in sdn using machine learning approach. In IEEE Conf. on Network Function Virtualization and Software Defined Networks, pages 167–172. IEEE.
Occhipinti, A., Rogers, L., and Angione, C. (2022). A pipeline and comparative study of 12 machine learning models for text classification. Expert Systems with Applications, 201:117193.
Sahoo, K. S., Iqbal, A., Maiti, P., and Sahoo, B. (2018). A machine learning approach for predicting ddos traffic in software defined networks. In 2018 International Conference on Information Technology (ICIT), pages 199–203.
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (ddos) attack dataset and taxonomy. In 2019 International Carnahan Conference on Security Technology (ICCST), pages 1–8.
Yungaicela-Naula, N. M., Vargas-Rosales, C., Pérez-Díaz, J. A., and Zareei, M. (2022). Towards security automation in software defined networks. Computer Communications, 183:64–82.
Zhou, L., Zhu, Y., Zong, T., and Xiang, Y. (2022). A feature selection-based method for ddos attack flow classification. Future Generation Computer Systems, 132:67–79.
Publicado
20/05/2024
Como Citar
RIBEIRO, M. A.; FONSECA, M.; SANTI, J..
Um sensor baseado em Aprendizado de Máquina para detecção de ataque DDoS em tempo real. In: SALÃO DE FERRAMENTAS - SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 89-96.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc_estendido.2024.3403.
