Towards Reliable Intrusion Detection in High Speed Networks
Resumo
Intrusion detection schemes must be able to detect intrusion attempts at a high network bandwidth, besides having to deal with the lack of realistic training/testing data, changes in network traffic behavior, unreliable classifications over time and adversarial settings. In this work a new intrusion detection model, namely reliable intrusion detection, is introduced, whose main characteristic is the usage of both batch and stream learning algorithms coupled together. The proposed model advances the state-of-the-art in intrusion detection, providing reliable detection even in the presence of network traffic behavior changes and lack of model updates. The work relevance was recognized in the publication of 5 top-tier journals, 6 international and national conference papers, and 1 registered patent.
Referências
C. Gates and C. Taylor (2007). “Challenging the Anomaly Detection Paradigm: A Provocative Discussion,” Proc. 2006 Work. New Secur. Paradig., pp. 21–29, 2007.
E. K. Viegas, A. O. Santin, and L. S. Oliveira (2017-1). “Toward a reliable anomalybased intrusion detection in real-world environments,” Comput. Networks, vol. 127.
E. K. Viegas, A. Santin, V. Abreu, and L. S. Oliveira (2017-2), “Stream learning and anomaly-based intrusion detection in the adversarial settings,” in Proceedings - IEEE Symposium on Computers and Communications.
E. K. Viegas, A. Santin, N. Neves, and A. Bessani (2019). “BigFlow: Real-time and Reliable Anomaly-based Intrusion Detection for High-speed Networks”. in Future Generation Computer System.
E. K. Viegas, A. Santin, N. Neves, A. Bessani, and V. Abreu (2017-3). “A Resilient Stream Learning Intrusion Detection Mechanism for Real-time Analysis of Network Traffic”. In. proc. of IEEE GLOBECOM.
E. K. Viegas, A. Santin, L. S. Oliveira, A. França, R. Jasinki, and V. Pedroni (2018), “A reliable and Energy-Efficient Classifier Combination Scheme for Intrusion Detection in Embedded Systems”. In: Computers & Security.
P802.3cd (2017). P802.3cd Standard for Ethernet Amendment. Available at: http://ieeexplore.ieee.org/document/8115318/.
R. Sommer and V. Paxson (2010). “Outside the Closed World: On Using Machine Learning for Network Intrusion Detection,” 2010 IEEE Symp. Secur. Priv., vol. 0, no. May, pp. 305–316.