Filtro de Bloom como Ferramenta de Apoio a Detectores de Ataques Web baseados em Aprendizagem de Máquina
Abstract
Attacks against Web applications imply social and financial losses. Current detection systems that use machine learning techniques are not scalable enough to handle large volumes of data. The Bloom Filter is a simple and efficient random data structure that allows you to test whether a particular element belongs to a set of probabilistic shapes. In this paper the Bloom Filter was combined with seven machine learning techniques commonly used in anomalybased detectors of web attacks. The results show the use of the filter as the first stage of the anomaly-based detection mechanism can reduce both average and total detection time in all tested machine learning classifiers for web attack detectors. The results also show the filter helps to increase the detection accuracy and precision if used a proposed key Bloom Filter setting optimization to mitigate unwanted false negatives. Palavras-chave: Bloom Filter, Web Attacks, Intrusion Detection Systems, Machine Learning.
Keywords:
Bloom Filter, Web Attacks, Intrusion Detection Systems, Machine Learning.
References
Abraham, A., Pedregosa, F., Eickenberg, M., Gervais, P., Mueller, A., Kossai, J., Gramfort, A., Thirion, B., e Varoquaux, G. (2014). Machine learning for neuroimaging with scikitlearn. Frontiers in neuroinformatics, 8.
Ahmed, M., Mahmood, A. N., e Hu, J. (2016). A survey of network anomaly detection techniques. Journal of Network and Computer Applications, 60, 19 – 31.
Al-Jarrah, O. Y., Yoo, P. D., Muhaidat, S., Karagiannidis, G. K., e Taha, K. (2015). Efcient Machine Learning for Big Data: A Review. Big Data Research, 2(3), 87 – 93. Big Data, Analytics, and High-Performance Computing.
Althubiti, S., Yuan, X., e Esterline, A. (2017). Analyzing HTTP requests for web intrusion detection.
Althubiti, S., Nick, W., Mason, J., Yuan, X., e Esterline, A. (2018). Applying Long ShortTerm Memory Recurrent Neural Network for Intrusion Detection. In SoutheastCon 2018, pages 1 – 5.
Araujo, C. R. C. (2017). Detección de ataques en Aplicaciones Web aplicando la Transformada Wavelet.
Bochem, A., Zhang, H., e Hogrefe, D. (2017). Streamlined anomaly detection in web requests using recurrent neural networks.
In 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pages 1016 – 1017. IEEE.
Broder, A. e Mitzenmacher, M. (2004). Network applications of bloom lters: A survey. Internet mathematics, 1(4), 485 – 509.
Chollet, F. (2015). Keras: The Python Deep Learning library. Disponível em: https://keras.io/.
Feng, C., Li, T., e Chana, D. (2017). Multi-level anomaly detection in industrial control systems via package signatures and lstm networks. In 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pages 261 – 272. IEEE.
Geravand, S. e Ahmadi, M. (2013). Bloom lter applications in network security: A state-of-the-art survey. Computer Networks, 57(18), 4047 – 4064.
Giménez, C. T. et al. (2015). Study of stochastic and machine learning techniques for anomaly-based Web attack detection. Ph.D. thesis, University Carlos III of Madrid, 2015.
Herrera-Semenets, V., Pérez-García, O. A., Hernández-León, R., van den Berg, J., e Doerr, C. (2018). A data reduction strategy and its application on scan and backscatter detection using rule-based classiers. Expert Systems with Applications, 95, 272 – 279.
Information Security Institute - Spanish Research National Council (2010). HTTP dataset CSIC 2010. Disponível em: http://www.isi.csic.es/dataset/.
Ito, M. e Iyatomi, H. (2018). Web application rewall using character-level convolutional neural network. In 2018 IEEE 14th International Colloquium on Signal Processing Its Applications (CSPA), pages 103 – 106.
Kevric, J., Jukic, S., e Subasi, A. (2016). An effective combining classier approach using tree algorithms for network intrusion detection. Neural Computing and Applications.
Li, Y., Lu, T., Guo, L., Tian, Z., e Qi, L. (2009). Optimizing Network Anomaly Detection Scheme Using Instance Selection Mechanism.
Liang, J., Zhao, W., e Ye, W. (2017). Anomaly-based web attack detection: a deep learning approach. In Proceedings of the 2017 VI International Conference on Network, Communication and Computing, pages 80 – 85. ACM.
Nene, M. e Singh, J. (2013). A survey on machine learning techniques for intrusion detection systems. International Journal of Advanced Research in Computer and Communication Engineering, 11.
Nguyen, H. T., Torrano-Gimenez, C., Alvarez, G., Petrovic, S., e Franke, K. (2011). Application of the generic feature selection measure in detection of web attacks. In Computational Intelligence in Security for Information Systems, pages 25 – 32. Springer.
Oney, M. U. e Peker, S. (2018). The Use of Artificial Neural Networks in Network Intrusion Detection: A Systematic Review. pages 1 – 6.
Parthasarathy, S. e Kundur, D. (2012). Bloom filter based intrusion detection for smart grid SCADA. In Electrical & Computer Engineering (CCECE), 2012 25th IEEE Canadian Conference on, pages 1 – 6. IEEE.
Sahin, M. e Sogukpinar, I. (2017). An efficient firewall for web applications (EFWA). In 2017 International Conference on Computer Science and Engineering (UBMK), pages 1150 – 1155. IEEE.
Zhou, L., Pan, S., Wang, J., e Vasilakos, A. V. (2017). Machine learning on big data: Opportunities and challenges. Neurocomputing, 237, 350 – 361.
Zhou, W., Jia, W., Wen, S., Xiang, Y., e Zhou, W. (2014). Detection and defense of application-layer DDoS attacks in backbone web traffic. Future Generation Comp. Syst., 38, 36 – 46.
Ahmed, M., Mahmood, A. N., e Hu, J. (2016). A survey of network anomaly detection techniques. Journal of Network and Computer Applications, 60, 19 – 31.
Al-Jarrah, O. Y., Yoo, P. D., Muhaidat, S., Karagiannidis, G. K., e Taha, K. (2015). Efcient Machine Learning for Big Data: A Review. Big Data Research, 2(3), 87 – 93. Big Data, Analytics, and High-Performance Computing.
Althubiti, S., Yuan, X., e Esterline, A. (2017). Analyzing HTTP requests for web intrusion detection.
Althubiti, S., Nick, W., Mason, J., Yuan, X., e Esterline, A. (2018). Applying Long ShortTerm Memory Recurrent Neural Network for Intrusion Detection. In SoutheastCon 2018, pages 1 – 5.
Araujo, C. R. C. (2017). Detección de ataques en Aplicaciones Web aplicando la Transformada Wavelet.
Bochem, A., Zhang, H., e Hogrefe, D. (2017). Streamlined anomaly detection in web requests using recurrent neural networks.
In 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pages 1016 – 1017. IEEE.
Broder, A. e Mitzenmacher, M. (2004). Network applications of bloom lters: A survey. Internet mathematics, 1(4), 485 – 509.
Chollet, F. (2015). Keras: The Python Deep Learning library. Disponível em: https://keras.io/.
Feng, C., Li, T., e Chana, D. (2017). Multi-level anomaly detection in industrial control systems via package signatures and lstm networks. In 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pages 261 – 272. IEEE.
Geravand, S. e Ahmadi, M. (2013). Bloom lter applications in network security: A state-of-the-art survey. Computer Networks, 57(18), 4047 – 4064.
Giménez, C. T. et al. (2015). Study of stochastic and machine learning techniques for anomaly-based Web attack detection. Ph.D. thesis, University Carlos III of Madrid, 2015.
Herrera-Semenets, V., Pérez-García, O. A., Hernández-León, R., van den Berg, J., e Doerr, C. (2018). A data reduction strategy and its application on scan and backscatter detection using rule-based classiers. Expert Systems with Applications, 95, 272 – 279.
Information Security Institute - Spanish Research National Council (2010). HTTP dataset CSIC 2010. Disponível em: http://www.isi.csic.es/dataset/.
Ito, M. e Iyatomi, H. (2018). Web application rewall using character-level convolutional neural network. In 2018 IEEE 14th International Colloquium on Signal Processing Its Applications (CSPA), pages 103 – 106.
Kevric, J., Jukic, S., e Subasi, A. (2016). An effective combining classier approach using tree algorithms for network intrusion detection. Neural Computing and Applications.
Li, Y., Lu, T., Guo, L., Tian, Z., e Qi, L. (2009). Optimizing Network Anomaly Detection Scheme Using Instance Selection Mechanism.
Liang, J., Zhao, W., e Ye, W. (2017). Anomaly-based web attack detection: a deep learning approach. In Proceedings of the 2017 VI International Conference on Network, Communication and Computing, pages 80 – 85. ACM.
Nene, M. e Singh, J. (2013). A survey on machine learning techniques for intrusion detection systems. International Journal of Advanced Research in Computer and Communication Engineering, 11.
Nguyen, H. T., Torrano-Gimenez, C., Alvarez, G., Petrovic, S., e Franke, K. (2011). Application of the generic feature selection measure in detection of web attacks. In Computational Intelligence in Security for Information Systems, pages 25 – 32. Springer.
Oney, M. U. e Peker, S. (2018). The Use of Artificial Neural Networks in Network Intrusion Detection: A Systematic Review. pages 1 – 6.
Parthasarathy, S. e Kundur, D. (2012). Bloom filter based intrusion detection for smart grid SCADA. In Electrical & Computer Engineering (CCECE), 2012 25th IEEE Canadian Conference on, pages 1 – 6. IEEE.
Sahin, M. e Sogukpinar, I. (2017). An efficient firewall for web applications (EFWA). In 2017 International Conference on Computer Science and Engineering (UBMK), pages 1150 – 1155. IEEE.
Zhou, L., Pan, S., Wang, J., e Vasilakos, A. V. (2017). Machine learning on big data: Opportunities and challenges. Neurocomputing, 237, 350 – 361.
Zhou, W., Jia, W., Wen, S., Xiang, Y., e Zhou, W. (2014). Detection and defense of application-layer DDoS attacks in backbone web traffic. Future Generation Comp. Syst., 38, 36 – 46.
Published
2019-09-02
How to Cite
REGO, Richard Caio; NUNES, Raul.
Filtro de Bloom como Ferramenta de Apoio a Detectores de Ataques Web baseados em Aprendizagem de Máquina. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 85-98.
DOI: https://doi.org/10.5753/sbseg.2019.13964.
