Detecção de Ataques Web: Explorando Redes Neurais Recorrentes com Redutor de Dimensionalidade
Resumo
Técnicas de aprendizado de máquina têm sido amplamente exploradas em detectores, dentre as quais as redes neurais recorrentes (RNN) se destacam por seu bom desempenho na tarefa de detecção de ataques web. No entanto, as pesquisas com redes recorrentes têm focado no aumento do desempenho preditivo dos detectores. Além disso, as técnicas baseadas em aprendizado profundo apresentam elevado custo computacional. Portanto, projetar métodos de detecção de intrusão que sejam eficazes do ponto de vista preditivo e também eficientes quanto ao tempo de detecção é uma necessidade. Este trabalho propõe o BLOOM-RNN, um método de detecção de intrusão que emprega redes neurais recorrentes e reduz a dimensionalidade dos dados de entrada utilizando o Filtro de Bloom. Os experimentos demonstram que o emprego de RNN oferece boa precisão quando comparado com outros métodos de aprendizagem de máquina e que o filtro proporciona uma redução significativa do tempo de detecção sem afetar a precisão do detector. Uma avaliação comparativa entre diferentes redes recorrentes (dos tipos LSTM, BI-LSTM e GRU) indica que o aprendizado das redes é sensível ao tipo de ataque web.
Palavras-chave:
Filtro de Bloom, Redes Neurais Recorrentes, Ataque Web, Detecção de Anomalias
Referências
SMITHA, R.; HAREESHA, K.; KUNDAPUR, P. P. A (2019) Machine Learning Approach for Web Intrusion Detection: MAMLS Perspective. In: Soft Computing and Signal Processing. p.119-133.
GIMÉNEZ, C. T. et al. (2015) Study of stochastic and machine learning techniques for anomaly-based Web attack detection. Tese (Doutorado) — Univ Carlos III of Madrid.
KOZAKEVICIUS, A. et al.. (2015) URL Query String Anomaly Sensor Designed with the Bidimensional Haar Wavelet Transform. Journal of Information Security, v14, p.561-581.
GUAN, Z.; WANG, J.; WANG, X.; W. Xin; CUI, J.; JING, X. (2021) A Comparative Study of RNN-based Methods for Web Malicious Code Detection, In: IEEE 6th International Conference on Computer and Communication Systems (ICCCS), p. 769-773.
BOCHEM, A.; ZHANG, H.; HOGREFE, D. (2017) Streamlined anomaly detection in web requests using recurrent neural networks. In: IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). p. 1016-1017.
HAO, S.; LONG, J.; YANG, Y. (2019) BL-IDS: Detecting Web Attacks Using Bi-LSTM Model Based on Deep Learning. In: Springer International Conference on Security and Privacy in New Computing Environments. p. 551–563.
LIANG, J.; ZHAO, W.; YE, W. (2017) Anomaly-based web attack detection: a deep learning approach. In: ACM, 2017. In: Proceedings of the VI International Conference on Network, Communication and Computing. p. 80-85.
KIM, T.; CHO, S. (2018) Web traffic anomaly detection using C-LSTM neural networks. Expert Systems with Applications, v.106, p. 66-76.
ONEY, M. U.; PEKER, S. (2018) The Use of Artificial Neural Networks in Network Intrusion Detection: A Systematic Review. In: Int. Conf. on Artificial Intelligence and Data Processing. p. 1-6.
HERRERA-SEMENETS, V. et al. (2018) A data reduction strategy and its application on scan and backscatter detection using rule-based classifiers. Expert Systems with Applications, v.95, p.272-279.
BLOOM, B. H. (1970) Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, v. 13, n. 7, p. 422-426.
REGO, R. C. S. and NUNES, R. C. (2019) Filtro de Bloom como Ferramenta de Apoio a Detectores de Ataques Web baseados em Aprendizado de Máquina. In: Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, p. 85-98.
FENG, C.; LI, T.; CHANA, D. (2017) Multi-level anomaly detection in industrial control systems via package signatures and ISTM networks. In: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).
OWASP Top 10. (2021) https://owasp.org/www-project-top-ten/. Acesso em: 05/07/2021.
ZHAO, J. et al. (2018) Classifying Malicious URLs Using Gated Recurrent Neural Networks. In: Conf. Innovative Mobile and Internet Services in Ubiquitous Computing. p. 385–394.
ALTHUBITI, S. et al. (2018) Applying Long Short-Term Memory Recurrent Neural Network for Intrusion Detection. In: SoutheastCon. p. 1–5.
CSIC (2010) HTTP dataset CSIC 2010. Disponível em: https://www.tic.itefi.csic.es/dataset/. Acesso em: 05/07/2021.
WANG, J.; ZHOU, Z.; CHEN, J. (2018) Evaluating CNN and LSTM for Web Attack Detection. In: Proc. of the ACM Conf. on Machine Learning and Computing. p. 283–287.
CSIC (2012) HTTP CSIC Torpeda 2012. Available online: dataset https://www.tic.itefi.csic.es/torpeda/. Acesso em: 05/07/2021.
NGUYEN, H. T. et al. (2011) Application of the generic feature selection measure in detection of web attacks. In: Computational Intelligence in Security for Information Systems. p. 25–32.
PARTHASARATHY, S.; KUNDUR, D. (2012) Bloom filter based intrusion detection for smart grid SCADA. In: Canadian Conf. on Electrical & Computer Engineering. p. 1-6.
CHOLLET, F. (2015) Keras: The Python Deep Learning library. Disponível em: https://keras.io/.
REIMERS, N.; GUREVYCH, I. (2017) Optimal hyperparameters for deep LSTM-networks for sequence labeling tasks. In: arXiv preprint arXiv:1707.06799
GIMÉNEZ, C. T. et al. (2015) Study of stochastic and machine learning techniques for anomaly-based Web attack detection. Tese (Doutorado) — Univ Carlos III of Madrid.
KOZAKEVICIUS, A. et al.. (2015) URL Query String Anomaly Sensor Designed with the Bidimensional Haar Wavelet Transform. Journal of Information Security, v14, p.561-581.
GUAN, Z.; WANG, J.; WANG, X.; W. Xin; CUI, J.; JING, X. (2021) A Comparative Study of RNN-based Methods for Web Malicious Code Detection, In: IEEE 6th International Conference on Computer and Communication Systems (ICCCS), p. 769-773.
BOCHEM, A.; ZHANG, H.; HOGREFE, D. (2017) Streamlined anomaly detection in web requests using recurrent neural networks. In: IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). p. 1016-1017.
HAO, S.; LONG, J.; YANG, Y. (2019) BL-IDS: Detecting Web Attacks Using Bi-LSTM Model Based on Deep Learning. In: Springer International Conference on Security and Privacy in New Computing Environments. p. 551–563.
LIANG, J.; ZHAO, W.; YE, W. (2017) Anomaly-based web attack detection: a deep learning approach. In: ACM, 2017. In: Proceedings of the VI International Conference on Network, Communication and Computing. p. 80-85.
KIM, T.; CHO, S. (2018) Web traffic anomaly detection using C-LSTM neural networks. Expert Systems with Applications, v.106, p. 66-76.
ONEY, M. U.; PEKER, S. (2018) The Use of Artificial Neural Networks in Network Intrusion Detection: A Systematic Review. In: Int. Conf. on Artificial Intelligence and Data Processing. p. 1-6.
HERRERA-SEMENETS, V. et al. (2018) A data reduction strategy and its application on scan and backscatter detection using rule-based classifiers. Expert Systems with Applications, v.95, p.272-279.
BLOOM, B. H. (1970) Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, v. 13, n. 7, p. 422-426.
REGO, R. C. S. and NUNES, R. C. (2019) Filtro de Bloom como Ferramenta de Apoio a Detectores de Ataques Web baseados em Aprendizado de Máquina. In: Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, p. 85-98.
FENG, C.; LI, T.; CHANA, D. (2017) Multi-level anomaly detection in industrial control systems via package signatures and ISTM networks. In: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).
OWASP Top 10. (2021) https://owasp.org/www-project-top-ten/. Acesso em: 05/07/2021.
ZHAO, J. et al. (2018) Classifying Malicious URLs Using Gated Recurrent Neural Networks. In: Conf. Innovative Mobile and Internet Services in Ubiquitous Computing. p. 385–394.
ALTHUBITI, S. et al. (2018) Applying Long Short-Term Memory Recurrent Neural Network for Intrusion Detection. In: SoutheastCon. p. 1–5.
CSIC (2010) HTTP dataset CSIC 2010. Disponível em: https://www.tic.itefi.csic.es/dataset/. Acesso em: 05/07/2021.
WANG, J.; ZHOU, Z.; CHEN, J. (2018) Evaluating CNN and LSTM for Web Attack Detection. In: Proc. of the ACM Conf. on Machine Learning and Computing. p. 283–287.
CSIC (2012) HTTP CSIC Torpeda 2012. Available online: dataset https://www.tic.itefi.csic.es/torpeda/. Acesso em: 05/07/2021.
NGUYEN, H. T. et al. (2011) Application of the generic feature selection measure in detection of web attacks. In: Computational Intelligence in Security for Information Systems. p. 25–32.
PARTHASARATHY, S.; KUNDUR, D. (2012) Bloom filter based intrusion detection for smart grid SCADA. In: Canadian Conf. on Electrical & Computer Engineering. p. 1-6.
CHOLLET, F. (2015) Keras: The Python Deep Learning library. Disponível em: https://keras.io/.
REIMERS, N.; GUREVYCH, I. (2017) Optimal hyperparameters for deep LSTM-networks for sequence labeling tasks. In: arXiv preprint arXiv:1707.06799
Publicado
04/10/2021
Como Citar
REGO, Richard Caio Silva; NUNES, Raul Ceretta.
Detecção de Ataques Web: Explorando Redes Neurais Recorrentes com Redutor de Dimensionalidade. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 21. , 2021, Belém.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 183-196.
DOI: https://doi.org/10.5753/sbseg.2021.17315.