Seleção de Características em Stream para a Detecção de Ataques de Rede
Resumo
O aprendizado de máquina por stream possibilita a detecção de ataques de rede em tempo real, processando as instâncias e inspecionando-as apenas uma vez. Entretanto, as características de rede utilizadas por esses sistemas são dinâmicas e podem se tornar redundantes ou irrelevantes durante o processo de detecção, o que impacta diretamente no desempenho desses algoritmos, dificultando a implementação dessas propostas em ambientes reais. Neste trabalho propomos a utilização de técnicas de seleção de características em stream para melhorar o desempenho da detecção de ataques de rede. Nossos resultados, utilizando três bases de referência em segurança, mostram que a seleção de característica impacta diretamente na detecção dos ataques, com redução de até 93% no tempo de detecção.
Palavras-chave:
Seleção de Características, Aprendizado em Fluxo, Detecção de Ataques
Referências
Abreu, D., Carvalho, I., Abelém, A. J., Menasché, D., Leão, R. M., and Silva, E. (2020).
Seleção de Características por Clusterização para Melhorar a Detecção de Ataques de Rede. In Proceedings of the 38th Brazilian Symposium on Computer Networks and Distributed Systems, pages 295–308, Porto Alegre, RS, Brasil. SBC.
Al Nuaimi, N., Masud, M., Serhani, M., and Zaki, N. (2019). Streaming feature selection algorithms for big data: A survey. Applied Computing and Informatics, ahead-of-print.
Azhagusundari, B., Thanamani, A. S., et al. (2013). Feature selection based on information gain. International Journal of Innovative Technology and Exploring Engineering (IJITEE), 2(2):18–21.
Bifet, A. and Gavalda, R. (2009). Adaptive learning from evolving data streams. In International Symposium on Intelligent Data Analysis, pages 249–260. Springer.
Bifet, A. and Gavaldá, R. (2007). Learning from time-changing data with adaptive windowing. Proceedings of the 7th SIAM International Conference on Data Mining, 7.
Bifet, A., Holmes, G., Pfahringer, B., Kranen, P., Kremer, H., Jansen, T., and Seidl, T. (2010). Moa: Massive online analysis, a framework for stream classification and clustering. In Proceedings of the First Workshop on Applications of Pattern Analysis, pages 44–50. PMLR.
Casas, P., Mulinka, P., and Vanerio, J. (2019). Should i (re)learn or should i go(on)? stream machine learning for adaptive defense against network attacks. In Proceedings of the 6th ACM Workshop on Moving Target Defense, MTD’19, page 79–88, New York, NY, USA. Association for Computing Machinery.
Dawid, A. P. (1992). Prequential data analysis. Lecture Notes-Monograph Series, pages 113–126.
Dhanabal, L. and Shantharajah, S. (2015). A study on nsl-kdd dataset for intrusion detection system based on classification algorithms. International Journal of Advanced Research in Computer and Communication Engineering, 4(6):446–452.
Fontugne, R., Borgnat, P., Abry, P., and Fukuda, K. (2010). Mawilab : Combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking.
Proceedings of the 6th International Conference on Emerging Networking Experiments and Technologies, Co-NEXT’10, page 8.
Gama, J., Sebastiao, R., and Rodrigues, P. P. (2013). On evaluating stream learning algorithms. Machine learning, 90(3):317–346.
Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. computers & security, 45:100–123.
Gomes, H. M., Bifet, A., Read, J., Barddal, J. P., Enembreck, F., Pfharinger, B., Holmes, G., and Abdessalem, T. (2017). Adaptive random forests for evolving data stream classification. Machine Learning, 106(9):1469–1495.
Hulten, G., Spencer, L., and Domingos, P. (2001). Mining time-changing data streams. In ACM SIGKDD Intl. Conf. on Knowledge Discovery and Data Mining, pages 97–106. ACM Press.
Khraisat, A., Gondal, I., Vamplew, P., and Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1):1–22.
Moraes, M. B. d. et al. (2019). Avaliação de desempenho de algoritmos de seleção de atributos aplicados á classificação de fluxos de dados com mudanças de conceito. Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Tecnologia, Limeira, SP.
Moussa, A. A., Nogueira, M., and Guedes, A. L. (2019). Seleção online de features em streaming baseada em alpha-investing para dados de ataques ddos. In Anais do XXIV Workshop de Gerência e Operação de Redes e Servic¸os, pages 43–56. SBC.
Moustafa, N. and Slay, J. (2015). Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6.
Mulinka, P. and Casas, P. (2018). Stream-based machine learning for network security and anomaly detection. In Proceedings of the 2018 Workshop on Big Data Analytics and Machine Learning for Data Communication Networks, Big-DAMA ’18, page 1–7, New York, NY, USA. Association for Computing Machinery.
Mulinka, P., Wassermann, S., Marín, G., and Casas, P. (2018). Remember the Good, Forget the Bad, do it Fast - Continuous Learning over Streaming Data. In Continual Learning Workshop at NeurIPS 2018, Montréal, Canada.
Rish, I. et al. (2001). An empirical study of the naive bayes classifier. In IJCAI 2001 workshop on empirical methods in artificial intelligence, volume 3, pages 41–46.
Schuartz, F., Munaretto, A., and Fonseca, M. (2019). Uma comparação entre os sistemas de detecção de ameaças distribuídas de rede baseado no processamento de dados em fluxo e em lotes. In Anais do XXIV Workshop de Gerência e Operação de Redes e Serviços, pages 29–42, Porto Alegre, RS, Brasil. SBC.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In ICISSp, pages 108– 116.
Wang, J., Zhao, P., Hoi, S. C., and Jin, R. (2013). Online feature selection and its applications. IEEE Transactions on Knowledge and Data Engineering, 26(3):698–710.
Zhang, D.,Wang, Q.-G., Feng, G., Shi, Y., and Vasilakos, A. V. (2021). A survey on attack detection, estimation and control of industrial cyber–physical systems. ISA Transactions.
Zhou, J., Foster, D., Stine, R., and Ungar, L. (2005). Streaming feature selection using alpha-investing. In Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining, pages 384–393.
Seleção de Características por Clusterização para Melhorar a Detecção de Ataques de Rede. In Proceedings of the 38th Brazilian Symposium on Computer Networks and Distributed Systems, pages 295–308, Porto Alegre, RS, Brasil. SBC.
Al Nuaimi, N., Masud, M., Serhani, M., and Zaki, N. (2019). Streaming feature selection algorithms for big data: A survey. Applied Computing and Informatics, ahead-of-print.
Azhagusundari, B., Thanamani, A. S., et al. (2013). Feature selection based on information gain. International Journal of Innovative Technology and Exploring Engineering (IJITEE), 2(2):18–21.
Bifet, A. and Gavalda, R. (2009). Adaptive learning from evolving data streams. In International Symposium on Intelligent Data Analysis, pages 249–260. Springer.
Bifet, A. and Gavaldá, R. (2007). Learning from time-changing data with adaptive windowing. Proceedings of the 7th SIAM International Conference on Data Mining, 7.
Bifet, A., Holmes, G., Pfahringer, B., Kranen, P., Kremer, H., Jansen, T., and Seidl, T. (2010). Moa: Massive online analysis, a framework for stream classification and clustering. In Proceedings of the First Workshop on Applications of Pattern Analysis, pages 44–50. PMLR.
Casas, P., Mulinka, P., and Vanerio, J. (2019). Should i (re)learn or should i go(on)? stream machine learning for adaptive defense against network attacks. In Proceedings of the 6th ACM Workshop on Moving Target Defense, MTD’19, page 79–88, New York, NY, USA. Association for Computing Machinery.
Dawid, A. P. (1992). Prequential data analysis. Lecture Notes-Monograph Series, pages 113–126.
Dhanabal, L. and Shantharajah, S. (2015). A study on nsl-kdd dataset for intrusion detection system based on classification algorithms. International Journal of Advanced Research in Computer and Communication Engineering, 4(6):446–452.
Fontugne, R., Borgnat, P., Abry, P., and Fukuda, K. (2010). Mawilab : Combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking.
Proceedings of the 6th International Conference on Emerging Networking Experiments and Technologies, Co-NEXT’10, page 8.
Gama, J., Sebastiao, R., and Rodrigues, P. P. (2013). On evaluating stream learning algorithms. Machine learning, 90(3):317–346.
Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. computers & security, 45:100–123.
Gomes, H. M., Bifet, A., Read, J., Barddal, J. P., Enembreck, F., Pfharinger, B., Holmes, G., and Abdessalem, T. (2017). Adaptive random forests for evolving data stream classification. Machine Learning, 106(9):1469–1495.
Hulten, G., Spencer, L., and Domingos, P. (2001). Mining time-changing data streams. In ACM SIGKDD Intl. Conf. on Knowledge Discovery and Data Mining, pages 97–106. ACM Press.
Khraisat, A., Gondal, I., Vamplew, P., and Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1):1–22.
Moraes, M. B. d. et al. (2019). Avaliação de desempenho de algoritmos de seleção de atributos aplicados á classificação de fluxos de dados com mudanças de conceito. Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Tecnologia, Limeira, SP.
Moussa, A. A., Nogueira, M., and Guedes, A. L. (2019). Seleção online de features em streaming baseada em alpha-investing para dados de ataques ddos. In Anais do XXIV Workshop de Gerência e Operação de Redes e Servic¸os, pages 43–56. SBC.
Moustafa, N. and Slay, J. (2015). Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6.
Mulinka, P. and Casas, P. (2018). Stream-based machine learning for network security and anomaly detection. In Proceedings of the 2018 Workshop on Big Data Analytics and Machine Learning for Data Communication Networks, Big-DAMA ’18, page 1–7, New York, NY, USA. Association for Computing Machinery.
Mulinka, P., Wassermann, S., Marín, G., and Casas, P. (2018). Remember the Good, Forget the Bad, do it Fast - Continuous Learning over Streaming Data. In Continual Learning Workshop at NeurIPS 2018, Montréal, Canada.
Rish, I. et al. (2001). An empirical study of the naive bayes classifier. In IJCAI 2001 workshop on empirical methods in artificial intelligence, volume 3, pages 41–46.
Schuartz, F., Munaretto, A., and Fonseca, M. (2019). Uma comparação entre os sistemas de detecção de ameaças distribuídas de rede baseado no processamento de dados em fluxo e em lotes. In Anais do XXIV Workshop de Gerência e Operação de Redes e Serviços, pages 29–42, Porto Alegre, RS, Brasil. SBC.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In ICISSp, pages 108– 116.
Wang, J., Zhao, P., Hoi, S. C., and Jin, R. (2013). Online feature selection and its applications. IEEE Transactions on Knowledge and Data Engineering, 26(3):698–710.
Zhang, D.,Wang, Q.-G., Feng, G., Shi, Y., and Vasilakos, A. V. (2021). A survey on attack detection, estimation and control of industrial cyber–physical systems. ISA Transactions.
Zhou, J., Foster, D., Stine, R., and Ungar, L. (2005). Streaming feature selection using alpha-investing. In Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining, pages 384–393.
Publicado
04/10/2021
Como Citar
ABREU, Diego; CARVALHO, Igor; ABELÉM, Antônio.
Seleção de Características em Stream para a Detecção de Ataques de Rede. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 21. , 2021, Belém.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 197-210.
DOI: https://doi.org/10.5753/sbseg.2021.17316.
