Um modelo de detecção de intrusão baseado em deep autoencoders e transfer learning
Resumo
As técnicas de aprendizado de máquina para detecção de intrusão baseada na rede geralmente pressupõem que o tráfego da rede não muda com o tempo ou que as atualizações do modelo podem ser realizadas facilmente. Neste artigo, propomos um novo modelo de detecção de intrusão baseado em deep autoencoders e transfer learning para facilitar a atualização do modelo. Experimentos realizados mostraram que as abordagens na literatura são incapazes de lidar com mudanças de tráfego de rede ao longo do tempo. A abordagem proposta é capaz de melhorar a taxa de falso positivo em até 23,9%, e fornecer taxas de precisão semelhantes às técnicas tradicionais, exigindo apenas 22% de dados de treinamento e 28% dos custos computacionais.
Palavras-chave:
Detecção de Intrusão, Aprendizagem de Máquina, Deep Autoencoder
Referências
Ahmim, A., Maglaras, L., Ferrag, M. A., Derdour, M., and Janicke, H. (2019). A novel hierarchical intrusion detection system based on decision tree and rules-based models. In 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS). IEEE.
Alam, M., Samad, M., Vidyaratne, L., Glandon, A., and Iftekharuddin, K. (2020). Survey on deep neural networks in speech and vision systems. Neurocomputing, 417:302–321.
Bulle, B. B., Santin, A. O., Viegas, E. K., and dos Santos, R. R. (2020). A host-based intrusion detection model based on OS diversity for SCADA. In IECON 2020 The 46th Annual Conference of the IEEE Industrial Electronics Society. IEEE.
Cheng, Z., Zhu, E., Wang, S., Zhang, P., and Li, W. (2021). Unsupervised outlier detection via transformation invariant autoencoder. IEEE Access, 9:43991–44002.
Fontugne, R., Borgnat, P., Abry, P., and Fukuda, K. (2010). MAWILab: Combining diverse anomaly detectors for automated anomaly labeling and performance benchIn Proc. of the 6th Int. Conf. on emerging Networking EXperiments and marking. Technologies (CoNEXT).
Gates, C. and Taylor, C. (2006). Challenging the anomaly detection paradigm: A provocative discussion. In Proc. of the Workshop on New Security Paradigms (NSPW), pages 21–29.
Gondara, L. (2016). Medical image denoising using convolutional denoising autoenIn 2016 IEEE 16th International Conference on Data Mining Workshops coders. (ICDMW). IEEE.
Kevric, J., Jukic, S., and Subasi, A. (2016). An effective combining classier approach using tree algorithms for network intrusion detection. Neural Computing and Applications, 28(S1):1051–1058.
Li, X., Chen, W., Zhang, Q., and Wu, L. (2020). Building auto-encoder intrusion detection system based on random forest feature selection. Computers & Security, 95:101851.
Mallmann, J., Santin, A. O., Viegas, E. K., dos Santos, R. R., and Geremias, J. (2020). PPCensor: Architecture for real-time pornography detection in video streaming. Future Generation Computer Systems, 112:945–955.
MAWI (2021). MAWI Working Group Trafc Archive Samplepoint F. Molina-Coronado, B., Mori, U., Mendiburu, A., and Miguel-Alonso, J. (2020). Survey of network intrusion detection methods from the perspective of the knowledge discovery in databases process. IEEE Trans. on Network and Service Management, 17(4):2451–2479.
Ramos, F., Viegas, E., Santin, A., Horchulhack, P., dos Santos, R. R., and Espindola, A. (2021). A machine learning model for detection of docker-based APP overbooking on kubernetes. In ICC 2021 IEEE International Conference on Communications. IEEE.
Sommer, R. and Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy. IEEE.
Tomio, R. L., Viegas, E. K., Santin, A. O., and dos Santos, R. R. (2021). A multi-view intrusion detection model for reliable and autonomous model updates. In ICC 2021 IEEE International Conference on Communications. IEEE.
Vicentini, C., Santin, A., Viegas, E., and Abreu, V. (2018). A machine learning auditing model for detection of multi-tenancy issues within tenant domain. In 2018 18th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID). IEEE.
Vicentini, C., Santin, A., Viegas, E., and Abreu, V. (2019). SDN-based and multitenantaware resource provisioning mechanism for cloud-based big data streaming. Journal of Network and Computer Applications, 126:133–149.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Viegas, E., Santin, A. O., and Jr, V. A. (2021). Machine learning intrusion detection in big data era: A multi-objective approach for longer model lifespans. IEEE Transactions on Network Science and Engineering, 8(1):366–376.
Vinayakumar, R., Alazab, M., Soman, K. P., Poornachandran, P., Al-Nemrat, A., and Venkatraman, S. (2019). Deep learning approach for intelligent intrusion detection system. IEEE Access, 7:525–550.
Yan, Y., Qi, L., Wang, J., Lin, Y., and Chen, L. (2020). A network intrusion detection method based on stacked autoencoder and LSTM. In ICC 2020 IEEE Int. Conf. on Communications (ICC). IEEE.
Yang, H. and Wang, F. (2019). Wireless network intrusion detection based on improved convolutional neural network. IEEE Access, 7:64366–64374.
Zhang, J., Li, F., Wu, H., and Ye, F. (2019). Autonomous model update scheme for deep learning based network trafc classiers. In 2019 IEEE Global Communications Conference (GLOBECOM). IEEE.
Alam, M., Samad, M., Vidyaratne, L., Glandon, A., and Iftekharuddin, K. (2020). Survey on deep neural networks in speech and vision systems. Neurocomputing, 417:302–321.
Bulle, B. B., Santin, A. O., Viegas, E. K., and dos Santos, R. R. (2020). A host-based intrusion detection model based on OS diversity for SCADA. In IECON 2020 The 46th Annual Conference of the IEEE Industrial Electronics Society. IEEE.
Cheng, Z., Zhu, E., Wang, S., Zhang, P., and Li, W. (2021). Unsupervised outlier detection via transformation invariant autoencoder. IEEE Access, 9:43991–44002.
Fontugne, R., Borgnat, P., Abry, P., and Fukuda, K. (2010). MAWILab: Combining diverse anomaly detectors for automated anomaly labeling and performance benchIn Proc. of the 6th Int. Conf. on emerging Networking EXperiments and marking. Technologies (CoNEXT).
Gates, C. and Taylor, C. (2006). Challenging the anomaly detection paradigm: A provocative discussion. In Proc. of the Workshop on New Security Paradigms (NSPW), pages 21–29.
Gondara, L. (2016). Medical image denoising using convolutional denoising autoenIn 2016 IEEE 16th International Conference on Data Mining Workshops coders. (ICDMW). IEEE.
Kevric, J., Jukic, S., and Subasi, A. (2016). An effective combining classier approach using tree algorithms for network intrusion detection. Neural Computing and Applications, 28(S1):1051–1058.
Li, X., Chen, W., Zhang, Q., and Wu, L. (2020). Building auto-encoder intrusion detection system based on random forest feature selection. Computers & Security, 95:101851.
Mallmann, J., Santin, A. O., Viegas, E. K., dos Santos, R. R., and Geremias, J. (2020). PPCensor: Architecture for real-time pornography detection in video streaming. Future Generation Computer Systems, 112:945–955.
MAWI (2021). MAWI Working Group Trafc Archive Samplepoint F. Molina-Coronado, B., Mori, U., Mendiburu, A., and Miguel-Alonso, J. (2020). Survey of network intrusion detection methods from the perspective of the knowledge discovery in databases process. IEEE Trans. on Network and Service Management, 17(4):2451–2479.
Ramos, F., Viegas, E., Santin, A., Horchulhack, P., dos Santos, R. R., and Espindola, A. (2021). A machine learning model for detection of docker-based APP overbooking on kubernetes. In ICC 2021 IEEE International Conference on Communications. IEEE.
Sommer, R. and Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy. IEEE.
Tomio, R. L., Viegas, E. K., Santin, A. O., and dos Santos, R. R. (2021). A multi-view intrusion detection model for reliable and autonomous model updates. In ICC 2021 IEEE International Conference on Communications. IEEE.
Vicentini, C., Santin, A., Viegas, E., and Abreu, V. (2018). A machine learning auditing model for detection of multi-tenancy issues within tenant domain. In 2018 18th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID). IEEE.
Vicentini, C., Santin, A., Viegas, E., and Abreu, V. (2019). SDN-based and multitenantaware resource provisioning mechanism for cloud-based big data streaming. Journal of Network and Computer Applications, 126:133–149.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Viegas, E., Santin, A. O., and Jr, V. A. (2021). Machine learning intrusion detection in big data era: A multi-objective approach for longer model lifespans. IEEE Transactions on Network Science and Engineering, 8(1):366–376.
Vinayakumar, R., Alazab, M., Soman, K. P., Poornachandran, P., Al-Nemrat, A., and Venkatraman, S. (2019). Deep learning approach for intelligent intrusion detection system. IEEE Access, 7:525–550.
Yan, Y., Qi, L., Wang, J., Lin, Y., and Chen, L. (2020). A network intrusion detection method based on stacked autoencoder and LSTM. In ICC 2020 IEEE Int. Conf. on Communications (ICC). IEEE.
Yang, H. and Wang, F. (2019). Wireless network intrusion detection based on improved convolutional neural network. IEEE Access, 7:64366–64374.
Zhang, J., Li, F., Wu, H., and Ye, F. (2019). Autonomous model update scheme for deep learning based network trafc classiers. In 2019 IEEE Global Communications Conference (GLOBECOM). IEEE.
Publicado
04/10/2021
Como Citar
DOS SANTOS, Roger R.; VIEGAS, Eduardo K.; SANTIN, Altair O..
Um modelo de detecção de intrusão baseado em deep autoencoders e transfer learning. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 21. , 2021, Belém.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 267-280.
DOI: https://doi.org/10.5753/sbseg.2021.17321.