Construção de Modelos Baseados em n-gramas para Detecção de Anomalias em Aplicações Distribuídas
Resumo
A segurança é fundamental em sistemas distribuídos. Uma abordagem usual em segurança é a detecção de intrusão, que pode ser efetuada através da detecção de anomalias. Neste caso, um modelo de comportamento normal do sistema é construído e utilizado pelo sistema de detecção para checar desvios no comportamento do ambiente monitorado. Este artigo propõe uma técnica para a construção de modelos comportamentais de aplicações distribuídas através de traços de operação dos seus nós. São demonstrados os procedimentos realizados para a construção de modelos parciais, que são dispostos em conjuntos de n-gramas de eventos e combinados para obter modelos mais genéricos. Os resultados destacam a aplicação de um conjunto de dados real para a avaliação dos modelos, com resultados propícios na taxa de falso-positivo.
Referências
Angiulli, F., Argento, L., and Furfaro, A. (2015). Exploiting n-gram location for intrusion detection. In Proceedings of the 27th International Conference on Tools with Artificial Intelligence, pages 1093–1098, Vietri sul Mare, Itália. IEEE.
Borkar, A., Donode, A., and Kumari, A. (2017). A survey on intrusion detection system (IDS) and internal intrusion detection and protection system (IIDPS). In Proceedings of the International Conference on Inventive Computing and Informatics, pages 949–953, Coimbatore, Índia. IEEE.
Coulouris, G., Dollimore, J., Kindberg, T., and Blair, G. (2013). Sistemas Distribuídos-: Conceitos e Projeto. Bookman Editora.
Debar, H., Dacier, M., and Wespi, A. (1999). Towards a taxonomy of intrusion-detection systems. Computer Networks, 31(8):805–822.
Fu, Q., Lou, J.-G., Wang, Y., and Li, J. (2009). Execution anomaly detection in distributed In Proceedings of the 9th International systems through unstructured log analysis. Conference on Data Mining, pages 149–158, Miami, FL, EUA. IEEE.
Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., and Vázquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28(1-2):18–28.
Hauser, C., Tronel, F., Fidge, C., and Mé, L. (2013). Intrusion detection in distributed systems, an approach based on taint marking. In Proceedings of the International Conference on Communications, pages 1962–1967, Budapeste, Hungria. IEEE.
Jiang, G., Chen, H., Ungureanu, C., and Yoshihira, K. (2006). Multiresolution abnormal trace detection using varied-length n-grams and automata. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 37(1):86–97.
Jose, S., Malathi, D., Reddy, B., and Jayaseeli, D. (2018). A survey on anomaly based host intrusion detection system. Journal of Physics: Conference Series, 1000:012049.
Khraisat, A., Gondal, I., Vamplew, P., and Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1).
Lamport, L. (1978). Time, clocks, and the ordering of events in a distributed system. Communications of the ACM, 21(7):558–565.
Lanoë, D., Hurfin, M., Totel, E., and Maziero, C. (2019). An efficient and scalable intrusion detection system on logs of distributed applications. In Proceedings of the International Conference on ICT Systems Security and Privacy Protection, pages 49–63, Lisboa, Portugal. Springer.
Lee, D. and Yannakakis, M. (1996). Principles and methods of testing finite state machines a survey. Proceedings of the IEEE, 84(8):1090–1123.
Liao, H.-J., Lin, C.-H. R., Lin, Y.-C., and Tung, K.-Y. (2013). Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1):16–24.
Mishra, P., Pilli, E. S., Varadharajan, V., and Tupakula, U. (2017). Intrusion detection techniques in cloud environment: A survey. Journal of Network and Computer Applications, 77:18 – 47.
Quobyte Inc (2020). XtreemFS fault-tolerant distributed file system. http://www.xtreemfs.org.
Raguenet, I. and Maziero, C. (2008). A fuzzy model for the composition of intrusion detectors. In Proceedings of the 23rd International Information Security Conference, pages 237–251, Milão, Itália. Springer.
Scarfone, K. and Mell, P. (2012). Guide to intrusion detection and prevention systems (IDPS). Technical report, National Institute of Standards and Technology.
Stillerman, M., Marceau, C., and Stillman, M. (1999). Intrusion detection for distributed applications. Communications of the ACM, 42(7):62–69.
Totel, E., Hkimi, M., Hurfin, M., Leslous, M., and Labiche, Y. (2016). Inferring a distributed application behavior model for anomaly based intrusion detection. In Proceedings of the 12th European Dependable Computing Conference, pages 53–64, Gotemburgo, Suécia. IEEE.
Wressnegger, C., Schwenk, G., Arp, D., and Rieck, K. (2013). A close look on n-grams In Proceedings of the in intrusion detection: anomaly detection vs. classification. Workshop on Artificial Intelligence and Security, pages 67–76, Berlim, Alemanha. ACM.
Yassin, W., Udzir, N. I., Muda, Z., Sulaiman, M. N., et al. (2013). Anomaly-based intrusion detection through k-means clustering and naives bayes classification. In Proceedings of the 4th International Conference on Computing and Informatics, pages 298–303, Kuching, Malásia.
Zolotukhin, M. and Hämäläinen, T. (2013). Detection of anomalous HTTP requests based In Proceedings of the 13th on advanced n-gram model and clustering techniques. International Conference on Internet of Things, Smart Spaces, and Next Generation Networking, pages 371–382. Springer, São Petersburgo, Rússia.
Borkar, A., Donode, A., and Kumari, A. (2017). A survey on intrusion detection system (IDS) and internal intrusion detection and protection system (IIDPS). In Proceedings of the International Conference on Inventive Computing and Informatics, pages 949–953, Coimbatore, Índia. IEEE.
Coulouris, G., Dollimore, J., Kindberg, T., and Blair, G. (2013). Sistemas Distribuídos-: Conceitos e Projeto. Bookman Editora.
Debar, H., Dacier, M., and Wespi, A. (1999). Towards a taxonomy of intrusion-detection systems. Computer Networks, 31(8):805–822.
Fu, Q., Lou, J.-G., Wang, Y., and Li, J. (2009). Execution anomaly detection in distributed In Proceedings of the 9th International systems through unstructured log analysis. Conference on Data Mining, pages 149–158, Miami, FL, EUA. IEEE.
Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., and Vázquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28(1-2):18–28.
Hauser, C., Tronel, F., Fidge, C., and Mé, L. (2013). Intrusion detection in distributed systems, an approach based on taint marking. In Proceedings of the International Conference on Communications, pages 1962–1967, Budapeste, Hungria. IEEE.
Jiang, G., Chen, H., Ungureanu, C., and Yoshihira, K. (2006). Multiresolution abnormal trace detection using varied-length n-grams and automata. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 37(1):86–97.
Jose, S., Malathi, D., Reddy, B., and Jayaseeli, D. (2018). A survey on anomaly based host intrusion detection system. Journal of Physics: Conference Series, 1000:012049.
Khraisat, A., Gondal, I., Vamplew, P., and Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1).
Lamport, L. (1978). Time, clocks, and the ordering of events in a distributed system. Communications of the ACM, 21(7):558–565.
Lanoë, D., Hurfin, M., Totel, E., and Maziero, C. (2019). An efficient and scalable intrusion detection system on logs of distributed applications. In Proceedings of the International Conference on ICT Systems Security and Privacy Protection, pages 49–63, Lisboa, Portugal. Springer.
Lee, D. and Yannakakis, M. (1996). Principles and methods of testing finite state machines a survey. Proceedings of the IEEE, 84(8):1090–1123.
Liao, H.-J., Lin, C.-H. R., Lin, Y.-C., and Tung, K.-Y. (2013). Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1):16–24.
Mishra, P., Pilli, E. S., Varadharajan, V., and Tupakula, U. (2017). Intrusion detection techniques in cloud environment: A survey. Journal of Network and Computer Applications, 77:18 – 47.
Quobyte Inc (2020). XtreemFS fault-tolerant distributed file system. http://www.xtreemfs.org.
Raguenet, I. and Maziero, C. (2008). A fuzzy model for the composition of intrusion detectors. In Proceedings of the 23rd International Information Security Conference, pages 237–251, Milão, Itália. Springer.
Scarfone, K. and Mell, P. (2012). Guide to intrusion detection and prevention systems (IDPS). Technical report, National Institute of Standards and Technology.
Stillerman, M., Marceau, C., and Stillman, M. (1999). Intrusion detection for distributed applications. Communications of the ACM, 42(7):62–69.
Totel, E., Hkimi, M., Hurfin, M., Leslous, M., and Labiche, Y. (2016). Inferring a distributed application behavior model for anomaly based intrusion detection. In Proceedings of the 12th European Dependable Computing Conference, pages 53–64, Gotemburgo, Suécia. IEEE.
Wressnegger, C., Schwenk, G., Arp, D., and Rieck, K. (2013). A close look on n-grams In Proceedings of the in intrusion detection: anomaly detection vs. classification. Workshop on Artificial Intelligence and Security, pages 67–76, Berlim, Alemanha. ACM.
Yassin, W., Udzir, N. I., Muda, Z., Sulaiman, M. N., et al. (2013). Anomaly-based intrusion detection through k-means clustering and naives bayes classification. In Proceedings of the 4th International Conference on Computing and Informatics, pages 298–303, Kuching, Malásia.
Zolotukhin, M. and Hämäläinen, T. (2013). Detection of anomalous HTTP requests based In Proceedings of the 13th on advanced n-gram model and clustering techniques. International Conference on Internet of Things, Smart Spaces, and Next Generation Networking, pages 371–382. Springer, São Petersburgo, Rússia.
Publicado
13/10/2020
Como Citar
VIESCINSKI, Amanda; HEINRICH, Tiago; WILL, Newton C.; MAZIERO, Carlos.
Construção de Modelos Baseados em n-gramas para Detecção de Anomalias em Aplicações Distribuídas. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 20. , 2020, Petrópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 229-242.
DOI: https://doi.org/10.5753/sbseg.2020.19240.
