Sistema de Detecção de Intrusão Confiável Baseado em Aprendizagem por Fluxo
Abstract
Intrusion detection systems through machine learning techniques have been extensively used in the literature. However, although the promising reported results, due to the lack of reliability in the accuracy of the system, such techniques are hardly used in production. In this paper, we propose a reliable intrusion detection model through stream learning algorithms. The system reliability is provided through the classification confidence assessment. Experiments have shown the proposal feasibility, which maintained its accuracy while classifying new attacks and services, autonomously updating its system.References
Moa. available online. Acessado 22 de dezembro de 2020.
Abreu, V., Santin, A. O., Viegas, E. K., and Stihler, M. (2017). A multi-domain role activation model. In 2017 IEEE International Conference on Communications (ICC). IEEE.
dos Santos, R. R., Viegas, E. K., Santin, A., and Cogo, V. V. (2020). A long-lasting reinforcement learning intrusion detection model. In Advanced Information Networking and Applications, pages 1437–1448. Springer International Publishing.
Gates, C. and Taylor, C. (2007). Challenging the anomaly detection paradigm: A provocative discussion. pages 21–29. Proc. 2006 Work. New Secur. Paradig.
He, H., Chen, S., Li, K., and Xu, X. (2011). Incremental learning from stream data. pages 1901–1914. IEEE Trans. Neural Netw. 22.
Kugler, E., Santin, A. O., Cogo, V. V., and Abreu, V. (2020). A reliable semi-supervised intrusion detection model: One year of network traffic anomalies. In ICC 2020 - 2020 IEEE International Conference on Communications (ICC). IEEE.
Loganathan, G., Samarabandu, J., and Wang, X. (2018). Real-time intrusion detection in network traffic using adaptive and auto-scaling stream processor. In 2018 IEEE Global Communications Conference (GLOBECOM). IEEE.
Muallem, A., Shetty, S., Hong, L., and Pan, J. (2019). Tddeht: Threat detection using distributed ensembles of hoeffding trees on streaming cyber datasets. pages 219–224. Proc. - IEEE Mil. Commun. Conf. MILCOM.
Peng, J., Choo, K.-K. R., and Ashman, H. (2016). User profiling in intrusion detection: A review. volume 72, pages 14–27. Elsevier BV.
Peng, K., Leung, V., and Huang, Q. (2018). Clustering approach based on mini batch kmeans for intrusion detection system over big data. pages 11897–11906. IEEE Access.
P.Singh and Venkatesan, M. (2018). Hybrid approach for intrusion detection system. pages 1–5. Proc. 2018 Int. Conf. Curr. Trends Towar. Converging Technol. ICCTCT.
Sommer, R. and Paxson, R. (2010). Outside the closed world: On using machine learning for network intrusion detection. pages 305–316. IEEE Symp. Secur. Priv.s.
Sovilj, D., Budnarain, P., Sanner, S., Salmon, G., and Rao, M. (2020). A comparative evaluation of unsupervised deep architectures for intrusion detection in sequential data streams. volume 159, page 113577. Elsevier BV.
Tan, S., Ting, K., and Liu, T. (2011). Fast anomaly detection for streaming data. pages 1511–1516. IJCAI International Joint Conference on Artificial Intelligence, vol. 22.
Tavallaee, M., Stakhanova, N., and Ghorbani, A. A. (2010). Toward credible evaluation of anomaly-based intrusion-detection methods. pages 516–524. IEEE Trans. Syst. Man Cybern. 5.
Tobi, A. and Duncan, I. (2019). Improving intrusion detection model prediction by threshold adaptation. pages 1–42. Information.
Viegas, E., Santin, A., and Abreu, N. N. A. (2017a). A resilient stream learning intrusion detection mechanism for real-time analysis of network traffic. page 978–983. IEEE Glob. Telecommun. Conf. GLOBECOM.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Viegas, E. K., Santin, A. O., and Oliveira, L. S. (2017b). Toward a reliable anomaly-based intrusion detection in real-world environments. Computer Networks, 127:200–216.
Yin, C., Xia, L., Zhang, S., Sun, R., and Wang, J. (2017). Improved clustering algorithm based on high-speed network data stream. volume 22, pages 4185–4195. Springer Science and Business Media LLC.
Abreu, V., Santin, A. O., Viegas, E. K., and Stihler, M. (2017). A multi-domain role activation model. In 2017 IEEE International Conference on Communications (ICC). IEEE.
dos Santos, R. R., Viegas, E. K., Santin, A., and Cogo, V. V. (2020). A long-lasting reinforcement learning intrusion detection model. In Advanced Information Networking and Applications, pages 1437–1448. Springer International Publishing.
Gates, C. and Taylor, C. (2007). Challenging the anomaly detection paradigm: A provocative discussion. pages 21–29. Proc. 2006 Work. New Secur. Paradig.
He, H., Chen, S., Li, K., and Xu, X. (2011). Incremental learning from stream data. pages 1901–1914. IEEE Trans. Neural Netw. 22.
Kugler, E., Santin, A. O., Cogo, V. V., and Abreu, V. (2020). A reliable semi-supervised intrusion detection model: One year of network traffic anomalies. In ICC 2020 - 2020 IEEE International Conference on Communications (ICC). IEEE.
Loganathan, G., Samarabandu, J., and Wang, X. (2018). Real-time intrusion detection in network traffic using adaptive and auto-scaling stream processor. In 2018 IEEE Global Communications Conference (GLOBECOM). IEEE.
Muallem, A., Shetty, S., Hong, L., and Pan, J. (2019). Tddeht: Threat detection using distributed ensembles of hoeffding trees on streaming cyber datasets. pages 219–224. Proc. - IEEE Mil. Commun. Conf. MILCOM.
Peng, J., Choo, K.-K. R., and Ashman, H. (2016). User profiling in intrusion detection: A review. volume 72, pages 14–27. Elsevier BV.
Peng, K., Leung, V., and Huang, Q. (2018). Clustering approach based on mini batch kmeans for intrusion detection system over big data. pages 11897–11906. IEEE Access.
P.Singh and Venkatesan, M. (2018). Hybrid approach for intrusion detection system. pages 1–5. Proc. 2018 Int. Conf. Curr. Trends Towar. Converging Technol. ICCTCT.
Sommer, R. and Paxson, R. (2010). Outside the closed world: On using machine learning for network intrusion detection. pages 305–316. IEEE Symp. Secur. Priv.s.
Sovilj, D., Budnarain, P., Sanner, S., Salmon, G., and Rao, M. (2020). A comparative evaluation of unsupervised deep architectures for intrusion detection in sequential data streams. volume 159, page 113577. Elsevier BV.
Tan, S., Ting, K., and Liu, T. (2011). Fast anomaly detection for streaming data. pages 1511–1516. IJCAI International Joint Conference on Artificial Intelligence, vol. 22.
Tavallaee, M., Stakhanova, N., and Ghorbani, A. A. (2010). Toward credible evaluation of anomaly-based intrusion-detection methods. pages 516–524. IEEE Trans. Syst. Man Cybern. 5.
Tobi, A. and Duncan, I. (2019). Improving intrusion detection model prediction by threshold adaptation. pages 1–42. Information.
Viegas, E., Santin, A., and Abreu, N. N. A. (2017a). A resilient stream learning intrusion detection mechanism for real-time analysis of network traffic. page 978–983. IEEE Glob. Telecommun. Conf. GLOBECOM.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Viegas, E. K., Santin, A. O., and Oliveira, L. S. (2017b). Toward a reliable anomaly-based intrusion detection in real-world environments. Computer Networks, 127:200–216.
Yin, C., Xia, L., Zhang, S., Sun, R., and Wang, J. (2017). Improved clustering algorithm based on high-speed network data stream. volume 22, pages 4185–4195. Springer Science and Business Media LLC.
Published
2020-10-13
How to Cite
VIEGAS, Eduardo K.; SANTIN, Altair O.; SANTOS, Roger R. dos; ABREU, Vilmar.
Sistema de Detecção de Intrusão Confiável Baseado em Aprendizagem por Fluxo. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 20. , 2020, Petrópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 382-394.
DOI: https://doi.org/10.5753/sbseg.2020.19251.
