Um Sistema de Detecção de Intrusão Baseado em Aprendizagem por Reforço
Resumo
Nos últimos anos foram propostas diversas técnicas para detecção de intrusão em rede. Porém, apesar dos resultados promissores reportados, essas técnicas não lidam com as mudanças de tráfego de rede ao longo do tempo. Neste artigo, uma abordagem baseada em aprendizagem por reforço e avaliação da confiabilidade das classificações é proposta para manter a acurácia do sistema ao longo do tempo. Com essa técnica buscamos construir modelos capazes de manter a acurácia por maiores períodos e avaliar confiabilidade mantendo a acurácia mesmo com modelos desatualizados. Experimentos realizados em 1 ano de tráfego, demonstraram que a abordagem proposta é capaz de manter a acurácia por 8 meses e a confiabilidade pelo período avaliado.
Referências
Abreu, V., Santin, A. O., Viegas, E. K., and Cogo, V. V. (2020). Identity and access management for IoT in smart grid. In Advanced Information Networking and Applications, pages 1215–1226. Springer International Publishing.
Al-Qatf, M., Lasheng, Y., Al-Habib, M., and Al-Sabahi, K. (2018). Deep learning approach combining sparse autoencoder with svm for network intrusion detection. In IEEE Access, volume 6, pages 52843–52856.
Caminero, G., Lopez-Martin, M., and Carro, B. (2019). Adversarial environment reinforcement learning algorithm for intrusion detection. In Computer Networks, volume 159, pages 96–109.
CERT.br (2019). Estatísticas dos incidentes reportados ao cert.br.
Chandak, T., Ghorpad, C., and Shukla, S. (2019). Effective analysis of feature selection algorithms for network based intrusion detection system. In 2019 IEEE Bombay Section Signature Conference (IBSSC), pages 1–5.
Cisco (2019). Cisco visual networking index: Global mobile data traffic forecast update, 2019 – 2022.
Cui, J., Long, J., Min, E., and Mao, Y. (2018). Wedl-nids: Improving network intrusion In Springer, editor, detection using word embedding-based deep learning method. Modeling Decisions for Artificial Intelligence, volume 11144.
Dominique, N. and Ma, Z. (2019). Enhancing network intrusion detection system method (nids) using mutual information (rf-cife). In Springer, editor, Security with Intelligent Computing and Big-data Services. SICBS 2018. Advances in Intelligent Systems and Computing, volume 895.
Gupta, D., Singhal, S., Malik, S., and Singh, A. (2016). Network intrusion detection system using various data mining techniques. In International Conference on Research Advances in Integrated Navigation Systems (RAINS 2016).
Gym. Openai. available online.
Haddad, Z., Hanoune, M., and Manoumi, A. (2016). A collaborative framework for intrusion detection (c-nids) in cloud computing. In 2016 2nd International Conference on Cloud Computing Technologies and Applications (CloudTech), pages 261–265.
Kugler, E., Santin, A. O., Cogo, V. V., and Abreu, V. (2020). Facing the unknown: A stream learning intrusion detection system for reliable model updates. In Advanced Information Networking and Applications, pages 898–909. Springer International Publishing.
Mallmann, J., Santin, A. O., Viegas, E. K., dos Santos, R. R., and Geremias, J. (2020). PPCensor: Architecture for real-time pornography detection in video streaming. Future Generation Computer Systems, 112:945–955.
Mawi. Mawi. available online.
Mawilab. Mawilab. available online.
Nanda, N. and Parikh, A. (2019). Hybrid approach for network intrusion detection system using random forest classifier and rough set theory for rules generation. In Springer, editor, Advanced Informatics for Computing Research. ICAICR 2019. Communications in Computer and Information Science, volume 1076.
Otoum, S., Kantarci, B., and Mouftah, H. (2019). Empowering reinforcement learning on big sensed data for intrusion detection. In 2019 IEEE International Conference on Communications (ICC), pages 1–7.
Van, N., Thinh, T., and Sach, L. (2017). An anomaly-based network intrusion detection system using deep learning. In 2017 International Conference on System Science and Engineering (ICSSE), pages 210–214.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Viegas, E. K., Santin, A. O., and Oliveira, L. S. (2017). Toward a reliable anomaly-based intrusion detection in real-world environments. Computer Networks, 127:200–216.
Al-Qatf, M., Lasheng, Y., Al-Habib, M., and Al-Sabahi, K. (2018). Deep learning approach combining sparse autoencoder with svm for network intrusion detection. In IEEE Access, volume 6, pages 52843–52856.
Caminero, G., Lopez-Martin, M., and Carro, B. (2019). Adversarial environment reinforcement learning algorithm for intrusion detection. In Computer Networks, volume 159, pages 96–109.
CERT.br (2019). Estatísticas dos incidentes reportados ao cert.br.
Chandak, T., Ghorpad, C., and Shukla, S. (2019). Effective analysis of feature selection algorithms for network based intrusion detection system. In 2019 IEEE Bombay Section Signature Conference (IBSSC), pages 1–5.
Cisco (2019). Cisco visual networking index: Global mobile data traffic forecast update, 2019 – 2022.
Cui, J., Long, J., Min, E., and Mao, Y. (2018). Wedl-nids: Improving network intrusion In Springer, editor, detection using word embedding-based deep learning method. Modeling Decisions for Artificial Intelligence, volume 11144.
Dominique, N. and Ma, Z. (2019). Enhancing network intrusion detection system method (nids) using mutual information (rf-cife). In Springer, editor, Security with Intelligent Computing and Big-data Services. SICBS 2018. Advances in Intelligent Systems and Computing, volume 895.
Gupta, D., Singhal, S., Malik, S., and Singh, A. (2016). Network intrusion detection system using various data mining techniques. In International Conference on Research Advances in Integrated Navigation Systems (RAINS 2016).
Gym. Openai. available online.
Haddad, Z., Hanoune, M., and Manoumi, A. (2016). A collaborative framework for intrusion detection (c-nids) in cloud computing. In 2016 2nd International Conference on Cloud Computing Technologies and Applications (CloudTech), pages 261–265.
Kugler, E., Santin, A. O., Cogo, V. V., and Abreu, V. (2020). Facing the unknown: A stream learning intrusion detection system for reliable model updates. In Advanced Information Networking and Applications, pages 898–909. Springer International Publishing.
Mallmann, J., Santin, A. O., Viegas, E. K., dos Santos, R. R., and Geremias, J. (2020). PPCensor: Architecture for real-time pornography detection in video streaming. Future Generation Computer Systems, 112:945–955.
Mawi. Mawi. available online.
Mawilab. Mawilab. available online.
Nanda, N. and Parikh, A. (2019). Hybrid approach for network intrusion detection system using random forest classifier and rough set theory for rules generation. In Springer, editor, Advanced Informatics for Computing Research. ICAICR 2019. Communications in Computer and Information Science, volume 1076.
Otoum, S., Kantarci, B., and Mouftah, H. (2019). Empowering reinforcement learning on big sensed data for intrusion detection. In 2019 IEEE International Conference on Communications (ICC), pages 1–7.
Van, N., Thinh, T., and Sach, L. (2017). An anomaly-based network intrusion detection system using deep learning. In 2017 International Conference on System Science and Engineering (ICSSE), pages 210–214.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Viegas, E. K., Santin, A. O., and Oliveira, L. S. (2017). Toward a reliable anomaly-based intrusion detection in real-world environments. Computer Networks, 127:200–216.
Publicado
13/10/2020
Como Citar
SANTOS, Roger R. dos; VIEGAS, Eduardo K.; SANTIN, Altair O.; MALLMANN, Jackson.
Um Sistema de Detecção de Intrusão Baseado em Aprendizagem por Reforço. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 20. , 2020, Petrópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 395-407.
DOI: https://doi.org/10.5753/sbseg.2020.19252.
