Detecção de Intrusão Através de Aprendizagem de Fluxo no Ambiente do Adversário
Resumo
Apesar da existência de diversos trabalhos que utilizam técnicas de detecção de intrusão baseada em anomalia, dificilmente tais técnicas são utilizadas em produção. Percebe-se que, em geral, a literatura não considera o ambiente do adversário, em que um atacante tenta evadir o mecanismo de detecção. Neste artigo é proposto e avaliado uma abordagem para efetuar a detecção de intrusão em fluxo de dados de forma confiável no ambiente do adversário. A proposta utiliza detectores de anomalia específicos as classes consideradas e um mecanismo de rejeição para permitir a atualização do sistema de forma confiável. A avaliação da proposta mostrou que a abordagem provém resiliência a ataques causais e exploratórios.
Referências
Alsabti, K., Ranka, S. e Singh, V. (1997). An efficient k-means clustering algorithm. Electical engineering and Computer Science, v. 43 p. 2-7.
Axelsson, S. (2000). The Base-Rate Fallacy and the Difficulty of Intrusion Detection. ACM Transactions on Information and System Security, v. 3, n. 3, p. 186–205.
Bifet, A., Gavalda, R. e Gavaldà, R. (2007). Learning from Time-Changing Data with Adaptive Windowing. Sdm, v. 7, p. 2007.
Cavalcanti, G. D. C., Oliveira, L. S., Moura, T. J. M. e Carvalho, G. V. (2016). Combining diversity measures for ensemble pruning. Pattern Recognition Letters, v. 74, p. 38–45.
Corona, I., Giacinto, G. e Roli, F. (2013). Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues. Information Sciences, v. 239, p. 201–225.
Denning, D. E. (1987). An intrusion-detection model. Proceedings - IEEE Symposium on Security and Privacy, n. 2, p. 118–131.
García-Teodoro, P., Díaz-Verdejo, J., Maciá-Ferná Ndez, G. e Vá Zquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, v. 28, p. 18–28.
He, H., Chen, S., Li, K. e Xu, X. (2011). Incremental learning from stream data. IEEE Transactions on Neural Networks, v. 22, n. 12, p. 1901–14.
Joseph, A. D. e Taft, N. (2009). ANTIDOTE: Understanding and Defending against. Traffic, SIGCOMM, p. 1–14.
Jyothsna, V., V Rama Prasad, V. e Munivara Prasad, K. (2011). A Review of Anomaly based Intrusion Detection Systems. International Journal of Computer Applications, v. 28, n. 7, p. 26–35.
Kontaki, M., Gounaris, A., Papadopoulos, A. N., Tsichlas, K. e Manolopoulos, Y. (2011). Continuous Monitoring of Distance-Based Outliers over Data Streams.
Maggi, F., Robertson, W., Kruegel, C. e Vigna, G. (2009). Protecting a moving target: Addressing web application concept drift. Lecture Notes in Computer Science, v. 5758 LNCS, p. 21–40.
Nelson, B., Barreno, M., Chi, F. J., et al. (2008). Exploiting machine learning to subvert your spam filter. In Proceedings of the First Workshop on Large-scale Exploits and Emerging Threats (LEET), n. April, p. Article 7.
N. Srndic e Laskov, P. (2014). Practical Evasion of a Learning-Based Classifier: A Case Study, IEEE Symposium Security and Privacy, p. 197-211.
Oliveira, L. S., Sabourin, R., Bortolozzi, F. e Suen, C. Y. (2002). Automatic recognition of handwritten numerical strings: A Recognition and Verification strategy. IEEE Transactions on Pattern Analysis and Machine Intelligence, v. 24, n. 11, p. 1438–1454.
Sommer, R. e Paxson, V. (2010). Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. 2010 IEEE Symposium on Security and Privacy, v. 0, n. May, p. 305–316.
Tygar, J. D. (2011). Adversarial machine learning. IEEE Internet Computing, v. 15, n. 5, p. 4–6.
Viegas, E. K., Santin, A. O. e Oliveira, L. S. (2017) Toward a reliable anomaly-based intrusion detection in real-world environments. Computer Networks, v. 127, p. 200-216.
Wang, G., Barbara, S., Wang, T., Zheng, H. e Zhao, B. Y. (2014). Man vs. Machine: Practical Adversarial Detection of Malicious Crowdsourcing Workers. the 23rd USENIX Security Symposium, p. 239–254.
Axelsson, S. (2000). The Base-Rate Fallacy and the Difficulty of Intrusion Detection. ACM Transactions on Information and System Security, v. 3, n. 3, p. 186–205.
Bifet, A., Gavalda, R. e Gavaldà, R. (2007). Learning from Time-Changing Data with Adaptive Windowing. Sdm, v. 7, p. 2007.
Cavalcanti, G. D. C., Oliveira, L. S., Moura, T. J. M. e Carvalho, G. V. (2016). Combining diversity measures for ensemble pruning. Pattern Recognition Letters, v. 74, p. 38–45.
Corona, I., Giacinto, G. e Roli, F. (2013). Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues. Information Sciences, v. 239, p. 201–225.
Denning, D. E. (1987). An intrusion-detection model. Proceedings - IEEE Symposium on Security and Privacy, n. 2, p. 118–131.
García-Teodoro, P., Díaz-Verdejo, J., Maciá-Ferná Ndez, G. e Vá Zquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, v. 28, p. 18–28.
He, H., Chen, S., Li, K. e Xu, X. (2011). Incremental learning from stream data. IEEE Transactions on Neural Networks, v. 22, n. 12, p. 1901–14.
Joseph, A. D. e Taft, N. (2009). ANTIDOTE: Understanding and Defending against. Traffic, SIGCOMM, p. 1–14.
Jyothsna, V., V Rama Prasad, V. e Munivara Prasad, K. (2011). A Review of Anomaly based Intrusion Detection Systems. International Journal of Computer Applications, v. 28, n. 7, p. 26–35.
Kontaki, M., Gounaris, A., Papadopoulos, A. N., Tsichlas, K. e Manolopoulos, Y. (2011). Continuous Monitoring of Distance-Based Outliers over Data Streams.
Maggi, F., Robertson, W., Kruegel, C. e Vigna, G. (2009). Protecting a moving target: Addressing web application concept drift. Lecture Notes in Computer Science, v. 5758 LNCS, p. 21–40.
Nelson, B., Barreno, M., Chi, F. J., et al. (2008). Exploiting machine learning to subvert your spam filter. In Proceedings of the First Workshop on Large-scale Exploits and Emerging Threats (LEET), n. April, p. Article 7.
N. Srndic e Laskov, P. (2014). Practical Evasion of a Learning-Based Classifier: A Case Study, IEEE Symposium Security and Privacy, p. 197-211.
Oliveira, L. S., Sabourin, R., Bortolozzi, F. e Suen, C. Y. (2002). Automatic recognition of handwritten numerical strings: A Recognition and Verification strategy. IEEE Transactions on Pattern Analysis and Machine Intelligence, v. 24, n. 11, p. 1438–1454.
Sommer, R. e Paxson, V. (2010). Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. 2010 IEEE Symposium on Security and Privacy, v. 0, n. May, p. 305–316.
Tygar, J. D. (2011). Adversarial machine learning. IEEE Internet Computing, v. 15, n. 5, p. 4–6.
Viegas, E. K., Santin, A. O. e Oliveira, L. S. (2017) Toward a reliable anomaly-based intrusion detection in real-world environments. Computer Networks, v. 127, p. 200-216.
Wang, G., Barbara, S., Wang, T., Zheng, H. e Zhao, B. Y. (2014). Man vs. Machine: Practical Adversarial Detection of Malicious Crowdsourcing Workers. the 23rd USENIX Security Symposium, p. 239–254.
Publicado
06/11/2017
Como Citar
VIEGAS, Eduardo K.; SANTIN, Altair O.; ABREU, Vilmar; OLIVEIRA, Luiz E. S..
Detecção de Intrusão Através de Aprendizagem de Fluxo no Ambiente do Adversário. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 17. , 2017, Brasília.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2017
.
p. 210-223.
DOI: https://doi.org/10.5753/sbseg.2017.19501.
