Combinando Algoritmos de Classificação para Detecção de Intrusão em Redes de Computadores
Resumo
Detecção de intrusão é o processo de monitorar e analisar eventos que ocorrem em uma rede em busca de sinais de intrusão. A literatura apresenta inúmeros trabalhos que utilizam técnicas de comitês de classificadores para resolver problemas de detecção. Este trabalho propõe um modelo de detecção em três níveis. Em cada nível são aplicados classificadores gerados por um mesmo algoritmo base e seus resultados são combinados nos níveis posteriores. O ultimo nível de classificação forma um comitê de comitês, que tenta viabilizar uma maior precisão na detecção. Os resultados apresentados demonstram que o modelo proposto apresenta melhor desempenho em relação a outros trabalhos encontrados na literatura.
Referências
Abraham, A., Grosan, C. and Vide, C. M. (2007). Evolutionary Design of Intrusion Detection Programs. In International Journal of Network Security, pages 328-339.
Borji, A. (2007). Combining Heterogeneous Classifiers for Network Intrusion Detection. In Lecture Notes in Computer Science, Volume 4846, pages 254-260. Springer.
Breiman, L. (1996). Bagging Predictors. In Machine Learning 24(3), pages 123–140.
Breiman, L. (2001). Random Forests. In Journal of Machine Learning, Vol.45, pages 532. Kluwer Academic, Netherland.
Chou, T., Fan, J., Fan, S. and Makki, K. (2009). Ensemble of machine learning algorithms for intrusion detection. In Systems, Man and Cybernetic, pages 3976-3980.
Debar, H., Dacier, M. and Wespi, A. (2000).A Revised Taxonomy for Intrusion Detection Systems. Annals of Telecommunications, pages 361-378.
Elkan, C. (2000). Results of the KDD’99 Classifier Learning. In SIGKDD Explorations, ACM SIGKDD.
Freund, Y. and Schapire, R. E. (1996). Experiments with a new boosting algorithm. In Thirteenth International Conference on Machine Learning, pages 148-156.
Geurts, P., Ernst, D. and Wehenkel, L. (2006). Extremely randomized trees. In Machine Learning, Vol. 63, pages 3-42.
Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P. and Witten, I. H. (2009).
The WEKA Data Mining Software: An Update. In SIGKDD Explorations, Volume 11, Issue 1. John, G. H. and Langley, P. (1995). Estimating Continuous Distributions in Bayesian Classifiers. In Eleventh Conference on Uncertainty in Artificial Intelligence, pages 338-345.
Kuncheva, L. I. (2004). Combining Pattern Classifiers: Methods and Algorithms. John Wiley & Sons, Inc. Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A. and Srivastava, J. (2003). A comparative study of anomaly detection schemes in network intrusion detection. In Proceedings of the Third SIAM Conference on Data Mining.
Lee, W., Stolfo, S. J. and Mok, K. W. (1999). A Data Mining Framework for Building Intrusion Detection Models. In IEEE Symposium on Security and Privacy, pages. 120-132.
Lira, M. M. S., de Aquino, R. R. B., Ferreira, A. A., Carvalho, M. A., Neto, O. N. and Santos, G. S. M. (2007). Combining Multiple Artificial Neural Networks Using Random Committee to Decide upon Electrical Disturbance Classification. In International Joint Conference on Neural Networks, pages 2863-2868.
Mafra, P. M., Fraga, J. da S., Moll, V., Santin, A. O. (2008). Polvo-IIDS: Um Sistema de Detecção de Intrusão Inteligente Baseado em Anomalias. In VIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSEG'08), pages 61-72.
Mukkamala, S., Hung, A.H. and Abraham, A. (2005). Intrusion Detection Using an Ensemble of Intelligent Paradigms. In Journal of Network and Computer Applications, Vol. 28, pages 167-182."
Osareh, A. and Shadgar, B. (2008).Intrusion Detection in Computer Networks based on Machine Learning Algorithms. In International Journal of Computer Science and Network Security, VOL.8 No.11, pages 15-23.
Paxson V. (2007). Considerations and Pitfalls for Conducting Intrusion Detection Research. Keynote, Fourth GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA).
Quinlan, R. (1993). C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers, San Mateo, CA.
Rish, I. (2001). An empirical study of the naive Bayes classifier. In workshop on Empirical Methods in AI.
Stallings, W. (2005). Cryptography and Network Security Principles and Practices. Prentice Hall, 4th edition.
Tavallaee, M., Bagheri, E., Lu, W. and Ghorbani, A. A. (2009). A Detailed Analysis of the KDD CUP 99 Data Set. In Proceedings of the Second IEEE Symposium on Computational Intelligence in Security and Defense Applications,pages 53-58.
Ting, K. M. and Witten, I. H. (1997). Stacking Bagged and Dagged Models. In Fourteenth international Conference on Machine Learning, pages 367-375.
Webb, G. I. (2000). MultiBoosting: A Technique for Combining Boosting and Wagging. Machine Learning. Vol.40(No.2).
Witten, I. H. and Frank, E. (2005). Data Mining: Pratical Machine Learning Tools and Techniques. Morgan Kaufmann Publishers, 2th Edition.
Zai-an, R., Bin, W., Shi-ming, Z., Zhuang, M. and Rong-ming, S. (2010). A WSRFenabled Distributed Data Mining Approach to Clustering WEKA4WS-Based. In Proceedings of IEEE Second Symposium on Web Society (SWS), pages 219-226.
Zainal, A., Maarof, M.A., Shamsuddin, S.M. and Abraham, A. (2008). Ensemble of One-class Classifiers for Network Intrusion Detection System. In Proceedings of Fourth International Conference on Information Assurance and Security, pages 180-185.
Borji, A. (2007). Combining Heterogeneous Classifiers for Network Intrusion Detection. In Lecture Notes in Computer Science, Volume 4846, pages 254-260. Springer.
Breiman, L. (1996). Bagging Predictors. In Machine Learning 24(3), pages 123–140.
Breiman, L. (2001). Random Forests. In Journal of Machine Learning, Vol.45, pages 532. Kluwer Academic, Netherland.
Chou, T., Fan, J., Fan, S. and Makki, K. (2009). Ensemble of machine learning algorithms for intrusion detection. In Systems, Man and Cybernetic, pages 3976-3980.
Debar, H., Dacier, M. and Wespi, A. (2000).A Revised Taxonomy for Intrusion Detection Systems. Annals of Telecommunications, pages 361-378.
Elkan, C. (2000). Results of the KDD’99 Classifier Learning. In SIGKDD Explorations, ACM SIGKDD.
Freund, Y. and Schapire, R. E. (1996). Experiments with a new boosting algorithm. In Thirteenth International Conference on Machine Learning, pages 148-156.
Geurts, P., Ernst, D. and Wehenkel, L. (2006). Extremely randomized trees. In Machine Learning, Vol. 63, pages 3-42.
Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P. and Witten, I. H. (2009).
The WEKA Data Mining Software: An Update. In SIGKDD Explorations, Volume 11, Issue 1. John, G. H. and Langley, P. (1995). Estimating Continuous Distributions in Bayesian Classifiers. In Eleventh Conference on Uncertainty in Artificial Intelligence, pages 338-345.
Kuncheva, L. I. (2004). Combining Pattern Classifiers: Methods and Algorithms. John Wiley & Sons, Inc. Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A. and Srivastava, J. (2003). A comparative study of anomaly detection schemes in network intrusion detection. In Proceedings of the Third SIAM Conference on Data Mining.
Lee, W., Stolfo, S. J. and Mok, K. W. (1999). A Data Mining Framework for Building Intrusion Detection Models. In IEEE Symposium on Security and Privacy, pages. 120-132.
Lira, M. M. S., de Aquino, R. R. B., Ferreira, A. A., Carvalho, M. A., Neto, O. N. and Santos, G. S. M. (2007). Combining Multiple Artificial Neural Networks Using Random Committee to Decide upon Electrical Disturbance Classification. In International Joint Conference on Neural Networks, pages 2863-2868.
Mafra, P. M., Fraga, J. da S., Moll, V., Santin, A. O. (2008). Polvo-IIDS: Um Sistema de Detecção de Intrusão Inteligente Baseado em Anomalias. In VIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSEG'08), pages 61-72.
Mukkamala, S., Hung, A.H. and Abraham, A. (2005). Intrusion Detection Using an Ensemble of Intelligent Paradigms. In Journal of Network and Computer Applications, Vol. 28, pages 167-182."
Osareh, A. and Shadgar, B. (2008).Intrusion Detection in Computer Networks based on Machine Learning Algorithms. In International Journal of Computer Science and Network Security, VOL.8 No.11, pages 15-23.
Paxson V. (2007). Considerations and Pitfalls for Conducting Intrusion Detection Research. Keynote, Fourth GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA).
Quinlan, R. (1993). C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers, San Mateo, CA.
Rish, I. (2001). An empirical study of the naive Bayes classifier. In workshop on Empirical Methods in AI.
Stallings, W. (2005). Cryptography and Network Security Principles and Practices. Prentice Hall, 4th edition.
Tavallaee, M., Bagheri, E., Lu, W. and Ghorbani, A. A. (2009). A Detailed Analysis of the KDD CUP 99 Data Set. In Proceedings of the Second IEEE Symposium on Computational Intelligence in Security and Defense Applications,pages 53-58.
Ting, K. M. and Witten, I. H. (1997). Stacking Bagged and Dagged Models. In Fourteenth international Conference on Machine Learning, pages 367-375.
Webb, G. I. (2000). MultiBoosting: A Technique for Combining Boosting and Wagging. Machine Learning. Vol.40(No.2).
Witten, I. H. and Frank, E. (2005). Data Mining: Pratical Machine Learning Tools and Techniques. Morgan Kaufmann Publishers, 2th Edition.
Zai-an, R., Bin, W., Shi-ming, Z., Zhuang, M. and Rong-ming, S. (2010). A WSRFenabled Distributed Data Mining Approach to Clustering WEKA4WS-Based. In Proceedings of IEEE Second Symposium on Web Society (SWS), pages 219-226.
Zainal, A., Maarof, M.A., Shamsuddin, S.M. and Abraham, A. (2008). Ensemble of One-class Classifiers for Network Intrusion Detection System. In Proceedings of Fourth International Conference on Information Assurance and Security, pages 180-185.
Publicado
06/11/2011
Como Citar
RAMOS, Alex L.; SANTOS, Cícero N. dos.
Combinando Algoritmos de Classificação para Detecção de Intrusão em Redes de Computadores. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 11. , 2011, Brasília.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2011
.
p. 211-224.
DOI: https://doi.org/10.5753/sbseg.2011.20574.
