Detecção de ataques de negativa de serviço por meio de fluxos de dados e sistemas inteligentes
Abstract
This article presents a new model to anomalies and intrusion attempts detection based on the use of network flows (Netflow standard) and in the classification capacity of the artificial neural networks. The model is characterized by the behavior based detection of network environment together with the capacity of knowledge absorption of the intelligent systems. A new concept of signature is used, being tested several models along the evolution of the system. Several attacks like DoS, DDoS and worms activities are detected quickly, in a scalable and automated way for medium and big load environment, characterizing an effective monitor model for networks connected to the Internet.References
Abad, C.; LI, Y.; Lakkaraju, K.; Yin, X.; Yurcik, W. Correlation Between NetFlow System and Network Views for Intrusion Detection, In Workshop on Link Analysis, Counter-terrorism, and Privacy held in conjunction with the SIAM International Conference on Data Mining (ICDM), 2004.
Allen, Julia H. The CERT Guide to System and Network Security Practices. The SEI Series in Software Engineering. Addison Wesley Professional, 2001, ISBN-10: 0-201-73723-X; ISBN-13: 978-0-201-73723-3.
Bonifacio Jr., J. M., Moreira, E. S., Cansian, Adriano Mauro e Carvalho, A. C. P. L. F. An Adaptive Intrusion Detection System Using Neural Networks. In: Proceedings of the 14th Int. Information Security Conference (IFIP/Sec’98, part of the 15th IFIP World Computer Congress), 31 Aug - 4 Sep, 1998, Vienna, Budapest e Austria, Hungary (joint conference), 1998. IFIP, Austrian Computer Society.
Cansian, A. M.; Silva, A. R. A. da; Souza, M. de. An attack signature model to computer security intrusion detection. Milcom 2002: Proceedings, v. 2, p.1368-1373, 07-10 out. 2002.
CERT.br. Incidentes Reportados ao Cert.br - Janeiro a Dezembro de 2006. Disponível em: http://www.cert.br/stats/incidentes/2006-jan-dec/tipos-ataque.html.
CERT.br - Cartilha de Segurança para Internet, versão 3.1. São Paulo: Comitê Gestor da Internet no Brasil, 2006.
Claise, B. RFC 3954: Cisco Systems NetFlow Services Export Version 9. Published by Internet Engineering Task Force (IETF). Internet Society (ISOC) RFC Editor. USA. oct. 2004. Disponível em: http://www.ietf.org/rfc/rfc3954.txt. Acessado em: 11 dez. 2006.
Fullmer, M. Flow-caputre: Manage storage of flow file archives by expiring old data. Disponível em: http://www.splintered.net/sw/flow-tools/docs/flow-capture.html. Acessado em: 11 dez. 2006.
Fullmer, M. Flow-tools Description. Disponível em: http://www.splintered.net/sw/flow-tools/docs/flow-tools.html. Acessado em: 17 ago. 2006.
Geer, D. Behavior-based network security goes mainstream. In: IEEE Computer, v.39, n.3, pp. 14-17, 2006.
Gil, T. M. NSTX: IP-over-DNS. Disponível em: http://thomer.com/howtos/nstx.html. Acessado em: 11 dez. 2006.
Goyal, V. et al. CompChall: Addressing Password Guessing Attacks. International Conference on Information Technology: Coding and Computing (ITCC), 2005. v1, n.1, p.739-744, april 2005.
Jung, J.; Krishnamurthy, B.; Rabinovich, M. Flash Crowds and Denial of Service Attacks. Proceedings of WWW-2002, Hawaii, v.1, p.293-304, May 2002.
Virus Profile: W95/Kuang.gen Trojan. Disponível em: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=10213. Acessado em: 11 dez. 2006.
Longstaff, I. D., Cross, J. F. A pattern recognition approach to understanding the multi-layer perceptron. Pattern Recogn. Lett. 5, 5 (May. 1987), 315-319.
Manoj Parameswaran, Xia Zhao, Andrew B. Whinston, Fang Fang, "Reengineering the Internet for Better Security," Computer, vol. 40, no. 1, pp. 40-44, Jan., 2007.
Mukherjee, B., Heberlein, L. and Levitt, K. Network Intrusion Detection, IEEE Network, vol. 8, pp. 26-41, May/June 1994.
Quittek, J. et al. RFC 3917: Requirements for IP Flow Information Export: IPFIX. 2004. Published by Internet Engineering Task Force (IETF). Internet Society (ISOC) RFC Editor, USA, oct. 2004.
Rosenblatt, F. The perceptron: A probabilistic model for information storage and organization in the brain. Psychol. Rev., 65:386-408, 1958.
Rosenblatt, F. Principles of Neurodynamics: Perceptrons and the theory of brain mechanisms. Spartan Books, New York, 1962.
University of Stuttgart. SNNS - Stuttgart Neural Network Simulator. Disponível em http://www-ra.informatik.uni-tuebingen.de/SNNS/. Acessado em: 23 jul. 2007.
Wilkinson, T. S.; Mighell, D. A.; Goodman, J. W. Backpropagation and its application to handwritten signature verification. In Book: Advances in neural information processing systems 1, Morgan Kaufmann Publishers Inc. San Francisco, CA, USA, 1989.
Allen, Julia H. The CERT Guide to System and Network Security Practices. The SEI Series in Software Engineering. Addison Wesley Professional, 2001, ISBN-10: 0-201-73723-X; ISBN-13: 978-0-201-73723-3.
Bonifacio Jr., J. M., Moreira, E. S., Cansian, Adriano Mauro e Carvalho, A. C. P. L. F. An Adaptive Intrusion Detection System Using Neural Networks. In: Proceedings of the 14th Int. Information Security Conference (IFIP/Sec’98, part of the 15th IFIP World Computer Congress), 31 Aug - 4 Sep, 1998, Vienna, Budapest e Austria, Hungary (joint conference), 1998. IFIP, Austrian Computer Society.
Cansian, A. M.; Silva, A. R. A. da; Souza, M. de. An attack signature model to computer security intrusion detection. Milcom 2002: Proceedings, v. 2, p.1368-1373, 07-10 out. 2002.
CERT.br. Incidentes Reportados ao Cert.br - Janeiro a Dezembro de 2006. Disponível em: http://www.cert.br/stats/incidentes/2006-jan-dec/tipos-ataque.html.
CERT.br - Cartilha de Segurança para Internet, versão 3.1. São Paulo: Comitê Gestor da Internet no Brasil, 2006.
Claise, B. RFC 3954: Cisco Systems NetFlow Services Export Version 9. Published by Internet Engineering Task Force (IETF). Internet Society (ISOC) RFC Editor. USA. oct. 2004. Disponível em: http://www.ietf.org/rfc/rfc3954.txt. Acessado em: 11 dez. 2006.
Fullmer, M. Flow-caputre: Manage storage of flow file archives by expiring old data. Disponível em: http://www.splintered.net/sw/flow-tools/docs/flow-capture.html. Acessado em: 11 dez. 2006.
Fullmer, M. Flow-tools Description. Disponível em: http://www.splintered.net/sw/flow-tools/docs/flow-tools.html. Acessado em: 17 ago. 2006.
Geer, D. Behavior-based network security goes mainstream. In: IEEE Computer, v.39, n.3, pp. 14-17, 2006.
Gil, T. M. NSTX: IP-over-DNS. Disponível em: http://thomer.com/howtos/nstx.html. Acessado em: 11 dez. 2006.
Goyal, V. et al. CompChall: Addressing Password Guessing Attacks. International Conference on Information Technology: Coding and Computing (ITCC), 2005. v1, n.1, p.739-744, april 2005.
Jung, J.; Krishnamurthy, B.; Rabinovich, M. Flash Crowds and Denial of Service Attacks. Proceedings of WWW-2002, Hawaii, v.1, p.293-304, May 2002.
Virus Profile: W95/Kuang.gen Trojan. Disponível em: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=10213. Acessado em: 11 dez. 2006.
Longstaff, I. D., Cross, J. F. A pattern recognition approach to understanding the multi-layer perceptron. Pattern Recogn. Lett. 5, 5 (May. 1987), 315-319.
Manoj Parameswaran, Xia Zhao, Andrew B. Whinston, Fang Fang, "Reengineering the Internet for Better Security," Computer, vol. 40, no. 1, pp. 40-44, Jan., 2007.
Mukherjee, B., Heberlein, L. and Levitt, K. Network Intrusion Detection, IEEE Network, vol. 8, pp. 26-41, May/June 1994.
Quittek, J. et al. RFC 3917: Requirements for IP Flow Information Export: IPFIX. 2004. Published by Internet Engineering Task Force (IETF). Internet Society (ISOC) RFC Editor, USA, oct. 2004.
Rosenblatt, F. The perceptron: A probabilistic model for information storage and organization in the brain. Psychol. Rev., 65:386-408, 1958.
Rosenblatt, F. Principles of Neurodynamics: Perceptrons and the theory of brain mechanisms. Spartan Books, New York, 1962.
University of Stuttgart. SNNS - Stuttgart Neural Network Simulator. Disponível em http://www-ra.informatik.uni-tuebingen.de/SNNS/. Acessado em: 23 jul. 2007.
Wilkinson, T. S.; Mighell, D. A.; Goodman, J. W. Backpropagation and its application to handwritten signature verification. In Book: Advances in neural information processing systems 1, Morgan Kaufmann Publishers Inc. San Francisco, CA, USA, 1989.
Published
2007-08-27
How to Cite
CANSIAN, Adriano M.; CORRÊA, Jorge L..
Detecção de ataques de negativa de serviço por meio de fluxos de dados e sistemas inteligentes. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 7. , 2007, Rio de Janeiro.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2007
.
p. 38-54.
DOI: https://doi.org/10.5753/sbseg.2007.20916.
