BG-IDPS: Detecção e Prevenção de Intrusões em Tempo Real em Switches eBPF com o Filtro de Pacotes Berkeley e a Metaheurística GRASP-FS
Resumo
Sistemas de detecção de intrusões modernos são comumente desenvolvidos com uso de algoritmos de aprendizado de máquina e seleção de atributos. No entanto, o custo computacional desses algoritmos limita a capacidade de resposta imediata às intrusões. Neste trabalho, é proposta uma arquitetura para a detecção e prevenção de intrusões em tempo real em switches eBPF a partir de modelos otimizados assincronamente através da meta-heurística GRASP-FS. Como prova de conceito, um modelo é construído a partir de um computador e atualizado periodicamente em um switch eBPF. Os resultados obtidos revelam que a solução proposta é capaz de detectar e prevenir intrusões em tempo real com baixa sobrecarga para os cenários avaliados.
Palavras-chave:
Tempo-Real, Detecção de Intrusões, Seleção de Atributos
Referências
Accenture (2021). O estágio atual da resiliência cibernética. https://www.accenture.com/br-pt/insights/security/invest-cyber-resilience. Acessed: 13-06-2022.
Agman, Y. and Hendler, D. (2021). BPFroid: Robust Real Time Android Malware Detection Framework. arXiv preprint arXiv:2105.14344.
Bachl, M., Fabini, J., and Zseby, T. (2021). A flow-based IDS using Machine Learning in eBPF. arXiv preprint arXiv:2102.09980.
Deri, L., Sabella, S., Mainardi, S., Degano, P., and Zunino, R. (2019). Combining System Visibility and Security Using eBPF. In ITASEC.
Díez-Pastor, J.-F., García-Osorio, C., and Rodríguez, J. J. (2014). Tree ensemble construction using a GRASP-based heuristic and annealed randomness. Information Fusion, 20:189–202.
Diez-Pastor, J. F., García-Osorio, C., Rodríguez, J. J., and Bustillo, A. (2011). GRASP Forest: A New Ensemble Method for Trees. In Int. Workshop on Multiple Classifier Systems, pages 66–75. Springer.
Esseghir, M. A. (2010). Effective wrapper-filter hybridization through GRASP schemata. In Feature Selection in Data Mining, pages 45–54.
Feo, T. A. and Resende, M. G. (1989). A probabilistic heuristic for a computationally difficult set covering problem. Operations research letters, 8(2):67–71.
Foundation, T. L. (2022). eBPF . https://ebpf.io/. Acessado: em Junho/2022.
Guo, G., Wang, H., Bell, D., Bi, Y., and Greer, K. (2003). KNN model-based approach in classification. In OTM Confederated International Conferences, pages 986–996. Springer.
Kanakarajan, N. K. and Muniasamy, K. (2016). Improving the Accuracy of Intrusion Detection Using GAR-Forest with Feature Selection. In Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA), pages 539–547. Springer.
Kostopoulos, N., Korentis, S., Kalogeras, D., and Maglaris, V. (2021). Mitigation of DNS Water Torture Attacks within the Data Plane via XDP-Based Naive Bayes Classifiers. In 2021 IEEE 10th International Conference on Cloud Networking (CloudNet), pages 133–139.
Mahdavisharif, M., Jamali, S., and Fotohi, R. (2021). Big Data-Aware Intrusion Detection System in Communication Networks: a Deep Learning Approach. Journal of Grid Computing, 19(4):1–28.
McCanne, S. and Jacobson, V. (1993). The BSD Packet Filter: A New Architecture for User-level Packet Capture. In USENIX winter, volume 46.
Naghibi, T., Hoffmann, S., and Pfister, B. (2013). Convex approximation of the NP-hard search problem in feature subset selection. In 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, pages 3273–3277. IEEE.
Nakariyakul, S. and Casasent, D. P. (2009). An improvement on floating search algorithms for feature subset selection. Pattern Recognition, 42(9):1932–1940.
O’Neillarchive, P. H. (2022). Russian hackers tried to bring down Ukraine’s power grid to help the invasion. [link]. Acessed: 05-09-2022.
Quincozes, S. E., Mossé, D., Passos, D., Albuquerque, C., Ochi, L. S., and dos Santos, V. F. (2021). On the Performance of GRASP-Based Feature Selection for CPS Intrusion Detection. IEEE Trans. on Net. and Service Management.
Quincozes, S. E., Passos, D., Albuquerque, C., Ochi, L. S., and Mossé, D. (2020). GRASP-based Feature Selection for Intrusion Detection in CPS Perception Layer. In 2020 4th Conference on cloud and internet of things (CIoT), pages 41–48. IEEE.
Rodrigues, C. (2022). Preparado para o próximo ciberataque? https://revista.consumidormoderno.com.br/preparado-para-proximo-ciberataque. 13-06-2022.
Scholz, D., Raumer, D., Emmerich, P., Kurtz, A., Lesiak, K., and Carle, G. (2018). Performance Implications of Packet Filtering with Linux eBPF. In International Teletraffic Congress, pages 209–217.
Shiraishi, T., Noro, M., Kondo, R., Takano, Y., and Oguchi, N. (2020). Real-time Monitoring System for Container Networks in the Era of Microservices. In 2020 21st Asia-Pacific Network Operations and Management Symposium (APNOMS), pages 161–166.
Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the kdd cup 99 data set. In 2009 IEEE symposium on computational intelligence for security and defense applications,pages 1–6.
Van Tu, N., Yoo, J.-H., and Hong, J. W.-K. (2021). PPTMon: Real-Time and Fine-Grained Packet Processing Time Monitoring in Virtual Network Functions. IEEE TNSM, 18(4):4324–4336.
Vieira, M. A., Pacífico, R. D., Castanho, M. S., Santos, E. R., Júnior, E. P. C., and Vieira, L. F. (2019). Processamento Rápido de Pacotes com eBPF e XDP. Sociedade Brasileira de Computação.
Wang, S.-Y. and Chang, J.-C. (2022). Design and implementation of an intrusion detection system by using Extended BPF in the Linux kernel. Journal of Network and Computer Applications, 198:103283.
Witten, I. H., Frank, E., and Hall, M. A. (2011). Data Mining: Practical machine learning tools and techniques. Morgan Kaufmann Publishers (Elsevier), 3 edition.
Yusta, S. C. (2009). Different metaheuristic strategies to solve the feature selection problem. Pattern Recognition Letters, 30(5):525–534.
Zhang, X., Liu, Z., and Bai, J. (2021). Linux Network Situation Prediction Model Based on eBPF and LSTM. In 2021 16th International Conference on Intelligent Systems and Knowledge Engineering, pages 551–556.
Agman, Y. and Hendler, D. (2021). BPFroid: Robust Real Time Android Malware Detection Framework. arXiv preprint arXiv:2105.14344.
Bachl, M., Fabini, J., and Zseby, T. (2021). A flow-based IDS using Machine Learning in eBPF. arXiv preprint arXiv:2102.09980.
Deri, L., Sabella, S., Mainardi, S., Degano, P., and Zunino, R. (2019). Combining System Visibility and Security Using eBPF. In ITASEC.
Díez-Pastor, J.-F., García-Osorio, C., and Rodríguez, J. J. (2014). Tree ensemble construction using a GRASP-based heuristic and annealed randomness. Information Fusion, 20:189–202.
Diez-Pastor, J. F., García-Osorio, C., Rodríguez, J. J., and Bustillo, A. (2011). GRASP Forest: A New Ensemble Method for Trees. In Int. Workshop on Multiple Classifier Systems, pages 66–75. Springer.
Esseghir, M. A. (2010). Effective wrapper-filter hybridization through GRASP schemata. In Feature Selection in Data Mining, pages 45–54.
Feo, T. A. and Resende, M. G. (1989). A probabilistic heuristic for a computationally difficult set covering problem. Operations research letters, 8(2):67–71.
Foundation, T. L. (2022). eBPF . https://ebpf.io/. Acessado: em Junho/2022.
Guo, G., Wang, H., Bell, D., Bi, Y., and Greer, K. (2003). KNN model-based approach in classification. In OTM Confederated International Conferences, pages 986–996. Springer.
Kanakarajan, N. K. and Muniasamy, K. (2016). Improving the Accuracy of Intrusion Detection Using GAR-Forest with Feature Selection. In Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA), pages 539–547. Springer.
Kostopoulos, N., Korentis, S., Kalogeras, D., and Maglaris, V. (2021). Mitigation of DNS Water Torture Attacks within the Data Plane via XDP-Based Naive Bayes Classifiers. In 2021 IEEE 10th International Conference on Cloud Networking (CloudNet), pages 133–139.
Mahdavisharif, M., Jamali, S., and Fotohi, R. (2021). Big Data-Aware Intrusion Detection System in Communication Networks: a Deep Learning Approach. Journal of Grid Computing, 19(4):1–28.
McCanne, S. and Jacobson, V. (1993). The BSD Packet Filter: A New Architecture for User-level Packet Capture. In USENIX winter, volume 46.
Naghibi, T., Hoffmann, S., and Pfister, B. (2013). Convex approximation of the NP-hard search problem in feature subset selection. In 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, pages 3273–3277. IEEE.
Nakariyakul, S. and Casasent, D. P. (2009). An improvement on floating search algorithms for feature subset selection. Pattern Recognition, 42(9):1932–1940.
O’Neillarchive, P. H. (2022). Russian hackers tried to bring down Ukraine’s power grid to help the invasion. [link]. Acessed: 05-09-2022.
Quincozes, S. E., Mossé, D., Passos, D., Albuquerque, C., Ochi, L. S., and dos Santos, V. F. (2021). On the Performance of GRASP-Based Feature Selection for CPS Intrusion Detection. IEEE Trans. on Net. and Service Management.
Quincozes, S. E., Passos, D., Albuquerque, C., Ochi, L. S., and Mossé, D. (2020). GRASP-based Feature Selection for Intrusion Detection in CPS Perception Layer. In 2020 4th Conference on cloud and internet of things (CIoT), pages 41–48. IEEE.
Rodrigues, C. (2022). Preparado para o próximo ciberataque? https://revista.consumidormoderno.com.br/preparado-para-proximo-ciberataque. 13-06-2022.
Scholz, D., Raumer, D., Emmerich, P., Kurtz, A., Lesiak, K., and Carle, G. (2018). Performance Implications of Packet Filtering with Linux eBPF. In International Teletraffic Congress, pages 209–217.
Shiraishi, T., Noro, M., Kondo, R., Takano, Y., and Oguchi, N. (2020). Real-time Monitoring System for Container Networks in the Era of Microservices. In 2020 21st Asia-Pacific Network Operations and Management Symposium (APNOMS), pages 161–166.
Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the kdd cup 99 data set. In 2009 IEEE symposium on computational intelligence for security and defense applications,pages 1–6.
Van Tu, N., Yoo, J.-H., and Hong, J. W.-K. (2021). PPTMon: Real-Time and Fine-Grained Packet Processing Time Monitoring in Virtual Network Functions. IEEE TNSM, 18(4):4324–4336.
Vieira, M. A., Pacífico, R. D., Castanho, M. S., Santos, E. R., Júnior, E. P. C., and Vieira, L. F. (2019). Processamento Rápido de Pacotes com eBPF e XDP. Sociedade Brasileira de Computação.
Wang, S.-Y. and Chang, J.-C. (2022). Design and implementation of an intrusion detection system by using Extended BPF in the Linux kernel. Journal of Network and Computer Applications, 198:103283.
Witten, I. H., Frank, E., and Hall, M. A. (2011). Data Mining: Practical machine learning tools and techniques. Morgan Kaufmann Publishers (Elsevier), 3 edition.
Yusta, S. C. (2009). Different metaheuristic strategies to solve the feature selection problem. Pattern Recognition Letters, 30(5):525–534.
Zhang, X., Liu, Z., and Bai, J. (2021). Linux Network Situation Prediction Model Based on eBPF and LSTM. In 2021 16th International Conference on Intelligent Systems and Knowledge Engineering, pages 551–556.
Publicado
12/09/2022
Como Citar
CARVALHO, Diego; QUINCOZES, Vagner E.; QUINCOZES, Silvio E.; KAZIENKO, Juliano F.; SANTOS, Carlos Raniery Paula dos.
BG-IDPS: Detecção e Prevenção de Intrusões em Tempo Real em Switches eBPF com o Filtro de Pacotes Berkeley e a Metaheurística GRASP-FS. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 139-152.
DOI: https://doi.org/10.5753/sbseg.2022.225326.