Impacto da criptografia da camada de transporte em análises de fluxos com aprendizado de máquina

Tiago de Carvalho Magnus; Jéferson de Campos Nobre

doi:10.5753/sbseg.2023.233560

Tiago de Carvalho Magnus UFRGS
Jéferson de Campos Nobre UFRGS

DOI: https://doi.org/10.5753/sbseg.2023.233560

Resumo

Com o aumento no uso da criptografia nas comunicações de redes de computadores, é possível que, no futuro, a criptografia dos protocolos da camada de transporte se torne algo comum, o que pode dificultar ou tornar menos eficiente a análise automatizada de fluxos de rede. Este artigo propõe e implementa uma análise sobre o impacto dessa possível criptografia em análises de fluxos com aprendizado de máquina. Os resultados mostraram que a criptografia dessa camada da rede poderia afetar a análise de fluxos de rede. Os conceitos de explicabilidade e interpretabilidade foram utilizados para avaliar a qualidade dos resultados.

Referências

Al-Essa, M. and Appice, A. (2022). Dealing with imbalanced data in multi-class network intrusion detection systems using xgboost. In Machine Learning and Principles and Practice of Knowledge Discovery in Databases: International Workshops of ECML PKDD 2021, Virtual Event, September 13-17, 2021, Proceedings, Part II, pages 5–21. Springer.

Alias, S. B., Manickam, S., and Kadhum, M. M. (2013). A study on packet capture mechanisms in real time network traffic. In 2013 International Conference on Advanced Computer Science Applications and Technologies, pages 456–460.

Bhuyan, M. H., Bhattacharyya, D. K., and Kalita, J. K. (2013). Network anomaly detection: methods, systems and tools. Ieee communications surveys & tutorials, 16(1):303– 336.

Bittau, A., Giffin, D. B., Handley, M. J., Mazieres, D., Slack, Q., and Smith, E. W. (2019a). Cryptographic Protection of TCP Streams (tcpcrypt). RFC 8548.

Bittau, A., Giffin, D. B., Handley, M. J., Mazieres, D., and Smith, E. W. (2019b). TCPENO: Encryption Negotiation Option. RFC 8547.

Bittau, A., Hamburg, M., Handley, M., Mazieres, D., and Boneh, D. (2010). The case for ubiquitous transport-level encryption. In 2010 USENIX Annual Technical Conference (USENIX ATC 10). USENIX Association.

Boukhtouta, A., Mokhov, S. A., Lakhdari, N.-E., Debbabi, M., and Paquet, J. (2016). Network malware classification comparison using dpi and flow packet headers. Journal of Computer Virology and Hacking Techniques, 12:69–100.

Boutaba, R., Salahuddin, M. A., Limam, N., Ayoubi, S., Shahriar, N., Estrada-Solano, F., and Caicedo, O. M. (2018). A comprehensive survey on machine learning for networking: evolution, applications and research opportunities. Journal of Internet Services and Applications, 9(1):1–99.

Dijkhuizen, N. V. and Ham, J. V. D. (2018). A survey of network traffic anonymisation techniques and implementations. ACM Computing Surveys (CSUR), 51(3):1–27.

Gupta, N., Jindal, V., and Bedi, P. (2022). Cse-ids: Using cost-sensitive deep learning and ensemble algorithms to handle class imbalance in network-based intrusion detection systems. Computers & Security, 112:102499.

H2O.ai (2023). H2O. 3.40.0.2.

Joshi, M. and Hadi, T. H. (2015). A review of network traffic analysis and prediction techniques. arXiv preprint arXiv:1507.05722.

Karagiannis, T., Papagiannaki, K., and Faloutsos, M. (2005). Blinc: multilevel traffic classification in the dark. In Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, pages 229– 240.

Le, T.-T.-H., Kim, H., Kang, H., and Kim, H. (2022). Classification and explanation for intrusion detection system based on ensemble trees and shap method. Sensors, 22(3):1154.

Lundberg, S. M. and Lee, S.-I. (2017). A unified approach to interpreting model predictions. In Guyon, I., Luxburg, U. V., Bengio, S., Wallach, H., Fergus, R., Vishwanathan, S., and Garnett, R., editors, Advances in Neural Information Processing Systems 30, pages 4765–4774. Curran Associates, Inc.

Rezaei, S. and Liu, X. (2019). Deep learning for encrypted traffic classification: An overview. IEEE communications magazine, 57(5):76–81.

Ring, M., Wunderlich, S., Scheuring, D., Landes, D., and Hotho, A. (2019). A survey of network-based intrusion detection data sets. Computers & Security, 86:147–167.

Rosay, A., Carlier, F., Cheval, E., and Leroux, P. (2021). From cic-ids2017 to lycosids2017: A corrected dataset for better performance. In IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology, pages 570–575.

Rosay, A., Riou, K., Carlier, F., and Leroux, P. (2022). Multi-layer perceptron for network intrusion detection: From a study on two recent data sets to deployment on automotive processor. Annals of Telecommunications, 77(5-6):371–394.

Sarhan, M., Layeghy, S., and Portmann, M. (2022). Towards a standard feature set for network intrusion detection system datasets. Mobile networks and applications, pages 1–14.

Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108–116.

Shen, M., Ye, K., Liu, X., Zhu, L., Kang, J., Yu, S., Li, Q., and Xu, K. (2023). Machine learning-powered encrypted network traffic analysis: A comprehensive survey. IEEE Communications Surveys Tutorials, 25(1):791–824.

Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the kdd cup 99 data set. In 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pages 1–6.

Ullah, I. and Mahmoud, Q. H. (2020). A scheme for generating a dataset for anomalous activity detection in iot networks. In Advances in Artificial Intelligence: 33rd Canadian Conference on Artificial Intelligence, Canadian AI 2020, Ottawa, ON, Canada, May 13–15, 2020, Proceedings 33, pages 508–520. Springer.