Predição Não-supervisionada de Ataques DDoS por Sinais Precoces e One-Class SVM
Resumo
A predição de ataques de negação de serviço distribuído (DDoS) é essencial para aumentar o tempo no combate aos ataques. Grande parte das soluções de predição de ataques DDoS utiliza dados rotulados, que é um processo custoso e limita a aplicação em ambientes reais. Para diminuir a dependência de dados rotulados, este trabalho apresenta PREDICTOR, um sistema para a predição de ataques DDoS baseado na teoria dos sinais precoces de alerta e na detecção de outliers. O sistema usa a teoria dos sinais precoces de alerta para indicar sinais da preparação dos ataques. Ele prediz o ataque usando o algoritmo One-Class SVM, um detector de outlier. Os resultados indicam que a predição ocorreu 31 minutos antes do início do ataque com acurácia de 91%.
Referências
Amer, M., Goldstein, M., and Abdennadher, S. (2013). Enhancing one-class support vector machines for unsupervised anomaly detection. In ACM SIGKDD, pages 8–15.
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., Kumar, D., Lever, C., Ma, Z., Mason, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., and Zhou, Y. (2017). Understanding the Mirai botnet. In USENIX CSS, page 1093–1110, USA. USENIX.
Arp, D., Quiring, E., Pendlebury, F., Warnecke, A., Pierazzi, F., Wressnegger, C., Cavallaro, L., and Rieck, K. (2022). Dos and don’ts of machine learning in computer security. In USENIX, pages 3971–3988, MA. USENIX Association.
Bedeian, A. G. and Mossholder, K. W. (2000). On the use of the coefficient of variation as a measure of diversity. ORM, 3(3):285–297.
Biggs, R., Carpenter, S. R., and Brock, W. A. (2009). Turning back from the brink: Detecting an impending regime shift in time to avert it. PNAS, 106(3):826–831.
Bouke, M. A., Abdullah, A., ALshatebi, S. H., Abdullah, M. T., and Atigh, H. E. (2023). An intelligent DDoS attack detection tree-based model using Gini index feature selection method. MICPRO, 98:104823.
Bury, T. M., Bauch, C. T., and Anand, M. (2020). Detecting and distinguishing tipping points using spectral early warning signals. J. R. Soc., 17(170).
Dakos, V., Carpenter, S. R., Brock, W. A., Ellison, A. M., Guttal, V., Ives, A. R., Kéfi, S., Livina, V., Seekell, D. A., van Nes, E. H., and Scheffer, M. (2012). Methods for detecting early warnings of critical transitions in time series illustrated using simulated ecological data. PLOS ONE, 7(7):1–20.
de Neira, A. B., Borges, L. F., de Araújo, A. M., and Nogueira, M. (2023). Engenharia de sinais precoces de alerta para a predição de ataques DDoS. In WGRS, page 14. SBC.
Devi, D., Biswas, S. K., and Purkayastha, B. (2019). Learning in presence of class imbalance and class overlapping by using One-Class SVM and undersampling technique. Connection Science, 31(2):105–142.
Dietzel, C., Feldmann, A., and King, T. (2016). Blackholing at IXPs: On the effectiveness of DDoS mitigation in the wild. In PAM, pages 319–332, Cham. Springer.
Feng, Y., Akiyama, H., Lu, L., and Sakurai, K. (2018). Feature selection for machine learning-based early detection of distributed cyber attacks. In DASC, page 8. IEEE.
Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45:100–123.
Guttal, V. and Jayaprakash, C. (2008). Changing skewness: an early warning signal of regime shifts in ecosystems. Ecology Letters, 11(5):450–460.
Joanes, D. N. and Gill, C. A. (1998). Comparing measures of sample skewness and kurtosis. J. R. Stat. Soc, 47(1):183–189.
Jyoti, N. and Behal, S. (2021). A meta-evaluation of machine learning techniques for detection of DDoS attacks. In INDIACom, pages 522–526, India. IEEE.
Kivalov, S. and Strelkovskaya, I. (2022). Detection and prediction of DDoS cyber attacks using spline functions. In TCSET, page 4, UA.
Liu, Y., Zhang, J., Sarabi, A., Liu, M., Karir, M., and Bailey, M. (2015). Predicting cyber security incidents using feature-based characterization of network-level malicious activities. In IWSPA, page 3–9, USA. ACM.
Machaka, P., Ajayi, O., Maluleke, H., Kahenga, F., Bagula, A., and Kyamakya, K. (2021). Modelling DDoS attacks in IoT networks using machine learning. arXiv, pages 1–20.
Muhammad, A., Asad, M., and Javed, A. R. (2020). Robust early stage botnet detection using machine learning. In ICCWS, pages 1–6, Pakistan. IEEE.
Muller, K.-R., Mika, S., Ratsch, G., Tsuda, K., and Scholkopf, B. (2001). An introduction to kernel-based learning algorithms. IEEE TNN, 12(2):181–201.
Rahal, B. M., Santos, A., and Nogueira, M. (2020). A distributed architecture for DDoS prediction and bot detection. IEEE Access, 8:159756–159772.
Said, D. (2023). Quantum computing and machine learning for cybersecurity: Distributed denial of service (DDoS) attack detection on smart micro-grid. Energies, 16(8).
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In ICCST.
Silva, G. L. F. M., de Neira, A. B., and Nogueira, M. (2022). A deep learning-based system for ddos attack anticipation. In LATINCOM, pages 1–6.
Wichtlhuber, M., Strehle, E., Kopp, D., Prepens, L., Stegmueller, S., Rubina, A., Dietzel, C., and Hohlfeld, O. (2022). IXP scrubber: learning from blackholing traffic for mldriven DDoS detection at scale. In SIGCOMM, pages 707–722.
Yoachimik, O., Desgats, J., and Forster, A. (2023). Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack. Acesso em: 05/2023. [link].
Zhong, L., Cheng, L., Xu, H., Wu, Y., Chen, Y., and Li, M. (2017). Segmentation of individual trees from TLS and MLS data. IEEE J-STARS, 10(2):774–787.
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., Kumar, D., Lever, C., Ma, Z., Mason, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., and Zhou, Y. (2017). Understanding the Mirai botnet. In USENIX CSS, page 1093–1110, USA. USENIX.
Arp, D., Quiring, E., Pendlebury, F., Warnecke, A., Pierazzi, F., Wressnegger, C., Cavallaro, L., and Rieck, K. (2022). Dos and don’ts of machine learning in computer security. In USENIX, pages 3971–3988, MA. USENIX Association.
Bedeian, A. G. and Mossholder, K. W. (2000). On the use of the coefficient of variation as a measure of diversity. ORM, 3(3):285–297.
Biggs, R., Carpenter, S. R., and Brock, W. A. (2009). Turning back from the brink: Detecting an impending regime shift in time to avert it. PNAS, 106(3):826–831.
Bouke, M. A., Abdullah, A., ALshatebi, S. H., Abdullah, M. T., and Atigh, H. E. (2023). An intelligent DDoS attack detection tree-based model using Gini index feature selection method. MICPRO, 98:104823.
Bury, T. M., Bauch, C. T., and Anand, M. (2020). Detecting and distinguishing tipping points using spectral early warning signals. J. R. Soc., 17(170).
Dakos, V., Carpenter, S. R., Brock, W. A., Ellison, A. M., Guttal, V., Ives, A. R., Kéfi, S., Livina, V., Seekell, D. A., van Nes, E. H., and Scheffer, M. (2012). Methods for detecting early warnings of critical transitions in time series illustrated using simulated ecological data. PLOS ONE, 7(7):1–20.
de Neira, A. B., Borges, L. F., de Araújo, A. M., and Nogueira, M. (2023). Engenharia de sinais precoces de alerta para a predição de ataques DDoS. In WGRS, page 14. SBC.
Devi, D., Biswas, S. K., and Purkayastha, B. (2019). Learning in presence of class imbalance and class overlapping by using One-Class SVM and undersampling technique. Connection Science, 31(2):105–142.
Dietzel, C., Feldmann, A., and King, T. (2016). Blackholing at IXPs: On the effectiveness of DDoS mitigation in the wild. In PAM, pages 319–332, Cham. Springer.
Feng, Y., Akiyama, H., Lu, L., and Sakurai, K. (2018). Feature selection for machine learning-based early detection of distributed cyber attacks. In DASC, page 8. IEEE.
Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45:100–123.
Guttal, V. and Jayaprakash, C. (2008). Changing skewness: an early warning signal of regime shifts in ecosystems. Ecology Letters, 11(5):450–460.
Joanes, D. N. and Gill, C. A. (1998). Comparing measures of sample skewness and kurtosis. J. R. Stat. Soc, 47(1):183–189.
Jyoti, N. and Behal, S. (2021). A meta-evaluation of machine learning techniques for detection of DDoS attacks. In INDIACom, pages 522–526, India. IEEE.
Kivalov, S. and Strelkovskaya, I. (2022). Detection and prediction of DDoS cyber attacks using spline functions. In TCSET, page 4, UA.
Liu, Y., Zhang, J., Sarabi, A., Liu, M., Karir, M., and Bailey, M. (2015). Predicting cyber security incidents using feature-based characterization of network-level malicious activities. In IWSPA, page 3–9, USA. ACM.
Machaka, P., Ajayi, O., Maluleke, H., Kahenga, F., Bagula, A., and Kyamakya, K. (2021). Modelling DDoS attacks in IoT networks using machine learning. arXiv, pages 1–20.
Muhammad, A., Asad, M., and Javed, A. R. (2020). Robust early stage botnet detection using machine learning. In ICCWS, pages 1–6, Pakistan. IEEE.
Muller, K.-R., Mika, S., Ratsch, G., Tsuda, K., and Scholkopf, B. (2001). An introduction to kernel-based learning algorithms. IEEE TNN, 12(2):181–201.
Rahal, B. M., Santos, A., and Nogueira, M. (2020). A distributed architecture for DDoS prediction and bot detection. IEEE Access, 8:159756–159772.
Said, D. (2023). Quantum computing and machine learning for cybersecurity: Distributed denial of service (DDoS) attack detection on smart micro-grid. Energies, 16(8).
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In ICCST.
Silva, G. L. F. M., de Neira, A. B., and Nogueira, M. (2022). A deep learning-based system for ddos attack anticipation. In LATINCOM, pages 1–6.
Wichtlhuber, M., Strehle, E., Kopp, D., Prepens, L., Stegmueller, S., Rubina, A., Dietzel, C., and Hohlfeld, O. (2022). IXP scrubber: learning from blackholing traffic for mldriven DDoS detection at scale. In SIGCOMM, pages 707–722.
Yoachimik, O., Desgats, J., and Forster, A. (2023). Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack. Acesso em: 05/2023. [link].
Zhong, L., Cheng, L., Xu, H., Wu, Y., Chen, Y., and Li, M. (2017). Segmentation of individual trees from TLS and MLS data. IEEE J-STARS, 10(2):774–787.
Publicado
18/09/2023
Como Citar
LIMA, Matheus H.; NEIRA, Anderson B. de; BORGES, Ligia F.; NOGUEIRA, Michele.
Predição Não-supervisionada de Ataques DDoS por Sinais Precoces e One-Class SVM. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 403-416.
DOI: https://doi.org/10.5753/sbseg.2023.233512.
