Detecção de Varreduras de Portas pela Análise Inteligente de Tráfego de Rede IoT
Resumo
A varredura de portas é uma técnica para identificar o estado de uma porta de rede. Essa técnica encontra portas abertas e vulnerabilidades na rede ou sistema. A varredura de portas é um primeiro passo em diferentes vetores de ataque. Portanto, é essencial detectar essas varreduras de portas para limitar os seus impactos. Os métodos tradicionais para detectar varreduras de portas são limitados porque se baseiam em regras estáticas e no conhecimento prévio da estrutura da rede. Este trabalho apresenta um novo método para a detecção de varredura de portas em comunicação na Internet of Things (IoT), utilizando técnicas de aprendizado de máquina. O método usa recursos de tráfego específicos para criar um perfil de comportamento de ataque. Por meio de uma rede neural, o modelo desenvolvido identifica a varredura de portas independentemente da topologia da rede. Os resultados mostram uma eficiência de até 90% na identificação de uma varredura de portas.Referências
Abbiati, G., Ranise, S., Schizzerotto, A., and Siena, A. (2021). Merging datasets of cybersecurity incidents for fun and insight. Frontiers in Big Data, 3.
Abu Bakar, R. and Kijsirikul, B. (2023). Enhancing network visibility and security with advanced port scanning techniques. Sensors, 23(17).
Al-Haija, Q. A., Saleh, E., and Alnabhan, M. (2021). Detecting port scan attacks using logistic regression. In 2021 4th International Symposium on Advanced Electrical and Communication Technologies (ISAECT), pages 1–5.
Almseidin, M., Al-Sawwa, J., and Alkasassbeh, M. (2022). Multi-step cyber-attack dataset (mscad for intrusion detection).
Baah, E. K., Yirenkyi, S., Asamoah, D., Oppong, S. O., Opoku-Mensah, E., Partey, B. T., Sackey, A. K., Kornyo, O., and Obu, E. (2022). Enhancing port scans attack detection using principal component analysis and machine learning algorithms. In International Conference on Frontiers in Cyber Security, pages 119–133. Springer.
Brahmi, H., Brahmi, I., and Ben Yahia, S. (2012). Omc-ids: at the cross-roads of olap mining and intrusion detection. In Advances in Knowledge Discovery and Data Mining: 16th Pacific-Asia Conference, PAKDD, Kuala Lumpur, Malaysia, May 29–June 1, 2012, Proceedings, Part II 16, pages 13–24. Springer.
CERT.BR (2023). Estatísticas dos Incidentes Reportados ao CERT. br. Disponível em: [link]. Acessado em Janeiro, 2024.
Ferrag, M. A., Friha, O., Hamouda, D., Maglaras, L., and Janicke, H. (2022). Edge-iiotset: A new comprehensive realistic cyber security dataset of iot and iiot applications: Centralized and federated learning.
Fortuna, P., Ferreira, J., Pires, L., Routar, G., and Nunes, S. (2018). Merging datasets for aggressive text identification. In Kumar, R., Ojha, A. K., Zampieri, M., and Malmasi, S., editors, Proceedings of the First Workshop on Trolling, Aggression and Cyber-bullying (TRAC-2018), pages 128–139, Santa Fe, New Mexico, USA. Association for Computational Linguistics.
Ge, J., Li, T., and Wu, Y. (2023). Online Encrypted Traffic Classification Based on Lightweight Neural Networks, pages 109–128. Wiley-IEEE Press.
Hartpence, B. and Kwasinski, A. (2020). Combating tcp port scan attacks using sequential neural networks. In International Conference on Computing, Networking and Communications (ICNC), pages 256–260. IEEE.
Huang, H., Wlazlo, P., Sahu, A., Walker, A., Goulart, A., Davis, K., Swiler, L., Tarman, T., and Vugrin, E. (2022). Dataset of port scanning attacks on emulation testbed and hardware-in-the-loop testbed.
Jemili, F., Zaghdoud, M., and Ahmed, M. B. (2007). A framework for an adaptive intrusion detection system using bayesian network. In IEEE Intelligence and Security Informatics, pages 66–70. IEEE.
Jony, A., Miah, A. S. M., and Islam, M. N. (2023). An effective method to detect dhcp starvation attack using port scanning. In International Conference on Next-Generation Computing, IoT and Machine Learning (NCIM), pages 1–6.
Lent, D. M. B., Novaes, M. P., Carvalho, L. F., Lloret, J., Rodrigues, J. J., and Proença, M. L. (2022). A gated recurrent unit deep learning model to detect and mitigate distributed denial of service and portscan attacks. IEEE Access, 10:73229–73242.
Orebaugh, A., Ramirez, G., Beale, J., and Wright, J. (2007). Wireshark & Ethereal Network Protocol Analyzer Toolkit. Syngress Publishing.
Pittman, J. M. (2023). Machine learning and port scans: A systematic review. arXiv preprint arXiv:2301.13581.
Sharafaldin, I., Lashkari, A. H., Ghorbani, A. A., et al. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108–116.
Sivanathan, A., Gharakheili, H. H., Loi, F., Radford, A., Wijenayake, C., Vishwanath, A., and Sivaraman, V. (2019). Classifying IoT devices in smart environments using network traffic characteristics. IEEE Transactions on Mobile Computing, 18(8):1745–1759.
Tang, F., Kawamoto, Y., Kato, N., Yano, K., and Suzuki, Y. (2020). Probe delay based adaptive port scanning for iot devices with private ip address behind nat. IEEE Network, 34(2):195–201.
Verma, S., Kawamoto, Y., and Kato, N. (2020). A novel iot-aware wlan environment identification for efficient internet-wide port scan. In IEEE Global Communications Conference - GLOBECOM, pages 1–6.
Verma, S., Kawamoto, Y., and Kato, N. (2021). A network-aware internet-wide scan for security maximization of ipv6-enabled wlan iot devices. IEEE Internet of Things Journal, 8(10):8411–8422.
Verma, S., Kawamoto, Y., and Kato, N. (2022). A smart internet-wide port scan approach for improving iot security under dynamic wlan environments. IEEE Internet of Things Journal, 9(14):11951–11961.
Zhang, J., Zulkernine, M., and Haque, A. (2008). Random-forests-based network intrusion detection systems. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 38(5):649–659.
Abu Bakar, R. and Kijsirikul, B. (2023). Enhancing network visibility and security with advanced port scanning techniques. Sensors, 23(17).
Al-Haija, Q. A., Saleh, E., and Alnabhan, M. (2021). Detecting port scan attacks using logistic regression. In 2021 4th International Symposium on Advanced Electrical and Communication Technologies (ISAECT), pages 1–5.
Almseidin, M., Al-Sawwa, J., and Alkasassbeh, M. (2022). Multi-step cyber-attack dataset (mscad for intrusion detection).
Baah, E. K., Yirenkyi, S., Asamoah, D., Oppong, S. O., Opoku-Mensah, E., Partey, B. T., Sackey, A. K., Kornyo, O., and Obu, E. (2022). Enhancing port scans attack detection using principal component analysis and machine learning algorithms. In International Conference on Frontiers in Cyber Security, pages 119–133. Springer.
Brahmi, H., Brahmi, I., and Ben Yahia, S. (2012). Omc-ids: at the cross-roads of olap mining and intrusion detection. In Advances in Knowledge Discovery and Data Mining: 16th Pacific-Asia Conference, PAKDD, Kuala Lumpur, Malaysia, May 29–June 1, 2012, Proceedings, Part II 16, pages 13–24. Springer.
CERT.BR (2023). Estatísticas dos Incidentes Reportados ao CERT. br. Disponível em: [link]. Acessado em Janeiro, 2024.
Ferrag, M. A., Friha, O., Hamouda, D., Maglaras, L., and Janicke, H. (2022). Edge-iiotset: A new comprehensive realistic cyber security dataset of iot and iiot applications: Centralized and federated learning.
Fortuna, P., Ferreira, J., Pires, L., Routar, G., and Nunes, S. (2018). Merging datasets for aggressive text identification. In Kumar, R., Ojha, A. K., Zampieri, M., and Malmasi, S., editors, Proceedings of the First Workshop on Trolling, Aggression and Cyber-bullying (TRAC-2018), pages 128–139, Santa Fe, New Mexico, USA. Association for Computational Linguistics.
Ge, J., Li, T., and Wu, Y. (2023). Online Encrypted Traffic Classification Based on Lightweight Neural Networks, pages 109–128. Wiley-IEEE Press.
Hartpence, B. and Kwasinski, A. (2020). Combating tcp port scan attacks using sequential neural networks. In International Conference on Computing, Networking and Communications (ICNC), pages 256–260. IEEE.
Huang, H., Wlazlo, P., Sahu, A., Walker, A., Goulart, A., Davis, K., Swiler, L., Tarman, T., and Vugrin, E. (2022). Dataset of port scanning attacks on emulation testbed and hardware-in-the-loop testbed.
Jemili, F., Zaghdoud, M., and Ahmed, M. B. (2007). A framework for an adaptive intrusion detection system using bayesian network. In IEEE Intelligence and Security Informatics, pages 66–70. IEEE.
Jony, A., Miah, A. S. M., and Islam, M. N. (2023). An effective method to detect dhcp starvation attack using port scanning. In International Conference on Next-Generation Computing, IoT and Machine Learning (NCIM), pages 1–6.
Lent, D. M. B., Novaes, M. P., Carvalho, L. F., Lloret, J., Rodrigues, J. J., and Proença, M. L. (2022). A gated recurrent unit deep learning model to detect and mitigate distributed denial of service and portscan attacks. IEEE Access, 10:73229–73242.
Orebaugh, A., Ramirez, G., Beale, J., and Wright, J. (2007). Wireshark & Ethereal Network Protocol Analyzer Toolkit. Syngress Publishing.
Pittman, J. M. (2023). Machine learning and port scans: A systematic review. arXiv preprint arXiv:2301.13581.
Sharafaldin, I., Lashkari, A. H., Ghorbani, A. A., et al. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108–116.
Sivanathan, A., Gharakheili, H. H., Loi, F., Radford, A., Wijenayake, C., Vishwanath, A., and Sivaraman, V. (2019). Classifying IoT devices in smart environments using network traffic characteristics. IEEE Transactions on Mobile Computing, 18(8):1745–1759.
Tang, F., Kawamoto, Y., Kato, N., Yano, K., and Suzuki, Y. (2020). Probe delay based adaptive port scanning for iot devices with private ip address behind nat. IEEE Network, 34(2):195–201.
Verma, S., Kawamoto, Y., and Kato, N. (2020). A novel iot-aware wlan environment identification for efficient internet-wide port scan. In IEEE Global Communications Conference - GLOBECOM, pages 1–6.
Verma, S., Kawamoto, Y., and Kato, N. (2021). A network-aware internet-wide scan for security maximization of ipv6-enabled wlan iot devices. IEEE Internet of Things Journal, 8(10):8411–8422.
Verma, S., Kawamoto, Y., and Kato, N. (2022). A smart internet-wide port scan approach for improving iot security under dynamic wlan environments. IEEE Internet of Things Journal, 9(14):11951–11961.
Zhang, J., Zulkernine, M., and Haque, A. (2008). Random-forests-based network intrusion detection systems. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 38(5):649–659.
Publicado
16/09/2024
Como Citar
BREZOLIN, Uelinton; NAKAYAMA, Fernando; NOGUEIRA, Michele.
Detecção de Varreduras de Portas pela Análise Inteligente de Tráfego de Rede IoT. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 271-286.
DOI: https://doi.org/10.5753/sbseg.2024.241769.
