Gerenciamento de Conexões usando Firewall Automatizado a partir de Dados de Inteligência sobre Ameaças
Resumo
Em um contexto de ameaças cibernéticas em constante evolução, a necessidade de soluções de segurança dinâmicas e adaptativas é imperativa, onde a abordagem de Inteligência sobre Ameaças Cibernéticas visa coletar, analisar e interpretar informações relevantes sobre ameaças digitais. Dentro deste contexto, este artigo apresenta uma solução de segurança chamada FIBRA (Firewall Integrado com Blacklists e Reputação Automatizado), projetada para gerenciar conexões em infraestruturas de rede a partir de Dados de Inteligência sobre Ameaças. O FIBRA visa combater autonomamente as ameaças através de atualizações em tempo real das blacklists e técnicas de filtragem, enquanto alcança uma escalabilidade adequada e fornece uma visão abrangente do tráfego de rede e ameaças identificadas. Experimentos realizados a partir de uma infraestrutura de nuvem real indicam a eficácia do FIBRA na identificação e mitigação de conexões suspeitas, contribuindo significativamente para a segurança de redes em ambientes complexos e dinâmicos.Referências
Afzaliseresht, N., Miao, Y., Michalska, S., Liu, Q., and Wang, H. (2020). From logs to stories: Human-centred data mining for cyber threat intelligence. IEEE Access, 8:19089–19099.
Aguiar, E. S., Pinheiro, B. A., Figueirêdo, J. F. S., Cerqueira, E., Abelém, A. J. G., and Gomes, R. L. (2011). Trends and challenges for quality of service and quality of experience for wireless mesh networks. Wireless Mesh Networks, pages 127–148.
Gomes, R., Junior, W., Cerqueira, E., and Abelem, A. (2010). A qoe fuzzy routing protocol for wireless mesh networks. In Zeadally, S., Cerqueira, E., Curado, M., and Leszczuk, M., editors, Future Multimedia Networking, pages 1–12, Berlin, Heidelberg. Springer Berlin Heidelberg.
Gomes, R. L., Bittencourt, L. F., Madeira, E. R., Cerqueira, E., and Gerla, M. (2016). A combined energy-bandwidth approach to allocate resilient virtual software defined networks. Journal of Network and Computer Applications, 69:98–106.
Komosny, D. (2023). Evidential value of country location evidence obtained from ip address geolocation. PeerJ Comput Sci.
Lazar, D., Cohen, K., Freund, A., Bartik, A., and Ron, A. (2021). Imdoc: Identification of malicious domain campaigns via dns and communicating files. IEEE Access, 9:45242–45258.
Lopes Gomes, R. and Roberto Mauro Madeira, E. (2012). A traffic classification agent for virtual networks based on qos classes. IEEE Latin America Transactions, 10(3):1734–1741.
Portela, A. L., Menezes, R. A., Costa, W. L., Silveira, M. M., Bittecnourt, L. F., and Gomes, R. L. (2023). Detection of iot devices and network anomalies based on anonymized network traffic. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–6.
Portela, A. L. C., Ribeiro, S. E. S. B., Menezes, R. A., de Araujo, T., and Gomes, R. L. (2024). T-for: An adaptable forecasting model for throughput performance. IEEE Transactions on Network and Service Management, pages 1–1.
Rizkilina, T. M. and Rosyid, N. R. (2022). Packet filtering automation system design based on data synchronization on ip profile database using python. Journal of Internet and Software Engineering (JISE), 3:12–19.
Silveira, M. M., Portela, A. L., Menezes, R. A., Souza, M. S., Silva, D. S., Mesquita, M. C., and Gomes, R. L. (2023). Data protection based on searchable encryption and anonymization techniques. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–5.
Tosun, A., De Donno, M., Dragoni, N., and Fafoutis, X. (2021). Resip host detection: Identification of malicious residential ip proxy flows. In 2021 IEEE International Conference on Consumer Electronics (ICCE), pages 1–6.
Vielberth, M., Menges, F., and Pernul, G. (2019). Human-as-a-security-sensor for harvesting threat intelligence. Cybersecurity, 2:1–15.
Wagner, T. D., Mahbub, K., Palomar, E., and Abdallah, A. E. (2019). Cyber threat intelligence sharing: Survey and research directions. Computers Security, 87:101589.
Wang, Q., Li, L., Jiang, B., Lu, Z., Liu, J., and Jian, S. (2020). Malicious domain detection based on k-means and smote. In Computational Science–ICCS 2020: 20th International Conference, Amsterdam, The Netherlands, June 3–5, 2020, Proceedings, Part II 20, pages 468–481. Springer.
Yadav, M. and Mishra, D. S. (2023). Identification of network threats using live log stream analysis. In 2023 2nd International Conference on Paradigm Shifts in Communications Embedded Systems, Machine Learning and Signal Processing (PCEMS), pages 1–6.
Yang, J. and Lim, H. (2021). Deep learning approach for detecting malicious activities over encrypted secure channels. IEEE Access, 9:39229–39244.
Aguiar, E. S., Pinheiro, B. A., Figueirêdo, J. F. S., Cerqueira, E., Abelém, A. J. G., and Gomes, R. L. (2011). Trends and challenges for quality of service and quality of experience for wireless mesh networks. Wireless Mesh Networks, pages 127–148.
Gomes, R., Junior, W., Cerqueira, E., and Abelem, A. (2010). A qoe fuzzy routing protocol for wireless mesh networks. In Zeadally, S., Cerqueira, E., Curado, M., and Leszczuk, M., editors, Future Multimedia Networking, pages 1–12, Berlin, Heidelberg. Springer Berlin Heidelberg.
Gomes, R. L., Bittencourt, L. F., Madeira, E. R., Cerqueira, E., and Gerla, M. (2016). A combined energy-bandwidth approach to allocate resilient virtual software defined networks. Journal of Network and Computer Applications, 69:98–106.
Komosny, D. (2023). Evidential value of country location evidence obtained from ip address geolocation. PeerJ Comput Sci.
Lazar, D., Cohen, K., Freund, A., Bartik, A., and Ron, A. (2021). Imdoc: Identification of malicious domain campaigns via dns and communicating files. IEEE Access, 9:45242–45258.
Lopes Gomes, R. and Roberto Mauro Madeira, E. (2012). A traffic classification agent for virtual networks based on qos classes. IEEE Latin America Transactions, 10(3):1734–1741.
Portela, A. L., Menezes, R. A., Costa, W. L., Silveira, M. M., Bittecnourt, L. F., and Gomes, R. L. (2023). Detection of iot devices and network anomalies based on anonymized network traffic. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–6.
Portela, A. L. C., Ribeiro, S. E. S. B., Menezes, R. A., de Araujo, T., and Gomes, R. L. (2024). T-for: An adaptable forecasting model for throughput performance. IEEE Transactions on Network and Service Management, pages 1–1.
Rizkilina, T. M. and Rosyid, N. R. (2022). Packet filtering automation system design based on data synchronization on ip profile database using python. Journal of Internet and Software Engineering (JISE), 3:12–19.
Silveira, M. M., Portela, A. L., Menezes, R. A., Souza, M. S., Silva, D. S., Mesquita, M. C., and Gomes, R. L. (2023). Data protection based on searchable encryption and anonymization techniques. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–5.
Tosun, A., De Donno, M., Dragoni, N., and Fafoutis, X. (2021). Resip host detection: Identification of malicious residential ip proxy flows. In 2021 IEEE International Conference on Consumer Electronics (ICCE), pages 1–6.
Vielberth, M., Menges, F., and Pernul, G. (2019). Human-as-a-security-sensor for harvesting threat intelligence. Cybersecurity, 2:1–15.
Wagner, T. D., Mahbub, K., Palomar, E., and Abdallah, A. E. (2019). Cyber threat intelligence sharing: Survey and research directions. Computers Security, 87:101589.
Wang, Q., Li, L., Jiang, B., Lu, Z., Liu, J., and Jian, S. (2020). Malicious domain detection based on k-means and smote. In Computational Science–ICCS 2020: 20th International Conference, Amsterdam, The Netherlands, June 3–5, 2020, Proceedings, Part II 20, pages 468–481. Springer.
Yadav, M. and Mishra, D. S. (2023). Identification of network threats using live log stream analysis. In 2023 2nd International Conference on Paradigm Shifts in Communications Embedded Systems, Machine Learning and Signal Processing (PCEMS), pages 1–6.
Yang, J. and Lim, H. (2021). Deep learning approach for detecting malicious activities over encrypted secure channels. IEEE Access, 9:39229–39244.
Publicado
16/09/2024
Como Citar
COSTA, Marcus A. S.; COSTA, Yago M. da; SILVA, Douglas A.; PORTELA, Ariel L.; GOMES, Rafael L..
Gerenciamento de Conexões usando Firewall Automatizado a partir de Dados de Inteligência sobre Ameaças. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 815-821.
DOI: https://doi.org/10.5753/sbseg.2024.241377.
