Secflow: Aprendizado não supervisionado para análise e detecção de anomalias em Redes de Computadores
Resumo
A preocupação com segurança de dados em redes levou ao surgimento dos chamados sistemas de detecção de anomalias e intrusão. Para isso, sistemas precisam identificar anomalias no tráfego da rede observada. Com a caracterização dos tipos de anomalia, podemos identificar vulnerabilidades e propor estratégias para mitigar ataques. Esta pesquisa tem por objetivo propor métodos de análise de tráfego de redes para detecção de anomalias por meio de aprendizado não supervisionado. Esse modelo, aplicado a uma janela deslizante, visa classificar fluxos em uma rede em funcionamento para identificar diferentes tipos de anomalias no tráfego. O modelo desenvolvido será aplicado à rede da Universidade Federal Fluminense.Referências
Bay, S. D. and Schwabacher, M. (2003). Mining distance-based outliers in near linear time with randomization and a simple pruning rule. In Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining, KDD ’03, pages 29–38, New York, NY, USA. Association for Computing Machinery.
Hofstede, R., Čeleda, P., Trammell, B., Drago, I., Sadre, R., Sperotto, A., and Pras, A. (2014). Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX. IEEE Communications Surveys & Tutorials, 16(4):2037–2064.
Kurose, J. F. and Ross, K. W. (2017). Computer Networking: A Top-down Approach. Pearson.
Mirsky, Y., Shabtai, A., Shapira, B., Elovici, Y., and Rokach, L. (2017). Anomaly detection for smartphone data streams. Pervasive and Mobile Computing, 35:83–107.
Moustafa, N. and Slay, J. (2015). UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6.
Moustafa, N. and Slay, J. (2016). The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Information Security Journal: A Global Perspective, 25(1-3):18–31.
Moustafa, N., Slay, J., and Creech, G. (2019). Novel Geometric Area Analysis Technique for Anomaly Detection Using Trapezoidal Area Estimation on Large-Scale Networks. IEEE Transactions on Big Data, 5(4):481–494.
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy. In 2019 International Carnahan Conference on Security Technology (ICCST), pages 1–8. ISSN: 2153-0742.
Su, L., Yao, Y., Li, N., Liu, J., Lu, Z., and Liu, B. (2018). Hierarchical Clustering Based Network Traffic Data Reduction for Improving Suspicious Flow Detection. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pages 744–753. ISSN: 2324-9013.
Wang, C., Zhou, H., Hao, Z., Hu, S., Li, J., Zhang, X., Jiang, B., and Chen, X. (2022). Network traffic analysis over clustering-based collective anomaly detection. Computer Networks, 205:108760.
Yang, D., Rundensteiner, E. A., and Ward, M. O. (2009). Neighbor-based pattern detection for windows over streaming data. In Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology, EDBT ’09, pages 529–540, New York, NY, USA. Association for Computing Machinery.
Hofstede, R., Čeleda, P., Trammell, B., Drago, I., Sadre, R., Sperotto, A., and Pras, A. (2014). Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX. IEEE Communications Surveys & Tutorials, 16(4):2037–2064.
Kurose, J. F. and Ross, K. W. (2017). Computer Networking: A Top-down Approach. Pearson.
Mirsky, Y., Shabtai, A., Shapira, B., Elovici, Y., and Rokach, L. (2017). Anomaly detection for smartphone data streams. Pervasive and Mobile Computing, 35:83–107.
Moustafa, N. and Slay, J. (2015). UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6.
Moustafa, N. and Slay, J. (2016). The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Information Security Journal: A Global Perspective, 25(1-3):18–31.
Moustafa, N., Slay, J., and Creech, G. (2019). Novel Geometric Area Analysis Technique for Anomaly Detection Using Trapezoidal Area Estimation on Large-Scale Networks. IEEE Transactions on Big Data, 5(4):481–494.
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy. In 2019 International Carnahan Conference on Security Technology (ICCST), pages 1–8. ISSN: 2153-0742.
Su, L., Yao, Y., Li, N., Liu, J., Lu, Z., and Liu, B. (2018). Hierarchical Clustering Based Network Traffic Data Reduction for Improving Suspicious Flow Detection. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pages 744–753. ISSN: 2324-9013.
Wang, C., Zhou, H., Hao, Z., Hu, S., Li, J., Zhang, X., Jiang, B., and Chen, X. (2022). Network traffic analysis over clustering-based collective anomaly detection. Computer Networks, 205:108760.
Yang, D., Rundensteiner, E. A., and Ward, M. O. (2009). Neighbor-based pattern detection for windows over streaming data. In Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology, EDBT ’09, pages 529–540, New York, NY, USA. Association for Computing Machinery.
Publicado
18/09/2023
Como Citar
SALLES, Felipe M.; RAMOS, Taiane C.; SCHARA, Luiz Claudio.
Secflow: Aprendizado não supervisionado para análise e detecção de anomalias em Redes de Computadores. In: WORKSHOP DE TRABALHOS DE INICIAÇÃO CIENTÍFICA E DE GRADUAÇÃO - SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 249-254.
DOI: https://doi.org/10.5753/sbseg_estendido.2023.233829.