Assinatura Digital de Segmento de Rede Utilizando Análise de Fluxos e Clusterização K-means
Resumo
Neste artigo é apresentado um modelo de Assinatura Digital de Seg mento de Rede Utilizando Análise de Fluxos e clusterização K-means (DSNSF-KM). Foi utilizada a técnica de clusterização K-means para gerar um perfil da rede ou baseline sobre os bytes do fluxos NetFlow v9, coletados durante os meses de março e abril de 2012 na Universidade Tecnológica Federal do Paraná - Câmpus Toledo, para os protocolos TCP e UDP, com objetivo de identificar o comportamento de um determinado segmento após um período de aprendizado estabelecendo assim limiares que serão considerados normais para cada seg mento gerenciado e compará-los com o movimento apresentado pelo NfSen visando identificar possíveis anomalias.
Referências
Celenk, M., Conley, T., Willis, J., and Graham, J. (2008). Anomaly detection and visualization using fisher discriminant clustering of network entropy. In Digital Information Management, 2008. ICDIM 2008. Third International Conference on, pages 216–220.
Chang, S., Qiu, X., Gao, Z., Liu, K., and Qi, F. (2010). A flow-based anomaly detection method using sketch and combinations of traffic features. In Network and Service Management (CNSM), 2010 International Conference on, pages 302–305.
Claise, B. (2004). Cisco Systems NetFlow Services Export Version 9. RFC 3954 (Informational).
Claise, B. (2008). Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information. RFC 5101 (Proposed Standard).
Denning, D. (1987). An intrusion-detection model. Software Engineering, IEEE Transactions on, SE-13(2):222 – 232.
Fatemipour, F. and Yaghmaee, M. (2007). Design and implementation of a monitoring system based on ipfix protocol. In Telecommunications, 2007. AICT 2007. The Third Advanced International Conference on, page 22.
Fu, H. (2008). A novel clustering algorithm with ant colony optimization. In Computational Intelligence and Industrial Application, 2008. PACIIA ’08. Pacific-Asia Workshop on, volume 2, pages 66–69.
Haag, P. (2004). NFDUMP NetFlow processing tools.
Haag, P. (2005). NetFlow visualisation and investigation tool.
MacQueen, J. B. (1967). Some methods for classification and analysis of multivariate observations. In Cam, L. M. L. and Neyman, J., editors, Proc. of the fifth Berkeley Symposium on Mathematical Statistics and Probability, volume 1, pages 281–297. University of California Press.
Miller, D. (2010). Softflowd traffic flow monitoring. [Online; accessed 28-May-2011].
Molnar, S. and Moczar, Z. (2011). Three-dimensional characterization of internet flows. In Communications (ICC), 2011 IEEE International Conference on, pages 1–6.
Muraleedharan, N., Parmar, A., and Kumar, M. (2010). A flow based anomaly detection system using chi-square technique. In Advance Computing Conference (IACC), 2010 IEEE 2nd International, pages 285–289.
Patcha, A. and Park, J.-M. (2007). An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks, 51(12):3448 – 3470.
Proenca, M., Coppelmans, C., Bottoli, M., and Souza Mendes, L. (2006). Baseline to help with network management. In e-Business and Telecommunication Networks, pages 158–166. Springer Netherlands.
Quittek, J., Zseby, T., Claise, B., and Zander, S. (2004). Requirements for IP Flow Information Export (IPFIX). RFC 3917 (Informational).
Rossi, D. and Valenti, S. (2010). Fine-grained traffic classification with netflow data. In Proceedings of the 6th International Wireless Communications and Mobile Computing Conference, IWCMC ’10, pages 479–483, New York, NY, USA. ACM.
Singh, M., Subramanian, N., and Rajamenakshi (2009). Visualization of flow data based on clustering technique for identifying network anomalies. In Industrial Electronics Applications, 2009. ISIEA 2009. IEEE Symposium on, volume 2, pages 973–978.
Technologies, P. (2006). Low orbit ion cannon. [Online; accessed 20-Jun-2011].
Yingqiu, L., Wei, L., and Yunchun, L. (2007). Network traffic classification using k-means clustering. In Computer and Computational Sciences, 2007. IMSCCS 2007. Second International Multi-Symposiums on, pages 360–365.
Chang, S., Qiu, X., Gao, Z., Liu, K., and Qi, F. (2010). A flow-based anomaly detection method using sketch and combinations of traffic features. In Network and Service Management (CNSM), 2010 International Conference on, pages 302–305.
Claise, B. (2004). Cisco Systems NetFlow Services Export Version 9. RFC 3954 (Informational).
Claise, B. (2008). Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information. RFC 5101 (Proposed Standard).
Denning, D. (1987). An intrusion-detection model. Software Engineering, IEEE Transactions on, SE-13(2):222 – 232.
Fatemipour, F. and Yaghmaee, M. (2007). Design and implementation of a monitoring system based on ipfix protocol. In Telecommunications, 2007. AICT 2007. The Third Advanced International Conference on, page 22.
Fu, H. (2008). A novel clustering algorithm with ant colony optimization. In Computational Intelligence and Industrial Application, 2008. PACIIA ’08. Pacific-Asia Workshop on, volume 2, pages 66–69.
Haag, P. (2004). NFDUMP NetFlow processing tools.
Haag, P. (2005). NetFlow visualisation and investigation tool.
MacQueen, J. B. (1967). Some methods for classification and analysis of multivariate observations. In Cam, L. M. L. and Neyman, J., editors, Proc. of the fifth Berkeley Symposium on Mathematical Statistics and Probability, volume 1, pages 281–297. University of California Press.
Miller, D. (2010). Softflowd traffic flow monitoring. [Online; accessed 28-May-2011].
Molnar, S. and Moczar, Z. (2011). Three-dimensional characterization of internet flows. In Communications (ICC), 2011 IEEE International Conference on, pages 1–6.
Muraleedharan, N., Parmar, A., and Kumar, M. (2010). A flow based anomaly detection system using chi-square technique. In Advance Computing Conference (IACC), 2010 IEEE 2nd International, pages 285–289.
Patcha, A. and Park, J.-M. (2007). An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks, 51(12):3448 – 3470.
Proenca, M., Coppelmans, C., Bottoli, M., and Souza Mendes, L. (2006). Baseline to help with network management. In e-Business and Telecommunication Networks, pages 158–166. Springer Netherlands.
Quittek, J., Zseby, T., Claise, B., and Zander, S. (2004). Requirements for IP Flow Information Export (IPFIX). RFC 3917 (Informational).
Rossi, D. and Valenti, S. (2010). Fine-grained traffic classification with netflow data. In Proceedings of the 6th International Wireless Communications and Mobile Computing Conference, IWCMC ’10, pages 479–483, New York, NY, USA. ACM.
Singh, M., Subramanian, N., and Rajamenakshi (2009). Visualization of flow data based on clustering technique for identifying network anomalies. In Industrial Electronics Applications, 2009. ISIEA 2009. IEEE Symposium on, volume 2, pages 973–978.
Technologies, P. (2006). Low orbit ion cannon. [Online; accessed 20-Jun-2011].
Yingqiu, L., Wei, L., and Yunchun, L. (2007). Network traffic classification using k-means clustering. In Computer and Computational Sciences, 2007. IMSCCS 2007. Second International Multi-Symposiums on, pages 360–365.
Publicado
16/07/2012
Como Citar
ZACARON, Alexandro M.; CARVALHO, Luiz F.; ADANIYA, Mario H. A. C.; ABRÃO, Taufik; PROENÇA JR, Mario Lemes.
Assinatura Digital de Segmento de Rede Utilizando Análise de Fluxos e Clusterização K-means. In: SEMINÁRIO INTEGRADO DE SOFTWARE E HARDWARE (SEMISH), 39. , 2012, Curitiba/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2012
.
p. 37-48.
ISSN 2595-6205.
