IPTraf: Coleta e Detecção de Anomalias em Fluxos de Rede
Resumo
Considerando o crescimento acelerado do já enorme número de dispositivos conectados à Internet, a segurança das redes de computadores torna-se cada vez mais importante. Este artigo aborda a plataforma IPTraf – uma ferramenta projetada para coletar dados de fluxos que compõem o tráfego em redes IP – e sua aplicação na identificação de anomalias. A arquitetura da plataforma em questão é apresentada juntamente com resultados obtidos a partir dos fluxos coletados nos enlaces de borda da Rede-Rio/FAPERJ, um Sistema Autônomo que compõe a rede acadêmica e de pesquisa do Estado do Rio de Janeiro. A utilidade da plataforma apresentada, bem como dos resultados obtidos com os dados coletados, é evidenciada a partir das anomalias identificadas. Palavras-chave: anomalias de tráfego, fluxos em redes IP, segurança de redes.
Referências
Abu-Mostafa, Y. S., Magdon-Ismail, M., and Lin, H.-T. (2012). Learning From Data. AMLBook.
Aguirre, L. A. (2007). Introdução à Identificação de Sistemas: Técnicas Lineares e Não-Lineares Aplicadas a Sistemas Reais. Editora UFMG, Belo Horizonte, MG, Brasil, 3 edition.
Almseidin, M., Alzubi, M., Kovacs, S., and Alkasassbeh, M. (2017). Evaluation of machine learning algorithms for intrusion detection system. In IEEE SISY 2017, pages 000277–000282.
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., and et al. (2017). Understanding the mirai botnet. In Proceedings of the USENIX SEC’17, SEC’17, page 1093–1110, USA. USENIX Association.
Barford, P., Kline, J., Plonka, D., and Ron, A. (2002). A signal analysis of network traffic anomalies. In Proceedings of the IMW’02, IMW ’02, pages 71–82, New York, NY, USA. ACM.
Bartos, K., Rehak, M., and Krmicek, V. (2011). Optimizing ow samIn IWCMC, 2011 7th International, pages pling for network anomaly detection. 1304–1309.
Berezínski, P., Jasiul, B., and Szpyrka, M. (2015). An entropy-based network anomaly detection method. Entropy, 17(4):2367–2408.
Bishop, C. M. (2006). Pattern Recognition and Machine Learning (Information Science and Statistics). Springer-Verlag, Berlin, Heidelberg.
Breiman, L. (2001). Random forests. Mach. Learn., 45(1):5–32.
Celenk, M., Conley, T., Willis, J., and Graham, J. (2010). Predictive network anomaly detection and visualization. Trans. Info. For. Sec., 5(2):288–299.
Chandola, V., Banerjee, A., and Kumar, V. (2009). Anomaly detection: A survey. ACM computing surveys (CSUR), 41(3):1–58.
Chatfield, C. and Yar, M. (1988). Holt-winters forecasting: Some practical issues. Journal of the Royal Statistical Society. Series D (The Statistician), 37(2):129–140.
da Silva, V. L. P. (2015). Cotton, M., Eggert, L., Touch, J., Westerlund, M., and Cheshire, S. (2011). Internet assigned numbers authority (iana) procedures for the management of the service name and transport protocol port number registry. http://www.ietf.org/rfc/rfc6335.txt. RFC 6335 (Best Current Practice), capturada em 29/06/2015. Identificacão de anomalias em fluxos de rede utilizando o método de previsão em séries temporais de holt-winters. Dissertação de mestrado, COPPE/UFRJ, Rio de Janeiro, RJ, Brasil.
da Silva Filho, J. B. (2015). Detecção de anomalias em fluxos de redes de computadores utilizando técnicas de redes neurais e estimadores lineares. Dissertação de mestrado, COPPE/UFRJ, Rio de Janeiro, RJ, Brasil.
Dasgupta, D., Akhtar, Z., and Sen, S. (2020). Machine learning in cybersecurity: a comprehensive survey. The Journal of Defense Modeling and Simulation, 0(0):1548512920951275.
Dillon, J. V., Langmore, I., Tran, D., Brevdo, E., Vasudevan, S., Moore, D., Patton, B., Alemi, A., Hoffman, M., and Saurous, R. A. (2017). Tensorflow distributions.
Dong, W., Huang, Y., Lehane, B., and Ma, G. (2020). Xgboost algorithmbased prediction of concrete electrical resistivity for structural health monitoring. Automation in Construction, 114:103155.
Fernandes, G., Rodrigues, J. J., Carvalho, L. F., Al-Muhtadi, J. F., and Proença, M. L. (2019). A comprehensive survey on network anomaly detection. Telecommunication Systems, 70(3):447–489.
Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., and Maglaris, V. (2014). Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Computer Networks, 62:122–136.
Hamed, T., Ernst, J. B., and Kremer, S. C. (2018). A survey and taxonomy on data and pre-processing techniques of intrusion detection systems. Computer and network security essentials, pages 113–134.
He, L., Yu, S., and Li, M. (2008). Anomaly detection based on available bandwidth estimation. In IFIP, pages 176–183.
Hyun Oh, S. and Suk Lee, W. (2003). An anomaly intrusion detection method by clustering normal user behavior. Computers & Security, 22(7):596– 612.
Kumar, S. and Spafford, E. H. (1994). A pattern matching model for misuse intrusion detection. In In Proceedings of the 17th National Computer Security Conference, pages 11–21.
Lathi, B. P. (1998). Modern Digital and Analog Communication Systems. Oxford University Press, Inc., New York, NY, USA, 3 edition.
Liao, H.-J., Richard Lin, C.-H., Lin, Y.-C., and Tung, K.-Y. (2013). Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1):16–24.
Liu, Q., Li, P., Zhao, W., Cai, W., Yu, S., and Leung, V. C. M. (2018). A survey on security threats and defensive techniques of machine learning: A data driven view. IEEE Access, 6:12103–12117.
Mishra, P., Varadharajan, V., Tupakula, U., and Pilli, E. (2019). A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Communications Surveys & Tutorials, 21:686–728.
Neapolitan, R. E. (2003). Learning Bayesian Networks. Prentice-Hall, Inc., USA.
Neto, M. S. and Gomes, D. G. (2019). Network intrusion detection systems design: A machine learning approach. In Anais do XXXVII SBRC, pages 932–945, Porto Alegre, RS, Brasil. SBC.
Omar, S., Ngadi, A., and Jebur, H. H. (2013). Machine learning techniques for anomaly detection: an overview. International Journal of Computer Applications, 79(2).
Pajouh, H. H., Dastghaibyfard, G., and Hashemi, S. (2017). Two-tier network anomaly detection model: a machine learning approach. Journal of Intelligent Information Systems, 48(1):61–74.
Paolucci, F., Sgambelluri, A., Cugini, F., and Castoldi, P. (2018). Network Telemetry Streaming Services in SDN-Based Disaggregated Optical Networks. Journal of Lightwave Technology, 36(15):3142–3149.
Pearl, J. (2009). Causality: Models, Reasoning and Inference. Cambridge University Press, USA, 2nd edition.
Piltan, F., TayebiHaghighi, S., and Sulaiman, N. B. (2017). Comparative study between arx and armax system identification. International Journal of Intelligent Systems and Applications (IJISA), 9(2):25–34.
Rede-Rio (2021). Rede-Rio/FAPERJ. http://www.rederio.br.
Ribeiro, A. C. F., Frazão, R., and Oliveira e Sá, J. (2018). Quebracabeças machine learning: Como selecionar use cases, algoritmos e tecnologias?
Ribeiro, A. d. R. L., Santos, R. Y. C., and Nascimento, A. C. A. (2021). Anomaly Detection Technique for Intrusion Detection in SDN Environment using Continuous Data Stream Machine Learning Algorithms. In 2021 IEEE SysCon, pages 1–7.
Scalassara, P. R. (2005). Análise de sinais de ultra-som usando decomposição autorregressiva e rastreamento de polos. Dissertação de mestrado, UEL, Londrina, PR, Brasil.
Streit, A., Santos, G., Leão, R., de Souza e Silva, E., Menasché, D., and Towsley, D. (2020). Network Anomaly Detection based on Tensor Decomposition. In 2020 MedComNet, pages 1–8.
Uppuluri, P. and Sekar, R. (2001). Experiences with specification-based intrusion detection. In International Workshop on Recent Advances in Intrusion Detection, pages 172–189. Springer.
Wu, Q. and Shao, Z. (2005). Network anomaly detection using time series analysis. In ICAS-ISNS 2005, pages 42–42. IEEE.
Ye, N. et al. (2000). A markov chain model of temporal behavior for anomaly detection. In Proceedings of the 2000 IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, volume 166, page 169. West Point, NY.
Zhengbing, H., Zhitang, L., and Junqi, W. (2008). A novel network intrusion detection system (nids) based on signatures search of data mining. In WKDD 2008, pages 10–16.