Seleção de Características na Predição de Ataques DDoS com Transformação em Padrões Ordinais
Resumo
A predição eficaz de ataques de negação de serviço distribuído (DDoS) enfrenta desafios. Ao pré-processar o tráfego de rede em busca de sinais de preparação do ataque, conjuntos de centenas de características introduzem ruído significativo devido a fortes correlações. Selecionar características relevantes evita ruídos e melhora o desempenho da predição. Este artigo avança a literatura de predição de ataques considerando a Transformação em Padrões Ordinais, uma abordagem capaz de revelar padrões sutis no tráfego de rede ao introduzir a seleção de características como parte do método. Um dos resultados obtidos antecipou a iminência efetiva do ataque DDoS em 49 minutos e 28 segundos, reduzindo o conjunto de características em 99,16%.Referências
Albano, L., Borges, L., Neira, A., and Nogueira, M. (2023). Predição de ataques DDoS pela correlação de séries temporais via padrões ordinais. In SBSeg, pages 69–82, Porto Alegre, RS, Brasil. SBC.
Amer, M., Goldstein, M., and Abdennadher, S. (2013). Enhancing one-class support vector machines for unsupervised anomaly detection. ACM SIGKDD, pages 8–15.
Bandt, C. and Pompe, B. (2002). Permutation entropy: a natural complexity measure for time series. Physical review letters, 88(17):174102.
Borges, J. B., Medeiros, J. P., Barbosa, L. P., Ramos, H. S., and Loureiro, A. A. (2022). IoT botnet detection based on anomalies of multiscale time series dynamics. IEEE TKDE.
Borges, L. F., de Neira, A. B., Albano, L., and Nogueira, M. (2024). Multifaceted DDoS attack prediction by multivariate time series and ordinal patterns (to appear). In ICC, pages 1–6. IEEE.
Bouzoubaa, K., Taher, Y., and Nsiri, B. (2021). Predicting DOS-DDOS attacks: Review and evaluation study of feature selection methods based on wrapper process. Int. J. Adv. Comput. Sci. Appl, 12(5):132–145.
Brito, D., Neira, A., Borges, L., Araújo, A., and Nogueira, M. (2023). Um sistema autônomo para a predição de ataques de DDoS em redes locais e Internet. In WGRS, pages 29–42, Porto Alegre, RS, Brasil. SBC.
Chagas, E. T., Borges, J. B., and Ramos, H. S. (2022). Uso de padrões ordinais na caracterização e análise de ataques de botnets em Internet das coisas (IoT). In WebMedia, pages 133–137. SBC.
Chen, T. and Guestrin, C. (2016). XGBoost: A scalable tree boosting system. In KDD ’16, pages 785–794.
Dayal, N. and Srivastava, S. (2017). Analyzing behavior of DDoS attacks to identify DDoS detection features in SDN. In COMSNETS, pages 274–281.
de Araujo, P. H. H. N., Silva, A., Junior, N. F., Cabrini, F., Santiago, A., Guelfi, A., and Kofuji, S. (2021). Impact of feature selection methods on the classification of DDoS attacks using XGBoost. In JCIS, pages 200–214.
de Neira, A. B., de Araujo, A. M., and Nogueira, M. (2023). An intelligent system for DDoS attack prediction based on early warning signals. IEEE TNSM, 20(2):1–13.
Feng, Y., Akiyama, H., Lu, L., and Sakurai, K. (2018). Feature selection for machine learning-based early detection of distributed cyber attacks. In DASC/PiCom/DataCom/CyberSciTech, pages 173–180.
Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. C&S, 45:100–123.
Griffioen, H., Oosthoek, K., van der Knaap, P., and Doerr, C. (2021). Scan, test, execute: Adversarial tactics in amplification DDoS attacks. In ACM SIGSAC, pages 940–954.
Guyon, I. and Elisseeff, A. (2003). An introduction to variable and feature selection. Journal of machine learning research, 3(Mar):1157–1182.
Hasan, M. A. M., Nasser, M., Ahmad, S., and Molla, K. I. (2016). Feature selection for intrusion detection using random forest. JIS, 7(3):129–140.
Jyoti, N. and Behal, S. (2021). A meta-evaluation of machine learning techniques for detection of DDoS attacks. In INDIACom, pages 522–526, India. IEEE.
Kathirgamanathan, B. and Cunningham, P. (2020). A feature selection method for multi-dimension time-series data. In AALTD, pages 220–231, Cham. Springer International Publishing.
Kiner, E. and April, T. (2023). Google mitigated the largest DDoS attack to date, peaking above 398 million rps. Google Cloud Blog.
Osanaiye, O., Cai, H., Choo, K.-K. R., Dehghantanha, A., Xu, Z., and Dlodlo, M. (2016). Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing. EURASIP, 2016:1–10.
Peng, T., Leckie, C., and Ramamohanarao, K. (2007). Survey of network-based defense mechanisms countering the DoS and DDoS problems. CSUR, 39(1):3–es.
Polat, H., Polat, O., and Cetin, A. (2020). Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainability, 12(3):1035.
Post, M. J., Van Der Putten, P., and Van Rijn, J. N. (2016). Does feature selection improve classification? A large scale experiment in OpenML. In IDA 2016, pages 158–170. Springer.
Rahal, B. M., Santos, A., and Nogueira, M. (2020). A distributed architecture for DDoS prediction and bot detection. IEEE Access, 8:159756–159772.
Ribeiro, H. V., Jauregui, M., Zunino, L., and Lenzi, E. K. (2017). Characterizing time series via complexity-entropy curves. Physical Review E, 95(6):062106.
Rosso, O. A., Carpi, L. C., Saco, P. M., Gómez Ravetti, M., Plastino, A., and Larrondo, H. A. (2012). Causality and the entropy–complexity plane: Robustness and missing ordinal patterns. Physica A: Statistical Mechanics and its Applications, 391(1):42–55.
Silva, G. L. F. E., de Neira, A. B., and Nogueira, M. (2022). A deep learning-based system for DDoS attack anticipation. In LATINCOM, pages 1–6. IEEE.
Tibshirani, R. (1996). Regression shrinkage and selection via the lasso. JRSSSB, 58(1):267–288.
Urbanowicz, R. J., Olson, R. S., Schmitt, P., Meeker, M., and Moore, J. H. (2018). Benchmarking relief-based feature selection methods for bioinformatics data mining. Journal of biomedical informatics, 85:168–188.
Yoachimik, O. and Pacheco, J. (2024). DDoS threat report for 2023 Q4. Cloudflare Blog. Yuan, X., Li, C., and Li, X. (2017). Deepdefense: Identifying DDoS attack via deep learning. In SMARTCOMP, pages 1–8.
Zhou, L., Zhu, Y., Zong, T., and Xiang, Y. (2022). A feature selection-based method for DDoS attack flow classification. Future Generation Computer Systems, 132:67–79.
Amer, M., Goldstein, M., and Abdennadher, S. (2013). Enhancing one-class support vector machines for unsupervised anomaly detection. ACM SIGKDD, pages 8–15.
Bandt, C. and Pompe, B. (2002). Permutation entropy: a natural complexity measure for time series. Physical review letters, 88(17):174102.
Borges, J. B., Medeiros, J. P., Barbosa, L. P., Ramos, H. S., and Loureiro, A. A. (2022). IoT botnet detection based on anomalies of multiscale time series dynamics. IEEE TKDE.
Borges, L. F., de Neira, A. B., Albano, L., and Nogueira, M. (2024). Multifaceted DDoS attack prediction by multivariate time series and ordinal patterns (to appear). In ICC, pages 1–6. IEEE.
Bouzoubaa, K., Taher, Y., and Nsiri, B. (2021). Predicting DOS-DDOS attacks: Review and evaluation study of feature selection methods based on wrapper process. Int. J. Adv. Comput. Sci. Appl, 12(5):132–145.
Brito, D., Neira, A., Borges, L., Araújo, A., and Nogueira, M. (2023). Um sistema autônomo para a predição de ataques de DDoS em redes locais e Internet. In WGRS, pages 29–42, Porto Alegre, RS, Brasil. SBC.
Chagas, E. T., Borges, J. B., and Ramos, H. S. (2022). Uso de padrões ordinais na caracterização e análise de ataques de botnets em Internet das coisas (IoT). In WebMedia, pages 133–137. SBC.
Chen, T. and Guestrin, C. (2016). XGBoost: A scalable tree boosting system. In KDD ’16, pages 785–794.
Dayal, N. and Srivastava, S. (2017). Analyzing behavior of DDoS attacks to identify DDoS detection features in SDN. In COMSNETS, pages 274–281.
de Araujo, P. H. H. N., Silva, A., Junior, N. F., Cabrini, F., Santiago, A., Guelfi, A., and Kofuji, S. (2021). Impact of feature selection methods on the classification of DDoS attacks using XGBoost. In JCIS, pages 200–214.
de Neira, A. B., de Araujo, A. M., and Nogueira, M. (2023). An intelligent system for DDoS attack prediction based on early warning signals. IEEE TNSM, 20(2):1–13.
Feng, Y., Akiyama, H., Lu, L., and Sakurai, K. (2018). Feature selection for machine learning-based early detection of distributed cyber attacks. In DASC/PiCom/DataCom/CyberSciTech, pages 173–180.
Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. C&S, 45:100–123.
Griffioen, H., Oosthoek, K., van der Knaap, P., and Doerr, C. (2021). Scan, test, execute: Adversarial tactics in amplification DDoS attacks. In ACM SIGSAC, pages 940–954.
Guyon, I. and Elisseeff, A. (2003). An introduction to variable and feature selection. Journal of machine learning research, 3(Mar):1157–1182.
Hasan, M. A. M., Nasser, M., Ahmad, S., and Molla, K. I. (2016). Feature selection for intrusion detection using random forest. JIS, 7(3):129–140.
Jyoti, N. and Behal, S. (2021). A meta-evaluation of machine learning techniques for detection of DDoS attacks. In INDIACom, pages 522–526, India. IEEE.
Kathirgamanathan, B. and Cunningham, P. (2020). A feature selection method for multi-dimension time-series data. In AALTD, pages 220–231, Cham. Springer International Publishing.
Kiner, E. and April, T. (2023). Google mitigated the largest DDoS attack to date, peaking above 398 million rps. Google Cloud Blog.
Osanaiye, O., Cai, H., Choo, K.-K. R., Dehghantanha, A., Xu, Z., and Dlodlo, M. (2016). Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing. EURASIP, 2016:1–10.
Peng, T., Leckie, C., and Ramamohanarao, K. (2007). Survey of network-based defense mechanisms countering the DoS and DDoS problems. CSUR, 39(1):3–es.
Polat, H., Polat, O., and Cetin, A. (2020). Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainability, 12(3):1035.
Post, M. J., Van Der Putten, P., and Van Rijn, J. N. (2016). Does feature selection improve classification? A large scale experiment in OpenML. In IDA 2016, pages 158–170. Springer.
Rahal, B. M., Santos, A., and Nogueira, M. (2020). A distributed architecture for DDoS prediction and bot detection. IEEE Access, 8:159756–159772.
Ribeiro, H. V., Jauregui, M., Zunino, L., and Lenzi, E. K. (2017). Characterizing time series via complexity-entropy curves. Physical Review E, 95(6):062106.
Rosso, O. A., Carpi, L. C., Saco, P. M., Gómez Ravetti, M., Plastino, A., and Larrondo, H. A. (2012). Causality and the entropy–complexity plane: Robustness and missing ordinal patterns. Physica A: Statistical Mechanics and its Applications, 391(1):42–55.
Silva, G. L. F. E., de Neira, A. B., and Nogueira, M. (2022). A deep learning-based system for DDoS attack anticipation. In LATINCOM, pages 1–6. IEEE.
Tibshirani, R. (1996). Regression shrinkage and selection via the lasso. JRSSSB, 58(1):267–288.
Urbanowicz, R. J., Olson, R. S., Schmitt, P., Meeker, M., and Moore, J. H. (2018). Benchmarking relief-based feature selection methods for bioinformatics data mining. Journal of biomedical informatics, 85:168–188.
Yoachimik, O. and Pacheco, J. (2024). DDoS threat report for 2023 Q4. Cloudflare Blog. Yuan, X., Li, C., and Li, X. (2017). Deepdefense: Identifying DDoS attack via deep learning. In SMARTCOMP, pages 1–8.
Zhou, L., Zhu, Y., Zong, T., and Xiang, Y. (2022). A feature selection-based method for DDoS attack flow classification. Future Generation Computer Systems, 132:67–79.
Publicado
24/05/2024
Como Citar
ALBANO, Lucas; BORGES, Ligia F.; NEIRA, Anderson B. de; NOGUEIRA, Michele.
Seleção de Características na Predição de Ataques DDoS com Transformação em Padrões Ordinais. In: WORKSHOP DE GERÊNCIA E OPERAÇÃO DE REDES E SERVIÇOS (WGRS), 29. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 126-139.
ISSN 2595-2722.
DOI: https://doi.org/10.5753/wgrs.2024.3259.
