SIGMA-IP: Sistema Inteligente de Gestão e Monitoramento de Ameaças para Redes IPs
Resumo
Cada vez mais tem-se a necessidade de soluções de segurança dinâmicas e adaptativas, onde a abordagem de Inteligência sobre Ameaças Cibernéticas visa coletar, analisar e interpretar informações relevantes sobre ameaças digitais. Dentro deste contexto, este artigo apresenta o SIGMA-IP (Sistema Inteligente de Gestão e Monitoramento de Ameaças), uma solução que gerencia conexões em infraestruturas de rede de maneira autônoma e inteligente a partir de dados sobre ameaças. O SIGMA-IP monitora conexões, analisa informações coletadas de bases de ameaças públicas (tais como AbuseIPDB, VirusTotal, Pulsedive e IPVoid), e usa Aprendizado de Máquina (ML) para classificar as conexões em Blocklist, Allowlist ou Suspect (suspeitos). O comportamento dinâmico do SIGMA-IP habilita atualizações em tempo real e treinamento contínuo do ML, permite uma resposta rápida e robusta a ameaças cibernéticas. Experimentos realizados utilizando um ambiente de rede real indicam que o SIGMA-IP detecta ameaças de forma eficaz dentro de um tempo adequado para mitigar incidentes.
Palavras-chave:
Segurança de redes, Monitoramento de redes, Inteligência Artificial, Detecção de Ameaças, Controle de tráfego, Automação de Segurança
Referências
Afzaliseresht, N., Miao, Y., Michalska, S., Liu, Q., and Wang, H. (2020). From logs to stories: Human-centred data mining for cyber threat intelligence. IEEE Access, 8, 19089–19099.
Chandrashekar, G. and Sahin, F. (2014). A survey on feature selection methods. Computers and Electrical Engineering, 40(1), 16–28.
Costa, M., Costa, Y., Silva, D., Portela, A., and Gomes, R. (2024). Gerenciamento de conexões usando firewall automatizado a partir de dados de inteligência sobre ameaças. In Anais do XXIV Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (pp. 815–821). Porto Alegre, RS, Brasil: SBC.
Costa, M. A., Costa, Y. M., Almeida, Y. O., Cardoso, F. J., and Gomes, R. L. (2024). Connection management using automated firewall based on threat intelligence. In Proceedings of the 2024 Latin America Networking Conference (LANC ’24) (pp. 32–37). New York, NY, USA: Association for Computing Machinery.
Costa, W. L., Portela, A. L., and Gomes, R. L. (2021). Features-aware DDoS detection in heterogeneous smart environments based on fog and cloud computing. International Journal of Communication Networks and Information Security, 13(3), 491–498.
Ferreira, M. C., Ribeiro, S. E., Nobre, F. V., Linhares, M. L., Araujo, T. P., and Gomes, R. L. (2024). Mitigating measurement failures in throughput performance forecasting. In 2024 20th International Conference on Network and Service Management (CNSM). IFIP.
Guyon, I. M. and Elisseeff, A. (2003). An introduction to variable and feature selection. Journal of Machine Learning Research, 3, 1157–1182.
Hall, M. A. (1999). Correlation-based feature selection for machine learning. PhD thesis, The University of Waikato.
Komosny, D. (2023). Evidential value of country location evidence obtained from IP address geolocation. PeerJ Computer Science.
Lazar, D., Cohen, K., Freund, A., Bartik, A., and Ron, A. (2021). Imdoc: Identification of malicious domain campaigns via DNS and communicating files. IEEE Access, 9, 45242–45258.
Portela, A., Linhares, M. M., Nobre, F. V. J., Menezes, R., Mesquita, M., and Gomes, R. L. (2024). The role of TCP congestion control in throughput forecasting. In Proceedings of the 13th Latin-American Symposium on Dependable and Secure Computing (LADC ’24) (pp. 196–199). New York, NY, USA: Association for Computing Machinery.
Portela, A. L., Menezes, R. A., Costa, W. L., Silveira, M. M., Bittecnourt, L. F., and Gomes, R. L. (2023). Detection of IoT devices and network anomalies based on anonymized network traffic. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium (pp. 1–6).
Portela, A. L. C., Ribeiro, S. E. S. B., Menezes, R. A., de Araujo, T., and Gomes, R. L. (2024). T-for: An adaptable forecasting model for throughput performance. IEEE Transactions on Network and Service Management, 1–1.
Rizkilina, T. M. and Rosyid, N. R. (2022). Packet filtering automation system design based on data synchronization on IP profile database using Python. Journal of Internet and Software Engineering, 3, 12–19.
Silva, M., Ribeiro, S., Carvalho, V., Cardoso, F., and Gomes, R. L. (2023). Scalable detection of SQL injection in cyber-physical systems. In Proceedings of the 12th Latin-American Symposium on Dependable and Secure Computing (LADC ’23) (pp. 220–225). New York, NY, USA: Association for Computing Machinery.
Silveira, M. M., Portela, A. L., Menezes, R. A., Souza, M. S., Silva, D. S., Mesquita, M. C., and Gomes, R. L. (2023). Data protection based on searchable encryption and anonymization techniques. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium (pp. 1–5).
Souza, M. S., Ribeiro, S. E. S. B., Lima, V. C., Cardoso, F. J., and Gomes, R. L. (2024). Combining regular expressions and machine learning for SQL injection detection in urban computing. Journal of Internet Services and Applications, 15(1), 103–111.
Tang, J., Alelyani, S., and Liu, H. (2014). Feature selection for classification: A review. In Data Classification: Algorithms and Applications (pp. 37–64).
Tosun, A., De Donno, M., Dragoni, N., and Fafoutis, X. (2021). Resip host detection: Identification of malicious residential IP proxy flows. In 2021 IEEE International Conference on Consumer Electronics (ICCE) (pp. 1–6).
Wagner, T. D., Mahbub, K., Palomar, E., and Abdallah, A. E. (2019). Cyber threat intelligence sharing: Survey and research directions. Computers & Security, 87, 101589.
Walla, S. and Rossow, C. (2019). Malpity: Automatic identification and exploitation of tarpit vulnerabilities in malware. In 2019 IEEE European Symposium on Security and Privacy (EuroSP) (pp. 590–605).
Wang, Q., Li, L., Jiang, B., Lu, Z., Liu, J., and Jian, S. (2020). Malicious domain detection based on k-means and SMOTE. In Computational Science–ICCS 2020: 20th International Conference (pp. 468–481). Amsterdam, The Netherlands: Springer.
Yadav, M. and Mishra, D. S. (2023). Identification of network threats using live log stream analysis. In 2023 2nd International Conference on Paradigm Shifts in Communications Embedded Systems, Machine Learning and Signal Processing (PCEMS) (pp. 1–6).
Yang, J. and Lim, H. (2021). Deep learning approach for detecting malicious activities over encrypted secure channels. IEEE Access, 9, 39229–39244.
Chandrashekar, G. and Sahin, F. (2014). A survey on feature selection methods. Computers and Electrical Engineering, 40(1), 16–28.
Costa, M., Costa, Y., Silva, D., Portela, A., and Gomes, R. (2024). Gerenciamento de conexões usando firewall automatizado a partir de dados de inteligência sobre ameaças. In Anais do XXIV Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (pp. 815–821). Porto Alegre, RS, Brasil: SBC.
Costa, M. A., Costa, Y. M., Almeida, Y. O., Cardoso, F. J., and Gomes, R. L. (2024). Connection management using automated firewall based on threat intelligence. In Proceedings of the 2024 Latin America Networking Conference (LANC ’24) (pp. 32–37). New York, NY, USA: Association for Computing Machinery.
Costa, W. L., Portela, A. L., and Gomes, R. L. (2021). Features-aware DDoS detection in heterogeneous smart environments based on fog and cloud computing. International Journal of Communication Networks and Information Security, 13(3), 491–498.
Ferreira, M. C., Ribeiro, S. E., Nobre, F. V., Linhares, M. L., Araujo, T. P., and Gomes, R. L. (2024). Mitigating measurement failures in throughput performance forecasting. In 2024 20th International Conference on Network and Service Management (CNSM). IFIP.
Guyon, I. M. and Elisseeff, A. (2003). An introduction to variable and feature selection. Journal of Machine Learning Research, 3, 1157–1182.
Hall, M. A. (1999). Correlation-based feature selection for machine learning. PhD thesis, The University of Waikato.
Komosny, D. (2023). Evidential value of country location evidence obtained from IP address geolocation. PeerJ Computer Science.
Lazar, D., Cohen, K., Freund, A., Bartik, A., and Ron, A. (2021). Imdoc: Identification of malicious domain campaigns via DNS and communicating files. IEEE Access, 9, 45242–45258.
Portela, A., Linhares, M. M., Nobre, F. V. J., Menezes, R., Mesquita, M., and Gomes, R. L. (2024). The role of TCP congestion control in throughput forecasting. In Proceedings of the 13th Latin-American Symposium on Dependable and Secure Computing (LADC ’24) (pp. 196–199). New York, NY, USA: Association for Computing Machinery.
Portela, A. L., Menezes, R. A., Costa, W. L., Silveira, M. M., Bittecnourt, L. F., and Gomes, R. L. (2023). Detection of IoT devices and network anomalies based on anonymized network traffic. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium (pp. 1–6).
Portela, A. L. C., Ribeiro, S. E. S. B., Menezes, R. A., de Araujo, T., and Gomes, R. L. (2024). T-for: An adaptable forecasting model for throughput performance. IEEE Transactions on Network and Service Management, 1–1.
Rizkilina, T. M. and Rosyid, N. R. (2022). Packet filtering automation system design based on data synchronization on IP profile database using Python. Journal of Internet and Software Engineering, 3, 12–19.
Silva, M., Ribeiro, S., Carvalho, V., Cardoso, F., and Gomes, R. L. (2023). Scalable detection of SQL injection in cyber-physical systems. In Proceedings of the 12th Latin-American Symposium on Dependable and Secure Computing (LADC ’23) (pp. 220–225). New York, NY, USA: Association for Computing Machinery.
Silveira, M. M., Portela, A. L., Menezes, R. A., Souza, M. S., Silva, D. S., Mesquita, M. C., and Gomes, R. L. (2023). Data protection based on searchable encryption and anonymization techniques. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium (pp. 1–5).
Souza, M. S., Ribeiro, S. E. S. B., Lima, V. C., Cardoso, F. J., and Gomes, R. L. (2024). Combining regular expressions and machine learning for SQL injection detection in urban computing. Journal of Internet Services and Applications, 15(1), 103–111.
Tang, J., Alelyani, S., and Liu, H. (2014). Feature selection for classification: A review. In Data Classification: Algorithms and Applications (pp. 37–64).
Tosun, A., De Donno, M., Dragoni, N., and Fafoutis, X. (2021). Resip host detection: Identification of malicious residential IP proxy flows. In 2021 IEEE International Conference on Consumer Electronics (ICCE) (pp. 1–6).
Wagner, T. D., Mahbub, K., Palomar, E., and Abdallah, A. E. (2019). Cyber threat intelligence sharing: Survey and research directions. Computers & Security, 87, 101589.
Walla, S. and Rossow, C. (2019). Malpity: Automatic identification and exploitation of tarpit vulnerabilities in malware. In 2019 IEEE European Symposium on Security and Privacy (EuroSP) (pp. 590–605).
Wang, Q., Li, L., Jiang, B., Lu, Z., Liu, J., and Jian, S. (2020). Malicious domain detection based on k-means and SMOTE. In Computational Science–ICCS 2020: 20th International Conference (pp. 468–481). Amsterdam, The Netherlands: Springer.
Yadav, M. and Mishra, D. S. (2023). Identification of network threats using live log stream analysis. In 2023 2nd International Conference on Paradigm Shifts in Communications Embedded Systems, Machine Learning and Signal Processing (PCEMS) (pp. 1–6).
Yang, J. and Lim, H. (2021). Deep learning approach for detecting malicious activities over encrypted secure channels. IEEE Access, 9, 39229–39244.
Publicado
19/05/2025
Como Citar
J. NOBRE, Francisco V.; M. DA COSTA, Yago; O. ALVES, David; S. ARAUJO, Ramon; S. RODRIGUES, Lyedson; B. NETO, Antonio; A. PEREIRA JR., Lourenço; L. GOMES, Rafael.
SIGMA-IP: Sistema Inteligente de Gestão e Monitoramento de Ameaças para Redes IPs. In: WORKSHOP DE GERÊNCIA E OPERAÇÃO DE REDES E SERVIÇOS (WGRS), 30. , 2025, Natal/RN.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 43-56.
ISSN 2595-2722.
DOI: https://doi.org/10.5753/wgrs.2025.8759.
