Uma Comparação entre os Sistemas de Detecção de Ameaças Distribuídas de Rede Baseado no Processamento de Dados em Fluxo e em Lotes

  • Fabio Cesar Schuartz UTFPR
  • Anelise Munaretto Federal University of Technology - Parana (UTFPR)
  • Mauro Fonseca UTFPR

Resumo


With the advancement of technology, allowing a greater massification of devices connected to the Internet of Things, there is a huge increase in the communication that circulates through the network, resulting in a growing number of vulnerability exploitations detected every year. Thus, faster and more accurate systems are needed to efficiently detect distributed denial of service attacks and port scans. This paper proposes a system for on-line detection of distributed network threats using data stream processing. The results obtained by the proposed system are compared with the results obtained by a system using batch processing, both operating on the same database, widely known by the scientific community. The proposed system is evaluated through two metrics: accuracy and number of false-positive and false-negative. The results show that using data stream processing improved detection accuracy by up to 17,50%, reducing the number of false-positives and false-negatives by up to 66,61%.

Palavras-chave: Internet das Coisas, Segurança, DDoS, processamento em fluxos, NDIS, aprendizagem de máquina

Referências

Bifet, A. and Gavaldà, R. (2009). Adaptive learning from evolving data streams. In Pro-ceedings of the 8th International Symposium on Intelligent Data Analysis: Advances in Intelligent Data Analysis VIII, IDA '09, pages 249-260, Berlin, Heidelberg. Springer-Verlag.

Bifet, A., Holmes, G., Pfahringer, B., and Frank, E. (2010). Fast perceptron decision tree learning from evolving data streams. In Proceedings of the 14th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining -Volume Part II, PAKDD'10, pages 299-310, Berlin, Heidelberg. Springer-Verlag.

Bifet, A., Holmes, G., Pfahringer, B., Read, J., Kranen, P., Kremer, H., Jansen, T., and Seidl, T. (2011). Moa: A real-time analytics open source framework. In Proceedings of the 2011 European Conference on Machine Learning and Knowledge Discovery in Databases -Volume Part III, ECML PKDD'11, pages 617-620, Berlin, Heidelberg. Springer-Verlag.

Buczak, A. L. and Guven, E. (2016). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys Tutori-als, 18(2):1153-1176.

Chen, F., Deng, P., Wan, J., Zhang, D., Vasilakos, A. V., and Rong, X. (2015). Data mining for the internet of things: Literature review and challenges. International Journal of Distributed Sensor Networks, 11(8):431047.

CICFlowMeter (2017). Cicflowmeter -a network traffic biflow generator and analyzer. Acessado em: 15-08-2018.

Corrêa, D. G., Enembreck, F., and Silla, C. N. (2017). An investigation of the hoeffding adaptive tree for the problem of network intrusion detection. In 2017 International Joint Conference on Neural Networks (IJCNN), pages 4065-4072.

Desale, K. S., Kumathekar, C. N., and Chavan, A. P. (2015). Efficient intrusion detec-tion system using stream data mining classification technique. In 2015 International Conference on Computing Communication Control and Automation, pages 469-473.

Gama, J., Sebastião, R., and Rodrigues, P. P. (2009). Issues in evaluation of stream lear-ning algorithms. In Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD '09, pages 329-338, New York, NY, USA. ACM.

Gama, J., Sebastião, R., and Rodrigues, P. P. (2013). On evaluating stream learning algorithms. Mach. Learn., 90(3):317-346.

Gama, J.,Žliobaitė, I., Bifet, A., Pechenizkiy, M., and Bouchachia, A. (2014). A survey on concept drift adaptation. ACM Comput. Surv., 46(4):44:1-44:37.

Gartner (2016). Gartner says by 2020, more than half of major new business processes and systems will incorporate some element of the internet of things. Acessado em: 07-11-2018.

Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., and Witten, I. H. (2009). The WEKA data mining software: an update. SIGKDD Explorations, 11(1):10-18.

Hoeffding, W. (1963). Probability inequalities for sums of bounded random variables. Journal of the American Statistical Association, 58(301):13-30.

Kezih, M. and Taibi, M. (2013). Evaluation effectiveness of intrusion detection system with reduced dimension using data mining classification tools. In 2nd International Conference on Systems and Computer Science, pages 205-209.

Kholghi, M., Hassanzadeh, H., and Keyvanpour, M. (2010). Classification and evaluation of data mining techniques for data stream requirements. In 2010 International Sympo-sium on Computer, Communication, Control and Automation (3CA), volume 1, pages 474-478.

Labs, F. (2017). The hunt for iot: The rise of thingbots. Acessado em: 07-11-2018.

Lashkari, A. H., Zang, Y., Owhuo, G., Mamun, M. S. I., and Gil, G. D. (2017). Cicflow-meter -a network traffic biflow generator and analyzer. Acessado em: 15-08-2018.

Lobato, A. G. P., Andreoni, M., and Duarte, O. C. M. B. (2016). Um sistema acurado de detecção de ameaças em tempo real por processamento de fluxos.

Pecht, M. G. and Kang, M. (2019). Machine Learning: Fundamentals. IEEE.

Schuartz, F. C., Fonseca, M., and Munaretto, A. (2017). Sistema distribuído para detecção de ameaças em tempo real utilizando big data. In XXXV Simpósio Brasileiro de Telecomunicações e Processamento de Sinais -SBrT 2017.

Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2017). Cicids2017. Acessado em: 15-08-2018.

Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy -Volume 1: ICISSP,, pages 108-116. INSTICC, SciTePress.

Sun, J. (2010). Application of data mining for decision tree model of multi-variety dis-crete production and manufacture. In 2010 Third International Symposium on Intelli-gent Information Technology and Security Informatics, pages 724-728.

Symantec (2018). Internet security threat report, volume 23. Acessado em: 07-11-2018.
Publicado
23/09/2019
SCHUARTZ, Fabio Cesar; MUNARETTO, Anelise ; FONSECA, Mauro . Uma Comparação entre os Sistemas de Detecção de Ameaças Distribuídas de Rede Baseado no Processamento de Dados em Fluxo e em Lotes. In: WORKSHOP DE GERÊNCIA E OPERAÇÃO DE REDES E SERVIÇOS (WGRS), 24. , 2019, Gramado. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2019 . p. 29-42. ISSN 2595-2722. DOI: https://doi.org/10.5753/wgrs.2019.7681.