Combination of Models for Denial-Of-Service Classification over Different Networks

Resumo

Due to the recent increase in the number of devices connected to different networks, information traffic has increased significantly. As a result of this, the number of threats has also increased. Thus, other works proposed intrusion detection systems (IDS) to protect sensitive user data. IDS are responsible for identifying malicious data flows and reporting possible attacks. However, the first IDS have based on detecting attacks on signatures. Therefore, IDS cannot keep up with the constant evolution of existing attacks. Hence, techniques such as Machine Learning (ML) have become allies of this system type to ensure its effectiveness. The use of ML represents a significant advance in the development of IDS, but there are still open questions about the ability to detect attacks on different isolated networks. Therefore, the present work proposes a Federated Learning (FL) scheme with sampling and attribute selection methods for Distributed Denial-Of-Service (DDoS) classification. Furthermore, we propose to combine the FL scheme with the Energy-based Flow Classifier (EFC) algorithm building an ensemble model capable of identifying malicious agents. We evaluated whether using an ensemble can extract different types of information during the ML process. This work represents ongoing research with results under development.