Smart Defender: um sistema de detecção e mitigação de ataques DoS/DDoS usando aprendizagem de máquina

Denial of Service Attack (DoS) and its distributed variant (DDoS) represent one of the most significant risks to the availability of services operating on the Internet. This cyber threat continues to grow worldwide and is detrimental even with the advancement of network protection technologies. De...

ver descrição completa

Na minha lista:
Detalhes bibliográficos
Autor principal: Lima Filho, Francisco Sales de
Outros Autores: Silveira, Luiz Felipe de Queiroz
Formato: doctoralThesis
Idioma:pt_BR
Publicado em: Brasil
Assuntos:
DoS
DDoS
Detecção de ataques
Mitigação de ataques
Aprendizagem de máquina
Segurança de redes
CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA
Endereço do item:https://repositorio.ufrn.br/jspui/handle/123456789/28470
Tags: Adicionar Tag
Sem tags, seja o primeiro a adicionar uma tag!
Descrição
Resumo:Denial of Service Attack (DoS) and its distributed variant (DDoS) represent one of the most significant risks to the availability of services operating on the Internet. This cyber threat continues to grow worldwide and is detrimental even with the advancement of network protection technologies. Developing mechanisms that can detect and mitigate the impacts of malicious traffic generated by DDoS attacks is a current challenge in network security, with a direct impact on the lives of the world’s population. This work proposes the Smart Defender system as an approach to reduce the impact of these attacks. This system consists of two tools, Smart Detection (SD) and Smart Protection (SP), which operate in an integrated and distributed manner. The proposed detection system makes decisions based on pre-existing signatures using Machine Learning (ML) techniques to classify network traffic. The protection system enforces rules to control unwanted traffic and mitigate the effects of DDoS, given the information shared by the detection system and the security policy of the local network. In the experiments performed, modern reference data sets and controlled laboratory tests were used. The results show that the proposed solution is capable of early detection of high hit rate and low false alarm rate DDoS attacks, as well as isolating the threat in the first minute of attack.

Registros relacionados