Uma metodologia para caracterização do tráfego de redes de computadores: uma aplicação em detecção de anomalias / Methodology for traffic characterization of computer networks: an application in anomaly detection
AUTOR(ES)
Adriana Cristina Ferrari dos Santos
FONTE
IBICT - Instituto Brasileiro de Informação em Ciência e Tecnologia
DATA DE PUBLICAÇÃO
24/02/2011
RESUMO
The methods of intrusion detection based on anomalies model the default behavior of network traffic and identify anomalies as deviations from the behavior model mapped. The modeling of traffic behavior requires the analysis of large datasets to extract knowledge about the particularities of each network environment, considering the services provided, number of users, and access to services performed during the day, among others. Besides the processing time for large sets, the modeling must exercise greater care and concern in this search field with the high number of false alarms generated by this type of method. To improve the accuracy of the results of detection, network behavior must be properly mapped and constantly updated to include the changes in the environment. Another aspect to consider is the size of the knowledge base of the standard model of traffic which certainly affects the training time of the classifier. As a contribution in this area, we developed the methodology TRAFCIN (network Traffic Characterization on Computational INteligence) describing a combination of techniques and procedures to characterize the behavior of network traffic using techniques from computational intelligence, which can become a reference for activities to detect anomalies in network operating environments. In tests conducted to evaluate the methodology, anomaly detection was achieved by the characterization of network traffic through the clustering technique adopted for knowledge extraction and reduction of the database while retaining the expressiveness of information, observing small rates of false alarms.
ASSUNTO(S)
tráfego de rede clusterização inteligência computacional detecção de anomalias segurança de redes network traffic clustering computational intelligence anomaly detection network security
ACESSO AO ARTIGO
http://urlib.net/sid.inpe.br/mtc-m19/2011/02.15.17.55Documentos Relacionados
- A Methodology for attack detection in the network traffic based on neural networks
- Uma metodologia para detecção de ataques no tráfego de redes baseada em redes neurais
- Metodologia Pragmática para Avaliação de Desempenho e Planejamento de Capacidade em Redes de Computadores
- WAVELET-BASED ANOMALY DETECTION IN NETWORK TRAFFIC
- Estudo sobre sistema de detecção de intrusão por anomalias: uma abordagem utilizando redes neurais