Detalhes bibliográficos
| Ano de defesa: |
2019 |
| Autor(a) principal: |
Silva, Rosana Cordovil da
 |
| Orientador(a): |
Sassi, Renato José
|
| Banca de defesa: |
Sassi, Renato José
,
Chalco, Jesús Pascual Mena
,
Napolitano, Domingos Marcio Rodrigues
,
Belan, Peterson Adriano
|
| Tipo de documento: |
Dissertação
|
| Tipo de acesso: |
Acesso aberto |
| Idioma: |
por |
| Instituição de defesa: |
Universidade Nove de Julho
|
| Programa de Pós-Graduação: |
Programa de Pós-Graduação em Informática e Gestão do Conhecimento
|
| Departamento: |
Informática
|
| País: |
Brasil
|
| Palavras-chave em Português: |
|
| Palavras-chave em Inglês: |
|
| Área do conhecimento CNPq: |
|
| Link de acesso: |
http://bibliotecatede.uninove.br/handle/tede/3088
|
Resumo: |
An intrusion event is an abnormal activity that can lead to security incidents, which in turn impairs the proper functioning of a computer network. Among the steps that can be taken to ensure data security, honeypots are information security tools used to lure attacks into a controlled and monitored environment to understand malicious behavior. Honeypots analyze data flow from the computer network. The amount and complexity of attacks have favored the use of Artificial Intelligence techniques, such as Rough Sets (RS) theory. Thus, this work aimed to apply the Rough Sets theory to reduce attributes and classify data flows in honeypots for anomaly detection. To achieve this objective, the bibliographical, descriptive and experimental research with quantitative approach was adopted as methodology. The selected database was honeypots, available from the Center for Studies, Response and Treatment of Security Incidents in Brazil (CERT.br) containing 2,057 records and 7. The experimental methodology was divided into six phases, ranging from the selection and extraction of information from the database to the application of a questionnaire for information technology professionals, in order to validate the results of the experiments. The application of RS in the honeypots database for attribute reduction generated a 4 attribute stronghold. Then RS were applied in the reduced base generating 2,044 decision rules, consolidated in 42 rules, due to their excessive number. A questionnaire with 5 questions was sent to 63 IT professionals, of which 50 answered. The percentage of Yes answers for all questions exceeded 90%, validating the application of SR. It was concluded, then, that with the experimental results obtained and the answers given to the questions of the questionnaire, that RS can be applied in information security area, more precisely to reduce attributes and classify data flows in honeypots for detection of data anomalies. |
