Sistema de detecção de intrusão em redes de computadores com técnicas de inteligência computacional
| Ano de defesa: | 2016 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal de Lavras
Programa de Pós-Graduação em Ciência da Computação UFLA brasil Departamento de Ciência da Computação |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | http://repositorio.ufla.br/jspui/handle/1/12161 |
Resumo: | The Network Intrusion Detection Systems - NIDS have great importance in guaranteeing the reliability and availability of computer networks. Therefore, this thesis proposes a methodology for developing an anomaly based and Open-Source NIDS, using the following Computational Intelligence Techniques (CI): Artificial Neural Networks, Support Vector Machines and Random Forests. The CI techniques are applied and compared in order to evaluate the intrusion detection methods for computing environments. In order for the NIDS to operate in real environment, it was necessary to develop an API, with the objective of capturing the network traffic and preprocess the information for the CI techniques. Thus, it was possible to perform the tests in different network infrastructures and in real environment. The training of these techniques was done using the ISCX 2012 network traffic database, comprised by varied types of traffic. Using the developed API, we created an auxiliary database for tests, approaching traffic types alternative to that found with the ISCX 2012, however with network in smaller scale and with different operational systems and tools. This database allows the efficacy tests of the CI techniques to be performed in different infrastructures and modes of use. This thesis had the main contributions in the following topics: (i) development of an API, Open-Source, for capturing packages, preprocessing and integrating with the Computacional Intelligence techniques; (ii) evaluation of the Computacional Intelligence techniques for the network intrusion detection issue; (iii) use of independent software and/or host features . The results obtained with the ISCX 2012 database and CI techniques presented adjustment averages close to 95%. With the test database, the adjustment averages were of close to 97%, affirming the feasibility of the use of CI techniques for resolving network intrusion reconnaissance issues. It is worth mentioning that the test database was not used to train the CI techniques, only to validate the same. |