Uso de algoritmo de aprendizagem de máquina não-supervisionado para prevenção da formação de redes botnet

Detalhes bibliográficos
Ano de defesa: 2020
Autor(a) principal: Arimatéa, Gabriel de Carvalho
Orientador(a): Ribeiro, Admilson de Ribamar Lima
Banca de defesa: Não Informado pela instituição
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: por
Instituição de defesa: Não Informado pela instituição
Programa de Pós-Graduação: Pós-Graduação em Ciência da Computação
Departamento: Não Informado pela instituição
País: Não Informado pela instituição
Palavras-chave em Português:
Computação
Internet das coisas
Inteligência artificial
Algorítmos computacionais
Palavras-chave em Inglês:
Botnet
Internet of things
Machine learning
Security
Área do conhecimento CNPq:
CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
Link de acesso: https://ri.ufs.br/jspui/handle/riufs/14133
Resumo: The Internet of Things has become more important due to its applicability to many embedded systems ecosystems in daily use. However, those systems’ devices have several hardware constraints and neglected security. Consequently, botnets malwares have taken advantage of poor security schemas on such devices. This dissertation evaluates the use of four unsupervised machine learning algorithms using data streams to detect botnet formation on the network edge. The algorithms were chosen after a literature review for being less demanding, being more adequate to implement in more restricted environments. To increase the efficiency and quality of results, two processing algorithms were also used. It was used a dataset generated by nine smart objects and with two infection variants: Mirai and Bashlite. Qualitative experiments were made to assess the classification results of each algorithm and also to evaluate the results after varying processing and memory resources changes to verify a minimal configuration to a device properly execute the algorithms. After qualitative and performance evaluations, the results showed that algorithms such as BIRCH, DenStream, and DStream are viable choices to detect malicious data that are sent in botnet formation. Those algorithms have an average accuracy between 96% and 98%, needing few samples per device and sample analysis response time of 300 milliseconds in a Raspberry Pi Zero W, being a constrained device and much similar to an application in an Internet of Things scenario.

Registros relacionados