Aplicação combinada do filtro de Bloom com redes neurais recorrentes para detecção de ataques Web
| Ano de defesa: | 2020 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal de Santa Maria
Brasil Ciência da Computação UFSM Programa de Pós-Graduação em Ciência da Computação Centro de Tecnologia |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | http://repositorio.ufsm.br/handle/1/19784 |
Resumo: | The diversity and complexity of attacks that threaten Web applications have grown in recent years, causing losses for users and owners of these applications. In order to increase security levels, experts have implemented intrusion detection systems to act on the application layer, especially those based on anomalies. Anomaly detection techniques aim to extend security systems by adding alternatives for detecting unknown attacks that would not be discovered by signature-based detection systems. Machine learning methods are widely used in detectors, mainly recurrent neural networks, which have gained great importance in recent years due to their great performance in the task of detecting web attacks. However, research with recurrent networks has focused on increasing the prediction performance of the models. In addition, techniques based on deep learning have shown high computational cost. Therefore, it is necessary to design effective intrusion detection models for the forecasting task, as well as efficient in terms of detection time. In this work, the Bloom Filter was used as a tool to support the detector based on recurrent neural network. The Bloom filter is a more agile tool and acts in the selection of instances, reducing the input data of the neural network. This combination provided a reduction in the average detection time without affecting the detection metrics results of recurring networks. In addition, with the comparative assessment between recurrent networks of the LSTM, BI-LSTM and GRU types, it was possible to evaluate the best variant for the model. The combination of Bloom Filter and Recurrent Neural Network proved to be adequate and effective for detecting attacks against Web applications, presenting a great predictive performance and average detection time when compared to scenarios without the presence of the filter. |