Detecção de botnets utilizando classificação de fluxos contínuos de dados

Detalhes bibliográficos
Ano de defesa: 2020
Autor(a) principal: Ribeiro, Guilherme Henrique
Orientador(a): Não Informado pela instituição
Banca de defesa: Não Informado pela instituição
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: por
Instituição de defesa: Universidade Federal de Uberlândia
Brasil
Programa de Pós-graduação em Ciência da Computação
Programa de Pós-Graduação: Não Informado pela instituição
Departamento: Não Informado pela instituição
País: Não Informado pela instituição
Palavras-chave em Português:
Segurança da informação
Information security
Sistemas de detecção de intrusão
Intrusion detection systems
Classificação de fluxos contínuos de dados
Stream mining classification
Botnets
Computação
CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAO
Link de acesso: https://repositorio.ufu.br/handle/123456789/31198
http://doi.org/10.14393/ufu.di.2021.31
Resumo: The 2016 year has marked a significant paradigm shift associated with the behavior of botnets. By infecting unconventional computing devices such as home cameras and routers, the Mirai malware significantly impacted the scope and attack capacity of the botnets. This fact emphasizes the importance of developing new methods to detect botnets. One of them involves using data stream mining algorithms to classify malicious botnet traffic. Despite the existence of some initiatives that adopt this approach, several research problems remain open. An important research topic is related to the high cost and effort spent by security professionals to obtain labeled data. Therefore, the main objective of this dissertation covers the evaluation of stream mining algorithms for detecting botnets considering requirements closer to the real-world scenarios, such as i) data flows are continually arriving, ii) new botnet attacks may arise and such attacks might not be available to the decision model, iii) usually, few flows are labeled and iv) the evaluation of the classification should be done taking into account the moment when the flows arrive, in particular the ones in which new attacks arrive. Throughout the work, a series of experiments was conducted using datasets containing real traffic from different types of botnets. The experimental results show the potential of the stream mining approach for detection of botnets and reveal that it is possible to minimize the number of labeled instances presented to the classifier, maintaining a good performance.

Registros relacionados