FamilyGuard: uma arquitetura de segurança para detecção de anomalias em redes domésticas
| Ano de defesa: | 2022 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Tese |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal de Uberlândia
Brasil Programa de Pós-graduação em Ciência da Computação |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | https://repositorio.ufu.br/handle/123456789/36539 http://doi.org/10.14393/ufu.te.2022.587 |
Resumo: | The evolution of protocols and smart devices for the residential environment is taking place quickly; several manufacturers have created new devices and applications and made them available in the market daily. This technological transformation is impacting several areas, one of which is the home environment that incorporates smart devices connected to the Internet to provide convenience for people. Despite all the benefits of adopting smart devices in the residential environment, there is a concern in the scientific community regarding the security mechanisms since it is a heterogeneous environment with devices that have security capabilities, limited hardware, and software. This work proposes a security architecture that provides an additional layer of protection for home networks through anomaly detection models. Three aspects of the architecture in question, named FamilyGuard, were evaluated in this work: the implementation of components on low-cost hardware, the ability of machine learning models to detect threats, and the response time during the anomaly detection process. To create the anomaly detection models, it was also necessary to define and adapt the data sets to represent the network traffic in a residential environment. After defining the home network traffic dataset, experiments were carried out to verify the feasibility of creating unsupervised models to detect anomalies and using supervised algorithms to classify the identified threats. The performance of twelve one-class algorithms was evaluated in three test cases; the best models presented an area under the curve (AUC) greater than 94%, which indicates the usefulness of adopting unsupervised learning algorithms in the identification of anomalous traffic in home networks. The results also indicate that supervised models can classify threats and that the proposed architecture can provide an additional layer of security to the residential scenario. |