Abordagem de detecção de intrusão em ambientes fog computing e internet of things
| Ano de defesa: | 2021 |
|---|---|
| Autor(a) principal: |
Valencio, Jean Douglas Gomes
 |
| Orientador(a): |
Machado, Renato Bobsin
|
| Banca de defesa: |
Silva, Rômulo César
,
Maciejewski, Narco Afonso Ravazzoli
|
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Estadual do Oeste do Paraná
Foz do Iguaçu |
| Programa de Pós-Graduação: |
Programa de Pós-Graduação em Engenharia Elétrica e Computação
|
| Departamento: |
Centro de Engenharias e Ciências Exatas
|
| País: |
Brasil
|
| Palavras-chave em Português: | |
| Palavras-chave em Inglês: | |
| Área do conhecimento CNPq: | |
| Link de acesso: | https://tede.unioeste.br/handle/tede/5958 |
Resumo: | Given the advantages of innovations and technological advances in our era, the connection between people through devices connected to the Internet is intrinsic in our daily lives, allowing the distribution and sharing of information in real time various business models and distribution chains are Internet based, that is also, useful to connect and control IoT devices that permeate the environment creating an interface from the digital world to the physical world. However, some innovations become catalysts for the activities of malicious actors that look for vulnerabilities in systems and then exploit them, causing damage or making a personal gain on possession of others resources. The fragility of systems has been constantly exposed through increasing computational incidents. In this context, intrusion detection systems add a great value to organizations that look for greater resistance to external solutions, protecting their users and resources. The amount of traffic to be analyzed by intrusion detection systems is often prohibitive and consumes a large amount of computing resources, especially on IoT devices that are resource weakly and are the architecture usually based on multiple layers. Given this context, this work consists of an intrusion detection approach based on attribute selection and event classification. The ensemble of attribute selection phase is composed of two steps, in the first one a method based on statistics and information gain is used, the Information gain (IG) method, reducing quantity of attributes and generating a subset which is then submitted to the second step of the method, that consist on two algorithms, the Sequential Forward Feature Selection (SFFS) and Sequential Backward Feature Elimination (SBFE), which perform the evaluation based on the performance of the combination of several subsets, generating a set of reduced attributes combined by a combination method. The resulting set of this processing is then used to train the classifier algorithm, Extra-Tree (ET). To carry out the experiments, a public database CICIDS2017 was used, reduced to 20% during a pre-processing phase. The arrangement of the attribute selection algorithms were varied in order to train the classification algorithm and execute it, totaling 5 attribute selection approaches and another approach using a complete base with all attributes. The approach using IG + SFFS cap SBFE presented the best result in testing time and training time maintaining the accuracy levels, balanced accuracy and precision of the other approaches. |