Antonio Gonzalez Pastana Lobato scite author profile

Late detection of security breaches increases the risk of irreparable damages and limits any mitigation attempts. We propose a fast and accurate threat detection and prevention architecture that combines the advantages of real-time streaming with batch processing over a historical database. We create a dataset by capturing both legitimate and malicious traffic and propose two ways of combining packets into flows, one considering a time window and the other analyzing the first few packets of each flow per period. We also investigate the effectiveness of our proposal on real-world network traces obtained from a significant Brazilian network operator providing broadband Internet to their customers. We implement and evaluate three classification algorithms and two anomaly detection methods. The results show an accuracy higher than 95% and an excellent trade-off between attack detection and false-positive rates. We further propose an improved scheme based on software defined networks that automatically prevents threats by analyzing only the first few packets of a flow. The proposal promptly and efficiently blocks threats, is robust, and can scale up, even when the attacker employs spoofed IP.

show abstract

Um Sistema Adaptativo de Detecção e Reação a Ameaças

Lobato

Lopez²,

Rebello

et al. 2017

View full text Add to dashboard Cite

Atacantes criam novas ameaças e constantemente mudam seu comportamento para enganar os sistemas de segurança atuais. Aliás, as ameaças são detectadas em dias ou semanas, enquanto uma contramedida deve ser imediatamente efetuada para evitar ou reduzir prejuízos. Este artigo propõe um sistema adaptativo de detecção de ameaças que possui um esquema baseado em Redes Definidas por Software (SDN) para realizar contramedidas. As contribuições do trabalho são: i) a detecção e prevenção de ameaças analisando uma sequência de apenas cinco pacotes de cada fluxo; ii) o desenvolvimento de algoritmos de detecção treinados em tempo real, com comportamento adaptativo; iii) o imediato acionamento de contramedidas sem esperar o fim do fluxo; e iv) o efetivo bloqueio de ameaças mesmo em cenários nos quais o endereço do pacote IP é mascarado. Um esquema baseado na tecnologia SDN efetua o monitoramento da sequência de cinco pacotes e o rápido bloqueio do ataque ainda na origem, evitando que recursos de rede sejam desperdiçados. Os resultados obtidos mostram uma alta acurácia na detecção de ameaças, mesmo com o comportamento da rede variando com o tempo.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Antonio Gonzalez Pastana Lobato

A Performance Comparison of Open-Source Stream Processing Platforms

An Adaptive Real-Time Architecture for Zero-Day Threat Detection

Collecting and characterizing a real broadband access network traffic dataset

An evaluation of a virtual network function for real-time threat detection using stream processing

A fast and accurate threat detection and prevention architecture using stream processing

Um Sistema Adaptativo de Detecção e Reação a Ameaças

Contact Info

Product

Resources

About