ارائه یک ره‌یافت جدید مبتنی بر روش ترکیبی به منظور آشکارسازی نفوذ در شبکه

نویسندگان

دانشگاه علم و صنعت ایران

چکیده

نقش یک سامانه تشخیص نفوذ برای آشکارسازی ناهنجاری‌ها در شبکه از اهمیت زیادی برخوردار است. حملات جدید و ناشناخته موجب ناکارآمدی راه‌کارهای شناسایی مبتنی بر امضاء و در نتیجه استفاده از راه‌کارهای شناسایی مبتنی بر ناهنجاری شده است. این راه‌کارها نیز علی‌رغم توانایی بالا در تشخیص ناهنجاری‌ها، از نرخ مثبت کاذب بالایی رنج می‌برند. برای غلبه بر این مشکل، ایده استفاده از آشکارسازهای‌ ترکیبی مطرح ‌شده است. در این مقاله، راه‌کاری نوین مبتنی بر روش آشکارسازی ترکیبی با یک معماری چهارلایه‌ای پیشنهاد شده است. لایه‌ اول از واحد تحلیل‌گر جریان داده‌ها و واحد طبقه‌بندی تشکیل ‌شده است که برای طبقه‌بندی نوع سرویس‌های شبکه از ترکیب روش آماری n-گرام‌ و الگوریتم ژنتیک استفاده می‌کند. در لایه تشخیص نفوذ، یک واحد آشکارساز مبتنی بر امضاء و واحد‌های آشکارساز مبتنی بر ناهنجاری به شکل ترکیبی پیاده‌سازی شده‌اند که متناسب با برچسب نوع سرویس‌ها فراخوانی می‌شوند. سپس، درنتیجه‌ پردازش این واحدها، لایه تصمیم‌گیری فراخوانی می‌شود. این لایه‎ ماهیت حمله و نوع پاسخ را تشخیص داده و لایه‌ مدیریت وقایع را فرا می‌خواند. در این لایه ضمن اطلاع‌رسانی هشدارها به مدیر شبکه، در صورت نیاز، اعمال واکنشی و اقدامات امنیتی لازم نیز انجام خواهد شد. نتایج حاصل از ارزیابی‌ اعتبارسنجی چندلایه‌ای، بهبود دقت تشخیص نفوذ را 81/99% نشان می‌دهد که در نتیجه کاهش میزان نرخ مثبت کاذب را در پی خواهد داشت.

کلیدواژه‌ها


M. Joshi, R. Agarwal, and A. V. Kumar, “Predicting rare classes:can boosting make any weak learner strong,” Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, vol. 306, p. 297, 2002.
K. Gisung, S. Lee, and S. Kim, “A novel hybrid intrusion detection method integrating anomaly detection with misuse detection,” Expert Systems with Applications, vol. 41, no. 4, pp. 1690-1700, 2014.
O. Depren, M. Topallar, E. Anarim, and M. Ciliz, “An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks,” Expert systems with Applications, vol. 29, no. 4, pp. 713-722, 2005.
C. Xiang and S. Lim, “Design of multiple-level hybrid classifier for intrusion detection system,” IEEE Workshop on Machine Learning for Signal Processing, pp. 117-122, 2005.
M. Sabhnani and G. Serpen, “Application of machine learning algorithms to KDD intrusion detection dataset within misuse detection context,” In International Conference on Machine Learning, Models, Technologies and Applications, pp. 209-215, 2003.
T. Shon and J. Moon, “A hybrid machine learning approach to network anomaly detection,” Information Sciences, vol. 177, no. 18, pp. 3799-3821, 2007.
L. Hung-Jen et al., “Intrusion detection system: A comprehensive review,” Journal of Network and Computer Applications, vol. 36, no. 1, pp. 16-24, 2013.
K. Levent, T. A. Mazzuchi, and S. Sarkani, “A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier,” Expert Systems with Applications, vol. 18, no. 39, pp. 13492-13500, 2012.
X. Liyuan and Y. Chen, “Bayesian model averaging of bayesian network classifiers for intrusion detection,”Computer Software and Applications Conference Workshops, IEEE 38th International, 2014.
Hoque, M. Sazzadul et al., “An implementation of intrusion detection system using genetic algorithm,” arXiv preprint arXiv, pp. 1204-1336, 2012.
H. Mostaque, “Current studies on intrusion detection system, genetic algorithm and fuzzy logic,”| arXiv preprint arXiv, pp. 1304-3535, 2013.
Muniyandi, A. Prabakar, R. Rajeswari, and R. Rajaram, “Network anomaly detection by cascading k-Means clustering and C4. 5 decision tree algorithm,” Procedia Engineering, vol. 30, pp. 174-182, 2012.
S. Shailendra and B. M. Mehtre, “Network intrusion detection system using j48 decision tree,” Advances in Computing, Communications and Informatics, International Conference on IEEE, 2015.
S. Devaraju and S. Ramakrishnan, “Performance comparison for intrusion detection system using neural network with KDD dataset,” ICTACT Journal on Soft Computing, vol. 4, no. 3, pp. 743-752, 2014.
A. Yousef and et al., "Flow-based anomaly intrusion detection system using two neural network stages," Compute. Sci. Inf. Syst., vol. 11, no. 2, pp. 601-622, 2014.
O. Chung-Ming, “Host-based intrusion detection systems adapted from agent-based artificial immune systems,” Neurocomputing, vol. 88, pp. 78-86, 2012.
E. Tombini, H. Debar, L. Me, M. Ducasse, F. Telecom, and F. Caen, “A serial combination of anomaly and misuse IDSes applied to HTTP traffic,” In Proceedings of the 20th Annual Computer Security Applications Conference, pp. 428-437, 2004.
J. Zhang and M. Zulkernine, “A hybrid network intrusion detection technique using random forests,” In Proceedings of the First International Conference on Availability, Reliability and Security (ARES), p. 8, 2006.
T. Shon and J. Moon, “A hybrid machine learning approach to network anomaly detection,” Information Sciences, vol. 177, no. 18, pp. 3799-3821, 2007.
S. Peddabachigari, A. Abraham, C. Grosan, and J. Thomas, “Modeling intrusion detection system using hybrid intelligent systems,” Journal of Network and Computer Applications, vol. 30, no. 1, pp. 114-132, 2007.
K. Gummadi, R. Dunn, S. Saroiu, S. Gribble, H. Levy, and J. Zahorjan, “Measurement, modeling, and analysis of a peer-to-peer file-sharing workload,” ACM SIGOPS Operating Systems Review, vol. 37, no. 5, pp. 314-329, 2003.
S. Sen, O. Spatscheck and D. Wang, “Accurate, scalable in-network identi_cation of p2p tra_c using application signatures,” In Proceedings of the 13th international conference on World Wide Web, pp. 512-521, 2004.
L. Bernaille and R. Teixeira, “Early recognition of encrypted applications,” In Proceedings of the 8th International Conference on Passive and Active Network Measurement, pp. 165-175, 2007.
C. W. Dewes and A. Feldmann, “An analysis of internet chat systems,” In Proceedings of the 3rd ACM SIGCOMM Conference on Internet Measurement, pp. 51-64, 2003.
V. Silvio and et al., “Reviewing traffic classification, Data Traffic Monitoring and Analysis,” Springer Berlin Heidelberg, pp. 123-147, 2013.
V. Paxson and S. Floyd, “Wide-area traffic: The failure of Poisson modeling,” IEEE/ACM Transactions on Networking (TON), vol. 3, no. 3, pp. 226-244, 1995.
D. Alberto, A. Pescape, and C. Kimberly, “Issues and future directions in traffic classification,” IEEE network, vol. 26, no. 1, pp. 35-40, 2012.
L. Bernaille, R. Teixeira, and K. Salamatian, “Early application identification,” ACM Conference on Emerging Network Experiment and Technology, 2006.
Shrivastav and A. Tiwari, “Network traffic classification using semi-supervised approach,” Machine Learning and Computing (ICMLC), Second International Conference on. IEEE, 2010.
M. Damashek, “Gauging similarity with n-grams: Language-independent categorization of text,” Science, vol. 267, p. 843, 1995.
K. Wang and S. Stolfo, “Anomalous payload-based network intrusion detection,” Lecture Notes in Computer Science, pp. 203-222, 2004.
D. l. Hoz, Eduardo and et al., “PCA filtering and probabilistic SOM for network intrusion detection,” Neurocomputing, vol. 164, pp. 71-81, 2015.
K. Fangjun, X. Weihong, and S. Zhang, “A novel hybrid KPCA and SVM with GA model for intrusion detection,” Applied Soft Computing, vol. 18, pp. 178-184, 2014.
B. Senthilnayaki, K. Venkatalakshmi, and A. Kannan, “An intelligent intrusion detection system using genetic based feature selection and Modified J48 decision tree classifier,” Fifth International Conference on Advanced Computing (ICoAC).IEEE, 2013.
A. Heba and F. Eid, “Principle components analysis and support vector machine based intrusion detection system,” International Conference on Intelligent Systems Design and Applications.IEEE, 2010.
N. Sharma, “A Novel Multi-Classifier Layered Approach to Improve Minority Attack Detection in IDS,” in 2nd International Conference on Communication, Computing & Security, 2012.
M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, “Network Anomaly Detection: Methods, Systems and Tools,” IEEE Communications Surveys & Tutorials, vol. 16, no. 1, 2014.