Portal de Programas de Pós-Graduação (UFABC)

SIGAA - Sistema Integrado de Gestão de Atividades Acadêmicas

PPGINF PÓS-GRADUAÇÃO EM ENGENHARIA DA INFORMAÇÃO FUNDAÇÃO UNIVERSIDADE FEDERAL DO ABC Phone: Not available E-mail: ppg.informacao@ufabc.edu.br http://propg.ufabc.edu.br/ppginfo

Banca de DEFESA: LUAN GONÇALVES MIRANDA

Uma banca de DEFESA de MESTRADO foi cadastrada pelo programa.
STUDENT : LUAN GONÇALVES MIRANDA
DATE: 27/11/2023
TIME: 09:00
LOCAL: https://conferenciaweb.rnp.br/webconf/murilo-13
TITLE:

Network anomaly detection using autoencoders

PAGES: 105
BIG AREA: Engenharias
AREA: Engenharia Elétrica
SUMMARY:

In recent decades, there has been a significant increase in devices and systems connected to the internet, which requires a continuous evolution of cybersecurity strategies due to the sensitivity of the data transmitted over these networks. Among the emerging strategies, Intrusion Detection Systems have gained prominence, specially a class called Anomaly Detection Systems (ADS), which detect threats by identifying anomalies with respect to normal network traffic data. The importance of ADS lies in their ability to identify unknown attacks without the need for prior knowledge of their characteristics.

One possible implementation of ADS that has been investigated is the use of machine learning algorithms (ML). However, these algorithms require data for their training and it is usual to have attack data in smaller quantities than normal traffic data, which can bias these detection algorithms.
Therefore, Autoencoders (AE) have been employed because they can be trained with data from just one class, usually the majority class. Parameters extracted from the AE, such as the Reconstruction Error (RE), can be used to distinguish normal data from attack data, which is typically done by comparing it to a threshold. The determination of this threshold can be achieved through different criteria and usually depends on parameters that are not known and need to be estimated. Examples range from simple values like mean and variance to more complex functions, like probability distributions and higher-order statistical moments.

Therefore, this dissertation proposes a combined framework of an AE and an ML classifier, with the latter aiming to replace the detection threshold. The use of ML for detection also opens the possibility to include other features that can be obtained from the AE, such as values from the intermediate layer, in order to improve attack detection.
In this dissertation, various scenarios were evaluated, employing different ML techniques and different feature combinations. The results show an improvement in attack detection in most of the scenarios when using the proposed framework.

COMMITTEE MEMBERS:
Presidente - Interno ao Programa - 1761105 - MURILO BELLEZONI LOIOLA
Membro Titular - Examinador(a) Interno ao Programa - 2356637 - KENJI NOSE FILHO
Membro Titular - Examinador(a) Externo à Instituição - DANIEL GUERREIRO E SILVA - UNB
Membro Suplente - Examinador(a) Interno ao Programa - 1761107 - RICARDO SUYAMA
Membro Suplente - Examinador(a) Externo à Instituição - RAFAEL FERRARI - UNICAMP

Notícia cadastrada em: 06/11/2023 10:32