Detecção de ataques DDoS em ambientes SDN/NFV utilizando algoritmos de aprendizagem de máquina não supervisionados em fluxos de dados
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2021 |
| Tipo de documento: | Dissertação |
| Idioma: | por |
| Título da fonte: | Repositório Institucional da UFS |
| Texto Completo: | https://ri.ufs.br/jspui/handle/riufs/15022 |
Resumo: | According to data from the Cisco Visual Networking Index (VNI), which aims to make a realistic forecast based on various levels and real data sources, it is estimated that the total number of DDoS attacks on a global level will reach 14.5 million by 2022. For this reason, it is essential to protect yourself from DDoS attacks. Thus, there is a need for new protection techniques to be developed. In addition, solutions need to take into account performance and scalability requirements. In addition, environments based on the SDN/NFV architecture allow network administrators to detect and react to DDoS attacks more efficiently. This is because network control is centralized and software-based traffic analysis capabilities can be developed. This dissertation analyzes the efficiency and effectiveness of using unsupervised machine learning algorithms that work with the data flow strategy in the detection of DDoS type attacks in SDN/NFV environments, through a comparative analysis. First, a Systematic Literature Mapping was carried out, which served as a basis for the realization of a first experiment. Then, a Systematic Literature Review was carried out, and works that used unsupervised machine learning to detect DDoS attacks and that worked with the data flow strategy were included, as this characteristic is inherent to the environment. SDN/NFV. Thus, the chosen algorithms were: BIRCH, Mini-batch k-means, Clustream, StreamKM++, DenStream, and D-Stream. After that, a platform was set up to run the experiment, as well as a dataset was developed. After performing the tests, a qualitative and quantitative analysis of the results was performed. The qualitative analysis aimed to compare how effective the algorithms are in detecting DDoS attacks and the quantitative analysis aimed to compare the efficiency, in this case, the processing speed of the algorithms in this detection. The results obtained show that the algorithms BIRCH, Mini-batch k-means, Clustream, and StreamKM++ obtained accuracy around 99%, while DenStream and D-Stream reached accuracy around 79%. The shortest total execution time was for the D-Stream algorithm, while the longest time was for StreamKM++. Because of this, the algorithms that stood out were D-Stream and Mini-batch k-means, since that was the fastest algorithm, and this one obtained an accuracy 25.18% higher than D-Stream. |
| id |
UFS-2_c8ff80a7eb2289a95f3819ff461e1658 |
|---|---|
| oai_identifier_str |
oai:ufs.br:riufs/15022 |
| network_acronym_str |
UFS-2 |
| network_name_str |
Repositório Institucional da UFS |
| repository_id_str |
|
| spelling |
Almeida Neto, João Ribeiro deRibeiro, Admilson Ribamar2022-02-08T12:52:45Z2022-02-08T12:52:45Z2021-09-29ALMEIDA NETO, João Ribeiro de. Detecção de ataques DDoS em ambientes SDN/NFV utilizando algoritmos de aprendizagem de máquina não supervisionados em fluxos de dados. 2021. 87 f. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal de Sergipe, São Cristóvão, 2021.https://ri.ufs.br/jspui/handle/riufs/15022According to data from the Cisco Visual Networking Index (VNI), which aims to make a realistic forecast based on various levels and real data sources, it is estimated that the total number of DDoS attacks on a global level will reach 14.5 million by 2022. For this reason, it is essential to protect yourself from DDoS attacks. Thus, there is a need for new protection techniques to be developed. In addition, solutions need to take into account performance and scalability requirements. In addition, environments based on the SDN/NFV architecture allow network administrators to detect and react to DDoS attacks more efficiently. This is because network control is centralized and software-based traffic analysis capabilities can be developed. This dissertation analyzes the efficiency and effectiveness of using unsupervised machine learning algorithms that work with the data flow strategy in the detection of DDoS type attacks in SDN/NFV environments, through a comparative analysis. First, a Systematic Literature Mapping was carried out, which served as a basis for the realization of a first experiment. Then, a Systematic Literature Review was carried out, and works that used unsupervised machine learning to detect DDoS attacks and that worked with the data flow strategy were included, as this characteristic is inherent to the environment. SDN/NFV. Thus, the chosen algorithms were: BIRCH, Mini-batch k-means, Clustream, StreamKM++, DenStream, and D-Stream. After that, a platform was set up to run the experiment, as well as a dataset was developed. After performing the tests, a qualitative and quantitative analysis of the results was performed. The qualitative analysis aimed to compare how effective the algorithms are in detecting DDoS attacks and the quantitative analysis aimed to compare the efficiency, in this case, the processing speed of the algorithms in this detection. The results obtained show that the algorithms BIRCH, Mini-batch k-means, Clustream, and StreamKM++ obtained accuracy around 99%, while DenStream and D-Stream reached accuracy around 79%. The shortest total execution time was for the D-Stream algorithm, while the longest time was for StreamKM++. Because of this, the algorithms that stood out were D-Stream and Mini-batch k-means, since that was the fastest algorithm, and this one obtained an accuracy 25.18% higher than D-Stream.Segundo dados do Cisco Visual Networking Index (VNI), que visa realizar uma previsão realista baseada em vários níveis e fontes de dados reais, estima-se que o número total de ataques DDoS a nível global chegue a 14,5 milhões até 2022. Por esse motivo, fica evidente que é imprescindível se proteger de ataques do tipo DDoS. Dessa forma, há necessidade de que novas técnicas de proteção sejam desenvolvidas. Além disso, é preciso que as soluções levem em consideração os requisitos de desempenho e escalabilidade. Aliado a isso, ambientes baseados na arquitetura SDN/NFV permitem que os administradores de rede detectem e reajam aos ataques DDoS com mais eficiência. Isso porque o controle da rede é centralizado e é possível desenvolver recursos de análise de tráfego baseados em software. Esta dissertação analisa a eficiência e efetividade da utilização de algoritmos de aprendizagem de máquina não supervisionados que trabalham com a estratégia de fluxo de dados na detecção de ataques do tipo DDoS em ambientes SDN/NFV, por meio de uma análise comparativa. Primeiramente, foi realizado um Mapeamento Sistemático da Literatura, o qual serviu de embasamento para a realização de um primeiro experimento. Em seguida, foi realizada uma Revisão Sistemática da Literatura e foram incluídos os trabalhos que utilizassem aprendizagem de máquina não supervisionada na detecção de ataques DDoS e que trabalhassem com a estratégia de fluxo de dados, pois, essa característica é inerente ao ambiente SDN/NFV. Dessa maneira, os algoritmos escolhidos foram: BIRCH, Mini-batch k-means, Clustream, StreamKM++, DenStream e D-Stream. Após isso, foi montada uma plataforma para a execução do experimento, assim como foi desenvolvido um dataset para ser utilizado. Após a realização dos testes, foi realizada uma análise qualitativa e quantitativa sobre os resultados. A análise qualitativa objetivou comparar o quão efetivo são os algoritmos na detecção de ataques DDoS e a análise quantitativa visa comparar a eficiência, neste caso, a velocidade de processamento dos algoritmos nessa detecção. Os resultados obtidos mostram os algoritmos BIRCH, Mini-batch k-means, Clustream e StreamKM++ obtiveram acurácias em torno de 99%, enquanto DenStream e D-Stream alcançaram acurárias em torno de 79%. O menor tempo total de execução foi do algoritmo D-Stream, enquanto o maior tempo foi do StreamKM++. Em vista disso, os algoritmos que se destacaram foram D-Stream e Mini-batch k-means, já que aquele foi o algoritmo mais rápido e este obteve uma acurácia 25,18% maior que D-Stream.São CristóvãoporComputaçãoSoftware Defined Networking (SDN)Network Functions Virtualization (NFV)Distributed Denial of Service (DDoS)Fluxo de dadosAprendizagem de máquinaSegurançaData streamMachine learningSecurityCIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAODetecção de ataques DDoS em ambientes SDN/NFV utilizando algoritmos de aprendizagem de máquina não supervisionados em fluxos de dadosinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisPós-Graduação em Ciência da ComputaçãoUniversidade Federal de Sergipereponame:Repositório Institucional da UFSinstname:Universidade Federal de Sergipe (UFS)instacron:UFSinfo:eu-repo/semantics/openAccessORIGINALJOAO_RIBEIRO_ALMEIDA_NETO.pdfJOAO_RIBEIRO_ALMEIDA_NETO.pdfapplication/pdf2515649https://ri.ufs.br/jspui/bitstream/riufs/15022/2/JOAO_RIBEIRO_ALMEIDA_NETO.pdf7de42cfe2bc0371b0c102b9559d3e054MD52LICENSElicense.txtlicense.txttext/plain; charset=utf-81475https://ri.ufs.br/jspui/bitstream/riufs/15022/1/license.txt098cbbf65c2c15e1fb2e49c5d306a44cMD51TEXTJOAO_RIBEIRO_ALMEIDA_NETO.pdf.txtJOAO_RIBEIRO_ALMEIDA_NETO.pdf.txtExtracted texttext/plain169455https://ri.ufs.br/jspui/bitstream/riufs/15022/3/JOAO_RIBEIRO_ALMEIDA_NETO.pdf.txt704b2307987b7e3625f39208ee4b140dMD53THUMBNAILJOAO_RIBEIRO_ALMEIDA_NETO.pdf.jpgJOAO_RIBEIRO_ALMEIDA_NETO.pdf.jpgGenerated Thumbnailimage/jpeg1476https://ri.ufs.br/jspui/bitstream/riufs/15022/4/JOAO_RIBEIRO_ALMEIDA_NETO.pdf.jpg254b292295507f51f3aaed661bf16863MD54riufs/150222022-02-08 09:52:45.379oai:ufs.br:riufs/15022TElDRU7Dh0EgREUgRElTVFJJQlVJw4fDg08gTsODTy1FWENMVVNJVkEKCkNvbSBhIGFwcmVzZW50YcOnw6NvIGRlc3RhIGxpY2Vuw6dhLCB2b2PDqiAobyBhdXRvcihlcykgb3UgbyB0aXR1bGFyIGRvcyBkaXJlaXRvcyBkZSBhdXRvcikgY29uY2VkZSDDoCBVbml2ZXJzaWRhZGUgRmVkZXJhbCBkZSBTZXJnaXBlIG8gZGlyZWl0byBuw6NvLWV4Y2x1c2l2byBkZSByZXByb2R1emlyIHNldSB0cmFiYWxobyBubyBmb3JtYXRvIGVsZXRyw7RuaWNvLCBpbmNsdWluZG8gb3MgZm9ybWF0b3Mgw6F1ZGlvIG91IHbDrWRlby4KClZvY8OqIGNvbmNvcmRhIHF1ZSBhIFVuaXZlcnNpZGFkZSBGZWRlcmFsIGRlIFNlcmdpcGUgcG9kZSwgc2VtIGFsdGVyYXIgbyBjb250ZcO6ZG8sIHRyYW5zcG9yIHNldSB0cmFiYWxobyBwYXJhIHF1YWxxdWVyIG1laW8gb3UgZm9ybWF0byBwYXJhIGZpbnMgZGUgcHJlc2VydmHDp8Ojby4KClZvY8OqIHRhbWLDqW0gY29uY29yZGEgcXVlIGEgVW5pdmVyc2lkYWRlIEZlZGVyYWwgZGUgU2VyZ2lwZSBwb2RlIG1hbnRlciBtYWlzIGRlIHVtYSBjw7NwaWEgZGUgc2V1IHRyYWJhbGhvIHBhcmEgZmlucyBkZSBzZWd1cmFuw6dhLCBiYWNrLXVwIGUgcHJlc2VydmHDp8Ojby4KClZvY8OqIGRlY2xhcmEgcXVlIHNldSB0cmFiYWxobyDDqSBvcmlnaW5hbCBlIHF1ZSB2b2PDqiB0ZW0gbyBwb2RlciBkZSBjb25jZWRlciBvcyBkaXJlaXRvcyBjb250aWRvcyBuZXN0YSBsaWNlbsOnYS4gVm9jw6ogdGFtYsOpbSBkZWNsYXJhIHF1ZSBvIGRlcMOzc2l0bywgcXVlIHNlamEgZGUgc2V1IGNvbmhlY2ltZW50bywgbsOjbyBpbmZyaW5nZSBkaXJlaXRvcyBhdXRvcmFpcyBkZSBuaW5ndcOpbS4KCkNhc28gbyB0cmFiYWxobyBjb250ZW5oYSBtYXRlcmlhbCBxdWUgdm9jw6ogbsOjbyBwb3NzdWkgYSB0aXR1bGFyaWRhZGUgZG9zIGRpcmVpdG9zIGF1dG9yYWlzLCB2b2PDqiBkZWNsYXJhIHF1ZSBvYnRldmUgYSBwZXJtaXNzw6NvIGlycmVzdHJpdGEgZG8gZGV0ZW50b3IgZG9zIGRpcmVpdG9zIGF1dG9yYWlzIHBhcmEgY29uY2VkZXIgw6AgVW5pdmVyc2lkYWRlIEZlZGVyYWwgZGUgU2VyZ2lwZSBvcyBkaXJlaXRvcyBhcHJlc2VudGFkb3MgbmVzdGEgbGljZW7Dp2EsIGUgcXVlIGVzc2UgbWF0ZXJpYWwgZGUgcHJvcHJpZWRhZGUgZGUgdGVyY2Vpcm9zIGVzdMOhIGNsYXJhbWVudGUgaWRlbnRpZmljYWRvIGUgcmVjb25oZWNpZG8gbm8gdGV4dG8gb3Ugbm8gY29udGXDumRvLgoKQSBVbml2ZXJzaWRhZGUgRmVkZXJhbCBkZSBTZXJnaXBlIHNlIGNvbXByb21ldGUgYSBpZGVudGlmaWNhciBjbGFyYW1lbnRlIG8gc2V1IG5vbWUocykgb3UgbyhzKSBub21lKHMpIGRvKHMpIApkZXRlbnRvcihlcykgZG9zIGRpcmVpdG9zIGF1dG9yYWlzIGRvIHRyYWJhbGhvLCBlIG7Do28gZmFyw6EgcXVhbHF1ZXIgYWx0ZXJhw6fDo28sIGFsw6ltIGRhcXVlbGFzIGNvbmNlZGlkYXMgcG9yIGVzdGEgbGljZW7Dp2EuIAo=Repositório InstitucionalPUBhttps://ri.ufs.br/oai/requestrepositorio@academico.ufs.bropendoar:2022-02-08T12:52:45Repositório Institucional da UFS - Universidade Federal de Sergipe (UFS)false |
| dc.title.pt_BR.fl_str_mv |
Detecção de ataques DDoS em ambientes SDN/NFV utilizando algoritmos de aprendizagem de máquina não supervisionados em fluxos de dados |
| title |
Detecção de ataques DDoS em ambientes SDN/NFV utilizando algoritmos de aprendizagem de máquina não supervisionados em fluxos de dados |
| spellingShingle |
Detecção de ataques DDoS em ambientes SDN/NFV utilizando algoritmos de aprendizagem de máquina não supervisionados em fluxos de dados Almeida Neto, João Ribeiro de Computação Software Defined Networking (SDN) Network Functions Virtualization (NFV) Distributed Denial of Service (DDoS) Fluxo de dados Aprendizagem de máquina Segurança Data stream Machine learning Security CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO |
| title_short |
Detecção de ataques DDoS em ambientes SDN/NFV utilizando algoritmos de aprendizagem de máquina não supervisionados em fluxos de dados |
| title_full |
Detecção de ataques DDoS em ambientes SDN/NFV utilizando algoritmos de aprendizagem de máquina não supervisionados em fluxos de dados |
| title_fullStr |
Detecção de ataques DDoS em ambientes SDN/NFV utilizando algoritmos de aprendizagem de máquina não supervisionados em fluxos de dados |
| title_full_unstemmed |
Detecção de ataques DDoS em ambientes SDN/NFV utilizando algoritmos de aprendizagem de máquina não supervisionados em fluxos de dados |
| title_sort |
Detecção de ataques DDoS em ambientes SDN/NFV utilizando algoritmos de aprendizagem de máquina não supervisionados em fluxos de dados |
| author |
Almeida Neto, João Ribeiro de |
| author_facet |
Almeida Neto, João Ribeiro de |
| author_role |
author |
| dc.contributor.author.fl_str_mv |
Almeida Neto, João Ribeiro de |
| dc.contributor.advisor1.fl_str_mv |
Ribeiro, Admilson Ribamar |
| contributor_str_mv |
Ribeiro, Admilson Ribamar |
| dc.subject.por.fl_str_mv |
Computação Software Defined Networking (SDN) Network Functions Virtualization (NFV) Distributed Denial of Service (DDoS) Fluxo de dados Aprendizagem de máquina Segurança |
| topic |
Computação Software Defined Networking (SDN) Network Functions Virtualization (NFV) Distributed Denial of Service (DDoS) Fluxo de dados Aprendizagem de máquina Segurança Data stream Machine learning Security CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO |
| dc.subject.eng.fl_str_mv |
Data stream Machine learning Security |
| dc.subject.cnpq.fl_str_mv |
CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO |
| description |
According to data from the Cisco Visual Networking Index (VNI), which aims to make a realistic forecast based on various levels and real data sources, it is estimated that the total number of DDoS attacks on a global level will reach 14.5 million by 2022. For this reason, it is essential to protect yourself from DDoS attacks. Thus, there is a need for new protection techniques to be developed. In addition, solutions need to take into account performance and scalability requirements. In addition, environments based on the SDN/NFV architecture allow network administrators to detect and react to DDoS attacks more efficiently. This is because network control is centralized and software-based traffic analysis capabilities can be developed. This dissertation analyzes the efficiency and effectiveness of using unsupervised machine learning algorithms that work with the data flow strategy in the detection of DDoS type attacks in SDN/NFV environments, through a comparative analysis. First, a Systematic Literature Mapping was carried out, which served as a basis for the realization of a first experiment. Then, a Systematic Literature Review was carried out, and works that used unsupervised machine learning to detect DDoS attacks and that worked with the data flow strategy were included, as this characteristic is inherent to the environment. SDN/NFV. Thus, the chosen algorithms were: BIRCH, Mini-batch k-means, Clustream, StreamKM++, DenStream, and D-Stream. After that, a platform was set up to run the experiment, as well as a dataset was developed. After performing the tests, a qualitative and quantitative analysis of the results was performed. The qualitative analysis aimed to compare how effective the algorithms are in detecting DDoS attacks and the quantitative analysis aimed to compare the efficiency, in this case, the processing speed of the algorithms in this detection. The results obtained show that the algorithms BIRCH, Mini-batch k-means, Clustream, and StreamKM++ obtained accuracy around 99%, while DenStream and D-Stream reached accuracy around 79%. The shortest total execution time was for the D-Stream algorithm, while the longest time was for StreamKM++. Because of this, the algorithms that stood out were D-Stream and Mini-batch k-means, since that was the fastest algorithm, and this one obtained an accuracy 25.18% higher than D-Stream. |
| publishDate |
2021 |
| dc.date.issued.fl_str_mv |
2021-09-29 |
| dc.date.accessioned.fl_str_mv |
2022-02-08T12:52:45Z |
| dc.date.available.fl_str_mv |
2022-02-08T12:52:45Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| format |
masterThesis |
| status_str |
publishedVersion |
| dc.identifier.citation.fl_str_mv |
ALMEIDA NETO, João Ribeiro de. Detecção de ataques DDoS em ambientes SDN/NFV utilizando algoritmos de aprendizagem de máquina não supervisionados em fluxos de dados. 2021. 87 f. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal de Sergipe, São Cristóvão, 2021. |
| dc.identifier.uri.fl_str_mv |
https://ri.ufs.br/jspui/handle/riufs/15022 |
| identifier_str_mv |
ALMEIDA NETO, João Ribeiro de. Detecção de ataques DDoS em ambientes SDN/NFV utilizando algoritmos de aprendizagem de máquina não supervisionados em fluxos de dados. 2021. 87 f. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal de Sergipe, São Cristóvão, 2021. |
| url |
https://ri.ufs.br/jspui/handle/riufs/15022 |
| dc.language.iso.fl_str_mv |
por |
| language |
por |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.publisher.program.fl_str_mv |
Pós-Graduação em Ciência da Computação |
| dc.publisher.initials.fl_str_mv |
Universidade Federal de Sergipe |
| dc.source.none.fl_str_mv |
reponame:Repositório Institucional da UFS instname:Universidade Federal de Sergipe (UFS) instacron:UFS |
| instname_str |
Universidade Federal de Sergipe (UFS) |
| instacron_str |
UFS |
| institution |
UFS |
| reponame_str |
Repositório Institucional da UFS |
| collection |
Repositório Institucional da UFS |
| bitstream.url.fl_str_mv |
https://ri.ufs.br/jspui/bitstream/riufs/15022/2/JOAO_RIBEIRO_ALMEIDA_NETO.pdf https://ri.ufs.br/jspui/bitstream/riufs/15022/1/license.txt https://ri.ufs.br/jspui/bitstream/riufs/15022/3/JOAO_RIBEIRO_ALMEIDA_NETO.pdf.txt https://ri.ufs.br/jspui/bitstream/riufs/15022/4/JOAO_RIBEIRO_ALMEIDA_NETO.pdf.jpg |
| bitstream.checksum.fl_str_mv |
7de42cfe2bc0371b0c102b9559d3e054 098cbbf65c2c15e1fb2e49c5d306a44c 704b2307987b7e3625f39208ee4b140d 254b292295507f51f3aaed661bf16863 |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 MD5 |
| repository.name.fl_str_mv |
Repositório Institucional da UFS - Universidade Federal de Sergipe (UFS) |
| repository.mail.fl_str_mv |
repositorio@academico.ufs.br |
| _version_ |
1802110814027513856 |