@PhDThesis{Silva:2007:MeDeAt,
author = "Silva, Lilia de S{\'a}",
title = "Uma metodologia para detec{\c{c}}{\~a}o de ataques no
tr{\'a}fego de redes baseada em redes neurais",
school = "Instituto Nacional de Pesquisas Espaciais (INPE)",
year = "2007",
address = "S{\~a}o Jos{\'e} dos Campos",
month = "2007-05-25",
keywords = "detec{\c{c}}{\~a}o de intrus{\~a}o, an{\'a}lise de
tr{\'a}fego de rede, detec{\c{c}}{\~a}o de intrus{\~a}o por
assinatura, detec{\c{c}}{\~a}o de intrus{\~a}o por anomalia,
intrusion detection, network traffic analysis, signature
detection, anomaly detection.",
abstract = "A fim de precaver-se contra situa{\c{c}}{\~o}es inesperadas e
indesejadas e impedir a prolifera{\c{c}}{\~a}o dos ataques
continuamente lan{\c{c}}ados contra diferentes alvos na rede,
s{\~a}o implantados mecanismos de prote{\c{c}}{\~a}o, tais como
firewalls, antiv{\'{\i}}rus, sistemas de
autentica{\c{c}}{\~a}o, mecanismos de criptografia e sistemas de
detec{\c{c}}{\~a}o de intrus{\~a}o nos ambientes de rede por
todo o mundo. Os sistemas de detec{\c{c}}{\~a}o de intrus{\~a}o
comp{\~o}em uma parte essencial da infra-estrutura de
seguran{\c{c}}a em camadas e tem por objetivo a an{\'a}lise de
dados de auditoria de hosts ou dados do tr{\'a}fego de rede em
busca de eventos suspeitos ou ataques lan{\c{c}}ados contra redes
ou sistemas. Diversas t{\'e}cnicas para reconhecimento de eventos
de intrus{\~a}o t{\^e}m sido propostas e disponibilizadas em
forma de ferramentas de dom{\'{\i}}nio p{\'u}blico ou
solu{\c{c}}{\~o}es comerciais. Entretanto, observa-se a
necessidade de uma metodologia de f{\'a}cil aplica{\c{c}}{\~a}o
que sirva de apoio aos analistas nas tarefas para
detec{\c{c}}{\~a}o de ataques a redes. Portanto, esta tese
prop{\~o}e uma metodologia de apoio {\`a} detec{\c{c}}{\~a}o
de ataques no tr{\'a}fego de redes, baseada em redes neurais,
provendo m{\'e}todos, t{\'e}cnicas e ferramentas para modelagem
e tratamento de dados, para gera{\c{c}}{\~a}o de tr{\'a}fego
normal e an{\^o}malo para treinamento e testes de modelos de
detec{\c{c}}{\~a}o e m{\'e}todos para detec{\c{c}}{\~a}o de
ataques no tr{\'a}fego de rede baseados em redes neurais.
Tamb{\'e}m s{\~a}o apresentadas informa{\c{c}}{\~o}es sobre
atualiza{\c{c}}{\~a}o de bases de assinaturas e de tr{\'a}fego
normal, bem como informa{\c{c}}{\~o}es sobre an{\'a}lise de
comportamento do tr{\'a}fego. Os estudos de casos realizados
comprovaram a factibilidade da metodologia proposta para
detec{\c{c}}{\~a}o de ataques no tr{\'a}fego HTTP, com base
principal na aplica{\c{c}}{\~a}o de redes neurais para
an{\'a}lise de dados de pacotes de rede. ABSTRACT: In order to be
cautious against unexpected and undesired situations and to
prevent the proliferation of attacks continuously launched to
different targets in the network, protection mechanisms like
firewalls, antivirus, authentication system, cryptography and
intrusion detection systems are installed in network environments
all over the world. Intrusion detection systems compose an
essential part of the infrastructure of in-layer security and its
objective is to analyze audit trails data of hosts or network
traffic data in order to search suspected events or attacks
against network or systems. Several techniques to recognize
intrusion events have been proposed, from public domain tools to
commercial solutions. However, a methodology of easy application
to aid the analysts in the tasks for network attack detection is
necessary. Thus, a neural network-based methodology to aid
analysts in detecting attacks on the network traffic is proposed
in this thesis. This methodology provides strategies, methods,
techniques, and tools to model and treat data, to generate normal
and anomalous traffic used for training and testing of detection
models and methods for attack detection on the network traffic
based on neural networks. Also, it provides information about
signature and normal traffic databases updating, as well as
information about computer network traffic behavior analysis.
Studies of cases had disclosed the possibility of efficient use of
the proposal methodology to detect attacks in computer network
HTTP traffic, with emphasis in the application of neural networks
to analyze network packet data.",
committee = "Stephan, Stephany (presidente), and Silva, Jos{\'e} Demisio
Sim{\~o}es da (orientador), and Montes Filho, Antonio
(orientador), and Guedes, Ulisses Thadeu Vieira and Cansian,
Adriano Mauro and Pinto, Jo{\~a}o Onofre Pereira and Imamura,
Osvaldo Catsumi",
copyholder = "SID/SCD",
englishtitle = "A Methodology for attack detection in the network traffic based on
neural networks",
language = "pt",
pages = "256",
ibi = "6qtX3pFwXQZGivnK2Y/QVncm",
url = "http://urlib.net/ibi/6qtX3pFwXQZGivnK2Y/QVncm",
targetfile = "publicacao.pdf",
urlaccessdate = "2024, May 04"
}