Advanced search
Start date
Betweenand
(Reference retrieved automatically from Web of Science through information on FAPESP grant and its corresponding number as mentioned in the publication by the authors.)

A fast and accurate threat detection and prevention architecture using stream processing

Full text
Author(s):
Pastana Lobato, Antonio G. [1] ; Lopez, Martin Andreoni [1, 2] ; Cardenas, Alvaro A. [3] ; Duarte, Otto Carlos M. B. [1] ; Pujolle, Guy [2]
Total Authors: 5
Affiliation:
[1] Univ Fed Rio de Janeiro, GTA, COPPE, UFRJ, Rio De Janeiro - Brazil
[2] Sorbonne Univ, Lab Informat Paris 6, CNRS, Paris - France
[3] Univ Calif Santa Cruz, Dept Comp Sci & Engn, Santa Cruz, CA 95064 - USA
Total Affiliations: 3
Document type: Journal article
Source: CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE; v. 34, n. 3 AUG 2021.
Web of Science Citations: 0
Abstract

Late detection of security breaches increases the risk of irreparable damages and limits any mitigation attempts. We propose a fast and accurate threat detection and prevention architecture that combines the advantages of real-time streaming with batch processing over a historical database. We create a dataset by capturing both legitimate and malicious traffic and propose two ways of combining packets into flows, one considering a time window and the other analyzing the first few packets of each flow per period. We also investigate the effectiveness of our proposal on real-world network traces obtained from a significant Brazilian network operator providing broadband Internet to their customers. We implement and evaluate three classification algorithms and two anomaly detection methods. The results show an accuracy higher than 95% and an excellent trade-off between attack detection and false-positive rates. We further propose an improved scheme based on software defined networks that automatically prevents threats by analyzing only the first few packets of a flow. The proposal promptly and efficiently blocks threats, is robust, and can scale up, even when the attacker employs spoofed IP. (AU)

FAPESP's process: 14/50937-1 - INCT 2014: on the Internet of the Future
Grantee:Fabio Kon
Support type: Research Projects - Thematic Grants
FAPESP's process: 15/24485-9 - Future internet for smart cities
Grantee:Fabio Kon
Support type: Research Projects - Thematic Grants
FAPESP's process: 18/23292-0 - ACCRUE-SFI project: advanced collaborative research infrastructure for secure future internet
Grantee:Otto Carlos Muniz Bandeira Duarte
Support type: Regular Research Grants