Αναγνώριση επιθέσεων άρνησης εξυπηρέτησης

Γαβρίλης, Δημήτρης

15 February 2008

Στη Διδακτορική Διατριβή μελετώνται 3 κατηγορίες επιθέσεων άρνησης εξυπηρέτησης (Denial-of-Service). Η πρώτη κατηγορία αφορά επιθέσεις τύπου SYN Flood, μια επίθεση που πραγματοποιείται σε χαμηλό επίπεδο και αποτελεί την πιο διαδεδομένη ίσως κατηγορία. Για την αναγνώριση των επιθέσεων αυτών εξήχθησαν 9 στατιστικές παράμετροι οι οποίες τροφοδότησαν τους εξής ταξινομητές: ένα νευρωνικό δίκτυο ακτινικών συναρτήσεων, ένα ταξινομητή κ-κοντινότερων γειτόνων και ένα εξελικτικό νευρωνικό δίκτυο. Ιδιαίτερη σημασία στο σύστημα αναγνώρισης έχουν οι παράμετροι που χρησιμοποιήθηκαν. Για την κατασκευή και επιλογή των παραμέτρων αυτών, προτάθηκε μια νέα τεχνική η οποία χρησιμοποιεί ένα γενετικό αλγόριθμο και μια γραμματική ελεύθερης σύνταξης για να κατασκευάζει νέα σύνολα παραμέτρων από υπάρχοντα σύνολα πρωτογενών χαρακτηριστικών. Στη δεύτερη κατηγορία επιθέσεων, μελετήθηκαν επιθέσεις άρνησης εξυπηρέτησης στην υπηρεσία του παγκόσμιου ιστού (www). Για την αντιμετώπιση των επιθέσεων αυτών προτάθηκε η χρήση υπερσυνδέσμων-παγίδων οι οποίοι τοποθετούνται στον ιστοχώρο και λειτουργούν σαν νάρκες σε ναρκοπέδιο. Οι υπερσύνδεσμοι-παγίδες δεν περιέχουν καμία σημασιολογική πληροφορία και άρα είναι αόρατοι στους πραγματικούς χρήστες ενώ είναι ορατοί στις μηχανές που πραγματοποιούν τις επιθέσεις. Στην τελευταία κατηγορία επιθέσεων, τα μηνύματα ηλεκτρονικού ταχυδρομείου spam, προτάθηκε μια μέθοδος κατασκευής ενός πολύ μικρού αριθμού παραμέτρων και χρησιμοποιήθηκαν για πρώτη φορά νευρωνικά δίκτυα για την αναγνώριση τους. / The dissertation analyzes 3 categories of denial-of-service attacks. The first category concerns SYN Flood attacks, a low level attack which is the most common. For the detection of this type of attacks 9 features were proposed which acted as inputs for the following classifiers: a radial basis function neural network, a k-nearest neighbor classifier and an evolutionary neural network. A crucial part of the proposed system is the parameters that act as inputs for the classifiers. For the selection and construction of those features a new method was proposed that automatically selects constructs new feature sets from a predefined set of primitive characteristics. This new method uses a genetic algorithm and a context-free grammar in order to find the optimal feature set. In the second category, denial-of-service attacks on the World Wide Web service were studied. For the detection of those attacks, the use of decoy-hyperlinks was proposed. Decoy hyperlinks, are hyperlinks that contain no semantic information and thus are invisible to normal users but are transparent to the programs that perform the attacks. The decoys act like mines on a minefield and are placed optimally on the web site so that the detection probability is maximized. In the last type of attack, the email spam problem, a new method was proposed for the construction of a very small number of features which are used to feed a neural network that for the first time is used to detect such attacks.

Αναγνώριση προτύπων

Άρνηση εξυπηρέτησης

Νευρωνικά δίκτυα

Γενετικοί αλγόριθμοι

Εξαγωγή παραμέτρων

Κατασκευή παραμέτρων

Θεωρία γράφων

005.82

Pattern recognition

Denial of service

Neural networks

Genetic algorithms

Grammatical evolution

Feature extraction

Feature construction

Graph theory

Variações do método kNN e suas aplicações na classificação automática de textos / kNN Method Variations and its applications in Text Classification

SANTOS, Fernando Chagas

10 October 2010

Made available in DSpace on 2014-07-29T14:57:46Z (GMT). No. of bitstreams: 1 dissertacao-fernando.pdf: 677510 bytes, checksum: 19704f0b04ee313a63b053f7f9df409c (MD5) Previous issue date: 2010-10-10 / Most research on Automatic Text Categorization (ATC) seeks to improve the classifier performance (effective or efficient) responsible for automatically classifying a document d not yet rated. The k nearest neighbors (kNN) is simpler and it s one of automatic classification methods more effective as proposed. In this paper we proposed two kNN variations, Inverse kNN (kINN) and Symmetric kNN (kSNN) with the aim of improving the effectiveness of ACT. The kNN, kINN and kSNN methods were applied in Reuters, 20ng and Ohsumed collections and the results showed that kINN and kSNN methods were more effective than kNN method in Reuters and Ohsumed collections. kINN and kSNN methods were as effective as kNN method in 20NG collection. In addition, the performance achieved by kNN method is more stable than kINN and kSNN methods when the value k change. A parallel study was conducted to generate new features in documents from the similarity matrices resulting from the selection criteria for the best results obtained in kNN, kINN and kSNN methods. The SVM (considered a state of the art method) was applied in Reuters, 20NG and Ohsumed collections - before and after applying this approach to generate features in these documents and the results showed statistically significant gains for the original collection. / Grande parte das pesquisas relacionadas com a classificação automática de textos (CAT) tem procurado melhorar o desempenho (eficácia ou eficiência) do classificador responsável por classificar automaticamente um documento d, ainda não classificado. O método dos k vizinhos mais próximos (kNN, do inglês k nearest neighbors) é um dos métodos de classificação automática mais simples e eficazes já propostos. Neste trabalho foram propostas duas variações do método kNN, o kNN invertido (kINN) e o kNN simétrico (kSNN) com o objetivo de melhorar a eficácia da CAT. Os métodos kNN, kINN e kSNN foram aplicados nas coleções Reuters, 20NG e Ohsumed e os resultados obtidos demonstraram que os métodos kINN e kSNN tiveram eficácia superior ao método kNN ao serem aplicados nas coleções Reuters e Ohsumed e eficácia equivalente ao método kNN ao serem aplicados na coleção 20NG. Além disso, nessas coleções foi possível verificar que o desempenho obtido pelo método kNN é mais estável a variação do valor k do que os desempenhos obtidos pelos métodos kINN e kSNN. Um estudo paralelo foi realizado para gerar novas características em documentos a partir das matrizes de similaridade resultantes dos critérios de seleção dos melhores resultados obtidos na avaliação dos métodos kNN, kINN e kSNN. O método SVM, considerado um método de classificação do estado da arte em relação à eficácia, foi aplicado nas coleções Reuters, 20NG e Ohsumed - antes e após aplicar a abordagem de geração de características nesses documentos e os resultados obtidos demonstraram ganhos estatisticamente significativos em relação à coleção original.

Classificação de Textos

Aprendizagem de Máquina

Método kNN

Critérios de Seleção

Geração de Características

Geração de Termos

Text Classification

Machine Learning

kNN Method

Feature Selection

Feature Construction