Papers by Cristiano Antonio de Souza
Anais do XLI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2023)
Special security techniques like intrusion detection mechanisms are indispensable in modern compu... more Special security techniques like intrusion detection mechanisms are indispensable in modern computer systems. It is important to detect and identify the attack in a category so that specific countermeasures for the threat category are solved. However, most existing multiclass detection approaches have some weaknesses, mainly related to detecting specific categories of attacks and problems with false positives. This article addresses this research problem and advances state-of-the-art, bringing contributions to a two-stage detection architecture called DNNET-Ensemble, combining binary and multiclass detection. The results obtained in experiments with renowned intrusion datasets demonstrate that the approach can achieve superior detection rates and false positives performance compared to other state-of-the-art approaches.
International Journal of Intelligent Internet of Things Computing
Anais do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2021), 2021
The Internet of Things (IoT) systems have limited resources, making it difficult to implement som... more The Internet of Things (IoT) systems have limited resources, making it difficult to implement some security mechanisms. It is important to detect attacks against these environments and identify their type. However, existing multi-class detection approaches present difficulties related to false positives and detection of less common attacks. Thus, this work proposes an approach with a two-stage analysis architecture based on One-Vs-All (OVA) and Artificial Neural Networks (ANN) to detect and identify intrusions in fog and IoT computing environments. The results of experiments with the Bot-IoT dataset demonstrate that the approach achieved promising results and reduced the number of false positives compared to state-of-the-art approaches and machine learning techniques.
Computer Networks, 2020
Abstract In the Internet of Things (IoT) systems, information of various kinds is continuously ca... more Abstract In the Internet of Things (IoT) systems, information of various kinds is continuously captured, processed, and transmitted by systems generally interconnected by the Internet and distributed solutions. Attacks to capture information and overload services are common. This fact makes security techniques indispensable in IoT environments. Intrusion detection is one of the vital security points, aimed at identifying attempted attacks. The characteristics of IoT devices make it impossible to apply these solutions in this environment. Also, the existing anomaly-based methods for multiclass detection do not present acceptable accuracy. We present an intrusion detection architecture that operates in the fog computing layer. It has two steps and aims to classify events into specific types of attacks or non-attacks, for the execution of countermeasures. Our work presents a relevant contribution to the state of the art in this aspect. We propose a hybrid binary classification method called DNN-kNN. It has high accuracy and recall rates and is ideal for composing the first level of the two-stage detection method of the presented architecture. The approach is based on Deep Neural Networks (DNN) and the k-Nearest Neighbor (kNN) algorithm. It was evaluated with the public databases NSL-KDD and CICIDS2017. We used the method of selecting attributes based on the rate of information gain. The approach proposed in this work obtained 99.77% accuracy for the NSL-KDD dataset and 99.85% accuracy for the CICIDS2017 dataset. The experimental results showed that the proposed hybrid approach was able to achieve greater precision about classic machine learning approaches and the recent advances in intrusion detection for IoT systems. In addition, the approach works with low overhead in terms of memory and processing costs.
Brazilian Journal of Development, 2019
DoS attack detection and prevention in fog-based intelligent environments Detecção e prevenção de... more DoS attack detection and prevention in fog-based intelligent environments Detecção e prevenção de ataques DoS em ambientes inteligentes baseados em nevoeiro
Computers & Electrical Engineering, 2022
This dataset presents the code for the proposed hybrid intrusion detection method combining with ... more This dataset presents the code for the proposed hybrid intrusion detection method combining with Artificial Neural Networks (ANN) and K-Nearest Neighbor (KNN).
As ultimas decadas tem sido marcadas pelo rapido desenvolvimento tecnologico, o qual foi acelerad... more As ultimas decadas tem sido marcadas pelo rapido desenvolvimento tecnologico, o qual foi acelerado pela criacao das redes de computadores, e enfaticamente pela disseminacao e crescimento da Internet. Como consequencia deste contexto, dados privados e sigilosos das mais diversas areas passaram a ser tratados e armazenados em ambientes distribuidos, tornando-se vital a seguranca dos mesmos. Decorrente ao fato, observa-se um crescimento na quantidade e variedade de ataques a sistemas computacionais, principalmente pela exploracao de vulnerabilidades. Em funcao desse contexto, a area de pesquisa em deteccao de intrusao tem ganhado notoriedade, e os metodos hibridos de deteccao utilizando tecnicas de Inteligencia Artificial vem alcancando resultados mais satisfatorios do que a utilizacao de tais abordagens de modo individual. Este trabalho consiste em um metodo Hibrido de deteccao de intrusao combinando as tecnicas Redes Neurais Artificiais (RNA) e K-Nearest Neighbors (KNN). A avaliacao ...
Conference: XXI Brazilian Symposium on Information and Computational Systems Security (SBSeg 2021)At: Belém-PA-Brazil, 2021
The Internet of Things (IoT) systems have limited resources, making it difficult to implement som... more The Internet of Things (IoT) systems have limited resources, making it difficult to implement some security mechanisms. It is important to detect attacks against these environments and identify their type. However, existing multi-class detection approaches present difficulties related to false positives and detection of less common attacks. Thus, this work proposes an approach with a two-stage analysis architecture based on One-Vs-All (OVA) and Artificial Neural Networks (ANN) to detect and identify intrusions in fog and IoT computing environments. The results of experiments with the Bot-IoT dataset demonstrate that the approach achieved promising results and reduced the number of false positives compared to state-of-the-art approaches and machine learning techniques.
Computer Networks Volume 180, 24 October 2020, 107417 Computer Networks, 2020
In the Internet of Things (IoT) systems, information of various kinds is continuously captured, p... more In the Internet of Things (IoT) systems, information of various kinds is continuously captured, processed, and transmitted by systems generally interconnected by the Internet and distributed solutions. Attacks to capture information and overload services are common. This fact makes security techniques indispensable in IoT environments. Intrusion detection is one of the vital security points, aimed at identifying attempted attacks. The characteristics of IoT devices make it impossible to apply these solutions in this environment. Also, the existing anomaly-based methods for multiclass detection do not present acceptable accuracy. We present an intrusion detection architecture that operates in the fog computing layer. It has two steps and aims to classify events into specific types of attacks or non-attacks, for the execution of countermeasures. Our work presents a relevant contribution to the state of the art in this aspect. We propose a hybrid binary classification method called DNN-kNN. It has high accuracy and recall rates and is ideal for composing the first level of the two-stage detection method of the presented architecture. The approach is based on Deep Neural Networks (DNN) and the k-Nearest Neighbor (kNN) algorithm. It was evaluated with the public databases NSL-KDD and CICIDS2017. We used the method of selecting attributes based on the rate of information gain. The approach proposed in this work obtained 99.77% accuracy for the NSL-KDD dataset and 99.85% accuracy for the CICIDS2017 dataset. The experimental results showed that the proposed hybrid approach was able to achieve greater precision about classic machine learning approaches and the recent advances in intrusion detection for IoT systems. In addition, the approach works with low overhead in terms of memory and processing costs.
Computer Networks Volume 180, 24 October 2020, 107417, 2020
In the Internet of Things (IoT) systems, information of various kinds is continuously captured, p... more In the Internet of Things (IoT) systems, information of various kinds is continuously captured, processed, and transmitted by systems generally interconnected by the Internet and distributed solutions. Attacks to capture information and overload services are common. This fact makes security techniques indispensable in IoT environments. Intrusion detection is one of the vital security points, aimed at identifying attempted attacks. The characteristics of IoT devices make it impossible to apply these solutions in this environment. Also, the existing anomaly-based methods for multiclass detection do not present acceptable accuracy. We present an intrusion detection architecture that operates in the fog computing layer. It has two steps and aims to classify events into specific types of attacks or non-attacks, for the execution of countermeasures. Our work presents a relevant contribution to the state of the art in this aspect. We propose a hybrid binary classification method called DNN-kNN. It has high accuracy and recall rates and is ideal for composing the first level of the two-stage detection method of the presented architecture. The approach is based on Deep Neural Networks (DNN) and the k-Nearest Neighbor (kNN) algorithm. It was evaluated with the public databases NSL-KDD and CICIDS2017. We used the method of selecting attributes based on the rate of information gain. The approach proposed in this work obtained 99.77% accuracy for the NSL-KDD dataset and 99.85% accuracy for the CICIDS2017 dataset. The experimental results showed that the proposed hybrid approach was able to achieve greater precision about classic machine learning approaches and the recent advances in intrusion detection for IoT systems. In addition, the approach works with low overhead in terms of memory and processing costs.
Brazilian Journal of Development , 2019
The Internet of Things and Fog Computing are technologies currently used in many areas. They can ... more The Internet of Things and Fog Computing are technologies currently used in many areas. They can be applied to provide a residential automation environment, for example, fire alarm applications, gas leak alarms, among others. Security-related searches for these fog-based environments are still in the early stages. Also, the fact that these environments are connected to the Internet makes them vulnerable to various threats, such as Denial of Service (DoS) attacks. In this work, we propose a module for detection and prevention of DoS attacks, that operates in the system's fog layer, to protect the system from external attacks. Practical experiments were carried out with the proposed module, considering a Raspberry Pi 3B as our fog server. The results obtained demonstrates that the approach is capable of detecting external attacks, as well as blocking the IPs from attackers, using less than 20% of cpu and less than 1% of RAM memory usage.
Brazilian Journal of Development, 2019
The Internet of Things and Fog Computing are technologies currently used in many areas. They can ... more The Internet of Things and Fog Computing are technologies currently used in many areas. They can be applied to provide a residential automation environment, for example, fire alarm applications, gas leak alarms, among others. Security-related searches for these fog-based environments are still in the early stages. Also, the fact that these environments are connected to the Internet makes them vulnerable to various threats, such as Denial of Service (DoS) attacks. In this work, we propose a module for detection and prevention of DoS attacks, that operates in the system's fog layer, to protect the system from external attacks. Practical experiments were carried out with the proposed module, considering a Raspberry Pi 3B as our fog server. The results obtained demonstrates that the approach is capable of detecting external attacks, as well as blocking the IPs from attackers, using less than 20% of cpu and less than 1% of RAM memory usage.
Books by Cristiano Antonio de Souza
In book: Mini-course 3 of the 41th Brazilian Symposium on Computer Networks and Distributed Systems (SBRC 2023) (pp.1-50)Publisher: Brazilian Computer Society (SBC), 2023
Intrusion detection is one of the key points in computer security, and it aims to identify attemp... more Intrusion detection is one of the key points in computer security, and it aims to identify attempted attacks by unauthorized users. Several researches are being developed to solve security problems in environments involving the Internet of Things, Fog Computing, and Cloud Computing. This mini-course has a theoretical and practical profile, aims to describe aspects of the context of intrusion detection in IoT and Fog Computing, presents Machine Learning techniques commonly used in intrusion detection, expose state-of-theart approaches, and present some results obtained in developed research.
Uploads
Papers by Cristiano Antonio de Souza
Books by Cristiano Antonio de Souza