Maestría en Telecomunicaciones

Permanent URI for this collectionhttp://repositorio.uta.edu.ec/handle/123456789/32901

Browse

Filter results by typing the first few letters
Now showing 1 - 1 of 1
  • No Thumbnail Available
    Item
    Sistema de detección de intrusos basado en machine learning
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Maestría en Telecomunicaciones, 2021) Vargas Machuca Del Salto, Adrián Gabriel; Manzano Villafuerte, Víctor Santiago
    Based on the massification of cloud services and data networks, currently all the valuable information of a company is interconnected to the network to speed up the work and manage the different processes, however this puts it at risk in the face of an attack at the network level, leaving not only your confidential data exposed, but also stopping the pace of work depending on your cloud services, such as email service, website, database, among others. These network services are susceptible to attacks such as denial of service (DoS) and all its variants, mass spamming, port scanning or brute force attacks. All these attacks can be detected at the network level using intrusion detection systems (IDS), the problem is the need to constantly update its database that detects attacks based on a black list, in a similar way to how an antivirus works. conventional. With machine learning, it is proposed to build an intrusion detection system based on behavior patterns, to detect brute force attacks and report it on a web page. Previous research has already laid the foundations to apply Machine Learning in this field, using algorithms such as decision trees, which is a very effective supervised algorithm for Boolean classification. The research similarly raised the application of random forests, which is the iterative combination of decision trees, which improves classification error in most cases. The proposed system goes through two main phases, the first is the training phase where all malicious traffic is captured using the Cowrie honeypot to generate a trained classification model, which is done only once. Then in the testing phase, the algorithm detects in real time the attacks received on the public IP of the company Icono Sistemas and classifies them as malicious or not. In the end and experimentally, it was identified by the confusion matrix generated by the WEKA algorithm that the system based on random forests is capable of successfully detecting a brute force attack, regardless of whether the threat is targeting a specific port or IP. This low-cost system will be able to adapt to basic attacks and their variations, to trigger an alert in case of detection and facilitate subsequent action by the administrator, such as blocking specific input or output ports, limiting traffic of an interface, etc. in case of suspicious traffic.