• Repositorio Institucional Universidad de Pamplona
  • Trabajos de pregrado y especialización
  • Facultad de Ingenierías y Arquitectura
  • Ingeniería en Telecomunicaciones
    • Por favor, use este identificador para citar o enlazar este ítem: http://repositoriodspace.unipamplona.edu.co/jspui/handle/20.500.12744/754
    Registro completo de metadatos
    Campo DC Valor Lengua/Idioma
    dc.contributor.authorPortilla Jaimes, Jaime Andres.-
    dc.date.accessioned2022-05-13T16:44:40Z-
    dc.date.available2021-10-09-
    dc.date.available2022-05-13T16:44:40Z-
    dc.date.issued2022-
    dc.identifier.citationPortilla Jaimes, J. A. (2021). Desarrollo de un modelo clasificador de malware con algoritmos de aprendizaje automático [Trabajo de Grado Pregrado, Universidad de Pamplona]. Repositorio Hulago Universidad de Pamplona. http://repositoriodspace.unipamplona.edu.co/jspui/handle/20.500.12744/754es_CO
    dc.identifier.urihttp://repositoriodspace.unipamplona.edu.co/jspui/handle/20.500.12744/754-
    dc.descriptionLas tecnologías, procesos, metodologías, herramientas y tácticas que contempla la defensa en profundidad (DiD) y específicamente en sus dos capas de seguridad de las redes y seguridad perimetral, requieren habilidades para controlar oportunamente periódicas amenazas del cibercrimen en un panorama cada vez más amplio ante vulnerabilidades y ataques. Solo considerando los ataques de denegación de servicios DoS y distribuidos DDoS, que se caracterizan en este proyecto, resulta al final con un conjunto de datos de 10 familias o clases diferentes de ataques DoS y DDoS, que junto a un tráfico benigno se busca detectar y clasificar en once 11 multiclases mediante el uso de técnicas basadas en aprendizaje automático supervisado (Machine Learning). El conjunto de datos etiquetado, es una colección de los años 2017, 2018 y 2019, que contiene los atributos del tráfico de red capturado y es usado con CICFlowMeter proveído por investigadores de Canadian Institute for Cybersecurity de University of New Brunswick CIC – UNB, y cuyos datos están aptos para ser la data de entrada de los algoritmos y técnicas de aprendizaje automático a implementar en este proyecto. Se diseñó un modelo detector y clasificador multiclase gracias al aprendizaje de 20 algoritmos diferentes, entrenados y aplicando validación cruzada para conocer su desempeño y comportamiento, descartando la mayoría, y estableciéndonos en solo 5 algoritmos: Bosques Aleatorios RF, Árbol Extremo ET, Árbol de Decisión DT y 2 formas diferentes de aplicar el novedoso XGBoost. Así, se evalúan mediante métricas y resultados de rendimiento, data que no hace parte del conjunto de entrenamiento, no ha sido vista, y que cuenta con etiquetas reales dadas, para obtener en el mejor de ellos los 5. Los resultados obtenidos del mejor de los 5 algoritmos de aprendizaje, corresponde al de Bosques Aleatorios. Así se ha logrado obtener en nuestro diseño de modelo final un rendimiento, muy bueno juzgando el lector mismo. Primero con el conjunto de datos de prueba normal 10% del conjunto total, para un total de 1’359.628 flujos de tráfico de red: accuracy[f1-socre] de 1.00; macro avg[precision] 0,98; macro avg[recall] 0,99; macro avg[f1-socre] 0,98; weighted avg[precision] 1,00; weighted avg[recall] 1,00; weighted avg[f1-socre] 1,00. Con una Perdida logistica lloss_RF de 0.0656859. Perdida de Hamming de 0.0045166.es_CO
    dc.description.abstractThe technologies, processes, methodologies, tools and tactics contemplated by defense in depth (DiD) and specifically in its two layers of network security and perimeter security, require skills to timely control periodic cybercrime threats in an increasingly broad landscape of vulnerabilities and attacks. Just considering the DoS and DDoS distributed denial of service attacks, which are characterized in this project, results in the end with a dataset of 10 different families or classes of DoS and DDoS attacks, which together with benign traffic is sought to detect and classify into eleven 11 multiclasses by using techniques based on supervised machine learning (Machine Learning). The labeled dataset, is a collection of the years 2017, 2018 and 2019, which contains the attributes of the captured network traffic and is used with CICFlowMeter provided by researchers from Canadian Institute for Cybersecurity of University of New Brunswick CIC - UNB, and whose data is suitable to be the input data for the algorithms and machine learning techniques to be implemented in this project. A multiclass detector and classifier model was designed thanks to the learning of 20 different algorithms, trained and applying cross validation to know their performance and behavior, discarding most of them, and settling on only five algorithms: Random Forests RF, Extreme Tree ET, Decision Tree DT and 2 different ways of applying the novel XGBoost. Thus, data that is not part of the training set, has not been seen, and has real labels given, are evaluated by means of metrics and performance results, to obtain the best of the five. The results obtained from the best of the five learning algorithms, corresponds to the Random Forests. Thus, we have managed to obtain in our final model design a performance, very good judging the reader himself. First with the normal test data set 10% of the total set, for a total of 1'359,628 network traffic flows: accuracy[f1- socre] of 1.00; macro avg[precision] 0.98; macro avg[recall] 0.99; macro avg[f1- socre] 0.98; weighted avg[precision] 1.00; weighted avg[recall] 1.00; weighted avg[f1-socre] 1.00. With a logistic loss lloss_RF of 0.0656859. Hamming loss of 0.0045166.es_CO
    dc.format.extent240es_CO
    dc.format.mimetypeapplication/pdfes_CO
    dc.language.isoeses_CO
    dc.publisherUniversidad de Pamplona – Facultad de Ingenierías y Arquitectura.es_CO
    dc.subjectDefense in depth.es_CO
    dc.subjectNetwork security.es_CO
    dc.subjectPerimeter security.es_CO
    dc.subjectIntrusion detection.es_CO
    dc.subjectDoS and DDoS attack detection.es_CO
    dc.subjectNetwork traffic analysis.es_CO
    dc.subjectMachine Learning algorithms: Multiclass Classification.es_CO
    dc.titleDesarrollo de un modelo clasificador de malware con algoritmos de aprendizaje automático.es_CO
    dc.typehttp://purl.org/coar/resource_type/c_7a1fes_CO
    dc.date.accepted2021-07-09-
    dc.relation.references[1] Kaspersky Lab. Más información sobre el malware y cómo proteger todos tus dispositivos [en línea]. AO Kaspersky Lab, 2019 [consulta: 09 de febrero de 2019]. Disponible en: https://latam.kaspersky.com/resource-center/preemptivesafety/what-is-malware-and-how-to-protect-against-ites_CO
    dc.relation.references[2] T. G. Nguyen, T. V. Phan, B. T. Nguyen, C. So-In, Z. A. Baig, nand S. Sanguanpong, “Search: A collaborative and intelligent nids architecture for sdnbased cloud iot networks,” IEEE access, vol. 7, pp. 107 678–107 694, 2019.es_CO
    dc.relation.references[3] B. A. Khalaf, S. A. Mostafa, A. Mustapha, M. A. Mohammed, and W. M. Abduallah, “Comprehensive review of artificial intelligence and statistical approaches in distributed denial of service attack and defense methods,” IEEE Access, vol. 7, pp. 51 691–51 713, 2019.es_CO
    dc.relation.references[4] S. Ghazanfar, F. Hussain, A. U. Rehman, U. U. Fayyaz, F. Shahzad, and G. A. Shah, “Iot-flock: An open-source framework for iot traffic generation,” in 2020 International Conference on Emerging Trends in Smart Technologies (ICETST). IEEE, 2020, pp. 1–6.es_CO
    dc.relation.references[5] I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, “Developing realistic distributed denial of service (ddos) attack dataset and taxonomy,” in 2019 215 International Carnahan Conference on Security Technology (ICCST). IEEE, 2019, pp. 1–8.es_CO
    dc.relation.references[6] F. Hussain, M. Husnain, and F. Shahzad, “IoT DoS and DDoS Attack Detection using ResNet,” in 2020. IEEE, 2020. DOI: 10.21203/rs.3.rs-120303/v1.es_CO
    dc.relation.references[7] J. Zhang, P. Liu, J. He, and Y. Zhang, “A Hadoop based analysis and detection model for IP Spoofing typed DDoS attack,” in 2016 IEEE TrustCom-BigDataSEISPA, 2016, pp. 1978–1985, doi: 10.1109/TrustCom.2016.300.es_CO
    dc.relation.references[8] P. Machaka and A. Bagula, “Using Exponentially Weighted Moving Average Algorithm to Defend Against DDoS Attacks,” in IEEE 2016 Pattern Recognition Association of South Africa and Robotics and Mechatronics, 2016.es_CO
    dc.relation.references[9] S. Hajar et al., “A Neural Network Model for Detecting DDoS Attacks Using Darknet Traffic Features,” in IEEE 2016 International Joint Conference on Neural Networks (IJCNN), 2016, no. November 2014, pp. 2979–2985.es_CO
    dc.relation.references[10] Steve Weisman. What is a distributed denial of service attack (DDoS) and what can you do about them?. [en línea]. NortonLifeLock, July 23, 2020 [consulta: 28 de mayo de 2021]. Disponible en: https://us.norton.com/internetsecurity-emergingthreats-what-is-a-ddos-attack-30sectech-by-norton.htmles_CO
    dc.relation.references[11] David Warburton. DDoS Attack Trends for 2020. [en línea]. F5 Application threat intelligence, May 07, 2021 [consulta: 28 de mayo de 2021]. Disponible en: https://www.f5.com/labs/articles/threat-intelligence/ddos-attack-trends-for-2020es_CO
    dc.relation.references[12] White paper Cisco public. Cisco Annual Internet Report (2018–2023). [en línea]. CISCO, March 9, 2020 [consulta: 28 de mayo de 2021]. Disponible en: https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annualinternet-report/white-paper-c11-741490.htmles_CO
    dc.relation.references[13] ACIS. LEVEL 3 PRESENTA INFORME DE AMENAZAS Y ATAQUES EN TODA AMéRICA LATINA. [en línea]. Asociación Colombiana de Ingenieros de Sistemas ACIS [consulta: 28 de mayo de 2021]. Disponible en: https://acis.org.co/portal/content/level-3-presenta-informe-de-amenazas-y-ataquesen-toda-am%C3%A9rica-latinaes_CO
    dc.relation.references[14] Equipo de investigación tictac, “Ciberseguridad en entornos cotidianos,”, CCIT, 2020. [consulta: 28 de mayo de 2021]. Disponible en: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&ua ct=8&ved=2ahUKEwiporKs773xAhX_STABHbcDDX0QFjAAegQIAxAD&url=https% 3A%2F%2Fwww.ccit.org.co%2Fwp-content%2Fuploads%2Fciberseguridad-enentornos-cotidianos-vfene-1.pdf&usg=AOvVaw2MZwrhWOR72zj8Ei_yOF-zes_CO
    dc.relation.references[15] Equipo de investigación, equipo de policía nacional, “informe de las tendencias del cibercrimen en Colombia 2019-2020,” Octubre 29 de 2019. [consulta: 28 de mayo de 2021]. Disponible en: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&ua ct=8&ved=2ahUKEwjX6cq0873xAhVSRDABHVlNA30QFjAAegQIAxAD&url=https %3A%2F%2Fwww.ccit.org.co%2Fwp-content%2Fuploads%2Finforme-tendenciascibercrimen_compressed-3.pdf&usg=AOvVaw3ObVGIOdKktQw0k95F3XZfes_CO
    dc.relation.references[16] Standardization), ISO (International Organization for. "Publicly Available Standards”. [consulta: 28 de mayo de 2021]. Disponible en: http://standards.iso.org/ittf/PubliclyAvailableStandards/c041933_ISO_IEC_27000_ 2009.zipes_CO
    dc.relation.references[17] "ISTQB Standard glossary of terms used in Software Testing”. [consulta: 28 de mayo de 2021]. Disponible en: http://glossar.german-testing-board.info/es_CO
    dc.relation.references[18] S. Karnouskos: Stuxnet Worm Impact on Industrial Cyber-Physical System Security. In:37th Annual Conference of the IEEE Industrial Electronics Society (IECON 2011), Melbourne, Australia, 7-10 Nov 2011. Retrieved 20 April 2014.es_CO
    dc.relation.references[19] Internet Security Glossary. doi:10.17487/RFC2828. RFC 2828.es_CO
    dc.relation.references[20] Dan Daniels. 14 Network Security Tools and Techniques to Know. [en línea]. Gigamon blog, June 13, 2019 [consulta: 23 de mayo de 2021]. Disponible en: https://blog.gigamon.com/2019/06/13/what-is-network-security-14-tools-andtechniques-to-know/es_CO
    dc.relation.references[21] Josh Fruhlinger. What is network security? Definition, methods, jobs & salaries. [en línea]. IDG Communications, JUL 3, 2018 [consulta: 23 de mayo de 2021]. Disponible en: https://www.csoonline.com/article/3285651/what-is-network-securitydefinition-methods-jobs-and-salaries.htmles_CO
    dc.relation.references[22] Marina. Seguridad perimetral informática. Qué es y objetivos. [en línea]. Grupo Atico34, 19 febrero, 2021 [consulta: 24 de mayo de 2021]. Disponible en: https://protecciondatos-lopd.com/empresas/seguridad-perimetralinformatica/#Honeypotses_CO
    dc.relation.references[23] accensit_admin. Types of Network Security. [en línea]. Accensit, junio 2nd, 2017 [consulta: 24 de mayo de 2021]. Disponible en: https://www.accensit.com/blog/seguridad-perimetral-informatica-informacionnecesaria/es_CO
    dc.relation.references[24] UNIR REVISTA, INGENIERÍA Y TECNOLOGÍA. Seguridad perimetral informática: objetivos y plataformas recomendables. [en línea]. UNIR - Universidad Internacional de La Rioja, 30/07/2020 [consulta: 24 de mayo de 2021]. Disponible en: https://www.unir.net/ingenieria/revista/seguridad-perimetral-informatica/es_CO
    dc.relation.references[25] Liao, Hung-Jen & Lin, Chun-Hung & Lin, Ying-Chih & Tung, Kuang-Yuan. (2013). Intrusion detection system: A comprehensive review. Journal of Network and 218 Computer Applications 36 (2013) 16–24. 2017. http://dx.doi.org/10.1016/j.jnca.2012.09.004.es_CO
    dc.relation.references[26] Hoang XD, Hu J, Bertok P. A program-basedanomaly intrusion detection scheme using multipledetection engines and fuzzy inference. Journal ofNetwork and Computer Applications 2009; 32(6):1219–1228.es_CO
    dc.relation.references[27] Kumar, Sunil & Dutta, Kamlesh & Zolkipli, Mohamad & Inayat, Zakira & Khan, Suleman & Anthony Jnr, Bokolo & Chang, Victor. (2016). Intrusion detection in mobile ad hoc networks:techniques, systems, and future challenges. SECURITY AND COMMUNICATION NETWORKS. Security Comm. Networks 2016; 9:2484– 2556. DOI: 10.1002/sec.1484.es_CO
    dc.relation.references[28] Scarfone K, Mell P. Guide to intrusion detection andprevention systems (IDPS). Technical Report, Na-tional Institute of Standards and Technology (NIST)Special Publication 800-94. Department of Com-merce, U.S., 2007.es_CO
    dc.relation.references[29] Chandola V, Banerjee A, Kumar V. Anomaly detec-tion: a survey. ACM Computing Surveys (CSUR)2009; 41(3):1–15.es_CO
    dc.relation.references[30] Jyothsna, Veeramreddy & Munivara,Koneti. (2018). Anomaly-Based Intrusion Detection System. DOI: 10.5772/intechopen.82287.es_CO
    dc.relation.references[31] Garcia-Teodoro & Diaz-Verdejo & Macia-Fernandez & Vazquez. (2008). Anomaly-based network intrusion detection: Techniques, systems and challenges. 2008. doi:10.1016/j.cose.2008.08.003.es_CO
    dc.relation.references[32] Khraisat, Ansam & Gondal, Iqbal & Vamplew, Peter & Kamruzzaman, Joarder. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. 2019. https://doi.org/10.1186/s42400-019-0038-7.es_CO
    dc.relation.references[33] Tsai C-F et al. Intrusion detection by machine learning: A review. Expert Systems with Applications. 2009;36(10):11994-12000es_CO
    dc.relation.references[34] Jia, Bin & Ma, Yan & Huang, Xiaohong & Lin, Zhaowen & Sun, Yi. (2016). A Novel Real-Time DDoS Attack Detection Mechanism Based on MDRA Algorithm in Big Data. Mathematical Problems in Engineering. 2016. http://dx.doi.org/10.1155/2016/1467051.es_CO
    dc.relation.references[35] Ericka Chickowski. Types of DDoS attacks explained. [en línea]. CyberSecurity AT&T, JULY 8, 2020 [consulta: 26 de mayo de 2021]. Disponible en: https://cybersecurity.att.com/blogs/security-essentials/types-of-ddos-attacksexplainedes_CO
    dc.relation.references[36] Steve Weismann, NortonLifeLock. "¿Qué es un ataque distribuido de denegación de servicio (DDoS) y qué puede hacer al respecto?" 2020.es_CO
    dc.relation.references[37] David Balaban. Are you Ready for These 26 Different Types of DDoS Attacks?. [en línea]. Security Magazine, May 7, 2020 [consulta: 26 de mayo de 2021]. Disponible en: https://www.securitymagazine.com/articles/92327-are-you-ready-forthese-26-different-types-of-ddos-attackses_CO
    dc.relation.references[38] Bashar Ahmed Khalaf, Salama A. Mostafa, Aida Mustapha, Mazin Abed Mohammed, Wafaa Mustafa Abduallah. ''Comprehensive Review of Artificial Intelligence and Statistical Approaches in Distributed Denial of Service Attack and Defense Methods''. 2019. IEEE Access Special Section on Artificial Intelligence and Cognitive Computing for Communication and Network. Digital Object Identifier 10.1109/ACCESS.2019.2908998.es_CO
    dc.relation.references[39] S. S. Kolahi, K. Treseangrat, and B. Sarrafpour, ''Analysis of UDP DDoS flood cyber attack and defense mechanisms on Web Server with Linux Ubuntu 13,'' in Proc. Int. Conf. Commun., Signal Process., Their Appl.,Feb. 2015, pp. 1-5.es_CO
    dc.relation.references[40] M. V. Kumar and R. Umar, ''Identifying and blocking high and low rate DDOS ICMP flooding,'' Indian J. Sci. Technol., vol. 8, p. 32, Aug. 2015.es_CO
    dc.relation.references[41] M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, ''n empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection,'' Pattern Recognit. Lett., vol. 51, pp. 1-7, Jan. 2015.es_CO
    dc.relation.references[42] R. K. Chang, ''Defending against flooding-based distributed denial of- service attacks: A tutorial,'' IEEE Commun. Mag., vol. 40, no. 10, pp. 42-51, Mar. 2002.es_CO
    dc.relation.references[43] W. M. Eddy, ''Syn Flood attack,'' in Encyclopedia Cryptography Security, New York, NY, USA: Springer, 2011, pp. 1273-1274.es_CO
    dc.relation.references[44] S. Fichera, L. Galluccio, S. C. Grancagnolo, G. Morabito, and S. Palazzo, ''OPERETTA: An OPEnflow-based REmedy to mitigate TCP SYNFLOOD attacks against web servers,'' Comput. Netw., vol. 92, no. 1, pp. 89-100, 2015.es_CO
    dc.relation.references[45] S. M. Specht and R. B. Lee, ''Distributed denial of service: Taxonomies of attacks, tools, and countermeasures,'' in Proc. ISCA PDCS, Sep. 2004, pp. 543-550.es_CO
    dc.relation.references[46] Hongyu Liu, Bo Lang. ''Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey''. 2019. Applied Sciences. doi:10.3390/app9204396.es_CO
    dc.relation.references[47] Mohammad Waseem. How To Implement Classification In Machine Learning?. [en línea]. Edureka, Brain4ce Education Solutions Pvt. Ltd, Jul 21,2020[ consulta: 30 de mayo de 2021]. Disponible en: https://www.edureka.co/blog/classification-inmachine-learning/es_CO
    dc.relation.references[48] Frank Krüger. ''Activity, Context, and Plan Recognition with Computational Causal Behaviour Models''. 2017. University of Rostock, Thesis.es_CO
    dc.relation.references[49] Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani. Intrusion Detection Evaluation Dataset (CIC-IDS2017). [en línea]. Canadian Institute for Cybersecurity | UNB, 2017 [ consulta: 28 de mayo de 2021]. Disponible en: https://www.unb.ca/cic/datasets/ids-2017.htmles_CO
    dc.relation.references[50] Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani. CSE-CICIDS2018 on AWS. [en línea]. Communications Security Establishment (CSE) & Canadian Institute for Cybersecurity | UNB, 2018 [ consulta: 28 de mayo de 2021]. Disponible en: https://www.unb.ca/cic/datasets/ids-2018.htmles_CO
    dc.relation.references[51] Iman Sharafaldin, Arash Habibi Lashkari, Saqib Hakak, and Ali A. Ghorbani. DDoS Evaluation Dataset (CIC-DDoS2019). [en línea]. Canadian Institute for Cybersecurity | UNB, 2019 [ consulta: 28 de mayo de 2021]. Disponible en: https://www.unb.ca/cic/datasets/ddos-2019.htmles_CO
    dc.relation.references[52] Vahid Mirjalili, Sebastian Raschka, Python Machine Learning: Aprendizaje Automatico y aprendizaje profundo con Python, scikit-learn y TensorFlow (Spanish Edition). Tapa blanda – 2019. Lugar de publicación: Marcombo, Segunda Edicion, 21 febrero 2019. Nº Páginas: 618. ISBN: 978-84-267-2720-6es_CO
    dc.relation.references[53] Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization”, 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal, January 2018es_CO
    dc.relation.references[54] Iman Sharafaldin, Arash Habibi Lashkari, Saqib Hakak, and Ali A. Ghorbani, "Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy", IEEE 53rd International Carnahan Conference on Security Technology, Chennai, India, 2019es_CO
    dc.relation.references[55] Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization”, 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal, January 2018es_CO
    dc.relation.references[56] Raschka, Sebastian, (2015). Python Machine Learning. Unlock deeper insights into machine learning with this vital guide to cutting-edge predictive analytics, BIBLIOGRAFÍA 222 Birmingham - Mumbai: Packt Publishing Ltd, open source community experience distilled, pp. 99-102es_CO
    dc.relation.references[57] Kazil, Jacqueline & Jarmul, Katharine (2016). Data Wrangling with Python. tips and tools to make your life easier, Gravenstein Highway North, Sebastopol: O’Reilly Media, Inc., pp. 162-177es_CO
    dc.rights.accessrightshttp://purl.org/coar/access_right/c_abf2es_CO
    dc.type.coarversionhttp://purl.org/coar/resource_type/c_2df8fbb1es_CO
    Aparece en las colecciones: Ingeniería en Telecomunicaciones

    Ficheros en este ítem:
    Fichero Descripción Tamaño Formato  
    Portilla_2021_TG.pdfPortilla_2021_TG5,83 MBAdobe PDFVisualizar/Abrir
    Mostrar el registro sencillo del ítem


    Los ítems de DSpace están protegidos por copyright, con todos los derechos reservados, a menos que se indique lo contrario.