Detección de anomalías en redes usando técnicas de aprendizaje automático
Loading...
Official URL
Full text at PDC
Publication date
2024
Authors
Advisors (or tutors)
Editors
Journal Title
Journal ISSN
Volume Title
Publisher
Citation
Abstract
Cada día millones de personas y organizaciones en todo el mundo utilizan sistemas informáticos y se conectan a Internet con todo tipo de propósitos. En las últimas décadas, el uso de Internet se ha extendido extraordinariamente, hasta llegar a ser un elemento fundamental en las comunicaciones de la sociedad y la economía actuales. Paralelamente a este desarrollo, se ha visto cómo los ataques informáticos a través de la red se han multiplicado exponencialmente. Estos ataques pueden suponer una grave amenaza para los usuarios o las instituciones que los sufren, por lo que resulta de vital importancia poder combatirlos. Los sistemas de detección de intrusos son una buena respuesta ante este problema, y concretamente aquellos basados en la detección de anomalías resultan especialmente eficaces. Esto, unido a los últimos avances en el campo del aprendizaje automático, resulta una combinación realmente prometedora. En este trabajo se estudian distintas posibilidades para implementar los sistemas de detección de anomalías en redes utilizando modelos de aprendizaje automático. Los datos de tráfico de red se han tomado de los datasets públicos CICIDS2017 y UNSW NB15, los cuales presentan una amplia variedad de ataques. En cuanto a los modelos de aprendizaje automático, se utilizan 12 algoritmos supervisados y 4 no supervisados.
Para cada uno de ellos, y con distintos enfoques y configuraciones de parámetros, se han realizado pruebas y recogido los datos de rendimiento, los cuales han resultado de un nivel muy alto.
Every day, millions of people and organizations worldwide use computer systems and connect to the Internet for various purposes. In recent decades, the use of the Internet has expanded extraordinarily, becoming a fundamental element in today’s so ciety and economy’s communications. Alongside this development, there has been an exponential increase in cyberattacks across Internet. These attacks can suppose a serious threat to users or institutions that suffer them, making it vitally important to combat them. Intrusion detection systems are a good response to this problem, and specifically those based on anomaly detection are particularly effective. This, combined with the latest advances in the field of machine learning, is a truly promising combination. This work examines different possibilities for implementing anomaly detection systems in networks using machine learning models. Network traffic data has been taken from the public datasets CICIDS2017 and UNSW-NB15, which present a wide variety of attacks. As for the machine learning models, 12 supervised and 4 unsupervised algorithms are used. For each of them, and with different approaches and parameter configurations, tests have been conducted and performance data collected, which have yielded very high levels of performance.
Every day, millions of people and organizations worldwide use computer systems and connect to the Internet for various purposes. In recent decades, the use of the Internet has expanded extraordinarily, becoming a fundamental element in today’s so ciety and economy’s communications. Alongside this development, there has been an exponential increase in cyberattacks across Internet. These attacks can suppose a serious threat to users or institutions that suffer them, making it vitally important to combat them. Intrusion detection systems are a good response to this problem, and specifically those based on anomaly detection are particularly effective. This, combined with the latest advances in the field of machine learning, is a truly promising combination. This work examines different possibilities for implementing anomaly detection systems in networks using machine learning models. Network traffic data has been taken from the public datasets CICIDS2017 and UNSW-NB15, which present a wide variety of attacks. As for the machine learning models, 12 supervised and 4 unsupervised algorithms are used. For each of them, and with different approaches and parameter configurations, tests have been conducted and performance data collected, which have yielded very high levels of performance.
Description
Trabajo de Fin de Doble Grado en Ingeniería Informática y Matemáticas, Facultad de Informática UCM, Departamento de Arquitectura de Computadores y Automática, Curso 2023/2024.
Todos los ficheros aquí descritos pueden encontrarse en el siguiente enlace de GitHub: https://github.com/PabloHG01/Anomaly-detection-in-networks-using-machine-learning.git