Titulo Estágio
ISSCO – Intelligent Support System for COmputer Security
Áreas de especialidade
Sistemas Inteligentes
Sistemas de Informação
Local do Estágio
Laboratory of Artificial Neural Networks (LARN)
Enquadramento
Intrusion Detection Systems (IDS) represent an increasingly important component of computer security. The last 10 years have seen a marked increase in the number of intrusion events across the world, ranging from relatively benign one-off minor hacking activities through to international events such as the Stuxnet virus, Flame epidemic and the recent ransomware attacks.
Traditional anomaly centric IDS suffer from high false alarm rates due to the difficulty of creating a robust and pervasive baseline. Computer activity is very dynamic within modern systems, and the high level of variation that results from this dynamism greatly increases the difficulty of distilling an effective and accurate baseline from which to measure anomalous divergences. The great advantage of the anomaly-based approach, however, is that no prior knowledge of the attack is necessary to raise an alarm.
In this context, it is important to use Machine Learning techniques in order to enable its analysis and the development of improved predictive models.
Objetivo
The main objective of this proposal is to develop a predictive model for detection of system level intrusions based on the analysis of system calls.
The main goal is to develop a model able to apply Machine Learning to Intrusion Detection:
(i) Construct the data set for the predictive model;
(ii) Perform Data Pre-Processing, Normalization and Scaling;
(iii) Select appropriate ML algorithms for building the Predictive Model;
(iv) Perform Sampling and Model Evaluation;
(v) Validate the overall Model with real data.
Plano de Trabalhos - Semestre 1
•Overview Intrusion Detection Systems related concepts;
•Overview of Deep Learning techniques, namely Restricted Boltzmann Machines (RBMs), Deep Belief Networks (DBNs) and Convolutional Neural Networks (CNN);
•Propose initial predictive model
•Prepare the intermediate report.
Plano de Trabalhos - Semestre 2
•Select, and preprocess a collection of large datasets for experiments;
•Study, and select, machine learning (ML) algorithms and feature selection (FS) algorithms for building the predictive model for detecting the occurrence of intrusion;
•Analyze experimental results: e.g., study parameter values; compare performance of the reduced datasets vs. previous results, etc.;
•Prepare a research paper;
•Prepare the final version of the thesis.
Condições
This work will be carried out in the Laboratory of Neural Networks (LARN) of CISUC, where there will be a regular supervision and feedback on the behalf of the supervisors.
Familiarity with machine learning and data mining algorithms and software tools are essential. Participating students will acquire valuable knowledge and experience with model building and data science by mining massive datasets, which skills are currently in high demand for various technology employers due to the relevance to various applications.
Observações
This proposal is supported by the funded project SASSI: https://www.cisuc.uc.pt/projects/show/216
Scholarships will be available for students that show commitment to the work plan. Interested students are invited to contact the supervisors.
Supervisors:
Joel P. Arrais (jpa@dei.uc.pt)
Bernardete Ribeiro (bribeiro@dei.uc.pt)
Orientador
Joel P. Arrais
jpa@dei.uc.pt 📩