Digitalization is one of the key characteristics of the current Industry 4.0 revolution. From small local businesses to large international companies, all human activities are expected to be supported by digital platforms and tools in the near future. In this new era, communication and interconnection costs will be negligible, achieving an efficiency never seen before. But the emergence of these digital global networks also creates new vulnerabilities and weaknesses, enabling cybercriminals and attackers to interfere with remote systems and infrastructures. From simple spam and adware attacks, to elaborate and innovate cyber-physical attacks, several different techniques can be employed to get illegitimate access to critical deployments, with the final objective of capturing personal or business data, affecting the regular behavior or denying the service among other possibilities. Protection mechanisms against these attacks must be specific and capable of adapting to the dynamic evolution of attacking techniques. Traditional schemes such as rule-based firewalls or traffic filters with fixed conformation patterns are valid approaches against most naïve cyberattacks but can be easily penetrated or manipulated with common traffic engineering strategies, such as IP spoofing or broadcast messages, or using new intelligent technologies such as natural language processing (NLP) manipulation. Therefore, more aggressive, intelligent and adaptative protection solutions are required. In this paper, we propose an innovative intelligent next-generation traffic filter based on artificial intelligence and network logs. Network logs are produced through the Berkeley Packet Filter (eBPF) tool, which are processed and parsed to extract relevant statistical indicators representing the network state. These statistical indicators are employed to define a state vector, which can be later introduced in a multilayer perceptron. This perceptron classifies the situation represented by the state vector, so the traffic filter can determine whether the network is suffering a cyberattack or not. Protection actions can later be defined on the basis of this result. To evaluate the performance of the proposed solution, a simulation experiment was carried out. Results proved that the proposed next-generation traffic filter can detect attacks with a precision greater than 99%.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Protecting Containerized and Distributed Services Through Intelligent Traffic Filters

  • Borja Bordel,
  • Ramón Alcarria,
  • Calimanut-Ionut Cira,
  • Joaquín Chung,
  • Iván Armüelles

摘要

Digitalization is one of the key characteristics of the current Industry 4.0 revolution. From small local businesses to large international companies, all human activities are expected to be supported by digital platforms and tools in the near future. In this new era, communication and interconnection costs will be negligible, achieving an efficiency never seen before. But the emergence of these digital global networks also creates new vulnerabilities and weaknesses, enabling cybercriminals and attackers to interfere with remote systems and infrastructures. From simple spam and adware attacks, to elaborate and innovate cyber-physical attacks, several different techniques can be employed to get illegitimate access to critical deployments, with the final objective of capturing personal or business data, affecting the regular behavior or denying the service among other possibilities. Protection mechanisms against these attacks must be specific and capable of adapting to the dynamic evolution of attacking techniques. Traditional schemes such as rule-based firewalls or traffic filters with fixed conformation patterns are valid approaches against most naïve cyberattacks but can be easily penetrated or manipulated with common traffic engineering strategies, such as IP spoofing or broadcast messages, or using new intelligent technologies such as natural language processing (NLP) manipulation. Therefore, more aggressive, intelligent and adaptative protection solutions are required. In this paper, we propose an innovative intelligent next-generation traffic filter based on artificial intelligence and network logs. Network logs are produced through the Berkeley Packet Filter (eBPF) tool, which are processed and parsed to extract relevant statistical indicators representing the network state. These statistical indicators are employed to define a state vector, which can be later introduced in a multilayer perceptron. This perceptron classifies the situation represented by the state vector, so the traffic filter can determine whether the network is suffering a cyberattack or not. Protection actions can later be defined on the basis of this result. To evaluate the performance of the proposed solution, a simulation experiment was carried out. Results proved that the proposed next-generation traffic filter can detect attacks with a precision greater than 99%.