The increase of connected devices and the constantly evolving methods and techniques by attackers pose a challenge for network intrusion detection systems from conception to operation. As a result, we see a constant adoption of machine learning algorithms for network intrusion detection systems. However, the dataset used by these studies has become obsolete regarding both background and attack traffic. This work describes the AB-TRAP framework that enables the use of updated network traffic and considers operational concerns to enable the complete deployment of the solution. AB-TRAP is a fivestep framework consisting of (i) the generation of the attack dataset, (ii) the bonafide dataset, (iii) training of machine learning models, (iv) realization (implementation) of the models, and (v) the performance evaluation of the realized model after deployment. We exercised the AB-TRAP for local (LAN) and global (internet) environments to detect TCP port scanning attacks. The LAN study case presented an f1-score of 0.96, and an area under the ROC curve of 0.99 using a decision tree with minimal CPU and RAM usage on kernel-space. For the internet case with eight machine learning algorithms with an average f1-score of 0.95, an average area under the ROC curve of 0.98, and an average overhead of 1.4% CPU and 3.6% RAM on user-space in a single-board computer. This framework has the following paramount characteristics: it is reproducible, uses the most up-to-date network traffic, attacks, and addresses the concerns to the model's realization and deployment. INDEX TERMS cybersecurity, datasets, intrusion detection system, machine learning, network security, supervised learning NOMENCLATURE AU C Area Under the Curve. B5G 5G and beyond. CoAP Constrained Application Protocol. CP S Cyber-Physical System. CSV Comma-separated values. DDoS Distributed Denial of Service. DL Deep Learning. DN P 3 Distributed Network Protocol 3. DoS Denial of Service.
A Segurança Cibernética é uma questão crucial a medida que muitos ativos computacionais ficam expostos na rede. Nesse contexto, os atacantes exploram vulnerabilidades e escalam privilégios para executar ações maliciosas. Essa exposição exige soluções para proteção de dispositivos de Internet das Coisas. Assim, este artigo apresenta o filtro de pacotes T800 capaz de proporcionar baixo consumo computacional e filtragem de pacotes com algoritmos avançados. Os resultados evidenciam a eficiência do T800 por meio de implementação e experimentação através da placa ESP32 e do sistema ESPIDF. Mais ainda, T800 foi capaz de aumentar a capacidade computacional do dispositivo tendo em vista que o tráfego malicioso é excluído do processamento.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.