Thesis Identificacion de riesgos de ciberseguridad en redes de servidores mediante la detección no supervisada de anomalías
Loading...
Date
2024-12
Authors
Journal Title
Journal ISSN
Volume Title
Program
Ingeniería Civil Telemática
Departament
Campus
Campus Casa Central Valparaíso
Abstract
Esta investigación evalúa la eficacia de modelos de aprendizaje no supervisados, en particular Isolation Forest, al identificar casos de riesgo medio y alto en datos de detecciones de nodos de una red interna de un operador de telecomunicaciones en Chile, con el propósito de generar una mayor distinción entre casos de riesgo normal y casos de características similares a aquellos de riesgo alto. El modelo fue aplicado en conjunto con factores de riesgo relacionados al lado defensivo para crear una distinción entre casos de alto y bajo riesgo para casos detecciones de vulnerabilidades individuales y vistas generales de activos. Se descubrió que el problema más frecuente de seguridad es aquel donde se detectan servicios con localizador de recursos uniformes (URLs) sospechosos, sucediendo en un 44% de los casos detectados. En contraste, la configuración errónea de contraseñas tiene solo una ocurrencia del 15% de los casos, pero es considerado uno de los casos más riesgosos. Si bien la herramienta obtuvo resultados favorables cuando se aplicó a datos de detecciones de red individuales, su desempeño fue menos preciso en el caso donde se evaluó el riesgo por activo de la red.
This research evaluates the effectiveness of unsupervised learning models, in particular Isolation Forest, in identifying medium and high risk cases in node detection data from an internal network of a telecommunications operator in Chile, with the purpose of generating a greater distinction between normal risk cases and cases with characteristics similar to those of high risk. The model was applied in conjunction with risk factors related to the defensive side to create a distinction between high and low risk cases for individual vulnerability detection cases and asset overviews. It was discovered that the most frequent security problem is the one where services with suspicious Uniform Resource Locators (URLs) are detected, occurring in 44% of the detected cases. In contrast, the configuration of incorrect passwords has only an occurrence in 15% of the cases, but is considered one of the riskiest cases. While the tool performed favorably when applied to individual network detection data, its performance was less accurate when risk was assessed per network asset.
This research evaluates the effectiveness of unsupervised learning models, in particular Isolation Forest, in identifying medium and high risk cases in node detection data from an internal network of a telecommunications operator in Chile, with the purpose of generating a greater distinction between normal risk cases and cases with characteristics similar to those of high risk. The model was applied in conjunction with risk factors related to the defensive side to create a distinction between high and low risk cases for individual vulnerability detection cases and asset overviews. It was discovered that the most frequent security problem is the one where services with suspicious Uniform Resource Locators (URLs) are detected, occurring in 44% of the detected cases. In contrast, the configuration of incorrect passwords has only an occurrence in 15% of the cases, but is considered one of the riskiest cases. While the tool performed favorably when applied to individual network detection data, its performance was less accurate when risk was assessed per network asset.
Description
Keywords
Isolation Forest, Aprendizaje de máquinas, Seguridad en redes, Detección de intrusión/anomalía, Árboles de clasificación y regresión
Política de Privacidad 
