Skip navigation

DSpace JSPUI

DSpace preserves and enables easy and open access to all types of digital content including text, images, moving images, mpegs and data sets

Learn More
DSpace logo
English
中文
  • Browse
    • Communities
      & Collections
    • Publication Year
    • Author
    • Title
    • Subject
  • Search TDR
  • Rights Q&A
    • My Page
    • Receive email
      updates
    • Edit Profile
  1. NTU Theses and Dissertations Repository
  2. 電機資訊學院
  3. 電信工程學研究所
Please use this identifier to cite or link to this item: http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/93864
Title: 物聯網入侵偵測研究中跨網路資料集之類別不平衡處理
Handling Class Imbalance of Cross-Network Datasets for Intrusion Detection in IoT Networks
Authors: 劉育廷
Yu-Ting Liu
Advisor: 謝宏昀
Hung-Yun Hsieh
Keyword: 物聯網,入侵偵測,不平衡資料集,資料採樣,網路安全,
IoT,Intrusion Detection,Imbalanced Dataset,Data Sampling,Cyber Security,
Publication Year : 2024
Degree: 碩士
Abstract: 隨著物聯網(IoT)中的網路攻擊增加,入侵偵測系統(IDS)的穩健性變得特別重要。然而,大多數現有的研究並未考慮內部和外部網路環境之間的行為差異,且現有的入侵偵測相關研究也很少有對偵察型攻擊進行探討,但偵察型攻擊卻是網路攻擊生命週期中的關鍵階段。相較之下,一般研究通常更專注於較為常見的攻擊,如阻斷服務(DoS)和分散式阻斷服務(DDoS)攻擊。一個完善的IDS應能夠適應不同的環境,最大限度的減少攻擊的影響,甚至防止攻擊的發生。基於上述內容,我們結合了外部網路資料集UNSW-NB15和內部網路資料集Bot-IoT,創建了一個能夠確切反映現實情境的物聯網網路資料集,並緩解了入侵偵測資料集中很常見的資料不平衡問題,因為在這些資料集的收集期間,攻擊行為發生的頻率通常很低,從而導致類別不平衡的問題。為了進一步解決偵察型攻擊數據缺乏的問題,我們提出了KLB-SMOTE,一種結合異常值移除和過採樣技術的資料採樣方法。我們對少數類別樣本進行分類,對雜訊群組應用基於距離和密度的異常值檢測,並專注於在邊界上進行少數類別樣本的資料合成。經KLB-SMOTE產生的合成樣本更準確的反映了資料分佈及實現了類別平衡,同時也提高了模型的有效性。最後,我們利用深度學習技術來對DoS、DDoS和偵察型攻擊進行多元分類。這一方法使偵察型攻擊的準確率提高了約45%,每個類別的準確率均超過95.9%,整體準確率達到97.6%。
The rise in IoT cyber-attacks highlights the need for robust intrusion detection systems (IDS). However, most existing research does not consider the differences in network behavior between internal and external environments, and the existing intrusion detection works rarely perform experiments on reconnaissance attacks, which are a crucial phase in the cyber attack lifecycle, instead focusing on more common attacks like Denial of Service (DoS) and Distributed DoS (DDoS) attacks. A robust IDS should be capable of adapting to different environments, minimizing the impact of attacks, and even preventing them from occurring. Considering the content above, we combined the external network dataset UNSW-NB15 and the internal network dataset Bot-IoT to create an IoT network dataset that closely reflects real-world scenarios and mitigates data imbalance issues, which are common in intrusion detection datasets because attacks typically occur at low frequency. Among them, to address the lack of reconnaissance attack data, we further proposed KLB-SMOTE, a data sampling method integrating outlier removal and oversampling techniques. We categorize minority class samples, apply distance-based and density-based outlier detection to noise group, and focus on synthesizing data specifically within the boundaries of minority class data. KLB-SMOTE generates synthetic samples that more accurately reflect the data distribution, achieving class balance while enhancing model effectiveness. Finally, leveraging deep learning techniques, we conducted a multi-class classification of various attack types, including DoS, DDoS, and Reconnaissance. This approach improved reconnaissance prediction accuracy by approximately 45%, with each class achieving a prediction accuracy of over 95.9% and an overall accuracy score of 97.6%.
URI: http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/93864
DOI: 10.6342/NTU202402789
Fulltext Rights: 未授權
Appears in Collections:電信工程學研究所

Files in This Item:
File SizeFormat 
ntu-112-2.pdf
  Restricted Access
7.94 MBAdobe PDF
Show full item record


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

社群連結
聯絡資訊
10617臺北市大安區羅斯福路四段1號
No.1 Sec.4, Roosevelt Rd., Taipei, Taiwan, R.O.C. 106
Tel: (02)33662353
Email: ntuetds@ntu.edu.tw
意見箱
相關連結
館藏目錄
國內圖書館整合查詢 MetaCat
臺大學術典藏 NTU Scholars
臺大圖書館數位典藏館
本站聲明
© NTU Library All Rights Reserved