請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/21479
標題: | 基於深度學習之惡意流量偵測 Deep Learning for Malicious Flow Detection |
作者: | Wei-Chieh Tseng 曾煒傑 |
指導教授: | 林宗男 |
關鍵字: | 深度學習,惡意流量偵測,網路流量分類,卷積神經網絡,集成學習,惡意程式, Deep Learning,Malicious Flow Detection,IP Traffic Classification,Convolutional Neural Networks,Ensemble Learning,Malware, |
出版年 : | 2019 |
學位: | 碩士 |
摘要: | 互聯網已成為大規模全球通訊的關鍵推動因素,每天提供穩定的網路服務非常重要,隨著互聯網的使用不斷增長,有效管理融合它的底層網路至關重要。網路流量分類在此管理中是很重要的課題,包含提供服務質量(QoS)與預測未來趨勢以及檢測潛在的安全威脅。出於這些原因,準確的網路流量分類對於網路服務提供商(ISP),大型企業公司和政府機構而言非常重要。近年來,由於加密網路流量的增加趨勢,無論是出於安全性還是隱藏惡意的目的,當前的網路流量分類方法已經變得不那麼有效。因此,在當今的網路中,需要更有效的分類演算法來處理這個問題。越來越多的人建議使用機器學習來對加密的網絡流量進行分類,雖然有許多技術可用於應用機器學習來實現網路流量分類,但大多數工作都嚴重依賴於手工選取的特徵,或者只能處理離線流量分類。為了擺脫上述弱點,在本篇論文中,我提出了一個基於卷積神經網絡(CNNs)與集成學習(Ensemble Learning)的架構,Packet2Img。此架構將網路流量轉換為圖片,可以完全獲取不同應用程式或惡意攻擊的靜態和動態行為,因此可以避免手工取特徵可能導致重要訊息遺失的現象。在本篇論文中有使用的資料集包含ISCX VPN-nonVPN資料集,CTU-13資料集和CAPE沙箱所收集的惡意程式網路流量。在所有實驗中,實驗結果證明Packet2Img此方法在100*100的最佳圖像尺寸和調整過的實驗架構中能夠滿足實際應用的精確度要求,也有很高的可擴展性。從實驗結果來看,該方法的分類精準度比使用手工選取特徵的傳統方法高出約10%。 The Internet has become a key enabler of large-scale global communications, and it is important to provide an immeasurable number of services every day. As the use of the Internet continues to grow, it is critical to effectively manage the underlying network that converges it. Network traffic classification plays a vital role in this management, providing quality of service(QoS), predicting future trends, and detecting potential security threats. For these reasons, accurate network traffic classification is important for Internet Service Providers (ISPs), large enterprise companies, and government agencies. Current network traffic classification methods have become less effective in recent years due to the increasing trend of encrypted network traffic, whether for security, priority or malicious purposes. Therefore, in today's networks, more efficient classification algorithms are needed to handle these conditions. More and more people are proposing to use machine learning to classify encrypted network traffic. While there are many techniques for applying machine learning to implement IP traffic classification, most works are heavily dependent on handcrafted features or can only handle offline traffic classification. In order to get rid of the above weaknesses, in this thesis, we present a convolutional neural networks (CNNs) with ensemble on traffic classification framework named Packet2Img. This framework converts network flows into images, fully capturing the static and dynamic behavior of different applications or malicious attack, and avoiding the use of handcrafted features that can lead to information loss. The method is validated with dataset which contains ISCX VPN-nonVPN dataset, CTU-13 dataset and malicious flows collected by CAPE sandbox. Among all of the experiments, with the best image size chosen and the fine-tuned model, the experiment results show that the method can satisfy the accuracy requirement of practical application and has high scalability. From the experimental results, the classification accuracy of this method is about 10 percent higher than the traditional method of using handcrafted features. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/21479 |
DOI: | 10.6342/NTU201902120 |
全文授權: | 未授權 |
顯示於系所單位: | 電信工程學研究所 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-108-1.pdf 目前未授權公開取用 | 5.95 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。