Please use this identifier to cite or link to this item:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/72159
Title: | 資料視覺化應用於網路入侵偵測系統之異常偵測 Data Visualization Applied for Anomaly Detection in Intrusion Detection Systems |
Authors: | Kai-Wei Chen 陳凱威 |
Advisor: | 蔡志宏(Zse-Hong Tsai) |
Keyword: | 入侵偵測系統,機器學習,異常偵測,卷積神經網路,資料視覺化, Intrusion detection system,Machine learning,Anomaly detection,Convolutional neural network,Data visualization, |
Publication Year : | 2018 |
Degree: | 碩士 |
Abstract: | 入侵偵測系統(Intrusion Detection System,IDS)是一種網路安全裝置或應用軟體,可以監控網路或系統,透過封包流量,安全日誌等資料所擷取出的特徵,檢查是否有可疑活動或者違反使用條款。目前入侵偵測系統主要可分為兩種類型:特徵偵測(Signature-based)與異常偵測(Anomaly-based),特徵偵測是擷取過去異常行為的特徵,以此建立資料庫,往後使用此資料庫來做入侵攻擊的偵測辨識;而異常偵測系統則是使用機器學習(Machine Learning)方法,找出資料集的特徵與標籤之間的關係,建構出異常行為的模型,來作為判斷的依據。異常偵測能夠察覺未知型態的異常行為,但準確率與誤判率通常比特徵偵測低。
本研究所提方法係將資料視覺化(Data Visualization)與卷積神經網路(Convolutional Neural Network,CNN)整合應用於異常偵測系統,藉由資料視覺化將流量之資料集數據逐項轉換為二維圖形,再利用CNN的類神經網路模型加以辨識。以NSL-KDD資料集做為測試案例,針對含有未知攻擊資料集TEST+的判斷準確率可達到81.84%,模型誤判率可降至17.83%,並且和常見的EM叢集法比較訓練及判斷的計算需求,驗證此方法能夠在準確率與誤判率獲得改善。 最後,此方法除了可應用於資訊安全領域,其他研究領域只要資料集的內容夠完整,皆可考慮使用此方法。展現了通用性與將來的發展性。 An intrusion detection system (IDS) is a device or software application that detects attacks by the features extract from network traffic, packets, security logs, etc, to monitor malicious activities or policy violations. IDS could fall into two categories: signature-based and anomaly-based. Signature-based IDS extracts features from past anomaly behaviors to build a database for further analysis and detection. Anomaly-based IDS build the malicious behavior model from the relationship between features and labels of dataset by machine learning algorithm, to identify the content is anomaly or not. Anomaly-base IDS can detect unknown behavior, but the accuracy and false positive performs worse than signatured-based IDS. In this paper, we combine the concept of Data Visualization and Convolutional Neural Network to build a model for anomaly-based IDS by transform the dataset into images by data visualization algorithm to train the convolutional neural network model. The detection accuracy for NSL-KDD TEST+ dataset contained unknown attacks can reach 81.84%. The minimum false positive rate of the models could be reduce to 17.83%, and the hardware computation requirements of the training and testing procedure are compared with the well-known EM clustering method. Finally, besides of the information security field, other research fields could apply this method as long as the contents of the dataset are complete enough, which demonstrates the versatility and future development. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/72159 |
DOI: | 10.6342/NTU201803861 |
Fulltext Rights: | 有償授權 |
Appears in Collections: | 電信工程學研究所 |
Files in This Item:
File | Size | Format | |
---|---|---|---|
ntu-107-1.pdf Restricted Access | 2.06 MB | Adobe PDF |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.