請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/72159
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 蔡志宏(Zse-Hong Tsai) | |
dc.contributor.author | Kai-Wei Chen | en |
dc.contributor.author | 陳凱威 | zh_TW |
dc.date.accessioned | 2021-06-17T06:26:23Z | - |
dc.date.available | 2018-08-18 | |
dc.date.copyright | 2018-08-18 | |
dc.date.issued | 2018 | |
dc.date.submitted | 2018-08-17 | |
dc.identifier.citation | [1] Security-Solutions-DDoS-SOC-Report (https://www.discover.neustar/201705-Security-Solutions-DDoS-SOC-Report)
[2] J,Geiger . T., Zhang, Z., Weninger, F., Schuller, B., & Rigoll, G. “Robust speech recognition using long short-term memory recurrent neural networks for hybrid acoustic modelling.” In Proc. interspeech. 2014. [3] D.E. Denning, “An Intrusion Detection Model.” IEEE Transactions on Software Engineering, SE-13:222- 232, 1987. [4] A. Ajith, C. Grosan, Y. Chen, “Evolution of Intrusion Detection Systems.” School of Information Science and Engineering Jinan University, Jinan 250022, P.R.China, 2006. [5] M. Gupta, “Hybrid Intrusion Detection System: Technology and Development.” International Journal of Computer Applications (IJCA) vol. 115, No. 9, April 2015. [6] T. Chen and C. Guestrin. “XGBoost: A scalable tree boosting system”. In Proceedings of the 22nd ACM SIGKDD Conference on Knowledge Discovery and Data Mining, pages 785–794, San Francisco, CA, 2016. [7] B. S. Harish, B. S. Kumar, “Anomaly based Intrusion Detection using Modified Fuzzy Clustering,” International Journal of Interactive Multimedia and Artificial Intelligence, vol. 4, no. 6, pp. 54-59, 2017. [8] R.Rajpal, S. Kaur, and Ramandeep Kaur (2016) “Improving Detection Rate Using Misuse Detection and Machine Learning.” In 2016 SAI Computing Conference (SAI), 1131–35. IEEE. doi:10.1109/SAI.2016.7556119 [9] M. M. Rathore, A. Paul, A. Ahmad, S. Rho, M. Imran, and M. Guizani, “Hadoop based real-time intrusion detection for high-speed networks.” in IEEE GLOBECOM, Washington, USA, 2016. [10] J. D. Owens ; H. Mike ; L. David ;G. Simon ; E.S.John ;C.P. James ; ”GPU Computing”,2008 [11] G.Münz, S.Li, and G.Carle, “Traffic anomaly detection using k-means clustering”, In Proc. of Leistungs-, Zuverlässigkeits- und Verlässlichkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen, 4.GI/ITG-Workshop MMBnet 2007, Hamburg, Germany, September 2007. [12] M. Jianliang, S. Haikun, and B. Ling, “The application on intrusion detection based on k-means cluster algorithm,” in Information Technology and Applications, 2009. IFITA’09. International Forum on, vol. 1. pp. 150–152, 2009. [13] K. Bharti, S. Shukla, and S. Jain, “Intrusion detection using unsupervised learning,” International Journal on Computer Science and Engineering,vol. 1, no. 2, pp. 1865–1870, 2010. [14] W. Ren, J. Cao, and X. Wu, “Application of network intrusion detection based on fuzzy c-means clustering algorithm,” Third International Symposium on Intelligent Information Technology Application, 2009. IITA, vol. 3. IEEE, 2009, pp. 19–22. 2009 [15]H. Wang, Y. Zhang, and D. Li, “Network intrusion detection based on hybrid fuzzy c-mean clustering,” Seventh International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), vol.1, pp. 483–486. 2010. [16] S. Ganapathy, K. Kulothungan, P. Yogesh, and A. Kannan, “A novel accuracy weighted fuzzy c–means clustering based on immune genetic algorithm or intrusion detection” , Procedia Engineering, vol. 38, pp. 1750–1757, 2012. [17] I. Syarif, A. Prugel-Bennett and G. Wills. “Unsupervised clustering approach for network anomaly detection”. Networked Digital Technologies, pp.135-145. 2012. [18] W. Chimphlee, A.H. Abdullah, M.N.M Sap, S. Srinoy and S. Chimphlee, “Anomaly-based intrusion detection using fuzzy rough clustering”. IEEE International Conference on Hybrid Information Technology, ICHIT’06. vol. 1, pp. 329-334, 2006. [19] S. Gaikwad, D.P. Jagtap, K. Thakare and V. Budhawant. “Anomaly Based Intrusion Detection System Using Artificial Neural Network and fuzzy clustering”. International Journal of Engineering Research & Technology (IJERT), ISSN:2278-0181, November- 2012; 1(9).12.A. Goyal, and C. Kumar. [20] K. S. Devikrishna, and B. B. Ramakrishna, “An Artificial Neural Network based Intrusion Detection System and Classification of Attacks.', International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622, Jul-Aug 2013, 3(4): 1959-1964. [21]P. Natesan and P. Balasubramanie ”Multi Stage Filter Using Enhanced Adaboost for Network Intrusion Detection.’’ International Journal of Network Security & Its,Applications (IJNSA), Vol.4, No.3, pp. 121 -135, 2012 . [22] DARPA Intrusion Detection Data Sets https://www.ll.mit.edu//ideval/data/ [23] M. Tavallaee, E. Bagheri, W. Lu, and A. A.Ghorbani,”A detailed analysis of the KDD CUP 99 data set.” IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), Ottawa, 2009. [24] S. Mukherjeea, N. Sharmaa, “Intrusion Detection using Naive Bayes Classifier with Feature Reduction” Department of Computer Science, Banasthali University, Jaipur,Rajasthan, 304022,India,2012 [25] A.Jarrah, O. Y., et al. 'Machine-Learning-Based Feature Selection Techniques for Large-Scale Network Intrusion Detection.' 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops (ICDCSW), 2014. [26]Y. Lecun, L. Bottou, Y. Bengio, et al. Gradient-based learning applied to document recognition. Proceedings of the IEEE, 1998, 86(11):2278 – 2324 [27] D.H. Hubel, T.N. Wiesel,. Receptive fields, binocular interaction and functional architecture in the cat's visual cortex- The Journal of physiology, 1962 - Wiley Online Library [28] I.H.Witten, E.Frank, M.A. Hall “ Data Mining Practical Machine Leanrning Tools &Techniques” Third edition, Pub. – Morgan kouffman. [29] https://www.videocardbenchmark.net/compare/GeForce-GTX-960M-vs-GeForce-GTX-1080-with-Max-Q-Design-vs-GeForce-GTX-1080-Ti/3176vs3784vs3699 [30] G. Klambauer, T. Unterthiner, A. Mayr, and S. Hochreiter, Self-Normalizing Neural Networks. ArXiv e-prints, 2017. [31] W. Chimphlee, A.H. Abdullah, M.N.M Sap, S. Srinoy and S. Chimphlee, Anomaly-based intrusion detection using fuzzy rough clustering.IEEE International Conference on Hybrid Information Technology,ICHIT’06. vol. 1, pp. 329-334, 2006. [32] I. Syarif, A. Prugel-Bennett and G. Wills. Unsupervised clustering approach for network anomaly detection. Networked Digital Technologies, pp.135-145. 2012. [33] S. Thulasidasan and J. Bilmes, “Acoustic classification using semi-supervised deep neural networks and stochastic entropyregularization over nearest-neighbor graphs,” in IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, 2017, pp. 2731–2735. [34] L. Xiafei ,Z.Yue, and L. Zongqing 'Deep learning feature representation for electrocardiogram identification.' IEEE International Conference on Digital Signal Processing (DSP), 2016. [35] NSL-KDD Dataset http://nsl.cs.unb.ca/NSL-KDD/ [36] RFC 793 https://tools.ietf.org/html/rfc793 [37] Q.Gu and P. Liu, 'Denial of Service Attacks', Technical Report, http://s2.ist.psu.edu/paper/DDoS-Chap-Gu-June-07.pdf [38] KDD Cup 1999 Data http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html [39] Canadian Institute for Cybersecurity | UNB http://www.unb.ca/cic/ [40] NVIDIA TESLA V100 TENSOR CORE GPU https://www.nvidia.com/en-us/data-center/tesla-v100/ [41] T. A. Tang, L. Mhamdi, D. McLernon, S. A. R. Zaidi, M. Ghogho, 'Deep learning approach for network intrusion detection in software defined networking', Proc. Int. Conf. Wireless Netw. Mobile Commun. (WINCOM), pp. 258-263, Oct. 2016. | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/72159 | - |
dc.description.abstract | 入侵偵測系統(Intrusion Detection System,IDS)是一種網路安全裝置或應用軟體,可以監控網路或系統,透過封包流量,安全日誌等資料所擷取出的特徵,檢查是否有可疑活動或者違反使用條款。目前入侵偵測系統主要可分為兩種類型:特徵偵測(Signature-based)與異常偵測(Anomaly-based),特徵偵測是擷取過去異常行為的特徵,以此建立資料庫,往後使用此資料庫來做入侵攻擊的偵測辨識;而異常偵測系統則是使用機器學習(Machine Learning)方法,找出資料集的特徵與標籤之間的關係,建構出異常行為的模型,來作為判斷的依據。異常偵測能夠察覺未知型態的異常行為,但準確率與誤判率通常比特徵偵測低。
本研究所提方法係將資料視覺化(Data Visualization)與卷積神經網路(Convolutional Neural Network,CNN)整合應用於異常偵測系統,藉由資料視覺化將流量之資料集數據逐項轉換為二維圖形,再利用CNN的類神經網路模型加以辨識。以NSL-KDD資料集做為測試案例,針對含有未知攻擊資料集TEST+的判斷準確率可達到81.84%,模型誤判率可降至17.83%,並且和常見的EM叢集法比較訓練及判斷的計算需求,驗證此方法能夠在準確率與誤判率獲得改善。 最後,此方法除了可應用於資訊安全領域,其他研究領域只要資料集的內容夠完整,皆可考慮使用此方法。展現了通用性與將來的發展性。 | zh_TW |
dc.description.abstract | An intrusion detection system (IDS) is a device or software application that detects attacks by the features extract from network traffic, packets, security logs, etc, to monitor malicious activities or policy violations.
IDS could fall into two categories: signature-based and anomaly-based. Signature-based IDS extracts features from past anomaly behaviors to build a database for further analysis and detection. Anomaly-based IDS build the malicious behavior model from the relationship between features and labels of dataset by machine learning algorithm, to identify the content is anomaly or not. Anomaly-base IDS can detect unknown behavior, but the accuracy and false positive performs worse than signatured-based IDS. In this paper, we combine the concept of Data Visualization and Convolutional Neural Network to build a model for anomaly-based IDS by transform the dataset into images by data visualization algorithm to train the convolutional neural network model. The detection accuracy for NSL-KDD TEST+ dataset contained unknown attacks can reach 81.84%. The minimum false positive rate of the models could be reduce to 17.83%, and the hardware computation requirements of the training and testing procedure are compared with the well-known EM clustering method. Finally, besides of the information security field, other research fields could apply this method as long as the contents of the dataset are complete enough, which demonstrates the versatility and future development. | en |
dc.description.provenance | Made available in DSpace on 2021-06-17T06:26:23Z (GMT). No. of bitstreams: 1 ntu-107-R05942134-1.pdf: 2106090 bytes, checksum: 329e8a17e5925b015ae5c7324f4467f7 (MD5) Previous issue date: 2018 | en |
dc.description.tableofcontents | 口試委員會審定書..........................................i
誌謝....................................................ii 摘要...................................................iii Abstract................................................iv 目錄.....................................................v 圖目錄..................................................vii 表目錄.................................................viii 第一章 緒論...............................................1 1.1 前言與背景............................................1 1.2 相關研究文獻..........................................5 1.3 問題定義與動機........................................7 1.4 論文章節架構..........................................8 第二章 卷積神經網路架構....................................9 2.1 CNN的設計與建構......................................11 第三章 資料集與特徵篩選法的介紹............................15 3.1 NSL_KDD資料集介紹....................................15 3.1.1 TCP連線的基本特徵(共9種)......................19 3.1.2 TCP連線的內容特徵(共13種).....................22 3.1.3 基於時間的網路流量統計特徵(共9種)..............23 3.1.4 基於主機的網路流量統計特徵(共10種).............25 3.2 特徵篩選法...........................................28 3.2.1 CFS-BF法......................................29 3.2.2 IG+R法........................................29 3.2.3 GR+R法........................................30 3.3 資料預處理與視覺化 ...................................31 第四章 實驗與分析........................................36 第五章 未來發展..........................................45 參考文獻.................................................47 | |
dc.language.iso | zh-TW | |
dc.title | 資料視覺化應用於網路入侵偵測系統之異常偵測 | zh_TW |
dc.title | Data Visualization Applied for Anomaly Detection in Intrusion Detection Systems | en |
dc.type | Thesis | |
dc.date.schoolyear | 106-2 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 林宗男(Tsung-Nan Lin),馮輝文(Huei-Wen Ferng) | |
dc.subject.keyword | 入侵偵測系統,機器學習,異常偵測,卷積神經網路,資料視覺化, | zh_TW |
dc.subject.keyword | Intrusion detection system,Machine learning,Anomaly detection,Convolutional neural network,Data visualization, | en |
dc.relation.page | 51 | |
dc.identifier.doi | 10.6342/NTU201803861 | |
dc.rights.note | 有償授權 | |
dc.date.accepted | 2018-08-17 | |
dc.contributor.author-college | 電機資訊學院 | zh_TW |
dc.contributor.author-dept | 電信工程學研究所 | zh_TW |
顯示於系所單位: | 電信工程學研究所 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-107-1.pdf 目前未授權公開取用 | 2.06 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。