基於深度學習與知識蒸餾的加密網路流量分類方法

龔柏森; Bo-Sen Gong

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/94104

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	蔡志宏	zh_TW
dc.contributor.advisor	Zsehong Tsai	en
dc.contributor.author	龔柏森	zh_TW
dc.contributor.author	Bo-Sen Gong	en
dc.date.accessioned	2024-08-14T16:42:43Z	-
dc.date.available	2024-12-27	-
dc.date.copyright	2024-08-14	-
dc.date.issued	2024	-
dc.date.submitted	2024-08-09	-
dc.identifier.citation	[1] Google, “Https encryption on the web,” 2024, accessed: 2024-07-01. [Online]. Available: https://transparencyreport.google.com/https/overview?hl=en [2] I. S. R. Group, “Let’s encrypt stats,” 2024, accessed: 2024-07-01. [Online]. Available: https://letsencrypt.org/stats/ [3] N. Moustafa and J. Slay, “Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set),” in 2015 Military Communications and Information Systems Conference (MilCIS), 2015, pp. 1–6. [4] H. Tahaei, F. Afifi, A. Asemi, F. Zaki, and N. B. Anuar, “The rise of traffic classification in iot networks: A survey,” Journal of Network and Computer Applications, vol. 154, p. 102538, 2020. [5] J. Zhao, X. Jing, Z. Yan, and W. Pedrycz, “Network traffic classification for data fusion: A survey,” Information Fusion, vol. 72, pp. 22–47, 2021. [6] D. Javaheri, S. Gorgin, J.-A. Lee, and M. Masdari, “Fuzzy logic-based ddos attacks and network traffic anomaly detection methods: Classification, overview, and future perspectives,” Information Sciences, vol. 626, pp. 315–338, 2023. [7] R. Zhao, Y. Chen, Y. Wang, Y. Shi, and Z. Xue, “An efficient and lightweight approach for intrusion detection based on knowledge distillation,” in ICC 2021-IEEE International Conference on Communications. IEEE, 2021, pp. 1–6. [8] R. Zhao, G. Gui, Z. Xue, J. Yin, T. Ohtsuki, B. Adebisi, and H. Gacanin, “A novel intrusion detection method based on lightweight neural network for internet of things,” IEEE Internet of Things Journal, vol. 9, no. 12, pp. 9960–9972, 2021. [9] S. Yang, X. Zheng, Z. Xu, and X. Wang, “A lightweight approach for network intrusion detection based on self-knowledge distillation,” in ICC 2023-IEEE International Conference on Communications. IEEE, 2023, pp. 3000–3005. [10] Y. LeCun, J. S. Denker, S. A. Solla, R. E. Howard, and L. D. Jackel, “Optimal brain damage,” in Advances in neural information processing systems, 1990, pp. 598–605. [11] B. Jacob, S. Kligys, B. Chen, M. Zhu, M. Tang, A. Howard, H. Adam, and D. Kalenichenko, “Quantization and training of neural networks for efficient integer-arithmetic-only inference,” Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2704–2713, 2018. [12] S. J. Nowlan and G. E. Hinton, “Simplifying neural networks by soft weight-sharing,” Neural computation, vol. 4, no. 4, pp. 473–493, 1992. [13] V. Lebedev, Y. Ganin, M. Rudenko, and V. Lempitsky, “Speeding-up convolutional neural networks using fine-tuned cp-decomposition,” in International Conference on Learning Representations, 2015. [14] G. Hinton, O. Vinyals, and J. Dean, “Distilling the knowledge in a neural network,” arXiv preprint arXiv:1503.02531, 2015. [15] S. Dharmapurikar, P. Krishnamurthy, T. Sproull, and J. Lockwood, “Deep packet inspection using parallel bloom filters,” IEEE Micro, vol. 24, no. 1, pp. 52–61, 2004. [16] A. Lakhina, M. Crovella, and C. Diot, “Diagnosing network-wide traffic anomalies,” in Proceedings of the 2005 ACM SIGCOMM conference. ACM, 2005, pp. 219–230. [17] A. W. Moore and K. Papagiannaki, “Toward the accurate identification of network applications,” in Passive and Active Network Measurement. Springer, Berlin, Heidelberg, 2005, pp. 41–54. [18] T. Karagiannis, K. Papagiannaki, and M. Faloutsos, “Blinc: Multilevel traffic classification in the dark,” in Proceedings of the 2005 ACM SIGCOMM conference. ACM, 2005, pp. 229–240. [19] M. Dixit, R. Sharma, S. Shaikh, and K. Muley, “Internet traffic detection using naïve bayes and k-nearest neighbors (knn) algorithm,” in 2019 International Conference on Intelligent Computing and Control Systems (ICCS), 2019, pp. 1153–1157. [20] A. Este, F. Gringoli, and L. Salgarelli, “Support vector machines for tcp traffic clas- sification,” Computer Networks, vol. 53, no. 14, pp. 2476–2490, 2009. [21] L. M. Nair and G. Sajeev, “Internet traffic classification by aggregating correlated decision tree classifier,” in 2015 Seventh International Conference on Computational Intelligence, Modelling and Simulation (CIMSim). IEEE, 2015, pp. 135–140. [22] Y. Zhai and X. Zheng, “Random forest based traffic classification method in sdn,” in 2018 International Conference on Cloud Computing, Big Data and Blockchain (ICCBB), 2018, pp. 1–5. [23] Y. Liu, W. Li, and Y. Li, “Network traffic classification using k-means clustering,” in Second international multi-symposiums on computer and computational sciences (IMSCCS 2007). IEEE, 2007, pp. 360–365. [24] S. Miller, K. Curran, and T. Lunney, “Multilayer perceptron neural network for detection of encrypted vpn network traffic,” in 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA). IEEE, 2018, pp. 1–8. [25] W. Wang, M. Zhu, J. Wang, X. Zeng, and Z. Yang, “End-to-end encrypted traffic classification with one-dimensional convolution neural networks,” in 2017 IEEE international conference on intelligence and security informatics (ISI). IEEE, 2017, pp. 43–48. [26] M. Azizjon, A. Jumabek, and W. Kim, “1d cnn based network intrusion detection with normalization on imbalanced data,” in 2020 international conference on artificial intelligence in information and communication (ICAIIC). IEEE, 2020, pp. 218–224. [27] W. Wang, Y. Sheng, J. Wang, X. Zeng, X. Ye, Y. Huang, and M. Zhu, “Hast-ids: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection,” IEEE Access, vol. 6, pp. 1792–1806, 2018 [28] M. Lotfollahi, R. S. H. Zade, M. J. Siavoshani, and M. Saberian, “Deep packet: A novel approach for encrypted traffic classification using deep learning,” 2018. [29] J. Chen, Q. Guo, Z. Fu, Q. Shang, H. Ma, and N. Wang, “Semi-supervised campus network intrusion detection based on knowledge distillation,” in 2023 International Joint Conference on Neural Networks (IJCNN). IEEE, 2023, pp. 1–7. [30] Z. Wang, Z. Li, D. He, and S. Chan, “A lightweight approach for network intrusion detection in industrial cyber-physical systems based on knowledge distillation and deep metric learning,” Expert Systems with Applications, vol. 206, p. 117671, 2022. [31] K. Pearson, “Liii. on lines and planes of closest fit to systems of points in space,” The London, Edinburgh, and Dublin philosophical magazine and journal of science, vol. 2, no. 11, pp. 559–572, 1901. [32] H. E. Scarf, K. Arrow, and S. Karlin, A min-max solution of an inventory problem. Rand Corporation Santa Monica, 1957. [33] P. Rodríguez, M. A. Bautista, J. Gonzalez, and S. Escalera, “Beyond one-hot encoding: Lower dimensional target embedding,” Image and Vision Computing, vol. 75, pp. 21–31, 2018. [34] H. Hotelling, “Analysis of a complex of statistical variables into principal components.” Journal of educational psychology, vol. 24, no. 6, p. 417, 1933. [35] F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay, “Scikit-learn: Machine learning in Python,” Journal of Machine Learning Research, vol. 12, pp. 2825–2830, 2011. [36] K. P. Murphy, Machine Learning: A Probabilistic Perspective. MIT press, 2012. [37] F. Chollet, “Xception: Deep learning with depthwise separable convolutions,” in Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), July 2017. [38] Google, “Google colaboratory,” 2024, accessed: 2024-07-01. [Online]. Available: https://colab.research.google.com/ [39] P. S. Foundation, “Python programming language,” 2024, accessed: 2024-07-01. [Online]. Available: https://www.python.org/ [40] TensorFlow, “Tensorflow: An end-to-end open source machine learning platform,” 2024, accessed: 2024-07-01. [Online]. Available: https://www.tensorflow.org/?hl=zh-tw [41] Keras, “Keras: The python deep learning library,” 2024, accessed: 2024-07-01. [Online]. Available: https://keras.io/ [42] T. Fawcett, “An introduction to roc analysis,” Pattern recognition letters, vol. 27, no. 8, pp. 861–874, 2006. [43] C. J. van Rijsbergen, Information Retrieval, 2nd ed. Butterworth-Heinemann, 1979.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/94104	-
dc.description.abstract	網路流量分類在網路安全中扮演著至關重要的角色，其重要性日益增加。網路流量分類是指辨識和分類網路中的各種封包或流量的過程。該分類方法通常基於流量的類型、特徵和行為模式，從而有助於檢測潛在威脅並採取必要措施來進行緩解。因此，它對網路安全和監控至關重要。如今，超過 90% 的網頁使用 HyperText Transfer Protocol Secure (HTTPS) 加密，以確保資料隱私和應用程式之間的通訊安全。傳統常見的網路流量分類做法如：基於通訊埠編號 (Port-based) 分類或深度封包檢測 (Deep Packet Inspection, DPI) 的方法在面對加密網路流量時已逐漸難以應用。在本論文中，我們提出了一種基於深度學習和知識蒸餾的加密網路流量分類方法。我們使用具有三層卷積層的一維卷積神經網路 (1D-CNN)作為教師模型，來訓練僅有一層卷積層的學生模型。我們分別採用標準一維卷積神經網路和深度可分離一維卷積神經網路作為教師模型。這些教師模型的輸出隨後被用作訓練數據，通過知識蒸餾方法來訓練僅包含一層卷積層的學生模型，以驗證知識蒸餾的有效性。實驗結果表明，知識蒸餾可促使標準和深度可分離兩種學生模型均能從教師模型的輸出中學習，在保持與教師模型相當的準確度的同時，減少了模型大小和推理時間。此外，我們的實驗結果顯示相較於標準一維卷積神經網路，深度可分離一維卷積神經網路減少了參數量並達到了更小的模型尺寸與更少的模型渲染時間，從而實現了更好的效率。	zh_TW
dc.description.abstract	Network traffic classification plays a crucial role in network security and its importance has grown significantly. Network traffic classification involves identifying and categorizing various data packets or flows within a network. This classification is typically based on the flow type, features and behavioral patterns of the traffic, which aids in detecting potential threats and taking necessary measures to mitigate them. Therefore, it is vital for network security and monitoring. Nowadays, over 90% of webpages are encrypted using HyperText Transfer Protocol Secure (HTTPS) to ensure data privacy and secure communication between applications. Traditional network traffic classification methods such as Port-Based classification or Deep Packet Inspection (DPI) have gradually become impractical for encrypted network traffic. In this thesis, we propose a classification method for encrypted network traffic based on deep learning and knowledge distillation. We used a one-dimensional convolutional neural network (1D-CNN) with three convolutional layers as the teacher model to train the student model with only one convolutional layer. We employed both a standard 1D-CNN and a depthwise separable 1D-CNN as teacher models. The outputs of these teacher models were then used as training data. Through the process of knowledge distillation, we trained the student model with a single convolutional layer to validate the effectiveness of knowledge distillation. Simulation results indicate that knowledge distillation enables both the standard and separable student models to learn from the teacher models’ outputs, reducing model size and inference time while maintaining accuracy comparable to more complicated teacher models. Furthermore, our experiments demonstrate that the separable 1D-CNN achieves a smaller model size and shorter inference time when it is compared with the standard 1D-CNN, thereby achieving better efficiency.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2024-08-14T16:42:43Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2024-08-14T16:42:43Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	口試委員審定書 i 誌謝 iii 中文摘要 v ABSTRACT vii CONTENTS ix LIST OF FIGURES xiii LIST OF TABLES xv Chapter 1 Introduction 1 1.1 Background and Motivation . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Research Objective . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.3 Thesis Organization . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Chapter 2 Related Work 9 2.1 Traditional Methods in Network Traffic Classification . . . . . . . . 9 2.2 Machine Learning in Network Traffic Classification . . . . . . . . . 10 2.3 Deep Learning in Network Traffic Classification . . . . . . . . . . . 11 2.4 Knowledge Distillation in Network Traffic Classification . . . . . . . 12 Chapter 3 Methodology 17 3.1 Model Framework and Overview . . . . . . . . . . . . . . . . . . . 17 3.2 Dataset Introduction and Pre-processing . . . . . . . . . . . . . . . . 19 3.2.1 Introduction of the UNSW-NB15 Dataset . . . . . . . . . . . 19 3.2.2 Data Pre-processing . . . . . . . . . . . . . . . . . . . . . . 23 3.2.3 Principal Component Analysis . . . . . . . . . . . . . . . . . 28 3.3 Deep Learning Model with Knowledge Distillation . . . . . . . . . . 31 3.3.1 Knowledge Distillation Training and Validation Procedure . . 32 3.3.2 Teacher Model . . . . . . . . . . . . . . . . . . . . . . . . . 36 3.3.3 Student Model . . . . . . . . . . . . . . . . . . . . . . . . . 41 3.3.4 Student Model Fine-tuning . . . . . . . . . . . . . . . . . . . 44 3.4 Model Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Chapter 4 Experimental Results and Analysis 49 4.1 Development Environment . . . . . . . . . . . . . . . . . . . . . . . 49 4.2 Experimental Results and Evaluation Metric . . . . . . . . . . . . . 50 4.2.1 Evaluation Metric . . . . . . . . . . . . . . . . . . . . . . . . 50 4.2.2 Teacher Model Performance . . . . . . . . . . . . . . . . . . 53 4.2.2.1 Standard 1D-CNN Teacher Performance . . . . . . . . 53 4.2.2.2 Separable 1D-CNN Teacher Performance . . . . . . . . 55 4.2.2.3 Comparison and Analysis . . . . . . . . . . . . . . . . 57 4.2.3 Student Model Performance . . . . . . . . . . . . . . . . . . 58 4.2.3.1 Hyper-parameter Settings for Student Models . . . . . 58 4.2.3.2 Standard 1D-CNN Student Performance . . . . . . . . 59 4.2.3.3 Separable 1D-CNN Student Performance . . . . . . . . 61 4.2.3.4 Comparison and Analysis . . . . . . . . . . . . . . . . 63 4.3 Comparison and Analysis with Other Methods . . . . . . . . . . . . 64 4.3.1 Comparison between Student and Teacher Models . . . . . . 64 4.3.2 Comparison between Student Models and Other Methods . . . 65 Chapter 5 Conclusions and Future Work 67 5.1 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 5.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 REFERENCES 73	-
dc.language.iso	en	-
dc.subject	深度學習	zh_TW
dc.subject	加密網路流量分類	zh_TW
dc.subject	知識蒸餾	zh_TW
dc.subject	Encrypted Network Traffic Classification	en
dc.subject	Knowledge Distillation	en
dc.subject	Deep Learning	en
dc.title	基於深度學習與知識蒸餾的加密網路流量分類方法	zh_TW
dc.title	Classification of Encrypted Network Traffic Based on Deep Learning and Knowledge Distillation	en
dc.type	Thesis	-
dc.date.schoolyear	112-2	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	林風;黎明富;鍾耀梁	zh_TW
dc.contributor.oralexamcommittee	Phone Lin;Mingfu Li;Yao-Liang Chung	en
dc.subject.keyword	加密網路流量分類,深度學習,知識蒸餾,	zh_TW
dc.subject.keyword	Encrypted Network Traffic Classification,Deep Learning,Knowledge Distillation,	en
dc.relation.page	78	-
dc.identifier.doi	10.6342/NTU202401673	-
dc.rights.note	同意授權(限校園內公開)	-
dc.date.accepted	2024-08-12	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	電信工程學研究所	-
顯示於系所單位：	電信工程學研究所

文件中的檔案：

檔案	大小	格式
ntu-112-2.pdf 授權僅限NTU校內IP使用（校園外請利用VPN校外連線服務）	2.18 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。