臺灣博碩士論文加值系統

隨著物聯網（Internet of Things,IoT）的興起與發展，IoT設備與網際網路互連正以前所未有的速度快速擴張。通常智慧家電產品、居家安全設備及無線網路傳輸控管系統透過中控裝置（Coordinator）整合起來，提供遠端智慧型手機的操控，以提供更便利且快速的智慧生活。
隨著物聯網設備的大量部署與應用，自動化攻擊工具的氾濫，物聯網已成為駭客主動式攻擊的主要目標。為加速物聯網為基礎之殭屍網路（Botnet）偵測之威脅辨識精度並降低誤判率，本研究提出一個基於雙向長短期記憶網路（Bidirectional Long Short-Term Memory, BLSTM）架構在物聯網環境下的殭屍網路偵測與防護系統，以強化物聯網安全。此一IoT殭屍網路偵測與防護系統採用深度學習框架PyTorch進行開發，學習潛在威脅的抽象特徵，比對IoT殭屍網路威脅的行為特徵，以有效管控新型態的物聯網威脅。本研究運用Ryu 軟體定義網路（Software Definition Networks,SDN）框架作為SDN控制器、Open vSwitch作為OpenFlow交換器等工具建置物聯網環境下殭屍網路偵測與防護系統，以Mirai殭屍網路進行系統測試與驗證，實驗證明所研發的系統可有效偵測及防護殭屍網路攻擊。

With the development of Internet of Things (IoT), IoT devices are rapidly expanding at an unprecedented rate. Smart home appliances, home security devices and wireless network were intensely integrated via a centralized control device (Coordinator) to provide remote control by smart phone and a more convenient and smarter life.IoT has become the main attack target of hackers with the massive deployment of IoT devices and the proliferation of automated attack tools. To increase the detection accuracy of IoT-based botnet and reduce the false positive rate, this research proposes a botnet detection and protection system usingdeep learning Bidirectional Long Short-Term Memory(BLSTM)architecture to enhance the IoT security. Thepurpose of IoT-basedbotnet detection and protection system is to monitor and defend the cyber attacks by learning the various features of botnet and comparing the behavioral featuresofpotential threats. In practice, theexperiment uses Ryu SDN framework as SDN controller, Open vSwitch as OpenFlow switch and other tools to detect the threatsfor botnet protection. Experiment results show that the developed system can detect the Miraibotnet attacks and guard the networks effectively.

中文審定書
英文審定書
摘要 i
ABSRACT ii
致謝 iii
目錄 iv
表目錄 vi
圖目錄 vii
第一章 緒論 1
第一節 研究背景 1
第二節 研究動機 2
第三節 研究目的 4
第四節 研究流程 5
第二章 文獻探討 6
第一節 軟體定義網路 6
第二節 遞歸神經網路 9
第三節 基於RNN之殭屍網路偵測 13
第三章 研究方法 15
第一節 系統架構 15
第二節 封包與網路流蒐集系統 16
第三節 資料特徵萃取系統 17
第四節 BLSTM深度學習系統 18
第五節 SDN安全防護系統 19
第四章 研究成果 22
第一節 SDN環境建置 23
第二節 Snort入侵偵測系統建置 31
第三節 整合Snort與SDN 35
第四節 建置Mirai Botnet 37
第五節 建置sFlow Collector 49
第六節 Mirai Botnet封包擷取與過濾 50
第七節 Deep BLSTM模型效能 53
第五章 結論 56
參考文獻 57

[1]iThome（2017年2月14日）。臺灣史上第一次券商集體遭DDoS攻擊勒索事件。iThome。取自https://www.ithome.com.tw/news/111875。
[2]Trend Labs 趨勢科技全球技術支援與研發中心（2018年3月4日）。Cloudflare和Github成為新DDoS 放大攻擊受害者攻擊規模為Mirai攻擊兩倍。資安趨勢部落格。取自https://blog.trendmicro.com.tw/?p=54744）。
[3]陳曉莉（2016年11月30日）。40萬裝置的Mirai殭屍大軍竟然上網公開出租。iThome。取自https://www.ithome.com.tw/news/109941。
[4]Trend Labs 趨勢科技全球技術支援與研發中心（2017年5月3日）。比Mirai更狠，BrickerBot要讓智慧型家電,監控攝影機…等IoT裝置，永遠變磚塊。資安趨勢部落。取自https://blog.trendmicro.com.tw/?p=49354。
[5]黃彥鈞（2018年12月6日）。星盾發表2018資安報告，自動化攻擊成重大威脅。TechNews科技新報。取自http://technews.tw/2018/12/06/forceshield-information-security-report-2018/。
[6]MoneyDJ （2017年7月13日）。深度學習助網路攻擊偵測率升至99%，NVIDIA出資力挺。Tech News科技新報。取自https://technews.tw/2017/07/13/nvidia-investment-deep-instinct/。
[7]Hochreiter, S. (1997). Long Short-Term Memory. Neural Computation, 9:8, 1735-1780.
[8]Hofer, M. (2018). Deep Learning for Named Entity Recognition #2: Implementing the state-of-the-art Bidirectional LSTM + CNN model for CoNLL 2003. Retrieve from website: https://towardsdatascience.com/deep-learning-for-named-entity-recognition-2-implementing-the-state-of-the-art-bidirectional-lstm-4603491087f1.
[9]Kim, Y. &Feamster, N. (2013). Improving Network Management with Software Defined Networking. IEEE Communications Magazine, 51:2, 114-119.
[10]Koroniotis, N., Moustafa, N., Sitnikova, E. & Slay, J. (2017). Towards Developing Network Forensic Mechanism for Botnet Activities in the IoT based on Machine Learning Techniques. Retrieve from arXiv website: https://arxiv.org/abs/1711.02825.
[11]Lee, C. (2017). Understanding Bidirectional RNN in PyTorch.Retrieve from website: https://towardsdatascience.com/understanding-bidirectional-rnn-in-pytorch-5bd25a5dd66.
[12]Lin, J. (2014). Ryu and Snort Integration.Retrieve from website: http://linton.logdown.com/posts/2014/09/03/ryu-and-snort-integration.
[13]McDermott, C. D., Majdani, F. &Petrovski, A. (2018). Botnet Detection in the Internet of Things Using Deep Learning Approaches.Paper presented at 2018 International Joint Conference on Neural Networks (IJCNN).
[14]Meidan, Y., Bohadana, M., Mathov, Y., Mirsky, Y., Shabtai, A., Breitenbacher, D. &Elovici, Y. (2018). N-BaIoT Network-based Detection of IoT Botnet Attacks Using Deep Autoencoder.IEEE Pervasive Computing,17:3,12-22.
[15]Min, E., Long, J., Liu, Q., Cui, J. & Chen, W. (2018). TR-IDS: Anomaly-Based Intrusion Detection through Text-Convolutional Neural Network and Random Forest. Security and Communication Networks, 1-9.
[16]Open Networking Foundation (2012a). Software-Defined Networking: The New Norm for Networks. Retrieve from ONF website: https://www.opennetworking.org/images/stories/downloads/sdn-resources/white-papers/wp-sdn-newnorm.pdf.
[17]Open Networking Foundation (2012b). OpenFlow® Switch Specification 1.3.0. Retrieve from ONF website: https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.3.0.pdf.
[18]Open vSwitch. Retrieve from website: https://www.openvswitch.org/.
[19]Pradhan, A. (2017). Recurrent Neural Networks Introduction to Recurrent Neural Network. Retrieve from Medium website: https://medium.com/lingvo-masino/introduction-to-recurrent-neural-network-d77a3fe2c56c.
[20]Qin, B., Zhang, H., Tu, T. &Guan, H. (2018). An SDN-based Adaptive Sampling Framework for Botnet Detection in IoT Networks. International Journal of Computer Engineering and Applications, 12, 1-8.
[21]Schuster, M. & Paliwal, K. K. (1997). Bidirectional Recurrent Neural Networks. IEEE Transactions on Signal Processing, 45:11, 2673-2681.
[22]Tariq, F. &Baig, S. (2017). Machine Learning Based Botnet Detection in Software Defined Networks. International Journal of Security and its Applications, 11:11, 1-12.
[23]Torres, P., Catania, C., Garcia, S. & Garino, C. G. (2016). An Analysis of Recurrent Neural Networks for Botnet Behavior Detection. Paper presented at 2016 IEEE Biennial Congress of Argentina (ARGENCON).
[24]Tran, D., Mac, H., Van, T., Tran, H. A. & Linh Giang, N. (2018). A LSTM based Framework for Handling Multiclass Imbalance in DGA Botnet Detection.Neurocomputing, 275, 2401-2413.
[25]Wijesinghe, U., Tupakula, U. &Varadharajan, V. (2015). Botnet Detection Using Software Defined Networking. Paper presented at the 2015 22nd International Conference on Telecommunications (ICT).