跳到主要內容

臺灣博碩士論文加值系統

(3.235.227.117) 您好!臺灣時間:2021/07/28 03:48
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:彭雅筠
研究生(外文):Peng, Ya Yun
論文名稱:惡意行為檢測規則生成之研究
論文名稱(外文):Rule Synthesis for Malicious Behavior Detection
指導教授:蔡瑞煌蔡瑞煌引用關係郁方郁方引用關係
指導教授(外文):Tsaih, Rua HuanYu, Fang
學位類別:碩士
校院名稱:國立政治大學
系所名稱:資訊管理研究所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
畢業學年度:103
語文別:英文
論文頁數:43
中文關鍵詞:惡意行為離群值分散式運算學習演算法異常偵測
外文關鍵詞:Malicious behaviorOutliersDistributed computingLearning algorithmAnomaly detection
相關次數:
  • 被引用被引用:0
  • 點閱點閱:81
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
未知的惡意行為對電腦安全機制造成很大的威脅,如果沒有有效的檢測規則,那些透過監控系統行為的工具可能無法識別未知攻擊,即使是那些配備了比傳統電腦系統還能收集更多更詳細資訊的虛擬機管理員的雲端系統仍然會受到其威脅,要能夠從大量資料中辨別出異常行為才能夠解決這個問題。因此,我們提出一個新的分散式異常值偵測演算法,利用倒傳導類神經網路與信封模組來找出大部份行為的模式,而那些沒有被歸類至此模式的行為則會被當作是異常值,具體而言,此演算法所產生的規則可以用來找出未知攻擊,因為那些不屬於已知攻擊與正常行為的樣本,會被當作是異常值。而透過分散式運算,我們可以加強演算法的效能,並處理大量資料。

Malicious behavior that has unknown patterns poses a great challenge to security mechanisms of computers. Without effective detection rules, tools via monitoring system behaviors may fail to identify unknown attacks. The threats continue to cloud systems, even for those equipped with VMMs that are capable of collecting much larger and more detailed online system and operation information in a virtualization environment than a traditional PC system. It is essential to be able to identify abnormal behavior out from a large data set to detect unknown attacks. To address this issue, we propose a new distributed outlier detection algorithm that characterizes the majority pattern of observations as a backpropagation neural network and derive detection rules to reveal abnormal samples that fail to fall into the majority. Specifically, the rules generated by the algorithm can be used to distinguish samples as outliers that violate patterns of known attacks and normal behaviors and hence to identify unknown attacks and reform their patterns. With distributed computing we can enhance the performance of the algorithm and handle huge amounts of data.
Abstract i
Contents ii
List of Figures iii
List of Tables iv
Chapter 1 Introduction 1
1.1 Background and Motivation 1
1.2 Research Method 2
1.3 Contribution 3
1.4 Content Organization 4
Chapter 2 Related Works 5
2.1 Malware Detection: Common Detection Tools/Methods 5
2.2 Rule Synthesis 6
2.2.1 Self-Organizing Map and Growing Hierarchical Self-Organizing Map 6
2.2.2 k-Means 8
2.2.3 Other Clustering Algorithm 9
2.2.4 Support Vector Machines 9
2.3 Algorithm Optimization 10
Chapter 3 Methodology 12
3.1 Detection strategy 15
3.2 Parallel Computation 17
3.3 Distributed Computation 23
Chapter 4 Experiment 26
4.1 Evaluation with nonlinear function 26
4.2 Real-world experiment and analysis 28
4.3 Discussion 36
Chapter 5 Conclusion 38
References 39
[1] Almeida, L., &; Silva, F. (1990). Speeding up backpropagation. Adv Neural Comput, 151-158.
[2] Bayer, U., Comparetti, P. M., Hlauschek, C., Kruegel, C., &; Kirda, E. (2009, February). Scalable, Behavior-Based Malware Clustering. In NDSS (Vol. 9, pp. 8-11).
[3] Cortes, C., &; Vapnik, V. (1995). Support-vector networks. Machine learning,20(3), 273-297.
[4] Faour, A., Leray, P., &; Bassam, E. T. E. R. (2007). Growing hierarchical self-organizing map for alarm filtering in network intrusion detection systems. InNew Technologies, Mobility and Security (pp. 631-631). Springer Netherlands.
[5] Faour, A., Leray, P., &; Eter, B. (2006). A SOM and Bayesian network architecture for alert filtering in network intrusion detection systems. InInformation and Communication Technologies, 2006. ICTTA'06. 2nd (Vol. 2, pp. 3175-3180). IEEE.
[6] Feyereisl, J., &; Aickelin, U. (2009). Self-Organising Maps in Computer Security.Computer Security: Intrusion, Detection and Prevention, Ed. Ronald D. Hopkins, Wesley P. Tokere, 1-30.
[7] Figueroa-Nazuno, J. Neural Networks: A Comprehensive Foundation.Computación y Sistemas, 4(2), 188-190.
[8] Garfinkel, T., &; Rosenblum, M. (2003, February). A Virtual Machine Introspection Based Architecture for Intrusion Detection. In NDSS (Vol. 3, pp. 191-206).
[9] Hodge, V. J., &; Austin, J. (2004). A survey of outlier detection methodologies. Artificial Intelligence Review, 22(2), 85-126.
[10] Hofmeyr, S. A., Forrest, S., &; Somayaji, A. (1998). Intrusion detection using sequences of system calls. Journal of computer security, 6(3), 151-180.
[11] Huang, S. Y., Yu, F., Tsaih, R. H., &; Huang, Y. (2014, July). Resistant learning on the envelope bulk for identifying anomalous patterns. In Neural Networks (IJCNN), 2014 International Joint Conference on (pp. 3303-3310). IEEE.
[12] Jianliang, M., Haikun, S., &; Ling, B. (2009, May). The application on intrusion detection based on -means cluster algorithm. In Information Technology and Applications, 2009. IFITA'09. International Forum on (Vol. 1, pp. 150-152). IEEE.
[13] Kosoresow, A. P., &; Hofmeyr, S. A. (1997). Intrusion detection via system call traces. IEEE software, 14(5), 35-42.
[14] Kramer, A. H., &; Sangiovanni-Vincentelli, A. (1989). Efficient parallel learning algorithms for neural networks. In Advances in neural information processing systems (pp. 40-48).
[15] Lee, S. W., &; Yu, F. (2014, January). Securing KVM-Based Cloud Systems via Virtualization Introspection. In System Sciences (HICSS), 2014 47th Hawaii International Conference on (pp. 5028-5037). IEEE.
[16] Leonard, J., &; Kramer, M. A. (1990). Improvement of the backpropagation algorithm for training neural networks. Computers &; Chemical Engineering, 14(3), 337-341.
[17] Leung, K., &; Leckie, C. (2005, January). Unsupervised anomaly detection in network intrusion detection using clusters. In Proceedings of the Twenty-eighth Australasian conference on Computer Science-Volume 38 (pp. 333-342). Australian Computer Society, Inc..
[18] Muda, Z., Yassin, W., Sulaiman, M. N., &; Udzir, N. I. (2011, July). Intrusion detection based on K-Means clustering and Naïve Bayes classification. InInformation Technology in Asia (CITA 11), 2011 7th International Conference on (pp. 1-6). IEEE.
[19] Mukkamala, S., Janoski, G., &; Sung, A. (2002). Intrusion detection using neural networks and support vector machines. In Neural Networks, 2002. IJCNN'02. Proceedings of the 2002 International Joint Conference on (Vol. 2, pp. 1702-1707). IEEE.
[20] Om, H., &; Kundu, A. (2012, March). A hybrid system for reducing the false alarm rate of anomaly intrusion detection system. In Recent Advances in Information Technology (RAIT), 2012 1st International Conference on (pp. 131-136). IEEE.
[21] Payne, B. D. (2012). Simplifying virtual machine introspection using libvmi.Sandia Report.
[22] Pethick, M., Liddle, M., Werstein, P., &; Huang, Z. (2003, November). Parallelization of a backpropagation neural network on a cluster computer. InInternational conference on parallel and distributed computing and systems (PDCS 2003).
[23] Portnoy, L. (2000). Intrusion detection with unlabeled data using clustering.
[24] Rauber, A., Merkl, D., &; Dittenbach, M. (2002). The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data. Neural Networks, IEEE Transactions on, 13(6), 1331-1341.
[25] Rieck, K., Holz, T., Willems, C., Düssel, P., &; Laskov, P. (2008). Learning and classification of malware behavior. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 108-125). Springer Berlin Heidelberg.
[26] Rieck, K., Trinius, P., Willems, C., &; Holz, T. (2011). Automatic analysis of malware behavior using machine learning. Journal of Computer Security, 19(4), 639-668.
[27] Riedmiller, M., &; Braun, H. (1993). A direct adaptive method for faster backpropagation learning: The RPROP algorithm. In Neural Networks, 1993., IEEE International Conference on (pp. 586-591). IEEE.
[28] Rumelhart, D. E., Hinton, G. E., &; Williams, R. J. (1985). Learning internal representations by error propagation (No. ICS-8506). CALIFORNIA UNIV SAN DIEGO LA JOLLA INST FOR COGNITIVE SCIENCE.
[29] Sahs, J., &; Khan, L. (2012, August). A machine learning approach to android malware detection. In Intelligence and Security Informatics Conference (EISIC), 2012 European (pp. 141-147). IEEE.
[30] Salomon, R. (1989). Adaptive Regelung der Lernrate bei back-propagation. Technische Universität Berlin. FB 20. Institut für Software und Theoretische Informatik.
[31] Schiffmann, W., Joost, M., &; Werner, R. (1993, April). Comparison of optimized backpropagation algorithms. In ESANN (Vol. 93, pp. 97-104).
[32] Schmidhuber, J., Pfeifer, I. R., Schreter, Z., Fogelman, Z., &; Steels, L. (1989). Accelerated learning in back-propagation nets.
[33] SO, K. (2011). Cloud computing security issues and challenges. International Journal of Computer Networks, 11-14.
[34] Tsai, C. F., &; Lin, C. Y. (2010). A triangle area based nearest neighbors approach to intrusion detection. Pattern Recognition, 43(1), 222-229.
[35] Tsaih, R. H., &; Cheng, T. C. (2009). A resistant learning procedure for coping with outliers. Annals of Mathematics and Artificial Intelligence, 57(2), 161-180.
[36] Yoo, I. (2004, October). Visualizing windows executable viruses using self-organizing maps. In Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security (pp. 82-89). ACM.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關論文
 
無相關期刊
 
無相關點閱論文