跳到主要內容

臺灣博碩士論文加值系統

(98.84.25.165) 您好!臺灣時間:2024/11/10 00:21
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:林維倫
研究生(外文):Wei-Lun Lin
論文名稱:基於深度學習之殭屍網路偵測
論文名稱(外文):Botnet Detection Based on Deep Learning
指導教授:林冠成林冠成引用關係
指導教授(外文):Kuan-Cheng Lin
口試委員:蔡垂雄吳憲珠
口試委員(外文):Chwei-Shyong TsaiHsien-Chu Wu
口試日期:2019-07-17
學位類別:碩士
校院名稱:國立中興大學
系所名稱:資訊管理學系所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2019
畢業學年度:107
語文別:中文
論文頁數:44
中文關鍵詞:深度學習卷積神經網路遞迴神經網路ConvLSTM殭屍網路灰階圖特徵可視化
外文關鍵詞:Deep learningConvolutional neural networkRecurrent neural networkConvLSTMBotnetGrayscale mapFeature visualization
相關次數:
  • 被引用被引用:0
  • 點閱點閱:256
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
長期以來殭屍網路一直都是資安方面嚴重的問題,每年受到殭屍病毒感染的電腦不計其數,常見的攻擊手法有:分散式阻斷服務攻擊、垃圾郵件、點擊詐騙等等。由於遭到病毒感染的電腦不易被使用者察覺,因此偵測殭屍網路成為一門重要的課題,目前做到的大多都是以網路流量為基礎,進行人工提取特徵,但這也容易造成攻擊方特意躲避特徵逃過偵查,因為殭屍網路的潛伏期不易被偵測,造成預測時準確率降低,而本論文的概念從網路流量轉換成灰階圖的方式,透過深度學習分類電腦是否中毒,再以特徵可視化輔助肉眼觀察特徵,希望做到事先預防而不是事後偵測。使用的資料集為CTU資料集,以單一種病毒分別使用CNN、RNN、ConvLSTM進行建模,對其他種類病毒做預測,準確率平均可達91.59%、90.60%、91.82%,再以可視化特徵圖查看資料並調整資料集,最後使用最高的ConvLSTM重新訓練,準確率可達99.58%。
Botnets have been a serious problem in security for a long time. There are countless computers infected with botnets every year. The common attack methods include: distributed denial-of-service attack, spam, click fraud. Computers infected with botnets are not easily perceived by users. Therefore, detecting botnets has become an important issue. Most of the current implementations are based on network traffic and artificial extraction features, but it is also easy for the attacker to deliberately avoid the feature and escape the investigation. Because the latency of the botnet is not easily detected, the accuracy of the prediction is reduced. The concept of this paper can convert from network traffic to grayscale map. Using deep learning to classify computers for poisoning. Then, using feature visualization to assist visual observation. We hope to prevent it beforehand instead of detect afterwards. We use CTU dataset as dataset. Modeling with a single virus usingCNN、RNN、ConvLSTM and predict other type viruses. The accuracy can reach 91.59%, 90.60%, and 91.82% on average. Then, check the data and adjust dataset with visual feature maps. Finally, retraining with ConvLSTM, the accuracy is up to 99.58%.
摘要 i
ABSTRACT ii
目次 iii
表目次 vi
圖目次 vii
第一章 緒論 1
1.1 研究背景 1
1.2 研究動機 4
1.3 研究目的 5
1.4 論文架構 5
第二章 文獻探討 6
2.1 殭屍網路 6
2.2 殭屍網路架構 7
2.3 殭屍網路的通訊方式 8
2.3.1 IRC-based 8
2.3.2 Http-based 8
2.3.3 P2P-based 9
2.4 殭屍網路的拓樸方式 9
2.4.1 集中式(Centralize) 9
2.4.2 多重伺服器拓樸方式(Multi-Server) 10
2.4.3 階層式拓樸方式(Hierarchical ) 10
2.4.4 隨機拓樸方式(Random) 11
2.5 殭屍網路的偵測方式 11
2.5.1 特徵行為偵測(Signature-based Detection) 12
2.5.2 異常行為偵測(Anomaly-based Detection) 12
2.5.3 DNS偵測(DNS-based Detection) 12
2.5.4 機器學習式偵測(Machine Learning-based Detection) 13
2.6 類神經網路 13
2.6.1 卷積神經網路(Convolutional Neurla Network, CNN) 14
2.6.2 遞迴神經網路(Recurrent Neural Network, RNN) 18
2.7 特徵可視化 20
第三章 研究方法 21
3.1 研究流程 21
3.2 資料預處理 22
3.2.1 收集流量 22
3.2.2 網路流處理 24
3.2.3 灰階圖 25
3.3 CNN架構 25
3.4 RNN架構 26
3.5 CONVLSTM架構 26
3.6 特徵可視化 27
3.7 評估指標 28
第四章 實驗結果 29
4.1 實驗環境 29
4.2 實驗設計 29
4.3 實驗結果 30
4.3.1 模型準確率 30
4.3.2 特徵可視化 33
4.3.3 以iscx驗證模型準確率 35
4.3.4 熱力圖 37
第五章 結論與建議 40
5.1 研究結論 40
5.2 未來研究方向 41
參考文獻 42
[1] Goebel, Jan, and Thorsten Holz. "Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation." HotBots 7 (2007): 8-8.
[2] Alzahrani, Abdullah J., and Ali A. Ghorbani. "Real-time signature-based detection approach for sms botnet." 2015 13th Annual Conference on Privacy, Security and Trust (PST). IEEE, 2015.
[3] Denning, Dorothy E. "An intrusion-detection model." IEEE Transactions on software engineering 2 (1987): 222-232.
[4] Ye, Nong, et al. "Multivariate statistical analysis of audit trails for host-based intrusion detection." IEEE Transactions on computers 51.7 (2002): 810-820.
[5] Langin, Chet, et al. "A self-organizing map and its modeling for discovering malignant network traffic." 2009 IEEE symposium on computational intelligence in Cyber Security. IEEE, 2009.
[6] Anderson, James P. "Computer security threat monitoring and surveillance." Technical Report, James P. Anderson Company (1980).
[7] Zhou, Huiyi, et al. "A method of improved CNN traffic classification." 2017 13th International Conference on Computational Intelligence and Security (CIS). IEEE, 2017.
[8] Kim, Jihyun, et al. "Long short term memory recurrent neural network classifier for intrusion detection." 2016 International Conference on Platform Technology and Service (PlatCon). IEEE, 2016.
[9] Zhang, Yong, et al. "Network Intrusion Detection: Based on Deep Hierarchical Network and Original Flow Data." IEEE Access 7 (2019): 37004-37016.
[10] LeCun, Yann, et al. "Gradient-based learning applied to document recognition." Proceedings of the IEEE 86.11 (1998): 2278-2324.
[11] CICIDS dataset, https://www.unb.ca/cic/datasets/ids-2017.html
[12] CTU dataset, https://mcfp.weebly.com/the-ctu-13-dataset-a-labeled-dataset-with-botnet-normal-and-background-traffic.html
[13] Garcia, Sebastian, et al. "An empirical comparison of botnet detection methods." computers & security 45 (2014): 100-123.
[14] Wang, Kuochen, et al. "A fuzzy pattern-based filtering algorithm for botnet detection." Computer Networks 55.15 (2011): 3275-3286.
[15] Oikarinen, Jarkko, and Darren Reed. "Internet relay chat protocol." (1993).
[16] Yamauchi, Kazumasa, Yoshiaki Hori, and Kouichi Sakurai. "Detecting HTTP-based botnet based on characteristic of the C & C session using by SVM." 2013 Eighth Asia Joint Conference on Information Security. IEEE, 2013.
[17] 胡鈞証, “具位置知覺之混合式P2P興趣分群系統,” 碩士論文, 國立中央大學資訊工程學系碩士班, 2007。
[18] Silva, Sérgio SC, et al. "Botnets: A survey." Computer Networks 57.2 (2013): 378-403.
[19] Snort, https://www.snort.org/.https://zh.wikipedia.org/wiki/Snort
[20] Gu, Guofei, et al. "Bothunter: Detecting malware infection through ids-driven dialog correlation." USENIX Security Symposium. Vol. 7. 2007.
[21] Dagon, David. "Botnet detection and response." OARC workshop. Vol. 2005. 2005.
[22] Cisco Netflow, http://www.cisco.com/c/en/us/products/ios nx os software/ios-netflow/index.html
[23] Saad, Sherif, et al. "Detecting P2P botnets through network behavior analysis and machine learning." 2011 Ninth annual international conference on privacy, security and trust. IEEE, 2011.
[24] McCulloch, Warren S., and Walter Pitts. "A logical calculus of the ideas immanent in nervous activity." The bulletin of mathematical biophysics 5.4 (1943): 115-133.
[25] LeCun, Yann, et al. "Gradient-based learning applied to document recognition." Proceedings of the IEEE 86.11 (1998): 2278-2324.
[26] Graves, Alex, Abdel-rahman Mohamed, and Geoffrey Hinton. "Speech recognition with deep recurrent neural networks." 2013 IEEE international conference on acoustics, speech and signal processing. IEEE, 2013.
[27] Hochreiter, Sepp, and Jürgen Schmidhuber. "Long short-term memory." Neural computation 9.8 (1997): 1735-1780.
[28] Zeiler, Matthew D., and Rob Fergus. "Visualizing and understanding convolutional networks." European conference on computer vision. Springer, Cham, 2014.
[29] Zintgraf, Luisa M., et al. "Visualizing deep neural network decisions: Prediction difference analysis." arXiv preprint arXiv:1702.04595 (2017).
[30] Anderson, James P. "Computer security threat monitoring and surveillance." Technical Report, James P. Anderson Company (1980).
[31] Xingjian, S. H. I., et al. "Convolutional LSTM network: A machine learning approach for precipitation nowcasting." Advances in neural information processing systems. 2015.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊