跳到主要內容

臺灣博碩士論文加值系統

(44.222.104.206) 您好!臺灣時間:2024/05/28 00:49
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:劉柏凱
研究生(外文):Bo-Kai Liu
論文名稱:一種針對駭客入侵偵測系統預測惡意行為的方法
論文名稱(外文):The Method of Malicious Behavior Prediction for Intrusion Detection System
指導教授:黃德成黃德成引用關係
口試委員:陳育毅陳偉銘
口試日期:2021-07-30
學位類別:碩士
校院名稱:國立中興大學
系所名稱:資訊工程學系所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2021
畢業學年度:109
語文別:中文
論文頁數:53
中文關鍵詞:主機型入侵偵測系統長短期記憶生成對抗網路
外文關鍵詞:Host-Based Intrusion Detection SystemLong Short-Term MemoryGenerative Adversarial Network
相關次數:
  • 被引用被引用:0
  • 點閱點閱:323
  • 評分評分:
  • 下載下載:41
  • 收藏至我的研究室書目清單書目收藏:0
隨著科技的進步,越來越多的資訊設備出現在人們的生活中。在過往的時代裡這些設備的關聯並不緊密,對於我們生活的影響並不大。然而隨著網路技術的提高,資訊設備之間的訊息傳遞變得更加方便和快速,隨之而來的便是資訊安全的隱憂。雖然探討終端設備的資訊安全可以成為一個議題,但是終端設備的資訊最終還是要回傳大型的伺服器主機當中,所以研究大型伺服器主機的入侵偵測更加治本。眾所周知惡意行為的出現常常意味著系統可能已經遭受到駭客攻擊,所以盡早發現惡意行為對於防堵駭客入侵起到至關重要的作用。然而在目前已知的大部分研究當中往往只專注於惡意行為已經發生時,系統如何辨識出惡意行為,而無法在惡意行為尚未完成時提前預測他的發生。比如傳統的主機型入侵偵測系統(Host-Based Intrusion Detection System, HIDS)就只能做記錄以及事後偵測是否有惡意行為的發生。所以本研究希望提出一種方法,在惡意行為尚未執行完成前就能預測出他的發生。
本研究提出了一種預測惡意行為的方法,此方法可以在惡意行為尚未執行完成之前偵測行為是否是惡意行為。本研究的方法是以長短期記憶模型建立起來的惡意行為偵測模型基礎上建構一個以生成對抗網路為架構的惡意行為預測模型,在測試階段證明此模型的預測準確率約有83%。本研究將提出的方法命名為主機型入侵預測系統(Host-Based Intrusion Predict System, HIPS)。
With the advancement of technology, more and more information equipment appears in people's lives. In past, the devices were not closely related and had little impact on our lives. However, with the improvement of network technology, the transmission of information between devices has become more convenient and faster, and the worries of information security follow. Although discussing the information security of terminal equipment can be an issue, the information of terminal equipment will eventually be sent back to the server. Therefore, studying the intrusion detection of servers is more fundamental. It is well known that the appearance of malicious behavior often means that the system may have been attacked by hackers. Therefore, early detection of malicious behavior plays a vital role in preventing hackers from intruding. However, most of the currently known researches tend to focus only on how the system recognizes that the malicious behavior when the malicious behavior has occurred, and cannot predict its occurrence in advance when the malicious behavior has not been completed. For example, the traditional HIDS (Host-Based Intrusion Detection System) can only record and determine afterward whether malicious behavior has occurred. Therefore, this research hopes to propose a method that can predict the appearance of malicious behavior before the malicious behavior is completed.
This research proposes a method for predicting malicious behavior, which can determine whether the behavior is malicious before the malicious behavior is completed. The method of this research is to construct a malicious behavior prediction model by GAN (Generative Adversarial Network). It Based on the malicious behavior detection model established by the LSTM (Long Short-Term Memory) model. In the testing phase, it is proved that the prediction accuracy of the model is about 83%. This study named the proposed method the HIPS (Host-Based Intrusion Predict System).
目次
致謝 i
摘要 ii
Abstract iii
目次 v
圖目次 vii
表目次 ix
第一章 緒論 1
1.1 簡介 1
1.2 研究動機與研究貢獻 2
1.3 論文架構 3
第二章 背景知識 5
2.1 主機型入侵偵測系統(Host-Based Intrusion Detection System, HIDS) 5
2.2 ADFA-LD (Australian Defence Force Academy Linux Dataset) 9
2.3 長短期記憶(Long Short-Term Memory, LSTM) 12
2.4 生成對抗網路(Generative Adversarial Network, GAN) 14
2.5 Keras 15
第三章 研究方法 17
3.1 方法流程 17
3.2 系統架構 18
3.3 以LSTM訓練惡意行為偵測模型 20
3.4 生成器模型 23
3.5 判別器模型 33
第四章 實驗結果 37
4.1 訓練過程 37
4.2 方法效能 42
4.3 比較分析 45
第五章 結論及未來展望 49
5.1 結論 49
5.2 未來展望 49
參考文獻 50
[1]財團法人台灣網路資訊中心的統計歷年個人及家庭上網行為趨勢分析。
[2]財團法人台灣網路資訊中心的統計台灣網路報告。
[3]國家通訊傳播委員會108年國家資通安全情勢報告。
[4]Yulianto, Arif & Sukarno, Parman & Suwastika, Novian. (2019). Improving AdaBoost-based Intrusion Detection System (IDS) Performance on CIC IDS 2017 Dataset. Journal of Physics: Conference Series. 1192. 012018. 10.1088/1742-6596/1192/1/012018.
[5]Sharafaldin, Iman & Habibi Lashkari, Arash & Ghorbani, Ali. (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. 108-116. 10.5220/0006639801080116.
[6]Creech, Gideon. “Developing a high-accuracy cross platform Host-Based Intrusion Detection System capable of reliably detecting zero-day attacks.” (2014).
[7]https://en.wikipedia.org/wiki/Intrusion_detection_system#cite_ref-34
[8]入侵偵測與預防系統簡介與應用
[9]Salem, Milad & Taheri, Dr & Yuan, Jiann. (2018). Anomaly Generation using Generative Adversarial Networks in Host Based Intrusion Detection.
[10]M. Anandapriya and B. Lakshmanan, "Anomaly Based Host Intrusion Detection System using semantic based system call patterns," 2015 IEEE 9th International Conference on Intelligent Systems and Control (ISCO), 2015, pp. 1-4, doi: 10.1109/ISCO.2015.7282244.
[11]Lu, Yan & Li, Jiang. (2019). Generative Adversarial Network for Improving Deep Learning Based Malware Classification. 10.1109/WSC40007.2019.9004932.
[12]Ribeiro, José & Saghezchi, Firooz & Mantas, Georgios & Rodriguez, Jonathan & Abd-Alhameed, Raed. (2020). HIDROID: Prototyping a Behavioral Host-based Intrusion Detection and Prevention System for Android. IEEE Access. PP. 1-1. 10.1109/ACCESS.2020.2969626.
[13]Creech, Gideon & Hu, Jiankun. (2013). Generation of a new IDS test dataset: Time to retire the KDD collection. IEEE Wireless Communications and Networking Conference, WCNC. 4487-4492. 10.1109/WCNC.2013.6555301.
[14]https://zh.wikipedia.org/wiki/%E6%96%87%E4%BB%B6%E4%BC%A0%E8%BE%93%E5%8D%8F%E8%AE%AE
[15]https://zh.wikipedia.org/wiki/Secure_Shell
[16]https://zh.wikipedia.org/zh-tw/Metasploit
[17]https://www.zuozuovera.com/archives/925/
[18]Creech, Gideon & Hu, Jiankun. (2014). A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguous and Discontiguous System Call Patterns. Computers, IEEE Transactions on. 63. 807-819. 10.1109/TC.2013.13.
[19]C. Brown, A. Cowperthwaite, A. Hijazi and A. SoMayaji, "Analysis of the 1999 DARPA/Lincoln Laboratory IDS Evaluation Data with NetADHICT", Proc. IEEE Symp. Computational Intelligence for Security and Defense Applications (CISDA ’09), pp. 1-7, 2009-July.
[20]P. Owezarski, "A Database of Anomalous Traffic for Assessing Profile Based IDS", Proc. Second Int’l Conf. Traffic Monitoring and Analysis (TMA ’10), pp. 59-72, 2010.
[21]V. Engen, J. Vincent and K. Phalp, "Exploring Discrepancies in Findings Obtained with the KDD Cup ’99 Data Set", Intelligent Data Analysis, vol. 15, no. 2, pp. 251-276, 2011.
[22]S. Petrovic, G. Alvarez, A. Orfila and J. Carbo, "Labelling Clusters in an Intrusion Detection System Using a Combination of Clustering Evaluation Techniques", Proc. 39th Ann. Hawaii Int’l Conf. System Sciences (HICSS ’06), vol. 6, pp. 129b, 2006-Jan.
[23]M. Mahoney and P. Chan, "An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection", Proc. Sixth Int’l Symp. Recent Advances in Intrusion Detection, pp. 220-237, 2003.
[24]J. McHugh, "Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory", ACM Trans. Information and System Security, vol. 3, no. 4, pp. 262-294, Nov. 2000.
[25]Computer Science Department, "University of New Mexico Intrusion Detection Dataset," 2012. [Online]. Available: http://www.cs.unm.edu/- immsec/systemcalls.htm
[26]Creech, Gideon. “Developing a high-accuracy cross platform Host-Based Intrusion Detection System capable of reliably detecting zero-day attacks.” (2014).
[27]https://zh.wikipedia.org/wiki/%E9%95%B7%E7%9F%AD%E6%9C%9F%E8%A8%98%E6%86%B6
[28]https://zh.wikipedia.org/wiki/%E7%94%9F%E6%88%90%E5%AF%B9%E6%8A%97%E7%BD%91%E7%BB%9C
[29]Liao, Dashun & Huang, Sunpei & Tan, Yuyu & Bai, Guoqing. (2020). Network Intrusion Detection Method Based on GAN Model. 10.1109/CCNS50731.2020.00041.
[30]Shahriar, Md Hasan & Haque, Nur Imtiazul & Rahman, Mohammad & Alonso, Miguel. (2020). G-IDS: Generative Adversarial Networks Assisted Intrusion Detection System. 376-385. 10.1109/COMPSAC48688.2020.0-218.
[31]https://zh.wikipedia.org/wiki/Keras
[32]https://ithelp.ithome.com.tw/articles/10226549
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top