跳到主要內容

臺灣博碩士論文加值系統

(18.97.9.171) 您好!臺灣時間:2025/01/17 10:39
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:卓俊穎
研究生(外文):Chun-Wing Tsok
論文名稱:智慧製造場域零信任架構和主動防禦機制的深度學習網路異常行為偵測
論文名稱(外文):Proactive Network Anomaly Behaviour Detection using Deep Learning for Zero Trust Smart Manufacture
指導教授:林詠章林詠章引用關係
指導教授(外文):Iuon-Chang Lin
口試委員:楊竣崴蔡家緯林傑森
口試日期:2023-05-30
學位類別:碩士
校院名稱:國立中興大學
系所名稱:資訊管理學系所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2023
畢業學年度:111
語文別:英文
論文頁數:43
中文關鍵詞:智慧製造異常行為偵測深度學習零信任架構主動防禦機制
外文關鍵詞:Smart manufacturingAbnormal behaviour detectionDeep learningZero-trust architectureActive defense mechanisms
相關次數:
  • 被引用被引用:0
  • 點閱點閱:240
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
近年來,隨著數位科技的快速發展,越來越多的工業開始導入網路和數位技術,來幫助工廠更有效率地管理和監控生產過程,從而提升生產線的效率和質量。在許多高度自動化的關燈工廠中,產線內所有機台設備都處於長時間不停機的運作,通過物聯網技術進行實時監控設備運行的狀況,也同時可以讓管理人員透過遠端技術來調整產線的運行參數,而人員錯誤的網路使用行為則會導致產線的停擺和駭客攻擊等風險,從而造成設備故障和資料外洩。因此,在工業控制場域網路相關的安全議題越來越備受關注。
在本論文中,我們提出了一種適用於智慧製造的零信任架構,通過構建網路異常行為偵測系統並實現主動防禦。該方法可以實時的針對場域中的網路行為進行監視及告警,並通過管理人員確認後將對應的IP服務封鎖以確保產線正常運行。我們分別使用長短期記憶結合自編碼器作為偵測模型以學習網路行為特徵的複雜度。最後在實驗的部分使用了UNSW-NB15和CICIDS2017數據集來驗證我們的模型,並與其他機器學習方法進行相比,我們的實驗結果在偵測異常行為上的效果明顯優於其他方法。
In recent years, since the rapid development of digital technology, a growing number of industries are starting to adopt network and digital technologies to help manage and monitor production processes more efficiently, thereby improving production efficiency and quality. In lights out manufacturing or highly automated production plants, all machinery and equipment in the production line operate continuously for long periods of time. Real-time monitoring of equipment operation through IoT technology can enable managers to adjust the operating parameters of the production line remotely, remotely. Network usage behaviour by personnel can lead to risks such as production line downtime and cyberattacks, resulting in equipment failures and data leakage. Therefore, security issues related to industrial networks are receiving increasing attention.
In this thesis, we propose a zero-trust architecture suitable for smart manufacturing, aiming to construct a network abnormal behaviour detection system and achieve proactive defense. The framework enables real-time monitoring and alerting of network behaviour in the field, and blocks corresponding IP services upon confirmation by management personnel to ensure the normal operation of production lines. We used Long Short-Term Memory (LSTM) combined with Autoencoder as a detection model to learn the complexity of network behaviour features. In the experiment, we used the intrusion detection dataset UNSW-NB15 and CICIDS2017 to evaluate our proposed model. We compared our model with other machine learning methods. Our experimental results showed significant improvements in abnormal behaviour detection performance.
Abstract in Chinese i
Abstract in English ii
Table of Contents iii
List of Tables iv
List of Figures v
Chapter 1 Introduction 1
1.1 Background 1
1.1.1 Zero Trust Architecture 1
1.1.2 Intrusion Detection System 3
1.2 Motivation 5
1.3 Contributions 6
1.4 Organization 6
Chapter 2 Related Studies 7
2.1 Binary classification methods 7
2.2 Reconstruction methods 9
Chapter 3 Methodology 11
3.1 Model selection 11
3.1.1 Autoencoder 11
3.1.2 Bidirectional Long Short Term Memory 13
3.1.3 BiLSTM Autoencoder 16
3.2 Abnormal Behaviour Detection Architecture 17
3.2.1 Phase 1: Monitoring 17
3.2.2 Phase 2: Anomaly Detection 20
3.2.3 Phase 3: Alert and Response 22
Chapter 4 Experiment 24
4.1 Dataset description 24
4.2 Dataset split 25
4.3 Feature selection 26
4.4 Performance metrics 27
4.5 Experimental environment 29
4.6 Model performances 32
Chapter 5 Conclusion 40
References 42
[1]M. Choraś and R. Kozik, "Machine learning techniques applied to detect cyber attacks on web applications," Logic Journal of the IGPL, vol. 23, no. 1, pp. 45-56, Feb. 2015.
[2]S. Maleki, S. Maleki, and N. R. Jennings, “Unsupervised anomaly detection with LSTM autoencoders using statistical data-filtering,” Applied Soft Computing, vol. 108, p. 107443, Sep. 2021.
[3]Y. Xin et al., “Machine Learning and Deep Learning Methods for Cybersecurity,” IEEE Access, vol. 6, pp. 35365–35381, Jan. 2018.
[4]A. Binbusayyis and T. Vaiyapuri, “Unsupervised deep learning approach for network intrusion detection combining convolutional autoencoder and one-class SVM,” Applied Intelligence, vol. 51, no. 10, pp. 7094–7108, Feb. 2021.
[5]J. Liu, D. Yang, M. Lian, and M. Li, “Research on Intrusion Detection Based on Particle Swarm Optimization in IoT,” IEEE Access, vol. 9, pp. 38254–38268, Jan. 2021.
[6]S. M. Kasongo, “An Advanced Intrusion Detection System for IIoT Based on GA and Tree Based Algorithms,” IEEE Access, vol. 9, pp. 113199–113212, Jan. 2021.
[7]R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-Nemrat, and S. Venkatraman, “Deep Learning Approach for Intelligent Intrusion Detection System,” IEEE Access, vol. 7, pp. 41525–41550, Jan. 2019.
[8]H. Hindy, R. D. Atkinson, C. Tachtatzis, J.-N. Colin, E. Bayne, and X. Bellekens, “Utilising Deep Learning Techniques for Effective Zero-Day Attack Detection,” Electronics, vol. 9, no. 10, p. 1684, Oct. 2020.
[9]B. Min, J.-H. Yoo, S. Kim, and D. Shin, “Network Anomaly Detection Using Memory-Augmented Deep Autoencoder,” IEEE Access, vol. 9, pp. 104695–104706, Jan. 2021.
[10]R. J. Hsieh, J. Chou and C. H. Ho, "Unsupervised Online Anomaly Detection on Multivariate Sensing Time Series Data for Smart Manufacturing," in: Proceedings of the IEEE 12th Conference on Service-Oriented Computing and Applications (SOCA), Kaohsiung, Taiwan, 2019, pp. 90-97.
[11]J. H. Lee and K. Park, “AE-CGAN Model based High Performance Network Intrusion Detection System,” Applied Sciences, vol. 9, no. 20, p. 4221, Oct. 2019.
[12]N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in: Proceedings of the Military Communications and Information Systems Conference (MilCIS), Canberra, ACT, Australia, 2015, pp. 1-6.
[13]I. Sharafaldin, A. H. Lashkari and A. A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization,” in: Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), Funchal, Madeira, Portugal, 2018, pp. 108-116.
[14]B. Reis, E. Maia and I. Praça, “Selection and Performance Analysis of CICIDS2017 Features Importance,” in: Proceedings of the International Symposium on Foundations and Practice of Security (FPS), Toulouse, France, 2019, pp. 56-71.
[15]T. Janarthanan and S. Zargari, "Feature selection in UNSW-NB15 and KDDCUP'99 datasets," in: Proceedings of the IEEE 26th International Symposium on Industrial Electronics (ISIE), Edinburgh, UK, 2017, pp. 1881-1886.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊