跳到主要內容

臺灣博碩士論文加值系統

(18.97.9.169) 您好!臺灣時間:2024/12/06 08:54
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:張炫誠
研究生(外文):Hsuan-Cheng Chang
論文名稱:以BO-LGBM機制與XAI為基礎之網路惡意流量偵測研究
論文名稱(外文):Network Malicious Traffic Detection Based on BO-LGBM Mechanism with XAI
指導教授:周立德周立德引用關係
指導教授(外文):Li-Der Chou
學位類別:碩士
校院名稱:國立中央大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2024
畢業學年度:112
語文別:中文
論文頁數:81
中文關鍵詞:貝葉斯演算法流量分類入侵檢測系統模型優化特徵分析
外文關鍵詞:Bayesian OptimizationTraffic ClassificationIntrusion Detection SystemModel OptimizationFeature Analysis
相關次數:
  • 被引用被引用:0
  • 點閱點閱:12
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
隨著現今網路技術蓬勃發展,促使智慧型設備以及物聯網裝置大幅提升,因此在網路安全(Cybersecurity)的重要性也隨之提升。為了有效抵禦網路攻擊(Cyberattack),現今使用人工智慧(Artificial Intelligence, AI)模型來實現入侵檢測系統(Intrusion Detection System, IDS),用來偵測網路惡意流量,由於AI模型具有複雜的超參數空間,若只依賴人工方式手動調整超參數,可能會造成付出的成本變得高昂,且較不容易找出最佳的超參數配置。
本論文為了解決不易找出模型的最佳超參數配置的問題,提出(Bayesian Optimization - Light Gradient Boosting Machine, BO-LGBM)機制,用來建立網路惡意流量分類模型,此機制利用貝葉斯演算法(Bayesian Optimization, BO)來找出(Light Gradient Boosting Machine, LightGBM)模型的最佳超參數配置,從而提升模型在流量分類的準確度。本論文採用IoT20資料集作為模型的輸入,實驗結果中於網路惡意流量分類有著98.89%的F1-score,相較人工手動方式設置超參數的LightGBM模型可以提升5.33%。此外BO-LGBM相比於Random Forest、Bagging、CatBoost以及CNN都具有更高的準確度,而且在模型大小和預測時間上更為輕量和快速。本論文還採用eXplainable Artificial Intelligence(XAI)技術對模型的輸入特徵進行分析,並取得各攻擊類別的特徵重要性,再通過XAI分析出的結果來降低模型輸入維度,以降低模型的負擔。在LightGBM模型特徵刪除結果中可以在幾乎不影響模型準確度的情況下,降低10.5%的預測時間與提升11.8%的Throughput,另外在降低 17.18% 的預測時間和提升 20.43% 的 Throughput 的情況下,模型仍可保有 96.18 %的 F1-Score。
With the rapid development of current internet technologies, the proliferation of smart devices and Internet of Things (IoT) devices has significantly increased. Consequently, the importance of cybersecurity has also risen. To effectively defend against cyberattacks, Artificial Intelligence (AI) models are now employed to implement Intrusion Detection Systems (IDS) to detect network malicious traffic. Due to the complex hyperparameter space of AI models, relying solely on manual adjustments can be costly and make it difficult to find the optimal hyperparameter configuration.
This paper addresses the challenge of identifying the optimal hyperparameter configuration for models by proposing a Bayesian Optimization - Light Gradient Boosting Machine (BO-LGBM) mechanism. This mechanism leverages Bayesian Optimization (BO) to determine the best hyperparameter settings for the Light Gradient Boosting Machine (LightGBM) model, thereby improving the model's accuracy in traffic classification. The IoT20 dataset is used as the input for the model in this paper. Experimental results show that the BO-LGBM achieves an F1-score of 98.89% in network malicious traffic classification, representing a 5.33% improvement over manually configured LightGBM models. Additionally, BO-LGBM demonstrates higher accuracy compared to Random Forest, Bagging, CatBoost, and CNN, and is more lightweight and faster in terms of model size and prediction time. This paper also employs eXplainable Artificial Intelligence (XAI) techniques to analyze the input features of the model, obtaining feature importance for each attack category. The XAI analysis results are then used to reduce the dimensionality of the model's input, thus decreasing the model's burden. The feature removal results in the LightGBM model show that it can reduce prediction time by 10.5% and increase throughput by 11.8% without significantly affecting the model's accuracy. Furthermore, when reducing prediction time by 17.18% and increasing throughput by 20.43%, the model can still maintain an F1-Score of 96.18%.
摘要 i
Abstract ii
誌謝 iv
目錄 v
圖目錄 viii
表目錄 x
第一章 緒論 1
1.1. 概要 1
1.2. 研究動機 2
1.3. 研究目的 3
1.4. 章節架構 3
第二章 背景知識與相關研究 5
2.1. 入侵檢測系統(Intrusion Detection System) 5
2.1.1. Packet-based入侵檢測 6
2.1.2. Flow-based入侵檢測 6
2.2. 輕量梯度提升機器 7
2.3. 貝葉斯演算法 8
2.4. 可解釋人工智慧 9
2.5. 相關研究 11
第三章 研究方法 15
3.1. 設計理念以及系統架構 15
3.2. 系統運作流程 17
3.2.1. 網路惡意流量蒐集 18
3.2.2. 資料前處理 19
3.2.3. 貝葉斯優化 23
3.2.4. 模型訓練 27
3.2.5. 模型特徵分析 28
3.3. 系統環境 31
第四章 實驗與討論 32
4.1. 情境一:LightGBM模型在網路惡意流量分類成效與資料前處理比較 32
4.1.1. 實驗一:LightGBM於網路惡意流量上的二元分類成效 34
4.1.2. 實驗二:LightGBM於網路惡意流量上的多元分類成效 35
4.1.3. 實驗三:資料前處理對模型分類成效之影響 36
4.2. 情境二:BO-LGBM於網路惡意流量的分類並與其他模型進行比較 38
4.2.1. 實驗四:超參數優化的分類成效 38
4.2.2. 實驗五:超參數優化的模型大小比較 41
4.2.3. 實驗六:超參數優化的模型預測時間比較 42
4.2.4. 實驗七:比較不同超參數優化方法對於模型的影響 43
4.2.5. 實驗八:不同資料集中超參數優化之分類成效 46
4.3. 情境三:模型分析與改善結果 47
4.3.1. 實驗九:攻擊類別的特徵重要性分析 48
4.3.2. 實驗十:特徵刪除對模型的影響 51
第五章 結論與未來研究方向 55
5.1.1. 結論 55
5.1.2. 研究限制 56
5.1.3. 未來研究 56
參考文獻 58
參考文獻
[1]
Wikipedia, “Internet of things”, Accessed on Jun 5, 2024. [Online]. Available: https://en.wikipedia.org/wiki/Internet_of_thing
[2]
AWS, “What is a Distributed denial-of-service attack (DDoS) ?”, Accessed on Jun 5, 2024. [Online].Available: https://aws.amazon.com/tw/shield/ddos-attack-protection/
[3]
CyberArk, “What is a Malware Attack?”, Accessed on Jun 5, 2024. [Online]. Available: https://www.cyberark.com/what-is/malware/
[4]
IBM, “What is an intrusion detection system (IDS)?”, Accessed on Jun 5, 2024. [Online]. Available: https://www.ibm.com/topics/intrusion-detection-system
[5]
Y. LeCun, Y. Bengio, and G. Hinton, “Deep Learning,” Nature, vol. 521, no. 7553, pp. 436–444, May 2015, doi: https://doi.org/10.1038/nature14539.
[6]
M. I. Jordan and T. M. Mitchell, “Machine learning: Trends, perspectives, and prospects,” Science, vol. 349, no. 6245, pp. 255–260, Jul. 2020, doi: https://doi.org/10.1126/science.aaa8415.
[7]
51CTO, “Global IoT Market Forecast”, Accessed on Jun 6, 2024. [Online]. Available: https://www.51cto.com/article/717841.html
[8]
W. Samek, G. Montavon, S. Lapuschkin, C. J. Anders, and K.-R. Muller, “Explaining Deep Neural Networks and Beyond: A Review of Methods and Applications,” Proceedings of the IEEE, vol. 109, no. 3, pp. 247–278, Mar. 2021, doi: https://doi.org/10.1109/jproc.2021.3060483.
[9]
R. Haridas and J. R L, “Convolutional Neural Networks: A Comprehensive Survey,” International Journal of Applied Engineering Research, vol. 14, no. 3, p.
780, Feb. 2019, doi:
https://doi.org/10.37622/ijaer/14.3.2019.780-789.
[10]
S. D, “Metro Water Fraudulent Prediction in Houses Using Convolutional Neural Network and Recurrent Neural Network,” Revista Gestão Inovaçãoe Tecnologias, vol. 11, no. 4, pp. 1177–1187, Jul. 2021, doi: https://doi.org/10.47059/revistageintec.v11i4.2177.
[11]
L. Yang and A. Shami, “On hyperparameter optimization of machine learning algorithms: Theory and practice,” Neurocomputing, vol. 415, pp. 295–316, Nov. 2020, doi: https://doi.org/10.1016/j.neucom.2020.07.061.
[12]
P. I. Frazier, “A Tutorial on Bayesian Optimization,” arXiv (Cornell University), Jul. 2018, doi: https://doi.org/10.48550/arxiv.1807.02811.
[13]
Wikipedia, “LightGBM”, Accessed on Jun 5, 2024. [Online]. Available: https://en.wikipedia.org/wiki/LightGBM.
[14]
E. Schulz, M. Speekenbrink, and A. Krause, “A tutorial on Gaussian process regression: Modelling, exploring, and exploiting functions,” Journal of Mathematical Psychology, vol. 85, pp. 1–16, Aug. 2018, doi: https://doi.org/10.1016/j.jmp.2018.03.001.
[15]
T. Wagner, M. Emmerich, A. Deutz, and Wolfgang Ponweiser, “On Expected-Improvement Criteria for Model-based Multi-objective Optimization,” Springer eBooks, pp. 718–727, Jan. 2010, doi: https://doi.org/10.1007/978-3-642-15844-5_72.
[16]
J. T. Wilson, F. Hutter, and Marc Peter Deisenroth, “Maximizing acquisition functions for Bayesian optimization,” neural information processing systems, vol. 31, pp. 9884–9895, Dec. 2018.
[17]
Christophm, “Interpretable Machine Learning”, 2022, Accessed on April 11, 2022. [Online]. Available: https://christophm.github.io/interpretable-ml-book/
[18]
S. Jose, D. Malathi, B. Reddy, and D. Jayaseeli, “A Survey on Anomaly Based Host Intrusion Detection System,” Journal of Physics: Conference Series, vol. 1000, p. 012049, Apr. 2018, doi: https://doi.org/10.1088/1742-6596/1000/1/012049.
[19]
R. Sekar, Y. Guang, S. Verma, and T. Shanbhag, “A high-performance network intrusion detection system,” Proceedings of the 6th ACM conference on Computer and communications security - CCS ’99, 1999, doi: https://doi.org/10.1145/319709.319712.
[20]
H. K. Lim, J. B. Kim, J.S. Heo, K. Kim, Y. G. Hong, and Y. H. Han. “Packet-based network traffic classification using deep learning.” IEEE International Conference on Artificial Intelligence in Information and Communication (ICAIIC 2019), pp. 046-051. 2019 , doi: https://doi.org/10.1109/icaiic.2019.8669045.
[21]
M. Ring, D. Schlör, D. Landes, and A. Hotho, “Flow-based network traffic generation using Generative Adversarial Networks,” Computers & Security, vol. 82, pp. 156–172, May 2019, doi: https://doi.org/10.1016/j.cose.2018.12.012.
[22]
B. de Ville, “Decision trees,” Wiley Interdisciplinary Reviews: Computational Statistics, vol. 5, no. 6, pp. 448–455, Oct. 2013, doi: https://doi.org/10.1002/wics.1278.
[23]
Wikipedia, “Boosting(machine learning”, Accessed on Jun 5, 2024. [Online]. Available: https://en.wikipedia.org/wiki/Boosting_(machine_learning)
[24]
T. Chen and C. Guestrin, “XGBoost: a Scalable Tree Boosting System,” Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining - KDD ’16, pp. 785–794, 2016, doi: https://doi.org/10.1145/2939672.2939785.
[25]
GeeksforGeeks, “LightGBM Histogram-Based Learning”, Accessed on Jun 6,
202
4. [Online]. Available: https://www.geeksforgeeks.org/lightgbm-histogram-based-learning/.
[26]
J. Waring, C. Lindvall, and R. Umeton, “Automated Machine Learning: Review of the State-of-the-Art and Opportunities for Healthcare,” Artificial Intelligence in Medicine, vol. 104, p. 101822, Feb. 2020, doi: https://doi.org/10.1016/j.artmed.2020.101822.
[27]
M. Feurer, K. Eggensperger, S. Falkner, M. Lindauer, and F. Hutter, “Auto-sklearn 2.0: hands-free automl via meta-learning,” 2022 The Journal of Machine Learning Research, vol. 23, no. 1, pp. 11936-11996, 2022.
[28]
H. Jin, F. Chollet, Q. Song, and X. Hu, “Autokeras: An automl library for deep learning,” 2023 Journal of Machine Learning Research, vol. 24, no. 6, pp. 1-6, 2023.
[29]
Sigrún Andradóttir, “Chapter 20 An Overview of Simulation Optimization via Random Search,” Handbooks in operations research and management science, pp. 617–631, Jan. 2006, doi: https://doi.org/10.1016/s0927-0507(06)13020-0.
[30]
D. Wang, D. Tan, and L. Liu, “Particle swarm optimization algorithm: an overview,” Soft Computing, vol. 22, no. 2, pp. 387–408, Jan. 2017, doi: https://doi.org/10.1007/s00500-016-2474-6.
[31]
Medium, “LIME:explain Machine Learning predictions”, Accessed on Jun 5, 2024. [Online]. Available: https://towardsdatascience.com/lime-explain-machine-learning-predictions-af8f18189bfe
[32]
SHAP, “Welcome to the SHAP documentation”, Accessed on Jun 5, 2024. [Online]. Available: https://shap.readthedocs.io/en/latest/
[33]
Wikipedia, “Shapley value”, Accessed on Jun 5, 2024. [Online]. Available: https://en.wikipedia.org/wiki/Shapley_value
[34]
E. Min, J. Long, Q. Liu, J. Cui, and W. Chen, “TR-IDS: Anomaly-Based Intrusion Detection through Text-Convolutional Neural Network and Random Forest,” Security and Communication Networks, vol. 2018, pp. 1–9, Jul. 2018, doi: https://doi.org/10.1155/2018/4943509.
[35]
Turing, “Word embeddings in NLP:A Complete Guide”, Accessed on Jun 5, 2024. [Online]. Available: https://www.turing.com/kb/guide-on-word-embeddings-in-nlp
[36]
Y. Zhou, J. Li, J. Chi, W. Tang, and Y. Zheng, “Set-CNN: A text convolutional neural network based on semantic extension for short text classification,” Knowledge-Based Systems, vol. 257, p. 109948, Dec. 2022, doi: https://doi.org/10.1016/j.knosys.2022.109948.
[37]
A. Verma and Virender Ranga, “ELNIDS: Ensemble Learning based Network Intrusion Detection System for RPL based Internet of Things,” The Internet of Things, Apr. 2019, doi: https://doi.org/10.1109/iot-siu.2019.8777504.
[38]
X. Dong, Z. Yu, W. Cao, Y. Shi, and Q. Ma, “A survey on ensemble learning,” Frontiers of Computer Science, vol. 14, no. 2, pp. 241–258, Aug. 2019, doi: https://doi.org/10.1007/s11704-019-8208-z.
[39]
Jin Kim, Nara Shin, S. Y. Jo, and Sang Hyun Kim, “Method of intrusion detection using deep neural network,” 2017 IEEE International Conference on Big Data and Smart Computing (BigComp), Feb. 2017, doi: https://doi.org/10.1109/bigcomp.2017.7881684.
[40]
B. Mahbooba, M. Timilsina, R. Sahal, and M. Serrano, “Explainable Artificial Intelligence (XAI) to Enhance Trust Management in Intrusion Detection Systems Using Decision Tree Model,” Complexity, vol. 2021, pp. 1–11, Jan. 2021, doi: https://doi.org/10.1155/2021/6634811.
[41]
L.-D. Chou, "Deep Learning-Based Malicious Traffic Detection and Defense Using Raspberry Pi," Project Technical Report, Dept. Comput. Sci. Inf. Eng., National Central University, 2022.
[42]
Raspberry Pi, “Raspberry Pi”, Accessed on Jun 5, 2024. [Online]. Available: https://www.raspberrypi.com/
[43]
C.-W. Wu, "A Study of Malicious Network Traffic Detection Based on Graph Neural Network and Using eXplainable Artificial Intelligence to Optimize Model," M.S. thesis, Dept. Comput. Sci. Inf. Eng., National Central University, supervised by L.-D. Chou, 2022, Accessed on June 7, 2024. [Online]. Available: https://hdl.handle.net/11296/vvmm4v
[44]
UNB, “CICFlowMeter”, Accessed on Jun 5, 2024. [Online]. Available: https://www.unb.ca/cic/research/applications.html
[45]
I. Ullah and Q. H. Mahmoud, “A Scheme for Generating a Dataset for Anomalous Activity Detection in IoT Networks,” Advances in Artificial Intelligence, pp. 508–520, 2020, doi: https://doi.org/10.1007/978-3-030-47358-7_52.
[46]
S. Okada, M. Ohzeki, and S. Taguchi, “Efficient partition of integer optimization problems with one-hot encoding,” Scientific Reports, vol. 9, no. 1, Sep. 2019, doi: https://doi.org/10.1038/s41598-019-49539-6.
[47]
Wikipedia, “Normalization(statistics)”, Accessed on Jun 5, 2024. [Online]. Available: https://en.wikipedia.org/wiki/Normalization_(statistics)
[48]
H. Henderi, “Comparison of Min-Max normalization and Z-Score Normalization in the K-nearest neighbor (kNN) Algorithm to Test the Accuracy of Types of Breast Cancer,” IJIIS: International Journal of Informatics and Information Systems, vol. 4, no. 1, pp. 13–20, Mar. 2021, doi: https://doi.org/10.47738/ijiis.v4i1.73.
[49]
NumFOCUS Inc, “Pandas”, Accessed on Jun 5, 2024. [Online]. Available: https://pandas.pydata.org/
[50]
NumPy, “NumPy”, Accessed on Jun 5, 2024. [Online]. Available: https://numpy.org/citing-numpy/
[51]
Scikit-learn, “scikit-learn”, Accessed on Jun 5, 2024. [Online]. Available: https://scikit-learn.org/stable/
[52]
Keras, “Keras:Deep Learning for humans”, Accessed on Jun 5, 2024. [Online]. Available: https://keras.io/
[53]
Simon Blanke, “Hyperactive”, Accessed on Jun 5, 2024. [Online]. Available: https://github.com/SimonBlanke/Hyperactive#citing-hyperactive
[54]
ScienceDirect, “Confusion Matrix”, Accessed on Jun 5, 2024. [Online]. Available: https://www.sciencedirect.com/topics/engineering/confusion-matrix.
[55]
UNB, “Intrusion Detection Evaluation Dataset (CIC-IDS2017)”, Accessed Jun 6, 2024. [Online]. Available: https://www.unb.ca/cic/datasets/ids-2017.html
[56]
UNSW Research, “The UNSW-NB15 Dataset”, Accessed Jun 6, 2024. [Online]. Available: https://research.unsw.edu.au/projects/unsw-nb15-dataset
[57]
V. Tolpegin, S. Truex, M. E. Gursoy, and L. Liu, “Data Poisoning Attacks Against Federated Learning Systems,” Computer Security – ESORICS 2020, pp. 480–501, 2020, doi: https://doi.org/10.1007/978-3-030-58951-6_24.
[58]
T. Bai, J. Luo, J. Zhao, B. Wen, and Q. Wang, “Recent Advances in Adversarial Training for Adversarial Robustness,” arXiv (Cornell University), Feb. 2021, doi: https://doi.org/10.48550/arxiv.2102.01356.
[59]
C.-F. Tsai, W.-C. Lin, Y.-H. Hu, and G.-T. Yao, “Under-sampling class imbalanced datasets by combining clustering analysis and instance selection,” Information Sciences, vol. 477, pp. 47–54, Mar. 2019, doi:
https://doi.org/10.1016/j.ins.2018.10.029.
[60]
A. Gosain and S. Sardana, “Handling class imbalance problem using oversampling techniques: A review,” IEEE Xplore, Sep. 01, 2017. https://ieeexplore.ieee.org/abstract/document/8125820
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊