跳到主要內容

臺灣博碩士論文加值系統

(44.220.181.180) 您好!臺灣時間:2024/09/14 12:24
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:吳聲愷
研究生(外文):WU, SHENG-KAI
論文名稱:入侵偵測系統的機器學習多模型組合分析
論文名稱(外文):Machine Learning Multi-Model Combination Analysis of Intrusion Detection Systems
指導教授:郭忠義郭忠義引用關係張世豪
指導教授(外文):KUO, JONG-YIHCHANG, SHIH-HAO
口試委員:郭忠義張世豪游象甫范姜永益
口試委員(外文):KUO, JONG-YIHCHANG, SHIH-HAOYU, HSIANG-FUFANJIANG,YONG-YI
口試日期:2024-06-21
學位類別:碩士
校院名稱:國立臺北科技大學
系所名稱:資訊工程系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2024
畢業學年度:112
語文別:中文
論文頁數:45
中文關鍵詞:人工智慧物聯網入侵偵測系統基於異常的偵測捲積神經網路閘門循環單元極限梯度提升
外文關鍵詞:AIoTIDSAnomaly DetectionCNNGRUXGBoost
相關次數:
  • 被引用被引用:0
  • 點閱點閱:45
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
人工智慧物聯網作為近年熱門的議題,其受到惡意攻擊威脅的攻擊面正在快速增加,為保護組織設備和資訊安全,各式安全系統如防火牆、防毒軟體、入侵偵測系統(Intrusion Detection System, IDS)、入侵防禦系統等被廣泛部屬於閘道器、伺服器、交換器與專用設備上,由於許多的安全系統與安全設備被部屬,龐大、重複、不相關且混雜著錯誤的警報資訊導致資訊過多難以處理、無法識別重要的警報、降低分析效率。
IDS作為偵測入侵的重要手段,結合機器學習的異常行為偵測技術將是提升警報品質的有效解決方案,本研究結合DCNNBiLSTM與XGBoost提出CNN-BiGRU-XGBoost的機器學習多模型組合與前兩種模型一起比較,並以應用於現實IDS工具進行考量,使用Edge-IIoT、X-IIoTID、CIC-IDS-2017與CSE-CIC-IDS-2018資料集評估模型效能、時間成本與資源使用量等指標,並以CIC-IDS-2017與CSE-CIC-IDS-2018組合的新穎泛化評估策略驗證模型在真實環境中面臨未知惡意攻擊的表現。

Artificial Intelligence and the Internet of Things (AIoT) have become hot topics in recent years, with the attack surface for malicious threats rapidly increasing. To protect organizational devices and information security, various security systems such as firewalls, antivirus software, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS) are widely deployed on gateways, servers, switches, and dedicated devices. However, the deployment of numerous security systems and devices results in a massive, redundant, irrelevant, and erroneous alarm information overload, making it difficult to process, identify important alerts, and reducing analysis efficiency.
IDS, as a critical means of detecting intrusions, combined with machine learning anomaly detection techniques, offers an effective solution to improve alert quality. This study proposes a CNN-BiGRU-XGBoost machine learning multi-model combination, combining DCNNBiLSTM and XGBoost, and compares it with the former two models. The study considers practical IDS tool applications and evaluates model performance, time cost, and resource usage using datasets such as Edge-IIoT, X-IIoTID, CIC-IDS-2017, and CSE-CIC-IDS-2018. Furthermore, a novel generalization evaluation strategy combining CIC-IDS-2017 and CSE-CIC-IDS-2018 is used to verify the model's performance in real-world environments facing unknown malicious attacks.

摘 要 i
ABSTRACT ii
誌 謝 iv
目 錄 v
表 目 錄 vii
圖 目 錄 viii
第一章 導論 1
1.1 研究背景與動機 1
1.2 研究目的 4
1.3 章節編排 5
第二章 背景知識與相關文獻探討 6
2.1 SIEM與SOAR 6
2.2 入侵偵測系統 6
2.3 偵測技術 7
2.3.1 預處理方法 8
2.4 機器學習方法 8
2.4.1 XGBoost 9
2.4.2 AdaBoost 9
2.4.3 GRU 9
2.4.4 CNNLSTM 10
2.4.5 Heuristic Algorithm 10
2.4.6 Unsupervised Machine Learning 10
2.4.7 其他 11
第三章 研究方法 12
3.1 研究主題與系統架構 12
3.2 資料集 15
3.3 模型訓練流程 23
3.4 模型架構 25
3.4.1 DCNNBiLSTM架構 25
3.4.2 XGBoost架構 26
3.4.3 CNNBiGRUXGBoost架構 27
3.5 評估指標 28
3.5.1 Accuracy 28
3.5.2 Recall 28
3.5.3 Precision 28
3.5.4 FPR 29
3.5.5 訓練時間 29
3.5.6 預測時間 29
3.5.7 資源使用量 29
第四章 實驗與成果分析 31
4.1 實驗設備資訊 31
4.2 模型架構實驗 31
4.3 成果分析與討論 39
第五章 結論與未來研究方向 40
5.1 結論 40
5.2 未來研究方向 40
參考文獻 41


[1]OOSGA. "物聯網發展現況、應用場域、全球趨勢." https://zh.oosga.com/iot/ (accessed 2023 NOV. 30).
[2]R. Kaur and M. Singh, "A Survey on Zero-Day Polymorphic Worm Detection Techniques," IEEE Communications Surveys & Tutorials, vol. 16, no. 3, pp. 1520-1549, 2014, doi: 10.1109/SURV.2014.022714.00160.
[3]WIKIPEDIA. "Intrusion detection system." https://en.wikipedia.org/wiki/Intrusion_detection_system (accessed 2024 JAN. 25).
[4]M. Roesch, "Snort - Lightweight Intrusion Detection for Networks," presented at the Proceedings of the 13th USENIX conference on System administration, Seattle, Washington, 1999.
[5]V. Paxson, "Bro: a system for detecting network intruders in real-time," presented at the Proceedings of the 7th conference on USENIX Security Symposium - Volume 7, San Antonio, Texas, 1998.
[6]Open Information Security Foundation (OISF). "Suricata." https://suricata.io/ (accessed 2024 MAR. 27).
[7]R. Awati. "security information management (SIM)." https://www.techtarget.com/searchsecurity/definition/security-information-management-SIM (accessed 2024 MAR. 27).
[8]WIKIPEDIA. "Security information and event management." https://en.wikipedia.org/wiki/Security_information_and_event_management (accessed 2024 MAR. 27).
[9]J. GREIG. "New technique leads to largest DDoS attacks ever, Google and Amazon say." https://therecord.media/largest-ddos-incidents-amazon-cloudflare-google (accessed 2024 MAR. 27).
[10]M. F. Umer, M. Sher, and Y. Bi, "Flow-based intrusion detection: Techniques and challenges," Computers & Security, vol. 70, pp. 238-254, 2017/09/01/ 2017, doi: https://doi.org/10.1016/j.cose.2017.05.009.
[11]I. Sharafaldin, A. Gharib, A. Habibi Lashkari, and A. Ghorbani, "Towards a Reliable Intrusion Detection Benchmark Dataset," Software Networking, vol. 2017, pp. 177-200, 01/01 2017, doi: 10.13052/jsn2445-9739.2017.009.
[12]I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani, "Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization," in International Conference on Information Systems Security and Privacy, 2018.
[13]M. Al-Hawawreh, E. Sitnikova, and N. Aboutorab, "X-IIoTID: A Connectivity-Agnostic and Device-Agnostic Intrusion Data Set for Industrial Internet of Things," IEEE Internet of Things Journal, vol. 9, no. 5, pp. 3962-3977, 2022, doi: 10.1109/JIOT.2021.3102056.
[14]M. A. Ferrag, O. Friha, D. Hamouda, L. Maglaras, and H. Janicke, "Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications for Centralized and Federated Learning," IEEE Access, vol. 10, pp. 40281-40306, 2022, doi: 10.1109/ACCESS.2022.3165809.
[15]V. Hnamte and J. Hussain, "DCNNBiLSTM: An Efficient Hybrid Deep Learning-Based Intrusion Detection System," Telematics and Informatics Reports, vol. 10, p. 100053, 2023/06/01/ 2023, doi: https://doi.org/10.1016/j.teler.2023.100053.
[16]M. Verkerken, L. D’hooge, T. Wauters, B. Volckaert, and F. De Turck, "Towards Model Generalization for Intrusion Detection: Unsupervised Machine Learning Techniques," Journal of Network and Systems Management, vol. 30, no. 1, p. 12, 2021/10/17 2021, doi: 10.1007/s10922-021-09615-7.
[17]A. Sperotto, G. Schaffrath, R. Sadre, C. Morariu, A. Pras, and B. Stiller, "An Overview of IP Flow-Based Intrusion Detection," IEEE Communications Surveys & Tutorials, vol. 12, no. 3, pp. 343-356, 2010, doi: 10.1109/SURV.2010.032210.00054.
[18]M. Sheeraz et al., "Effective Security Monitoring Using Efficient SIEM Architecture," Human-centric Computing and Information Sciences, vol. 13, 05/30 2023, doi: 10.22967/HCIS.2023.13.023.
[19]P. Porras and A. Valdes, Live traffic analysis of TCP/IP gateways. 1998.
[20]H. Debar, M. Dacier, and A. Wespi, "A revised taxonomy for intrusion-detection systems," Annales Des Télécommunications, vol. 55, no. 7, pp. 361-378, 2000/07/01 2000, doi: 10.1007/BF02994844.
[21]M. A. Ferrag et al., "Revolutionizing Cyber Threat Detection With Large Language Models: A Privacy-Preserving BERT-Based Lightweight Model for IoT/IIoT Devices," IEEE Access, vol. 12, pp. 23733-23750, 2024, doi: 10.1109/ACCESS.2024.3363469.
[22]E. Knapp, "Chapter 8 - Exception, Anomaly, and Threat Detection," in Industrial Network Security, E. Knapp Ed. Boston: Syngress, 2011, pp. 189-214.
[23]I. Vurdelja, I. Blažić, D. Drašković, and B. Nikolić, "Detection of Linux Malware Using System Tracers – An Overview of Solutions," IcEtran 2020, to be published.
[24]Z. Bazrafshan, H. Hashemi, S. M. H. Fard, and A. Hamzeh, "A survey on heuristic malware detection techniques," in The 5th Conference on Information and Knowledge Technology, 28-30 May 2013 2013, pp. 113-120, doi: 10.1109/IKT.2013.6620049.
[25]T. Ban, T. Takahashi, S. Ndichu, and D. Inoue, "Breaking Alert Fatigue: AI-Assisted SIEM Framework for Effective Incident Response," Applied Sciences, vol. 13, no. 11, doi: 10.3390/app13116610.
[26]M. Nawaz, M. A. Paracha, A. Majid, and H. Durad, "Attack Detection From Network Traffic using Machine Learning," VFAST Transactions on Software Engineering, vol. 8, no. 1, pp. 1-7, 11/17 2020, doi: 10.21015/vtse.v8i1.571.
[27]M. Zivkovic, M. Tair, V. K, N. Bacanin, Š. Hubálovský, and P. Trojovský, "Novel hybrid firefly algorithm: an application to enhance XGBoost tuning for intrusion detection classification," PeerJ Computer Science, vol. 8, p. e956, 2022/04/29 2022, doi: 10.7717/peerj-cs.956.
[28]P. Devan and N. Khare, "An efficient XGBoost–DNN-based classification model for network intrusion detection system," Neural Computing and Applications, vol. 32, no. 16, pp. 12499-12514, 2020/08/01 2020, doi: 10.1007/s00521-020-04708-x.
[29]C. Hazman, A. Guezzaz, S. Benkirane, and M. Azrour, "lIDS-SIoEL: intrusion detection framework for IoT-based smart environments security using ensemble learning," Cluster Computing, vol. 26, no. 6, pp. 4069-4083, 2023/12/01 2023, doi: 10.1007/s10586-022-03810-0.
[30]P. Rajasekaran and V. Magudeeswaran, "Malicious attacks detection using GRU-BWFA classifier in pervasive computing," Biomedical Signal Processing and Control, vol. 79, p. 104219, 2023/01/01/ 2023, doi: https://doi.org/10.1016/j.bspc.2022.104219.
[31]J. K. Samriya, R. Tiwari, X. Cheng, R. K. Singh, A. Shankar, and M. Kumar, "Network intrusion detection using ACO-DNN model with DVFS based energy optimization in cloud framework," Sustainable Computing: Informatics and Systems, vol. 35, p. 100746, 2022/09/01/ 2022, doi: https://doi.org/10.1016/j.suscom.2022.100746.
[32]R. K. Vigneswaran, R. Vinayakumar, K. P. Soman, and P. Poornachandran, "Evaluating Shallow and Deep Neural Networks for Network Intrusion Detection Systems in Cyber Security," in 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), 10-12 July 2018 2018, pp. 1-6, doi: 10.1109/ICCCNT.2018.8494096.
[33]Z. Chen et al., "Machine Learning-Enabled IoT Security: Open Issues and Challenges Under Advanced Persistent Threats," ACM Computing Surveys, vol. 55, no. 5, p. Article 105, 2022, doi: 10.1145/3530812.
[34]N. J. Puketza, K. Zhang, M. Chung, B. Mukherjee, and R. A. Olsson, "A Methodology for Testing Intrusion Detection Systems," IEEE Transactions on Software Engineering, vol. 22, no. 10, pp. 719–729, 1996, doi: 10.1109/32.544350.
[35]T. Chen and C. Guestrin, "XGBoost: A Scalable Tree Boosting System," presented at the Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Francisco, California, USA, 2016. [Online]. Available: https://doi.org/10.1145/2939672.2939785.
[36]Y. Freund and R. E. Schapire, "A desicion-theoretic generalization of on-line learning and an application to boosting," in Computational Learning Theory, Berlin, Heidelberg, P. Vitányi, Ed., 1995// 1995: Springer Berlin Heidelberg, pp. 23-37.


電子全文 電子全文(網際網路公開日期:20290722)
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊