基於機器學習及網路流量熵值的DDoS攻擊偵測研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：39

、訪客IP：3.137.218.176

姓名

蔡弘恩(Hung-En Tsai) 查詢紙本館藏

畢業系所

通訊工程學系在職專班

論文名稱

基於機器學習及網路流量熵值的DDoS攻擊偵測研究
(Study of DDoS Attack Detection Based on Machine learning and Network traffic Entropy)

相關論文

★ 應用MSPP至DWDM都會光纖網路的設計	★ 光網路與WiMAX整合架構研究及其簡化雛型實驗
★ 以Linux系統為基礎之NAT效能優化研究及其實作	★ 光波長劃分多工網路之路徑保護機制研究
★ 標籤交換網路下具有服務品質路由安排之研究	★ 以訊務相關性為基礎的整合性服務可調整QoS排程器之研究
★ 以群體播送支援IPv6環境下移動式網路連結更新之研究	★ 無線區域網路資源動態分配之效能研究
★ 在微觀移動環境下有效資源保留之路徑管理研究	★ 無線網路交握程序之預先認證方法分析與比較
★ 無線區域網路虛擬允入控制之研究	★ IPv6環境下移動網路之連結更新程序及其效能之研究
★ 具有限數量波長轉換節點的分波多工網路之群播波長分配與容量計算研究	★ 階層化行動式IPv6移動錨點選擇機制研究
★ 具高能量移動節點之叢集式感測網路效能研究	★ 預先註冊之快速換手階層化行動式IPv6研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2025-5-1以後開放)

摘要(中)

隨著通訊科技不斷進步與創新，現代人類生活上已離不開電子通訊產品，不斷追求連網的便利及發展應用服務的商機，在物聯網興起後許多物品都實現了具備連網的能力，然而許多通訊裝置製造商並未重視其產品的安全性，數十億台物聯網週邊裝置潛藏安全漏洞，尤其近年來駭客頻頻利用韌體漏洞入侵多數監視器設備，對外發動分散式阻斷服務攻擊(DDoS)，造成對互聯網的嚴重威脅，尤其近年來多數國內金融業、證券業及政府網站經常遭遇DDoS攻擊威脅，駭客藉此勒索受害者支付贖金否則癱瘓其交易系統運作，影響輕則造成系統短暫癱瘓，重則可能導致客戶信心流失而轉向至其他業者，將產生難以估計的損失，故資安的重要性已成為不可忽略的議題。
DDoS攻擊手法日新月異，攻擊流量規模也不斷創新高，目前主要的檢測技術趨勢都是關注在整體網路流量變化，但若碰到高頻率小封包的DDoS攻擊，從網路流量上是無法察覺出明顯異樣，導致使用基於流量的檢測技術無法偵測到DDoS攻擊發生，但實際已造成終端網路設備服務異常。
過去有部分研究使用傳統基於熵的方式來偵測DDoS攻擊，判斷式的閥值可分為固定及動態兩種方式，其中固定閥值需要隨著用戶使用情境而不斷進行人工調整，無法自適應網路使用狀況，而動態閥值需靠平均值及標準差等方式自適應更新閥值，在網路環境變動較大的環境容易造成誤判。
而本研究中主要利用熵值(Entropy)的特性，分析不同時間點的flow分佈，並提出了基於非監督式機器學習的方式，透過正常訓練集樣本去學習一個決策邊界，提供一個有效的Anomaly Detection模組，並改善傳統動態閥值DDoS偵測容易因網路環境變化，導致熵值震盪進而造成誤判的情形，以達到本研究嘗試改善偵測誤判率之目的。

摘要(英)

Along with swift development of science and communication technology, people are inseparable from electronic communication products nowadays, continuously pursuing the convenience of networking and business opportunities for developing application services. After the rise of the Internet of Things, many devices are able to connect to the Internet. However, many communication device manufacturers have not paid attention to the security of their products. Billions of IoT peripherals have hidden security loopholes. Hackers can steal data or launch distributed denial-of-service (DDoS) attacks through loopholes, cause serious threats to the Internet. Especially in recent years, financial and securities companies have encountered the threat of DDoS attacks. Hackers threaten companies to pay ransoms, otherwise they will paralyze the services. In the worst case, it may lead to the loss of customer confidence and transfer to other business competitors, resulting in inestimable losses. Therefore, the importance of information security has become an issue that cannot be ignored.
DDoS attack is getting stronger and the scale of traffic is increasing. The detection techniques are mainly focused on network flow. It is difficult to detect significant DDoS attacks by using traffic-based detection technology if encountering small packets and a high Packet rate. As a result, traffic-based detection technology cannot detect DDoS attacks, but it has actually caused abnormal service of terminal network equipment.
In the past, some researchers used the traditional entropy-based measure to detect DDoS attacks. The detection threshold was divided into fixed and dynamic. The fixed threshold needed to be adjusted according to user’s network scenarios, and couldn’t be adjusted automatically. The dynamic threshold requires to be adaptively updated by means and deviation, in the environment where the network traffic changed greatly, it was difficult to maintain the detection rate.
In this paper, the characteristics of Entropy are used to describe the flow distribution at different times. We propose a method based on unsupervised machine learning which learns a decision boundary through normal training dataset, provides an effective Anomaly Detection module. The purpose of this study is to improve detection rate and provide a feasible solution that can achieve a good accuracy DDoS detection method.

關鍵字(中)

★ 分散式阻斷服務攻擊
★ 熵
★ 資訊安全

關鍵字(英)

★ DDoS
★ Entropy
★ information Security

論文目次

摘要 i
Abstract ii
目錄 iv
圖目錄 v
表目錄 vii
第一章緒論 1
1.1 研究動機與目的 1
1.2 章節架構 1
第二章背景知識與相關研究 2
2.1 分散式阻斷服務(DDoS)攻擊 2
2.2 異常檢測方法相關文獻 4
2.2.1 Signature Based 5
2.2.2 Anomaly Based 6
2.2.3 機器學習檢測方法 7
2.3 Entropy數學模型 11
第三章研究方法 13
3.1 產生Entropy統計資訊 14
3.1.1 實例說明 15
3.2 基於熵值動態閥值DDoS攻擊偵測 16
3.3 基於機器學習及熵值之DDoS攻擊偵測 23
第四章實驗與結果討論 29
4.1 DDoS攻擊流量產生 29
4.2 基於熵值動態閥值DDoS攻擊偵測實驗結果 32
4.2.1文獻[35]DDoS Dataset DDoS攻擊偵測實驗結果 32
4.2.2自行產生DDoS攻擊偵測實驗結果 33
4.3 基於機器學習及熵值之DDoS攻擊偵測實驗結果 36
4.3.1文獻[35]DDoS Dataset DDoS攻擊偵測實驗結果 36
4.3.2自行產生DDoS攻擊偵測實驗結果 40
第五章結論及後續研究方向 47
參考文獻 48

參考文獻

[1] [Online].Available:https://www.ithome.com.tw/news/149388 /[Accessed April. 10, 2022.]
[2] [Online] .Available: https://www.cloudflare.com/zh-tw/learning/ddos/what-is-a-ddos-attack/[ Accessed Oct. 01, 2021.]
[3] Kumar, "Understanding denial of service (DoS) attacks using OSI reference model", International Journal of Education and Science Research, 2014.
[4] Khajurial Amit and Srivastava Roshan, "Analysis of the DDoS Defense Strategies in Cloud Computing", international journal of enhanced research in management & computer applications, vol. 2, no. 2, February 2013.
[5] Subramaniam.T.K, "Volume-based attacks Distributed Denial of Service attacks",International Journal of Information Technology, Control and Automation (IJITCA) Vol. 6, No.2, April 2016.
[6] [Online].Available: https://blog.cloudflare.com/zh-tw/ddos-attack-trends-for-2021-q4-zh-tw/[ Accessed Oct. 01, 2021.]
[7] [Online].Available:
https://www.netadmin.com.tw/netadmin/zhtw/technology/F332544D7A274E8AAAF7D0295328B744[Accessed April. 10, 2022.]
[8] Stephen M. Specht, Ruby B. Lee“Distributed Denial of Service: Taxonomies of Attacks, Tools and Countermeasures”, In Proceedings of the International Conferences on Parallel and Distributed system, pp. 543-550, September 2004. "
[9] M. Roesch, "Snort - Lightweight Intrusion Detection for Networks," Proc. USENIX Systems Administration Conf. (LISA′99), Nov. 1999.
[10] T. Ditcheva and Lisa Fowler, “Signature-based Intrusion Detection” class notes for COMP290-040, University of North Carolina at Chapel Hill, Feb. 2005.
[11] LIU, Zaoxing, et al. Jaqen: A High-Performance Switch-Native Approach for Detecting and Mitigating Volumetric DDoS Attacks with Programmable Switches. In: 30th USENIX Security Symposium (USENIX Security 21). 2021. p. 3829-3846.
[12] Čisar, Petar, and Sanja Maravić Čisar. "A Flow-based Algorithm for Statistical Anomaly Detection." 7th International Symposium of Hungarian Researches on Computational Intelligence, Budapest. 2006.
[13] L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, "Statistical approaches to ddos attack detection and response," in DARPA Information Survivability Confeience and Exposition, 2003. Proceedings, vol. 1. IEEE Press, 2003, pp. 303-314.
[14] J. Bhayo, R. Jafaq, A. Ahmed, S. Hameed and S. A. Shah, "A Time-Efficient Approach Toward DDoS Attack Detection in IoT Network Using SDN," in IEEE Internet of Things Journal, vol. 9, no. 5, pp. 3612-3630, 1 March1, 2022, doi: 10.1109/JIOT.2021.3098029.
[15] [Online] .https://scikit-learn.org/stable/modules/outlier_detection.html#outlier-detection[ Accessed Mar. 10, 2021.]
[16] P.Louridas,C.Ebert, "Machine Learning" in IEEE Software, Volume: 33, Issue: 5, Sept.-Oct. 2016.
[17] [Online] .Available: https://www.sap.com/taiwan/insights/what-is-machine-learning.html[ Accessed Feb. 22, 2022.]
[18] Lamrini, Bouchra, et al. "Anomaly Detection using Similarity-based One-Class SVM for Network Traffic Characterization." DX@ Safeprocess. 2018.
[19] S.Seufert,D.O’Brien.”Machine Learning for Automatic Defense against Distributed Denial of Service Attacks“, IEEE International conference on Communications ,Glasgow,pp. 1217-1222,2007.
[20] R.Doshi,N.Apthorpe,”Machine Learning DDoS Detection for Consumer Internet of Things Devices”, 2018 IEEE Security and Privacy Workshops (SPW), August. 2018.
[21] R. Braga, E. Mota and A. Passito, "Lightweight DDoS flooding attack detection using NOX/OpenFlow," IEEE Local Computer Network Conference, 2010, pp. 408-415, doi: 10.1109/LCN.2010.5735752.
[22] A. Saied, R. E. Overill and T. Radzik, "Detection of known and unknown DDoS attacks using Artificial Neural Networks", Neurocomputing, vol. 172, pp. 385-393, 2016.
[23] T. A. Tang, L. Mhamdi, D. McLernon, S. A. R. Zaidi and M. Ghogho, "Deep learning approach for Network Intrusion Detection in Software Defined Networking," 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), 2016, pp. 258-263, doi: 10.1109/WINCOM.2016.7777224.
[24] L. Barki, A. Shidling and N. Meti, "Detection of distributed denial of service attacks in software defined networks", IEEE International Conference on Advances in Computing Communications and Informatics, pp. 2576-2581, September. 2016.
[25] [Online].Available:
http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html[Accessed Mar. 10, 2021.]
[26] A. RRNYI, " ON MEASURES OF ENTROPY AND INFORMATION”in Proceedings of the fourth Berkeley symposium on mathematical Statistics and probability, June 1961, vol. 1,pp.547-561.
[27] N.Zhang, F.Jaafar, " Low-Rate DoS Attack Detection Using PSD Based Entropy and Machine Learning", in 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud), 21-23, June, 2019.
[28] H. Liu, Y. Sun, V C Valgenti et al., "Trustguard: A flow-level reputation-based DDoS defense system", Consumer Communications and Networking Conference (CCNC) 2011 IEEE, pp. 287-291, 2011.
[29] G. No and I. Ra, "An efficient and reliable DDoS attack detection using a fast entropy computation method", Communications and Information Technology 2009. ISCIT 2009.9th International Symposium on, pp. 1223-1228, 2009.
[30] [Online] .https://zh.wikipedia.org/wiki/卷积[ Accessed Mar. 10, 2022.]
[31] [Online] .https://zh.wikipedia.org/wiki/68–95–99.7法則[ Accessed Mar. 10, 2022.]
[32] N. M. Yungaicela-Naula, C. Vargas-Rosales and J. A. Perez-Diaz, "SDN-Based Architecture for Transport and Application Layer DDoS Attack Detection by Using Machine and Deep Learning," in IEEE Access, vol. 9, pp. 108495-108512, 2021, doi: 10.1109/ACCESS.2021.3101650.
[33] V. H. Bezerra, V. G. T. da Costa, S. B. Junior, R. S. Miani and B. B. Zarpelo, "IoTDS: A One-Class Classification Approach to Detect Botnets in Internet of Things Devices", Sensors, 2019.
[34] David M.J. Tax, Robert P.W. Duin. Support vector domain description[J]. Pattern recognition letters, 1999, 20(11-13): 1191-1199.
[35] [Online] .https://ieee-dataport.org/open-access/denial-service-and-man-middle-attacks-programmable-logic-controllers[Accessed Mar. 10, 2022.]

指導教授

陳彥文(Yen-Wen Chen)

審核日期

2022-5-3

推文