中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/89929
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41643306      Online Users : 1219
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/89929


    Title: 使用XAI優化圖神經網路模型於網路惡意流量偵測之研究;A Study of Malicious Network Traffic Detection Based on Graph Neural Network and Using eXplainable Artificial Intelligence to Optimize Model
    Authors: 吳晨緯;Wu, Chen-Wei
    Contributors: 資訊工程學系
    Keywords: 入侵檢測系統;流量分類;圖神經網路;可解釋人工智慧;特徵分析;模型優化;Intrusion Detection System;Traffic Classification;Graph Neural Network;Explainable Artificial Intelligence;Feature Analysis;Optimize Model
    Date: 2022-08-11
    Issue Date: 2022-10-04 12:05:04 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 現今網路技術的多樣化、5G 網路的蓬勃發展以及各式各樣雲端服務的出現,促使智慧型手機、智慧型穿戴裝置及物聯網(Internet of Thing)設備的數量大量的成長,使網路攻擊(Cyberattack)防護的重要性隨之提高。在一般的入侵檢測系統(Intrusion Detection System)上,流量檢測方式只有使用到網路中兩個節點之間的流量資訊,但是在整個網路中是同時的有大量的流量在傳遞,使用一般的方法並無法使用到網路中多個節點的流量資訊。將網路流量轉換為圖(Graph)的方式,可以利用到整個網路中更多的流量資訊,但同時在有如此豐富的資料上,要如何有效的去使用以及計算如此龐大的資料將會是一個挑戰。
    本論文為了解決在一般入侵檢測系統只使用到兩節點之流量問題,提出一個專門用於邊特徵的圖神經網路演算法 EdgeSAGE(Edge SAmple and aggreGatE),並用其建立惡意流量分類模型,透過將流量轉換為圖並利用圖的結構性將流量特徵進行傳遞與聚合,使流量在預測時可以有效的使用到鄰近的流量資訊,讓模型在攻擊流量的分類上變得更加準確。此外使用XAI(eXplainable Artificial Intelligence)技術去分析模型的輸入特徵,計算出每個特徵對於模型的重要性,並利用分析結果降低模型輸入之維度同時減少模型中的參數,以達到降低模型計算成本之優化效果。使用EdgeSAGE相較於相同架構的DNN模型F1-Score可以提升15.48%,在EdgeSAGE模型優化結果上可以在幾乎不影響模型準確度的情況下,降低12.9%的預測時間與提升14.8%的Throughput,另外在降低 36.1% 的預測時間和提升 57.2% 的 Throughput 的情況下,EdgeSAGE模型仍可保有 92.4 %的F1-Score。
    ;The diversification of today′s network technologies, the vigorous development of 5G networks, and the emergence of various cloud services have led to massive growth in the number of smartphones, smart wearable devices, and Internet of Things (Internet of Things) devices. The importance of cyberattack protection has increased accordingly. In general intrusion detection systems, the traffic detection method only uses the traffic information between two nodes in the network, but a large amount of traffic is transmitted simultaneously in the entire network. Traffic information to multiple nodes in the network is not available using general methods. The way of converting network traffic into graph can utilize more traffic information in the entire network, but at the same time, with such abundant data, how to effectively use and calculate such huge data will be a challenge.
    To solve the problem that only two nodes are used in general intrusion detection systems, this paper proposes a graph neural network algorithm EdgeSAGE (Edge SAmple and aggreGatE) specially used for edge features. And use it to build a malicious traffic classification model. By converting traffic into a graph and using the structure of the graph to transmit and aggregate traffic features, the adjacent traffic information can be effectively utilized in traffic prediction, and the model can be used in the classification of attack traffic to become more accurate. In addition, XAI (eXplainable Artificial Intelligence) technology is used to analyze the input features of the model, calculate the importance of each feature to the model, and use the analysis results to reduce the dimension of the model input and reduce the parameters in the model. To achieve the effect of optimizing the model and reducing the calculation cost. Compared with the DNN model of the same architecture, the F1-Score of EdgeSAGE can be improved by 15.48%. The optimization results of EdgeSAGE model can reduce the prediction time by 12.9% and improve the throughput by 14.8% with hardly change in the accuracy of the model. With a 36.1% reduction in prediction time and a 57.2% improvement in throughput, the EdgeSAGE model still retains a 92.4% F1-Score.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML24View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明