基於注意力機制之CNN-Bi-LSTM模型應用於惡意流量偵測與分類;A Malicious Traffic Detection and Classification Based on CNN-Bi-LSTM Model using Attention Mechanism

NCUIR > College of Electrical Engineering & Computer Science > Graduate Institute of Computer Science and Information Engineering > Electronic Thesis & Dissertation > Item 987654321/92780

Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/92780

Title:	基於注意力機制之CNN-Bi-LSTM模型應用於惡意流量偵測與分類;A Malicious Traffic Detection and Classification Based on CNN-Bi-LSTM Model using Attention Mechanism
Authors:	陳柏佑;Chen, Bo-You
Contributors:	資訊工程學系
Keywords:	深度學習;卷積神經網路;長短期記憶;注意力機制;Deep Learning;Convolutional Neural Network;Long Short Term Memory;Attention Mechanism
Date:	2023-08-10
Issue Date:	2023-10-04 16:10:32 (UTC+8)
Publisher:	國立中央大學
Abstract:	在網路科技的多樣化及蓬勃發展下，聯網裝置的數量快速成長，使得網路攻擊的事件日益頻繁。因此在網路安全（Cybersecurity）的重要性也隨之提高。現今人工智慧（Artificial Intelligence, AI）模型已應用在各個領域的多個場景，其中也包含了網路異常偵測。然而AI模型中的深度學習（Deep Learning）是常見作為流量分析的一種方式。其以神經網路（Neural Network）為架構來對資料擷取特徵，並利用特徵來做學習。而根據特徵的型態，將可分成時間特徵與空間特徵，但現今的AI模型開發者通常是以單一型態進行分析，使得無法同時取得流量特徵的兩種型態，導致在流量的預測上沒有良好的效果。因此擁有流量特徵的兩種型態，將能夠對模型預測上的效果是一個重要的關鍵。本論文基於注意力機制使用卷積神經網路（Convolutional Neural Network, CNN）與雙向長短期記憶（Bidirectional Long Short Term Memory, Bi-LSTM）做混合模型，提出Convolutional Neural Network and Bidirectional Long Short Term Memory with Attention Mechanism (CBLA)，提出之模型可獲取網路流量的空間特徵與時間特徵，並結合注意力機制使得模型在預測分類上更為準確，同時為該模型具備可解釋的能力。可以有效分辨CIC-IDS2017資料集上的9種攻擊類型，並且可達到99.43%的F1-Score。在與CNN-Bi-LSTM模型的比較下，所提出之CBLA在Bot、WebAttacks與Infiltration可分別提升38.92%、17.24%和25.42%的F1-score。並且在不影響CBLA模型架構與參數下，特徵數量為20個仍可達到93.67%的F1-score。結果顯示本篇論文所提出之CBLA模型應用於惡意流量分類是可以有效分辨惡意流量以及在較少特徵的數量上仍有不錯的效果。 ;With the diversification and vigorous development of network technology, the number of networked devices has grown rapidly, making network attacks more and more frequent. Therefore, the importance of cybersecurity has also increased. Today′s artificial intelligence model (Artificial Intelligence, AI) model has been applied in many scenarios in various fields, including network anomaly detection. However, deep learning (Deep Learning) in AI models is commonly used as a way of traffic analysis. It uses a neural network (Neural Network) as a framework to extract features from data and use features for learning. According to the type of feature, it can be divided into time feature and space feature, but today′s AI model developers usually analyze with a single type, making it impossible to obtain two types of traffic characteristics at the same time, resulting in traffic prediction. No good effect. Therefore, having two types of traffic characteristics will be an important key to the effect of model prediction. Based on the attention mechanism, this paper uses Convolutional Neural Network (CNN) and Bidirectional Long Short Term Memory (Bi-LSTM) as a hybrid model, and proposes Convolutional Neural Network and Bidirectional Long Short Term Memory with Attention Mechanism, the proposed model can obtain the spatial and temporal characteristics of network traffic, combined with the attention mechanism to make the model more accurate in predicting classification, and at the same time provide the model with the ability to explain. It can effectively distinguish 9 types of attacks on the CIC-IDS2017 data set, and can reach 99.43% of the F1-Score. Compared with the CNN-Bi-LSTM model, the proposed CBLA can increase the F1-score by 38.92%, 17.24% and 25.42% in Bot, WebAttacks and Infiltration, respectively. And without affecting the structure and parameters of the CBLA model, the number of features is 20, and the F1-score of 93.67% can still be achieved. The results show that the CBLA model proposed in this paper is applied to malicious traffic classification can effectively distinguish malicious traffic and still have a good effect on the number of features.
Appears in Collections:	[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

Files in This Item:

File	Description	Size	Format
index.html		0Kb	HTML	49	View/Open

社群 sharing

Loading...