中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/93146
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 80990/80990 (100%)
造访人次 : 41649613      在线人数 : 1404
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/93146


    题名: 結合分群法與深度學習之網路行為異常偵測;A Study on Anomaly Detection Based on Clustering and Deep Learning
    作者: 李嘉峻;Li, CHIA-CHUN
    贡献者: 資訊管理學系在職專班
    关键词: K-means分群;歐基里得距離;曼哈頓距離;切比雪夫距離;深度學習;離群值;K-means;Euclidean Distance;Manhattan Distance;Chebyshev Distance;deep learning;outliers
    日期: 2023-07-05
    上传时间: 2024-09-19 16:44:31 (UTC+8)
    出版者: 國立中央大學
    摘要: 摘要
    依警政署詐欺犯罪案件發生及財損數據顯示,假投資詐欺發生數及財損最高,其次就是解除分期付款詐騙案件,高居第二名,顯然是網路詐騙之高發案件。解除分期付款詐騙其犯罪成因,與個人資料外洩有絕對關係,駭客利用網路入侵購物網站與拍賣平臺賣家的訂單系統,竊取買家個人資料與交易明細資料,再假冒客服進行ATM解除分期付款詐騙,所以個資外洩導致詐欺犯罪事件頻頻發生。為扼止解除分期付款詐騙,正本清源的方法即是查出駭客之攻擊連線,如何有效分析防火牆日誌,從中找出可疑的異常連線。本研究希望透過分析防火牆系統日誌紀錄查出入侵的異常連線來源,並針對網路異常連線提出警示,防制遭入侵攻擊之可能。
    研究方法是使用K-means分群法,取出最佳的K值,再將數據分成cluster,並計算該cluster分群的平均值,且將該平均值視為cluster的中心點。再利用每個數據點與中心點的距離來檢測異常連線。為求在分群法中取得正確的異常連線,本文計算距離的方法,分別使用歐基里得距離,簡稱歐氏距離(Euclidean Distance)、曼哈頓距離(Manhattan Distance)、切比雪夫距離(Chebyshev Distance)3種進行比較。另以深度神經網絡(DNN)對防火牆的複雜數據進行建模,將測試數據集提供給模型進行評估,並使用混淆矩陣、ROC曲線和精度、召回率等指標來評估模型性能。
    案例分析:將研究方法實際使用於案例數據,實驗證明,離群值確實可以用來偵測網路異常連線,且防火牆日誌數據使用曼哈頓距離計算較為準確,另DNN模型與堆疊分類預測比較,DNN模型更能檢測出異常連線。;Abstract
    According to the data on fraud cases and financial losses provided by the Criminal Investigation Bureau, investment fraud has the highest occurrence and financial loss, followed by installment payment fraud, which ranks second. It is evident that these types of fraud are prevalent in online scams. Installment payment fraud is closely related to the leakage of personal data. Hackers exploit vulnerabilities in the order systems of shopping websites and auction platforms to steal buyers′ personal information and transaction details. They then impersonate customer service representatives to carry out ATM installment payment fraud. Therefore, the leakage of personal information leads to frequent occurrences of fraudulent activities. To mitigate installment payment fraud, a proactive approach is to identify the attack connections made by hackers and effectively analyze firewall logs to identify suspicious and abnormal connections. This study aims to analyze firewall system log records to detect anomalous intrusion connections and provide warnings for network anomalies, thereby preventing potential security breaches.
    The research methodology employed in this study involves the use of the K-means clustering method to determine the optimal number of clusters. The data is then divided into clusters, and the average values of each cluster are calculated, considering them as the cluster centroids. The distances between each data point and the centroids are then calculated to detect abnormal connections. To obtain accurate identification of abnormal connections using the clustering approach, three distance calculation methods are compared: Euclidean Distance, Manhattan Distance, and Chebyshev Distance. Additionally, a deep neural network (DNN) is utilized to model the complex data from the firewall. The test dataset is used to evaluate the performance of the model, utilizing metrics such as confusion matrix, ROC curve, accuracy, and recall.
    Case analysis demonstrates the practical application of the research methodology using real-world data. The experiments verify that outliers can indeed be used to detect abnormal network connections, with the Manhattan Distance yielding more accurate results for analyzing firewall log data. Furthermore, the DNN model outperforms the stacked classification prediction model in detecting abnormal connections.
    Keywords: K-means, Euclidean Distance, Manhattan Distance, Chebyshev Distance, deep learning, outliers
    显示于类别:[資訊管理學系碩士在職專班 ] 博碩士論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML18检视/开启


    在NCUIR中所有的数据项都受到原著作权保护.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明