基於自編碼器與多頭注意力機制的惡意流量檢測模型

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：28

、訪客IP：18.224.31.14

姓名

呂賀翔(Ho-Hsiang Lu) 查詢紙本館藏

畢業系所

資訊工程學系在職專班

論文名稱

基於自編碼器與多頭注意力機制的惡意流量檢測模型
(A Malicious Traffic Detection Model Based on Autoencoder and Multi-Head Attention Mechanism)

相關論文

★ 無線行動隨意網路上穩定品質服務路由機制之研究	★ 應用多重移動式代理人之網路管理系統
★ 應用移動式代理人之網路協同防衛系統	★ 鏈路狀態資訊不確定下QoS路由之研究
★ 以訊務觀察法改善光突發交換技術之路徑建立效能	★ 感測網路與競局理論應用於舒適性空調之研究
★ 以搜尋樹為基礎之無線感測網路繞徑演算法	★ 基於無線感測網路之行動裝置輕型定位系統
★ 多媒體導覽玩具車	★ 以Smart Floor為基礎之導覽玩具車
★ 行動社群網路服務管理系統－應用於發展遲緩兒家庭	★ 具位置感知之穿戴式行動廣告系統
★ 調適性車載廣播	★ 車載網路上具預警能力之車輛碰撞避免機制
★ 應用於無線車載網路上之合作式交通資訊傳播機制以改善車輛擁塞	★ 智慧都市中應用車載網路以改善壅塞之調適性虛擬交通號誌

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

隨著網路技術的高速發展，5G 網路和各類雲端服務的普及。智慧型手機、智慧穿戴設備及物聯網(IoT)設備的數量正在呈現指數級增長。個人資訊、金融交易及支付方式的數位化為人們帶來極大的便利性，但也讓駭客們有更多的攻擊機會與手段，因此資訊安全(Information Security)的重要性與可實踐性變得極其重要。為了因應現代網路的高速度與低延遲性，入侵檢測系統(Intrusion Detection System)的響應時間將會是關鍵指標，傳統的檢測方法仰賴於分析高維度數據，不僅計算成本高，也難以滿足即時性的需求。而高複雜度的模型部署在邊緣設備上的可行性也有待確認，因為邊緣設備通常不具備強大的運算能力。

本論文為了解決傳統檢測方法的高計算成本與高響應時間，提出了一種高效的混合模型(Encoder and Multi-head Attention, EMA)，透過自動編碼器(Auto encoder)將原始流量降維，使得低維度數據能夠代表原始數據表示，大幅降低計算成本，接著使用多頭注意力機制(Multi-head attention)從低維度數據中計算特徵與特徵之間的關聯性，找到關鍵因素並加強其權重，並透過殘差連接達到數據增強的效果，解決資料降維可能導致大量資訊損失的問題。

為驗證該方法的有效性，本論文採用 UNSW-NB15 數據集進行了實驗測試。實驗結果表明，與傳統的入侵檢測方法中表現最好的 GRU 模型相比，以準確度為優先的 EMA 模型能夠在低運算成本的情況下將準確率維持在 98.48%，並使模型訓練時間減少 85.41%，預測時間減少 60.24%，CPU 峰值降低 15.20%，平均 CPU 使用率降低 42.31%，而以速度爲優先的 EMA 模型能夠以犧牲 2.10%準確度換取訓練時間減少 93.13%，預測時間減少 64.69%，CPU 峰值降低 29.48%，平均 CPU 使用率降低 42.31%。大幅降低傳統檢測方法為人詬病的高計算成本與響
應時間，提高模型部署在低計算能力的邊緣設備上的可行性，為現代網路安全防
護提供了一種高效且實用的解決方案。

摘要(英)

With the rapid development of network technology and the proliferation of 5G networks and various cloud services, the number of smartphones, smart wearables, and Internet of Things (IoT) devices is growing exponentially. The digitization of personal information, financial transactions, and payment methods has brought significant convenience to people while providing more opportunities and means for hackers to launch attacks. As a result, the importance and practicality of information security have become critical. To meet the high speed and low latency demands of modern networks, the response time of Intrusion Detection Systems (IDS) will be a crucial indicator. Traditional detection methods rely on analyzing high-dimensional data, which is computationally expensive and fails to meet real-time requirements. The feasibility of deploying complex models on edge devices also remains uncertain because such devices typically lack robust computing power.

To address the high computational cost and response time of traditional detection methods, this paper proposes an efficient hybrid model(Encoder and Multi-head Attention, EMA). The model uses an autoencoder to reduce the dimensionality of the original network traffic, enabling low-dimensional data to represent the original data more efficiently and reducing computational costs significantly. It then employs a multi-head attention mechanism to identify key factors and strengthen their weights by calculating the relationships between features in the low-dimensional data. Through residual connections, the model achieves data augmentation, solving the problem of significant information loss that can result from dimensionality reduction.

To validate the effectiveness of the proposed method, this paper conducted experimental tests using the UNSW-NB15 dataset. The experimental results indicate that, compared to the best-performing GRU model in traditional intrusion detection methods, the accuracy-prioritized EMA model can maintain an accuracy rate of 98.48% with low computational cost, reduce training time by 85.41%, prediction time by 60.24%, peak CPU usage by 15.20%, and average CPU usage by 42.31%. Meanwhile, the speed-prioritized EMA model, by sacrificing 2.10% accuracy, can reduce training time by 93.13%, prediction time by 64.69%, peak CPU usage by 29.48%, and average CPU usage by 42.31%. This significantly reduces the high computational cost and response time that have been criticized in traditional detection methods, enhancing the feasibility of deploying the model on edge devices with low computational power and providing an efficient and practical solution for modern network security protection.

關鍵字(中)

★ 流量分類
★ 降維
★ 注意力機制
★ 自動編碼器
★ 入侵檢測系統

關鍵字(英)

★ Traffic classification
★ Dimensionality reduction
★ Attention mechanism
★ Autoencoder
★ Intrusion detection system

論文目次

摘要 i
Abstract iii
誌謝 v
目錄 vi
圖目錄 ix
表目錄 xii
第一章緒論 1
1.1. 概要 1
1.2. 研究動機 2
1.3. 研究目的 3
1.4. 章節架構 3
第二章背景知識與相關研究 4
2.1. 入侵檢測系統(Intrusion Detection System) 4
2.2. 降維(Dimension Reduction) 6
2.3. 注意力機制(Attention Mechanism) 7
2.4. 相關研究 8
第三章研究方法 11
3.1. 模型架構 11
3.2. 資料前處理(Data Preprocess) 13
3.2.1. 極端值修剪(Extreme value capping) 15
3.2.2. 對數函數(Log function) 16
3.2.3. 類別縮減(Category reduction) 16
3.2.4. One-hot encoding 17
3.2.5. Standard scaler 18
3.3. 降維模型 - 自動編碼器(Autoencoder) 20
3.3.1. 自動編碼器(Autoencoder) 21
3.3.2. 具體流程 23
3.3.3. 降維模型架構 26
3.3.4. 降維可視化分析 27
3.4. 分類模型 - 多頭注意力機制(Mutli-Head Attention) 29
3.4.1. 多頭注意力機制 29
3.4.2. 具體流程 32
3.4.3. 分類模型架構 35
3.5. 系統實作 37
第四章實驗與討論 38
4.1. 情境一：分析降維模型架構變化對效能的影響 38
4.1.1. 實驗一：激勵函數對於降維效能的影響 38
4.1.2. 實驗二：Layer 數量對於降維效能的影響 41
4.1.3. 實驗三：降維幅度對於編碼器效能的影響 44
4.1.4. 實驗四：比較 EMA 與各模型的整體效能 48
4.2. 情境二：分析分類模型架構變化對效能的影響 52
4.2.1. 實驗五：注意力機制頭數對於模型效能的影響 52
4.2.2. 實驗六：前饋神經網路對於注意力機制效能的影響 56
4.2.3. 實驗七：前饋神經網路層數對注意力機制效能的影響 61
4.2.4. 實驗八：比較多頭注意力機制與各模型的整體效能 65
4.3. 情境三：針對不同目標的 EMA 架構最佳化 70
4.3.1. 實驗九：分析以精確度/速度為焦點的 EMA 效能 70
第五章結論與未來研究方向 75
5.1. 結論 75
5.2. 未來研究 76
參考文獻 78

參考文獻

參考文獻
[1] Statista, “Global internet user penetration 2021 | Statista,” Statista, 2024. https://www.statista.com/statistics/325706/global-internet-user-penetration/
[2] Z. Balani and Mohammed Nasseh Mohammed, “Enhancing Cybersecurity against Stuxnet in the Future of Cyberwarfare: A Combined Approach Using Firewalls and Intrusion Detection Systems,” International Journal of Science and Business, vol. 28, no. 1, pp. 21–30, Jan. 2023, doi: https://doi.org/10.58970/ijsb.2202
[3] R. Khader and D. Eleyan, “Survey of DoS/DDoS attacks in IoT,” Sustainable Engineering and Innovation, vol. 3, no. 1, pp. 23–28, Jan. 2021, doi: https://doi.org/10.37868/sei.v3i1.124
[4] T. AdebayoO, K. AleseB, and J. Gabriela, “A Model for Computer Worm Detection in a Computer Network,” International Journal of Computer Applications, Mar. 2013, Accessed: Jun. 27, 2024. [Online]. Available: https://www.semanticscholar.org/paper/A-Model-for-Computer-Worm-Detection-in-a-Computer-AdebayoO.-AleseB./846f0891575e962638684ce9312c54abda223eeb
[5] M. Yu, T. Xie, T. He, P. McDaniel, and Q. K. Burke, “Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks,” IEEE/ACM Transactions on Networking, vol. 29, no. 6, pp. 2793–2806, Dec. 2021, doi: https://doi.org/10.1109/tnet.2021.3099717
[6] A. Borkar, A. Donode, and A. Kumari, “A survey on Intrusion Detection System (IDS) and Internal Intrusion Detection and protection system (IIDPS),” IEEE Xplore, Nov. 01, 2017. https://ieeexplore.ieee.org/document/8365277
[7] J. Schmidhuber, “Deep learning in neural networks: An overview,” Neural Networks, vol. 61, no. 61, pp. 85–117, Jan. 2015, doi: https://arxiv.org/abs/1404.7828
[8] I. Stellios, P. Kotzanikolaou, M. Psarakis, C. Alcaraz, and J. Lopez, “A Survey of IoT-Enabled Cyberattacks: Assessing Attack Paths to Critical Infrastructures and Services,” IEEE Communications Surveys & Tutorials, vol. 20, no. 4, pp. 3453–3495, 2018, doi: https://doi.org/10.1109/comst.2018.2855563
[9] C. O. S. Sorzano, J. Vargas, and A. P. Montano, “A survey of dimensionality reduction techniques,” arXiv:1403.2877 [cs, q-bio, stat], Mar. 2014, Available: https://doi.org/10.48550/arXiv.1403.2877
[10] A. Vaswani et al., “Attention Is All You Need,” arXiv.org, Jun. 12, 2017. https://arxiv.org/abs/1706.03762
[11] K. O’Shea and R. Nash, “An Introduction to Convolutional Neural Networks,” arXiv:1511.08458 [cs], Dec. 2015, Available: https://arxiv.org/abs/1511.08458
[12] H. Sak, A. Senior, and F. Beaufays, “Long Short-Term Memory Based Recurrent Neural Network Architectures for Large Vocabulary Speech Recognition,” arXiv.org, 2014. https://arxiv.org/abs/1402.1128
[13] T. Lin, Y. Wang, X. Liu, and X. Qiu, “A Survey of Transformers,” arXiv:2106.04554 [cs], Jun. 2021, Available: https://arxiv.org/abs/2106.04554
[14] “network based intrusion detection system - an overview | ScienceDirect Topics,” Sciencedirect.com, 2011.https://www.sciencedirect.com/topics/computer-science/network-based-intrusion-detection-system
[15] Hami Satilmiş, Sedat Akleylek, and Zaliha Yüce Tok, “A Systematic Literature Review on Host-Based Intrusion Detection Systems,” IEEE access, pp. 1–1, Jan. 2024, doi: https://doi.org/10.1109/access.2024.3367004
[16] “Network packet,” Wikipedia, Nov. 10, 2019. https://en.wikipedia.org/wiki/Network_packet
[17] “Traffic flow (computer networking),” Wikipedia, Mar. 30, 2021. https://en.wikipedia.org/wiki/Traffic_flow_(computer_networking)
[18] J. Shlens, “A Tutorial on Principal Component Analysis,” arXiv:1404.1100 [cs, stat], Apr. 2014, Available: https://arxiv.org/abs/1404.1100
[19] “Papers with Code - LDA Explained,” paperswithcode.com. https://paperswithcode.com/method/lda
[20] N. Gillis, “The Why and How of Nonnegative Matrix Factorization,” arXiv:1401.5226 [cs, math, stat], Mar. 2014, Available: https://arxiv.org/abs/1401.5226
[21] Umberto Michelucci, “An Introduction to Autoencoders,” arXiv (Cornell University), Jan. 2022, doi: https://arxiv.org/abs/2201.03898
[22] R. Patil, S. Boit, V. Gudivada, and J. Nandigam, “A Survey of Text Representation and Embedding Techniques in NLP,” IEEE Access, vol. 11, pp. 36120–36146, 2023, doi: https://doi.org/10.1109/access.2023.3266377
[23] Z. Wu, H. Zhang, P. Wang, and Z. Sun, “RTIDS: A Robust Transformer-Based Approach for Intrusion Detection System,” IEEE Access, vol. 10, pp. 64375–64387, 2022, doi: https://doi.org/10.1109/ACCESS.2022.3182333
[24] J. Lam and R. Abbas, “Machine Learning based Anomaly Detection for 5G Networks,” arXiv:2003.03474 [cs, stat], Mar. 2020, Available: https://arxiv.org/abs/2003.03474
[25] H. Wang and W. Li, “DDosTC: A Transformer-Based Network Attack Detection Hybrid Mechanism in SDN,” Sensors, vol. 21, no. 15, p. 5047, Jan. 2021, doi: https://doi.org/10.3390/s21155047
[26] M. Zeeshan et al., “Protocol Based Deep Intrusion Detection for DoS and DDoS attacks using UNSW-NB15 and Bot-IoT data-sets,” IEEE Access, pp. 1–1, 2021, doi: https://doi.org/10.1109/ACCESS.2021.3137201
[27] C.-W. Wu, "A Study of Malicious Network Traffic Detection Based on Graph Neural Network and Using eXplainable Artificial Intelligence to Optimize Model," M.S. thesis, Dept. Comput. Sci. Inf. Eng., National Central University, supervised by L.-D. Chou, 2022, Accessed on June 7, 2024. [Online]. Available: https://hdl.handle.net/11296/vvmm4v
[28] L.-D. Chou, "Deep Learning-Based Malicious Traffic Detection and Defense Using Raspberry Pi," Project Technical Report, Dept. Comput. Sci. Inf. Eng., National Central University, 2022.
[29] “DDoS 2019 | Datasets | Research | Canadian Institute for Cybersecurity | UNB,” www.unb.ca. https://www.unb.ca/cic/datasets/ddos-2019.html
[30] “IDS 2017 | Datasets | Research | Canadian Institute for Cybersecurity | UNB,” Www.unb.ca, 2017. https://www.unb.ca/cic/datasets/ids-2017.html
[31] “Port Scanning Attack,” GeeksforGeeks, Sep. 06, 2022. https://www.geeksforgeeks.org/port-scanning-attack/
[32] “Brute-force attack,” Wikipedia, Feb. 23, 2020. https://en.wikipedia.org/wiki/Brute-force_attack
[33] “Cross-site scripting,” Wikipedia, Jul. 25, 2019 https://en.wikipedia.org/wiki/Cross-site_scripting
[34] “The UNSW-NB15 Dataset | UNSW Research,” research.unsw.edu.au. https://research.unsw.edu.au/projects/unsw-nb15-dataset
[35] N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, “Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-IoT Dataset,” arXiv (Cornell University), Nov. 2018, doi: https://arxiv.org/abs/1811.00701
[36] “Gradient-based learning applied to document recognition - IEEE Journals & Magazine,” Ieee.org, 2019. http://yann.lecun.com/exdb/publis/pdf/lecun-98.pdf
[37] S. Abirami and P. Chitra, “Multilayer Perceptron - an overview | ScienceDirect Topics,” www.sciencedirect.com, 2020. https://www.sciencedirect.com/topics/computer-science/multilayer-perceptron
[38] Y. Yu, X. Si, C. Hu, and J. Zhang, “A Review of Recurrent Neural Networks: LSTM Cells and Network Architectures,” Neural Computation, vol. 31, no. 7, pp. 1235–1270, Jul. 2019, doi: https://colah.github.io/posts/2015-08-Understanding-LSTMs/
[39] F. Scarselli, M. Gori, Ah Chung Tsoi, M. Hagenbuchner, and G. Monfardini, “The Graph Neural Network Model,” IEEE Transactions on Neural Networks, vol. 20, no. 1, pp. 61–80, Jan. 2009, doi: https://ieeexplore.ieee.org/document/4700287
[40] “Raspberry Pi,” Wikipedia, Feb. 07, 2019. https://en.wikipedia.org/wiki/Raspberry_Pi
[41] I. Ahmed, G. Jeon, and F. Piccialli, “From Artificial Intelligence to eXplainable Artificial Intelligence in Industry 4.0: A survey on What, How, and Where,” IEEE Transactions on Industrial Informatics, vol. 18, no. 8, pp. 1–1, 2022, doi: https://doi.org/10.1109/tii.2022.3146552
[42] “Cryptanalysis,” Wikipedia, Aug. 21, 2019. https://en.wikipedia.org/wiki/Cryptanalysis
[43] S. Ni, X. Wang, Y. Shang, and L. Zhang, “Natural and Imperceptible Backdoor Attack against Deep Neural Networks,” May 2023, doi: https://doi.org/10.1109/icecai58670.2023.10176925
[44] Scikit-learn, “sklearn.preprocessing.OneHotEncoder — scikit-learn 0.22 documentation,” Scikit-learn.org, 2019. https://scikit-learn.org/stable/modules/generated/sklearn.preprocessing.OneHotEncoder.html
[45] Scikit-Learn, “sklearn.preprocessing.StandardScaler — scikit-learn 0.21.2 documentation,” Scikit-learn.org, 2019. https://scikit-learn.org/stable/modules/generated/sklearn.preprocessing.StandardScaler.html
[46] K. He, X. Zhang, S. Ren, and J. Sun, “Deep Residual Learning for Image Recognition,” arXiv.org, Dec. 10, 2015. https://arxiv.org/abs/1512.03385
[47] J. L. Ba, J. R. Kiros, and G. E. Hinton, “Layer Normalization,” arXiv:1607.06450 [cs, stat], Jul. 2016, Available: https://arxiv.org/abs/1607.06450
[48] “Softmax — PyTorch 2.1 documentation,” pytorch.org. https://pytorch.org/docs/stable/generated/torch.nn.Softmax.html
[49] E. W. Weisstein, “Skewness,” mathworld.wolfram.com. http://mathworld.wolfram.com/Skewness.html
[50] “Curse of dimensionality,” Wikipedia, Dec. 08, 2019. https://en.wikipedia.org/wiki/Curse_of_dimensionality
[51] “Mean squared error,” Wikipedia, Mar. 30, 2019. https://en.wikipedia.org/wiki/Mean_squared_error
[52] M. A. Mercioni and S. Holban, “The Most Used Activation Functions: Classic Versus Current,” 2020 International Conference on Development and Application Systems (DAS), May 2020, doi: https://doi.org/10.1109/das49615.2020.9108942
[53] J. Brownlee, “A Gentle Introduction to the Rectified Linear Unit (ReLU) for Deep Learning Neural Networks,” Machine Learning Mastery, Apr. 20, 2019. https://machinelearningmastery.com/rectified-linear-activation-function-for-deep-learning-neural-networks/
[54] “NumPy — NumPy,” Numpy.org, 2009. http://www.numpy.org/
[55] “pandas documentation — pandas 1.0.1 documentation,” pandas.pydata.org, 2024. https://pandas.pydata.org/docs/
[56] “scikit-learn: machine learning in Python,” Scikit-learn.org, 2019.
https://scikit-learn.org/stable/
[57] “Home - Keras Documentation,” Keras.io, 2019. https://keras.io
[58] Oracle.com, 2024. https://developer.oracle.com/zh-TW/learn/technical-articles/what-is-tensorflow
[59] Z. Hu, J. Zhang, and Y. Ge, “Handling Vanishing Gradient Problem Using Artificial Derivative,” IEEE Access, vol. 9, pp. 22371–22377, 2021, doi: https://doi.org/10.1109/access.2021.3054915
[60] J. Xu, Z. Li, B. Du, M. Zhang, and J. Liu, “Reluplex made more practical: Leaky ReLU,” 2020 IEEE Symposium on Computers and Communications (ISCC), Jul. 2020, doi: https://doi.org/10.1109/iscc50000.2020.9219587
[61] D.-A. Clevert, T. Unterthiner, and S. Hochreiter, “Fast and Accurate Deep Network Learning by Exponential Linear Units (ELUs),” arXiv.org, 2015.
https://arxiv.org/abs/1511.07289
[62] “Gated recurrent unit,” Wikipedia, Feb. 18, 2019. https://en.wikipedia.org/wiki/Gated_recurrent_unit
[63] “Cost-Effective Retraining of Machine Learning Models,” ar5iv, 2024. https://ar5iv.labs.arxiv.org/html/2310.04216 (accessed Aug. 09, 2024).
L. Lyu, Y. Shen, and S. Zhang, “The Advance of Reinforcement Learning and Deep Reinforcement Learning,” 2022 IEEE International Conference on Electrical Engineering, Big Data and Algorithms (EEBDA), Feb. 2022, doi: https://doi.org/10.1109/eebda53927.2022.9744760

指導教授

周立德(Li-Der Chou)

審核日期

2024-8-14

推文