以BO-LGBM機制與XAI為基礎之網路惡意流量偵測研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：103

、訪客IP：18.226.251.72

姓名

張炫誠(Hsuan-Cheng Chang) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

以BO-LGBM機制與XAI為基礎之網路惡意流量偵測研究
(Network Malicious Traffic Detection Based on BO-LGBM Mechanism with XAI)

相關論文

★ 無線行動隨意網路上穩定品質服務路由機制之研究	★ 應用多重移動式代理人之網路管理系統
★ 應用移動式代理人之網路協同防衛系統	★ 鏈路狀態資訊不確定下QoS路由之研究
★ 以訊務觀察法改善光突發交換技術之路徑建立效能	★ 感測網路與競局理論應用於舒適性空調之研究
★ 以搜尋樹為基礎之無線感測網路繞徑演算法	★ 基於無線感測網路之行動裝置輕型定位系統
★ 多媒體導覽玩具車	★ 以Smart Floor為基礎之導覽玩具車
★ 行動社群網路服務管理系統－應用於發展遲緩兒家庭	★ 具位置感知之穿戴式行動廣告系統
★ 調適性車載廣播	★ 車載網路上具預警能力之車輛碰撞避免機制
★ 應用於無線車載網路上之合作式交通資訊傳播機制以改善車輛擁塞	★ 智慧都市中應用車載網路以改善壅塞之調適性虛擬交通號誌

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

隨著現今網路技術蓬勃發展，促使智慧型設備以及物聯網裝置大幅提升，因此在網路安全（Cybersecurity）的重要性也隨之提升。為了有效抵禦網路攻擊（Cyberattack），現今使用人工智慧（Artificial Intelligence, AI）模型來實現入侵檢測系統（Intrusion Detection System, IDS），用來偵測網路惡意流量，由於AI模型具有複雜的超參數空間，若只依賴人工方式手動調整超參數，可能會造成付出的成本變得高昂，且較不容易找出最佳的超參數配置。
本論文為了解決不易找出模型的最佳超參數配置的問題，提出（Bayesian Optimization - Light Gradient Boosting Machine, BO-LGBM）機制，用來建立網路惡意流量分類模型，此機制利用貝葉斯演算法（Bayesian Optimization, BO）來找出（Light Gradient Boosting Machine, LightGBM）模型的最佳超參數配置，從而提升模型在流量分類的準確度。本論文採用IoT20資料集作為模型的輸入，實驗結果中於網路惡意流量分類有著98.89%的F1-score，相較人工手動方式設置超參數的LightGBM模型可以提升5.33%。此外BO-LGBM相比於Random Forest、Bagging、CatBoost以及CNN都具有更高的準確度，而且在模型大小和預測時間上更為輕量和快速。本論文還採用eXplainable Artificial Intelligence（XAI）技術對模型的輸入特徵進行分析，並取得各攻擊類別的特徵重要性，再通過XAI分析出的結果來降低模型輸入維度，以降低模型的負擔。在LightGBM模型特徵刪除結果中可以在幾乎不影響模型準確度的情況下，降低10.5%的預測時間與提升11.8%的Throughput，另外在降低 17.18% 的預測時間和提升 20.43% 的 Throughput 的情況下，模型仍可保有 96.18 %的 F1-Score。

摘要(英)

With the rapid development of current internet technologies, the proliferation of smart devices and Internet of Things (IoT) devices has significantly increased. Consequently, the importance of cybersecurity has also risen. To effectively defend against cyberattacks, Artificial Intelligence (AI) models are now employed to implement Intrusion Detection Systems (IDS) to detect network malicious traffic. Due to the complex hyperparameter space of AI models, relying solely on manual adjustments can be costly and make it difficult to find the optimal hyperparameter configuration.
This paper addresses the challenge of identifying the optimal hyperparameter configuration for models by proposing a Bayesian Optimization - Light Gradient Boosting Machine (BO-LGBM) mechanism. This mechanism leverages Bayesian Optimization (BO) to determine the best hyperparameter settings for the Light Gradient Boosting Machine (LightGBM) model, thereby improving the model′s accuracy in traffic classification. The IoT20 dataset is used as the input for the model in this paper. Experimental results show that the BO-LGBM achieves an F1-score of 98.89% in network malicious traffic classification, representing a 5.33% improvement over manually configured LightGBM models. Additionally, BO-LGBM demonstrates higher accuracy compared to Random Forest, Bagging, CatBoost, and CNN, and is more lightweight and faster in terms of model size and prediction time. This paper also employs eXplainable Artificial Intelligence (XAI) techniques to analyze the input features of the model, obtaining feature importance for each attack category. The XAI analysis results are then used to reduce the dimensionality of the model′s input, thus decreasing the model′s burden. The feature removal results in the LightGBM model show that it can reduce prediction time by 10.5% and increase throughput by 11.8% without significantly affecting the model′s accuracy. Furthermore, when reducing prediction time by 17.18% and increasing throughput by 20.43%, the model can still maintain an F1-Score of 96.18%.

關鍵字(中)

★ 貝葉斯演算法
★ 流量分類
★ 入侵檢測系統
★ 模型優化
★ 特徵分析

關鍵字(英)

★ Bayesian Optimization
★ Traffic Classification
★ Intrusion Detection System
★ Model Optimization
★ Feature Analysis

論文目次

摘要 i
Abstract ii
誌謝 iv
目錄 v
圖目錄 viii
表目錄 x
第一章緒論 1
1.1. 概要 1
1.2. 研究動機 2
1.3. 研究目的 3
1.4. 章節架構 3
第二章背景知識與相關研究 5
2.1. 入侵檢測系統（Intrusion Detection System） 5
2.1.1. Packet-based入侵檢測 6
2.1.2. Flow-based入侵檢測 6
2.2. 輕量梯度提升機器 7
2.3. 貝葉斯演算法 8
2.4. 可解釋人工智慧 9
2.5. 相關研究 11
第三章研究方法 15
3.1. 設計理念以及系統架構 15
3.2. 系統運作流程 17
3.2.1. 網路惡意流量蒐集 18
3.2.2. 資料前處理 19
3.2.3. 貝葉斯優化 23
3.2.4. 模型訓練 27
3.2.5. 模型特徵分析 28
3.3. 系統環境 31
第四章實驗與討論 32
4.1. 情境一：LightGBM模型在網路惡意流量分類成效與資料前處理比較 32
4.1.1. 實驗一：LightGBM於網路惡意流量上的二元分類成效 34
4.1.2. 實驗二：LightGBM於網路惡意流量上的多元分類成效 35
4.1.3. 實驗三：資料前處理對模型分類成效之影響 36
4.2. 情境二：BO-LGBM於網路惡意流量的分類並與其他模型進行比較 38
4.2.1. 實驗四：超參數優化的分類成效 38
4.2.2. 實驗五：超參數優化的模型大小比較 41
4.2.3. 實驗六：超參數優化的模型預測時間比較 42
4.2.4. 實驗七：比較不同超參數優化方法對於模型的影響 43
4.2.5. 實驗八：不同資料集中超參數優化之分類成效 46
4.3. 情境三：模型分析與改善結果 47
4.3.1. 實驗九：攻擊類別的特徵重要性分析 48
4.3.2. 實驗十：特徵刪除對模型的影響 51
第五章結論與未來研究方向 55
5.1.1. 結論 55
5.1.2. 研究限制 56
5.1.3. 未來研究 56
參考文獻 58

參考文獻

參考文獻
[1]
Wikipedia, “Internet of things”, Accessed on Jun 5, 2024. [Online]. Available: https://en.wikipedia.org/wiki/Internet_of_thing
[2]
AWS, “What is a Distributed denial-of-service attack (DDoS) ?”, Accessed on Jun 5, 2024. [Online].Available: https://aws.amazon.com/tw/shield/ddos-attack-protection/
[3]
CyberArk, “What is a Malware Attack?”, Accessed on Jun 5, 2024. [Online]. Available: https://www.cyberark.com/what-is/malware/
[4]
IBM, “What is an intrusion detection system (IDS)?”, Accessed on Jun 5, 2024. [Online]. Available: https://www.ibm.com/topics/intrusion-detection-system
[5]
Y. LeCun, Y. Bengio, and G. Hinton, “Deep Learning,” Nature, vol. 521, no. 7553, pp. 436–444, May 2015, doi: https://doi.org/10.1038/nature14539.
[6]
M. I. Jordan and T. M. Mitchell, “Machine learning: Trends, perspectives, and prospects,” Science, vol. 349, no. 6245, pp. 255–260, Jul. 2020, doi: https://doi.org/10.1126/science.aaa8415.
[7]
51CTO, “Global IoT Market Forecast”, Accessed on Jun 6, 2024. [Online]. Available: https://www.51cto.com/article/717841.html
[8]
W. Samek, G. Montavon, S. Lapuschkin, C. J. Anders, and K.-R. Muller, “Explaining Deep Neural Networks and Beyond: A Review of Methods and Applications,” Proceedings of the IEEE, vol. 109, no. 3, pp. 247–278, Mar. 2021, doi: https://doi.org/10.1109/jproc.2021.3060483.
[9]
R. Haridas and J. R L, “Convolutional Neural Networks: A Comprehensive Survey,” International Journal of Applied Engineering Research, vol. 14, no. 3, p.
780, Feb. 2019, doi:
https://doi.org/10.37622/ijaer/14.3.2019.780-789.
[10]
S. D, “Metro Water Fraudulent Prediction in Houses Using Convolutional Neural Network and Recurrent Neural Network,” Revista Gestão Inovaçãoe Tecnologias, vol. 11, no. 4, pp. 1177–1187, Jul. 2021, doi: https://doi.org/10.47059/revistageintec.v11i4.2177.
[11]
L. Yang and A. Shami, “On hyperparameter optimization of machine learning algorithms: Theory and practice,” Neurocomputing, vol. 415, pp. 295–316, Nov. 2020, doi: https://doi.org/10.1016/j.neucom.2020.07.061.
[12]
P. I. Frazier, “A Tutorial on Bayesian Optimization,” arXiv (Cornell University), Jul. 2018, doi: https://doi.org/10.48550/arxiv.1807.02811.
[13]
Wikipedia, “LightGBM”, Accessed on Jun 5, 2024. [Online]. Available: https://en.wikipedia.org/wiki/LightGBM.
[14]
E. Schulz, M. Speekenbrink, and A. Krause, “A tutorial on Gaussian process regression: Modelling, exploring, and exploiting functions,” Journal of Mathematical Psychology, vol. 85, pp. 1–16, Aug. 2018, doi: https://doi.org/10.1016/j.jmp.2018.03.001.
[15]
T. Wagner, M. Emmerich, A. Deutz, and Wolfgang Ponweiser, “On Expected-Improvement Criteria for Model-based Multi-objective Optimization,” Springer eBooks, pp. 718–727, Jan. 2010, doi: https://doi.org/10.1007/978-3-642-15844-5_72.
[16]
J. T. Wilson, F. Hutter, and Marc Peter Deisenroth, “Maximizing acquisition functions for Bayesian optimization,” neural information processing systems, vol. 31, pp. 9884–9895, Dec. 2018.
[17]
Christophm, “Interpretable Machine Learning”, 2022, Accessed on April 11, 2022. [Online]. Available: https://christophm.github.io/interpretable-ml-book/
[18]
S. Jose, D. Malathi, B. Reddy, and D. Jayaseeli, “A Survey on Anomaly Based Host Intrusion Detection System,” Journal of Physics: Conference Series, vol. 1000, p. 012049, Apr. 2018, doi: https://doi.org/10.1088/1742-6596/1000/1/012049.
[19]
R. Sekar, Y. Guang, S. Verma, and T. Shanbhag, “A high-performance network intrusion detection system,” Proceedings of the 6th ACM conference on Computer and communications security - CCS ’99, 1999, doi: https://doi.org/10.1145/319709.319712.
[20]
H. K. Lim, J. B. Kim, J.S. Heo, K. Kim, Y. G. Hong, and Y. H. Han. “Packet-based network traffic classification using deep learning.” IEEE International Conference on Artificial Intelligence in Information and Communication (ICAIIC 2019), pp. 046-051. 2019 , doi: https://doi.org/10.1109/icaiic.2019.8669045.
[21]
M. Ring, D. Schlör, D. Landes, and A. Hotho, “Flow-based network traffic generation using Generative Adversarial Networks,” Computers & Security, vol. 82, pp. 156–172, May 2019, doi: https://doi.org/10.1016/j.cose.2018.12.012.
[22]
B. de Ville, “Decision trees,” Wiley Interdisciplinary Reviews: Computational Statistics, vol. 5, no. 6, pp. 448–455, Oct. 2013, doi: https://doi.org/10.1002/wics.1278.
[23]
Wikipedia, “Boosting(machine learning”, Accessed on Jun 5, 2024. [Online]. Available: https://en.wikipedia.org/wiki/Boosting_(machine_learning)
[24]
T. Chen and C. Guestrin, “XGBoost: a Scalable Tree Boosting System,” Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining - KDD ’16, pp. 785–794, 2016, doi: https://doi.org/10.1145/2939672.2939785.
[25]
GeeksforGeeks, “LightGBM Histogram-Based Learning”, Accessed on Jun 6,
202
4. [Online]. Available: https://www.geeksforgeeks.org/lightgbm-histogram-based-learning/.
[26]
J. Waring, C. Lindvall, and R. Umeton, “Automated Machine Learning: Review of the State-of-the-Art and Opportunities for Healthcare,” Artificial Intelligence in Medicine, vol. 104, p. 101822, Feb. 2020, doi: https://doi.org/10.1016/j.artmed.2020.101822.
[27]
M. Feurer, K. Eggensperger, S. Falkner, M. Lindauer, and F. Hutter, “Auto-sklearn 2.0: hands-free automl via meta-learning,” 2022 The Journal of Machine Learning Research, vol. 23, no. 1, pp. 11936-11996, 2022.
[28]
H. Jin, F. Chollet, Q. Song, and X. Hu, “Autokeras: An automl library for deep learning,” 2023 Journal of Machine Learning Research, vol. 24, no. 6, pp. 1-6, 2023.
[29]
Sigrún Andradóttir, “Chapter 20 An Overview of Simulation Optimization via Random Search,” Handbooks in operations research and management science, pp. 617–631, Jan. 2006, doi: https://doi.org/10.1016/s0927-0507(06)13020-0.
[30]
D. Wang, D. Tan, and L. Liu, “Particle swarm optimization algorithm: an overview,” Soft Computing, vol. 22, no. 2, pp. 387–408, Jan. 2017, doi: https://doi.org/10.1007/s00500-016-2474-6.
[31]
Medium, “LIME:explain Machine Learning predictions”, Accessed on Jun 5, 2024. [Online]. Available: https://towardsdatascience.com/lime-explain-machine-learning-predictions-af8f18189bfe
[32]
SHAP, “Welcome to the SHAP documentation”, Accessed on Jun 5, 2024. [Online]. Available: https://shap.readthedocs.io/en/latest/
[33]
Wikipedia, “Shapley value”, Accessed on Jun 5, 2024. [Online]. Available: https://en.wikipedia.org/wiki/Shapley_value
[34]
E. Min, J. Long, Q. Liu, J. Cui, and W. Chen, “TR-IDS: Anomaly-Based Intrusion Detection through Text-Convolutional Neural Network and Random Forest,” Security and Communication Networks, vol. 2018, pp. 1–9, Jul. 2018, doi: https://doi.org/10.1155/2018/4943509.
[35]
Turing, “Word embeddings in NLP:A Complete Guide”, Accessed on Jun 5, 2024. [Online]. Available: https://www.turing.com/kb/guide-on-word-embeddings-in-nlp
[36]
Y. Zhou, J. Li, J. Chi, W. Tang, and Y. Zheng, “Set-CNN: A text convolutional neural network based on semantic extension for short text classification,” Knowledge-Based Systems, vol. 257, p. 109948, Dec. 2022, doi: https://doi.org/10.1016/j.knosys.2022.109948.
[37]
A. Verma and Virender Ranga, “ELNIDS: Ensemble Learning based Network Intrusion Detection System for RPL based Internet of Things,” The Internet of Things, Apr. 2019, doi: https://doi.org/10.1109/iot-siu.2019.8777504.
[38]
X. Dong, Z. Yu, W. Cao, Y. Shi, and Q. Ma, “A survey on ensemble learning,” Frontiers of Computer Science, vol. 14, no. 2, pp. 241–258, Aug. 2019, doi: https://doi.org/10.1007/s11704-019-8208-z.
[39]
Jin Kim, Nara Shin, S. Y. Jo, and Sang Hyun Kim, “Method of intrusion detection using deep neural network,” 2017 IEEE International Conference on Big Data and Smart Computing (BigComp), Feb. 2017, doi: https://doi.org/10.1109/bigcomp.2017.7881684.
[40]
B. Mahbooba, M. Timilsina, R. Sahal, and M. Serrano, “Explainable Artificial Intelligence (XAI) to Enhance Trust Management in Intrusion Detection Systems Using Decision Tree Model,” Complexity, vol. 2021, pp. 1–11, Jan. 2021, doi: https://doi.org/10.1155/2021/6634811.
[41]
L.-D. Chou, "Deep Learning-Based Malicious Traffic Detection and Defense Using Raspberry Pi," Project Technical Report, Dept. Comput. Sci. Inf. Eng., National Central University, 2022.
[42]
Raspberry Pi, “Raspberry Pi”, Accessed on Jun 5, 2024. [Online]. Available: https://www.raspberrypi.com/
[43]
C.-W. Wu, "A Study of Malicious Network Traffic Detection Based on Graph Neural Network and Using eXplainable Artificial Intelligence to Optimize Model," M.S. thesis, Dept. Comput. Sci. Inf. Eng., National Central University, supervised by L.-D. Chou, 2022, Accessed on June 7, 2024. [Online]. Available: https://hdl.handle.net/11296/vvmm4v
[44]
UNB, “CICFlowMeter”, Accessed on Jun 5, 2024. [Online]. Available: https://www.unb.ca/cic/research/applications.html
[45]
I. Ullah and Q. H. Mahmoud, “A Scheme for Generating a Dataset for Anomalous Activity Detection in IoT Networks,” Advances in Artificial Intelligence, pp. 508–520, 2020, doi: https://doi.org/10.1007/978-3-030-47358-7_52.
[46]
S. Okada, M. Ohzeki, and S. Taguchi, “Efficient partition of integer optimization problems with one-hot encoding,” Scientific Reports, vol. 9, no. 1, Sep. 2019, doi: https://doi.org/10.1038/s41598-019-49539-6.
[47]
Wikipedia, “Normalization(statistics)”, Accessed on Jun 5, 2024. [Online]. Available: https://en.wikipedia.org/wiki/Normalization_(statistics)
[48]
H. Henderi, “Comparison of Min-Max normalization and Z-Score Normalization in the K-nearest neighbor (kNN) Algorithm to Test the Accuracy of Types of Breast Cancer,” IJIIS: International Journal of Informatics and Information Systems, vol. 4, no. 1, pp. 13–20, Mar. 2021, doi: https://doi.org/10.47738/ijiis.v4i1.73.
[49]
NumFOCUS Inc, “Pandas”, Accessed on Jun 5, 2024. [Online]. Available: https://pandas.pydata.org/
[50]
NumPy, “NumPy”, Accessed on Jun 5, 2024. [Online]. Available: https://numpy.org/citing-numpy/
[51]
Scikit-learn, “scikit-learn”, Accessed on Jun 5, 2024. [Online]. Available: https://scikit-learn.org/stable/
[52]
Keras, “Keras:Deep Learning for humans”, Accessed on Jun 5, 2024. [Online]. Available: https://keras.io/
[53]
Simon Blanke, “Hyperactive”, Accessed on Jun 5, 2024. [Online]. Available: https://github.com/SimonBlanke/Hyperactive#citing-hyperactive
[54]
ScienceDirect, “Confusion Matrix”, Accessed on Jun 5, 2024. [Online]. Available: https://www.sciencedirect.com/topics/engineering/confusion-matrix.
[55]
UNB, “Intrusion Detection Evaluation Dataset (CIC-IDS2017)”, Accessed Jun 6, 2024. [Online]. Available: https://www.unb.ca/cic/datasets/ids-2017.html
[56]
UNSW Research, “The UNSW-NB15 Dataset”, Accessed Jun 6, 2024. [Online]. Available: https://research.unsw.edu.au/projects/unsw-nb15-dataset
[57]
V. Tolpegin, S. Truex, M. E. Gursoy, and L. Liu, “Data Poisoning Attacks Against Federated Learning Systems,” Computer Security – ESORICS 2020, pp. 480–501, 2020, doi: https://doi.org/10.1007/978-3-030-58951-6_24.
[58]
T. Bai, J. Luo, J. Zhao, B. Wen, and Q. Wang, “Recent Advances in Adversarial Training for Adversarial Robustness,” arXiv (Cornell University), Feb. 2021, doi: https://doi.org/10.48550/arxiv.2102.01356.
[59]
C.-F. Tsai, W.-C. Lin, Y.-H. Hu, and G.-T. Yao, “Under-sampling class imbalanced datasets by combining clustering analysis and instance selection,” Information Sciences, vol. 477, pp. 47–54, Mar. 2019, doi:
https://doi.org/10.1016/j.ins.2018.10.029.
[60]
A. Gosain and S. Sardana, “Handling class imbalance problem using oversampling techniques: A review,” IEEE Xplore, Sep. 01, 2017. https://ieeexplore.ieee.org/abstract/document/8125820

指導教授

周立德(Li-Der Chou)

審核日期

2024-8-8

推文