摘要: | 隨著網路技術的高速發展,5G 網路和各類雲端服務的普及。智慧型手機、 智慧穿戴設備及物聯網(IoT)設備的數量正在呈現指數級增長。個人資訊、金 融交易及支付方式的數位化為人們帶來極大的便利性,但也讓駭客們有更多的攻 擊機會與手段,因此資訊安全(Information Security)的重要性與可實踐性變得 極其重要。為了因應現代網路的高速度與低延遲性,入侵檢測系統(Intrusion Detection System)的響應時間將會是關鍵指標,傳統的檢測方法仰賴於分析高維 度數據,不僅計算成本高,也難以滿足即時性的需求。而高複雜度的模型部署在 邊緣設備上的可行性也有待確認,因為邊緣設備通常不具備強大的運算能力。
本論文為了解決傳統檢測方法的高計算成本與高響應時間,提出了一種高效 的混合模型(Encoder and Multi-head Attention, EMA),透過自動編碼器(Auto encoder)將原始流量降維,使得低維度數據能夠代表原始數據表示,大幅降低計 算成本,接著使用多頭注意力機制(Multi-head attention)從低維度數據中計算特 徵與特徵之間的關聯性,找到關鍵因素並加強其權重,並透過殘差連接達到數據 增強的效果,解決資料降維可能導致大量資訊損失的問題。
為驗證該方法的有效性,本論文採用 UNSW-NB15 數據集進行了實驗測試。 實驗結果表明,與傳統的入侵檢測方法中表現最好的 GRU 模型相比,以準確度 為優先的 EMA 模型能夠在低運算成本的情況下將準確率維持在 98.48%,並使 模型訓練時間減少 85.41%,預測時間減少 60.24%,CPU 峰值降低 15.20%,平均 CPU 使用率降低 42.31%,而以速度爲優先的 EMA 模型能夠以犧牲 2.10%準確 度換取訓練時間減少 93.13%,預測時間減少 64.69%,CPU 峰值降低 29.48%,平 均 CPU 使用率降低 42.31%。大幅降低傳統檢測方法為人詬病的高計算成本與響 應時間,提高模型部署在低計算能力的邊緣設備上的可行性,為現代網路安全防 護提供了一種高效且實用的解決方案。;With the rapid development of network technology and the proliferation of 5G networks and various cloud services, the number of smartphones, smart wearables, and Internet of Things (IoT) devices is growing exponentially. The digitization of personal information, financial transactions, and payment methods has brought significant convenience to people while providing more opportunities and means for hackers to launch attacks. As a result, the importance and practicality of information security have become critical. To meet the high speed and low latency demands of modern networks, the response time of Intrusion Detection Systems (IDS) will be a crucial indicator. Traditional detection methods rely on analyzing high-dimensional data, which is computationally expensive and fails to meet real-time requirements. The feasibility of deploying complex models on edge devices also remains uncertain because such devices typically lack robust computing power.
To address the high computational cost and response time of traditional detection methods, this paper proposes an efficient hybrid model(Encoder and Multi-head Attention, EMA). The model uses an autoencoder to reduce the dimensionality of the original network traffic, enabling low-dimensional data to represent the original data more efficiently and reducing computational costs significantly. It then employs a multi-head attention mechanism to identify key factors and strengthen their weights by calculating the relationships between features in the low-dimensional data. Through residual connections, the model achieves data augmentation, solving the problem of significant information loss that can result from dimensionality reduction.
To validate the effectiveness of the proposed method, this paper conducted experimental tests using the UNSW-NB15 dataset. The experimental results indicate that, compared to the best-performing GRU model in traditional intrusion detection methods, the accuracy-prioritized EMA model can maintain an accuracy rate of 98.48% with low computational cost, reduce training time by 85.41%, prediction time by 60.24%, peak CPU usage by 15.20%, and average CPU usage by 42.31%. Meanwhile, the speed-prioritized EMA model, by sacrificing 2.10% accuracy, can reduce training time by 93.13%, prediction time by 64.69%, peak CPU usage by 29.48%, and average CPU usage by 42.31%. This significantly reduces the high computational cost and response time that have been criticized in traditional detection methods, enhancing the feasibility of deploying the model on edge devices with low computational power and providing an efficient and practical solution for modern network security protection. |