基於生成對抗網路技術之惡意網路流量生成模型;MCM-GAN: Malicious Cyber Maker using Generative Adversarial Networks

NCUIR > College of Electrical Engineering & Computer Science > Graduate Institute of Computer Science and Information Engineering > Electronic Thesis & Dissertation > Item 987654321/95771

Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/95771

Title:	基於生成對抗網路技術之惡意網路流量生成模型;MCM-GAN: Malicious Cyber Maker using Generative Adversarial Networks
Authors:	吳宗勲;Wu, Tsung-Hsun
Contributors:	資訊工程學系
Keywords:	條件式生成對抗網路;資料不平衡;惡意網路流量分類;入侵檢測系統;Conditional Generative Adversarial Network;Traffic Classification;Mali cious Network Traffic Classification;Intrusion Detection System
Date:	2024-08-09
Issue Date:	2024-10-09 17:15:52 (UTC+8)
Publisher:	國立中央大學
Abstract:	隨著網路的迅速發展，惡意攻擊事件日益增多，為了應對這種情況，使用機器學習 (Machine Learning) 或深度學習 (Deep Learning) 在入侵檢測系統 (In-trusion Detection System, IDS) 上來偵測惡意流量已成為主要趨勢。然而，由於許多資料集是公開的，並且公開資料集往往存在資料不平衡的問題，常見的解決方案是透過合成少數過採樣技術 (Synthetic Minority Over-sampling Technique, SMOTE) ，但這種方法所生成的流量缺乏真實性，如何有效地生成多樣且符合真實狀況的流量是為一大挑戰。本論文提出了一種名為 "Malicious Cyber Maker GAN (MCM-GAN) " 的架構，旨在解決訓練不穩定性和模式崩潰 (Mode collapse) 問題，確保生成樣本多樣性。該架構採用了Wasserstein Generative Adversarial Network with Gradient Penalty (WGAN-GP) 設計，通過引入梯度懲罰來改進原有的權重剪切方法，使生成過程更加穩定。此外，本論文還引入了條件生成對抗網路 (Conditional Generative Adversarial Network, CGAN) 和雙時間尺度更新規則 (Two Time-Scale Update Rule, TTUR) ，以進一步提高生成效果和訓練效率。在UNSW-NB15資料集上的實驗結果顯示，使用MCM-GAN生成9種網路惡意攻擊類型時，訓練時間相比使用LSTM作為生成器和鑑別器減少了21.99%，模型大小則減少了27.62%。使用原始資料結合MCM-GAN生成資料進行訓練的XGBoost、Random Forest和SVC模型，其預測F1-Score分別達到89.07%、87.04%和84.31%。相較於SVM-SMOTE、GRU-CGAN和LSTM-CGAN等生成技術，MCM-GAN能達到更高的F1-Score。此外，相較於僅使用原始資料訓練的模型，這些模型的平均F1-Score分別提升了6.83%、6.48%和9.91%。 ;With the rapid development of the Internet, malicious attacks are becoming in-creasingly common. To address this issue, the use of machine learning or deep learn-ing technologies in intrusion detection systems (IDS) to detect malicious traffic has become a major trend. However, since many datasets are public and often have data imbalances, a common solution is to use the Synthetic Minority Over-sampling Tech-nique (SMOTE). However, the traffic generated by this method lacks authenticity. Effectively generating diverse and realistic traffic is a significant challenge. This paper presents an architecture called "Malicious Cyber Maker GAN (MCM-GAN)", which aims to address training instability and mode collapse issues by ensuring diversity in the generated samples. This framework adopts the Wasserstein Generative Adversarial Network with Gradient Penalty (WGAN-GP) design, which improves on the original weight clipping method by incorporating a gradient penalty to stabilize the generation process. In addition, the work incorporates the Conditional Generative Adversarial Network (CGAN) and the Two Time-Scale Update Rule (TTUR) to further improve generation effectiveness and training efficiency. Experimental results on the UNSW-NB15 dataset show that when generating nine types of malicious network attacks using MCM-GAN, the training time was reduced by 21.99% compared to using LSTM as the generator and discriminator, and the model size was reduced by 27.62%. Models trained on original data combined with MCM-GAN generated data, namely XGBoost, Random Forest and SVC, achieved F1 scores of 89.07%, 87.04% and 84.31% respectively. These accuracy levels are higher compared to generation techniques such as SVM-SMOTE, GRU-CGAN and LSTM-CGAN. In addition, these models showed an average F1 score improvement of 6.83%, 6.48% and 9.91%, respectively, compared to models trained only on original data.
Appears in Collections:	[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

Files in This Item:

File	Description	Size	Format
index.html		0Kb	HTML	29	View/Open

社群 sharing

Loading...