| 摘要: | 在科技的日新月異下,網路逐漸跟這個世界密不可分,聯網裝置數量也以驚人的速度增加,但同時這也成為網路攻擊者的目標。各個領域隨著人工智能模型(Artificial Intelligence Model, AI 模型)的興起都往前邁進一大步,其中也包括網路防禦。然而攻擊者對於網路攻擊手法的不斷更新,在攻擊手法多樣下,攻擊資料分析將會以時域(time)與頻率域(frequency)兩大資料型態呈現。AI模型開發者通常擇一資料型態進行模型開發,然而近年AI模型開發者為帶來更好地模型效能通常以改變模型架構,而非模型計算策略優化,使AI模型需使用較高運算能力。在智能生活的驅使下,低運算能力的聯網裝置急速成長,攻擊者也將目標放置此類防禦較低的裝置上,因此能夠同時擁有兩種資料特性、輕量化與人工智能模型的解析將是未來網路攻擊的防禦部署與模型優化的重要關鍵。
本篇論文使用時頻圖(Spectrogram)將時域與頻率域特性的資料同時帶入人工智能模型中,為了解決低運算能力裝置的防禦部署問題,提出輕量化模型Light Weight Gray Spectrogram Convolution Neural Network(LGS-CNN) 和1DG-Spectrogram Convolution Neural Network(1DGS-CNN),並使用可解釋AI (Explainable AI, XAI) 進行模型解釋。可以有效地分類公開資料集中7種攻擊類型,並且分別達到98.86%和98.79%的準確率,與SDCNN模型比較下每秒浮點數計算量分別低於12.14%和96.57%,並在XAI與實驗特徵解釋下,可以確保模型所使用特徵數量在76時可以達到模型最優的狀態。結果顯示本篇論文所提出之輕量化卷積神經網路與XAI之特徵影像惡意流量偵測是可以有效減輕系統運算量並確保使用特徵數量上擁有最優的準確度與F1-Score。
;As technology improves every day, the internet is becoming inseparable with world and the number of connected devices growing rapidly. Also, the connected devices become target for cyber attacker. The rise of artificial intelligence models (AI models) has taken a big step forward in every field, including cyber defense. However, attackers are constantly updating network attack methods. Under the various attack methods, the analysis of attack data will be presented in two data characteristics, time domain and frequency domain. AI model developers usually choose a data type for model development. However, in recent years, AI model developers usually change the model structure to bring better model performance, rather than optimizing the model calculation strategy, so that AI models need to use higher computing power. Driven by intelligent life, networked devices with low computing power are rapidly growing, and attackers also target such devices with low defense. Therefore, the ability to have two data characteristics at the same time, lightweight and artificial intelligence model analysis will be the key to defense deployment and model optimization of future cyber attacks.
This paper, Spectrogram is used to bring the data of time domain and frequency domain characteristics into the artificial intelligence model at the same time. In order to solve the problem of defense deployment of low computing devices, a Light Weight Gray Spectrogram Convolution Neural Network( LGS-CNN) and 1DG-Spectrogram Convolution Neural Network (1DGS-CNN) are proposed, and use Explainable AI (Explainable AI, XAI) for model parsing. It can effectively classify 7 attack types in the public data set, and achieve 98.86% and 98.79% accuracy respectively. Compared with the SDCNN model, the floating-point calculation per second is lower than 12.14% and 96.57%, respectively. Under the feature analysis, it can be ensured that the number of features used by the model can reach the optimal state of the model when the number of features is 76. The results show that the lightweight convolutional neural network and XAI feature image malicious traffic detection proposed in this paper can effectively reduce the system burden and ensure the optimal performance in terms of the number of features used. |
