本研究即是探討機器學習方法於網路惡意流量偵測中的應用,目標為設計一套兼具辨識效能與測試效率的偵測模型。實驗中選用UNSW-NB15與CSE-CIC-IDS2018兩組公開數據集作為基礎,這兩個數據集涵蓋從基本偵查攻擊到複雜系統漏洞利用等多種真實世界的網路攻擊情境。在模型建構前,針對兩組數據集分別進行適當的預處理,包括數據清洗、重複值及缺失值處理與類型轉換。完成預處理後,採用輕量梯度提升的嵌入式特徵選擇法進行關鍵特徵篩選,並進一步建構雙層樹模型架構,分別結合決策樹、隨機森林、極限梯度提升與輕量梯度提升,強化模型對惡意流量的辨識能力與泛化效果。為評估模型效能,本研究採用多項指標進行量化分析。實驗結果顯示,在相同特徵選擇條件下,輕量梯度提升於兩個數據集中皆達成最高整體準確度與F1-score,同時還具備所有模型中最短的每筆測試時間,為本次實驗最佳;隨機森林在兩組數據集中各項指標略低於輕量梯度提升且測試時間稍長。極限梯度提升在惡意流量偵測上具備高召回率與中等測試時間;而單一決策樹雖測試速度最快,但分類準確度明顯低於前述集成模型。本研究驗證了將輕量梯度提升特徵篩選結合樹模型的方法,能有效提升惡意流量識別的效能與效率,並且模型對不同數據集有良好的適應能力,具備實務可行性與應用潛力。;This study investigates the application of machine learning in malicious traffic detection, aiming to design a model that achieves both high performance and efficiency. Experiments were conducted on the UNSW-NB15 and CSE-CIC-IDS2018 datasets, which include various real-world attack scenarios. After preprocessing, LightGBM’s embedded method was used for feature selection. Based on the selected features, four models—Decision Tree, Random Forest, XGBoost, and LightGBM—were individually trained and compared. Results show that LightGBM achieved the best performance in accuracy, F1-score, and testing speed, making it the best-performing model in this study. Random Forest performed consistently with high recall; XGBoost showed strong malicious flow detection with moderate test time; while Decision Tree was fastest but less accurate. Overall, the proposed method demonstrates high detection effectiveness, efficiency, and adaptability, indicating strong potential for real-world deployment.
