中大學術數位典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/98067
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 83956/83956 (100%)
Visitors : 62616297      Online Users : 236
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: https://ir.lib.ncu.edu.tw/handle/987654321/98067


    Title: 基於輕量化特徵選擇與樹模型之網路惡意流量偵測設計與分析;Design and Analysis of Network Malicious Traffic Detection Based on Lightweight Feature Selection and Tree-Based Models
    Authors: 林詠麒;Lin, Yong-Chi
    Contributors: 通訊工程學系在職專班
    Keywords: 惡意流量偵測;輕量梯度提升;決策樹;隨機森林;極限梯度提升;Malicious Traffic Detection;LightGBM;Decision Tree;Random Forest;XGBoost
    Date: 2025-07-24
    Issue Date: 2025-10-17 12:19:03 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 本研究即是探討機器學習方法於網路惡意流量偵測中的應用,目標為設計一套兼具辨識效能與測試效率的偵測模型。實驗中選用UNSW-NB15與CSE-CIC-IDS2018兩組公開數據集作為基礎,這兩個數據集涵蓋從基本偵查攻擊到複雜系統漏洞利用等多種真實世界的網路攻擊情境。在模型建構前,針對兩組數據集分別進行適當的預處理,包括數據清洗、重複值及缺失值處理與類型轉換。完成預處理後,採用輕量梯度提升的嵌入式特徵選擇法進行關鍵特徵篩選,並進一步建構雙層樹模型架構,分別結合決策樹、隨機森林、極限梯度提升與輕量梯度提升,強化模型對惡意流量的辨識能力與泛化效果。為評估模型效能,本研究採用多項指標進行量化分析。實驗結果顯示,在相同特徵選擇條件下,輕量梯度提升於兩個數據集中皆達成最高整體準確度與F1-score,同時還具備所有模型中最短的每筆測試時間,為本次實驗最佳;隨機森林在兩組數據集中各項指標略低於輕量梯度提升且測試時間稍長。極限梯度提升在惡意流量偵測上具備高召回率與中等測試時間;而單一決策樹雖測試速度最快,但分類準確度明顯低於前述集成模型。本研究驗證了將輕量梯度提升特徵篩選結合樹模型的方法,能有效提升惡意流量識別的效能與效率,並且模型對不同數據集有良好的適應能力,具備實務可行性與應用潛力。;This study investigates the application of machine learning in malicious traffic detection, aiming to design a model that achieves both high performance and efficiency. Experiments were conducted on the UNSW-NB15 and CSE-CIC-IDS2018 datasets, which include various real-world attack scenarios. After preprocessing, LightGBM’s embedded method was used for feature selection. Based on the selected features, four models—Decision Tree, Random Forest, XGBoost, and LightGBM—were individually trained and compared. Results show that LightGBM achieved the best performance in accuracy, F1-score, and testing speed, making it the best-performing model in this study. Random Forest performed consistently with high recall; XGBoost showed strong malicious flow detection with moderate test time; while Decision Tree was fastest but less accurate. Overall, the proposed method demonstrates high detection effectiveness, efficiency, and adaptability, indicating strong potential for real-world deployment.
    Appears in Collections:[Executive Master of Communication Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML58View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明