工業4.0整合工業控制系統以及資訊系統的網路，使傳統工廠能與現代科技接軌。然而，原先屬於內部網路的工業控制系統與外部網路相連，再加上工業控制系統的防禦機制尚未成熟，導致駭客能夠透過工業控制系統網路入侵企業內部。面對許多之前未見的攻擊，需要一套穩定性高的入侵偵測系統，對入侵發出告警，使資訊安全人員盡早發現攻擊，並對此採取行動。
現今的針對工業控制系統環境下的入侵偵測系統，往往受限於資料不足以及資料不平衡的問題，導致偵測模型穩健性不高。而對抗式資料生成可以合成資料，並與原始樣本一起放入機器學習/深度學習為基礎的入侵偵測系統訓練，解決原始訓練資料集資料缺失與不平衡的問題，進而改善入侵偵測系統的穩健性。面對不同的資料形式，生成對抗網路模型有許多不同的變種，而有鑑於本研究使用的資料屬於表格式資料，因此採用表格式對抗生成網路作為生成資料的模型，該模型能夠透過規則限制以盡可能貼近母資料集，藉以解決資料不足以及資料不平衡之問題。
本研究利用生成對抗網路產生工業控制系統的網路流量資訊，並針對攻擊部分加強生成，藉此增加攻擊方面的資料，使得入侵偵測系統對攻擊的偵測性能提升，提升工業控制系統的安全性。除此之外，本研究也採用模糊測試產生攻擊樣本資料，並比較兩者之間的資料品質。經本研究實驗顯示，使用適當比例結合模糊測試生成之資料與生成對抗網路生成之資料，訓練出的入侵偵測模型可以有最佳的表現。

The convergence of Industrial Control System(ICS) network and Information Technology(IT) network enables traditional manufacturers to leverage modern technologies for automated production. However, the network protocols for ICS possess limited defense mechanisms against potential threats since they were designed for deployment in isolated environments. Consequently, the exposure of ICS network has led to an array of emerging cyberattacks. The need for safeguarding against these novel cyberattacks necessitates the development of a robust intrusion detection system capable of promptly alerting security personnel.
The robustness and reliability of an intrusion detection system heavily relies on the quality of its training data. Current Intrusion Detection Systems(IDS) confront challenges related to insufficient and imbalanced data, which significantly affect their detection rates. Generative adversarial networks offer a solution by generating realistic data based on existing data, and a wide variety of Generative Adversarial Networks(GAN) variants cater to different data types. By appropriately synthesizing generated and existing data, the issues of data quality can be address, subsequently improve the performance of IDS.
This study employs Conditional Tabular GAN (CTGAN) as it is redesigned for generating tabular data. Furthermore, several constraint rules are also defined within CTGAN model to ensure that the generated data are accurate in accordance with the protocols. Additionally, this study also incorporates fuzzing as complementary techniques during evaluation. And according to the evaluation results, the IDS trained with synthetic data that combines CTGAN data, fuzzing data and existing data yields the best performance.

論文審定書 i
中文摘要 ii
英文摘要 iii
圖次 vi
表次 vii
第一章 序論 1
1.1 研究背景 1
1.2 研究動機 3
1.3 研究目的 4
第二章 文獻探討 6
2.1對抗式資料生成 6
2.1.1生成對抗網路 7
2.1.2對抗式攻擊 11
2.2 模型改善方法 12
2.3 模糊測試 14
第三章 研究方法 16
3.1對抗式樣本生成模組 20
3.1.1 CTGAN演算法 20
3.1.2相關限制 23
3.1.3 Fuzzing相關演算法 24
3.2 IDS模型改善模組 25
第四章 系統評估 28
4.1實驗概述 28
4.1.1評估方法 28
4.1.2實驗資料集簡介 29
4.1.3實驗設計 31
4.2 FUZZING資料生成 33
4.3 CTGAN資料生成 38
4.3.1 CTGAN資料訓練模型 IDS-MCT 38
4.3.2 CTGAN資料訓練模型 IDS-BCT 42
4.4 資料混合訓練模型 IDS-BCTFZ 46
4.5 與其他方法比較 47
第五章 研究貢獻與未來展望 48
參考文獻 50

[1] A. Ribeiro, "Widening threat landscape brings a multitude of challenges to industrial, manufacturing enterprises," industrialcyber.co, 20211219 2021. [Online]. Available: https://industrialcyber.co/threats-attacks/widening-threat-landscape-brings-multitude-of-challenges-to-industrial-manufacturing-enterprises/.
[2] 趨勢科技, "什麼是工業控制系統(Industrial Control System,ICS) ?," 資安趨勢部落格, 20210419 2021. [Online]. Available: https://blog.trendmicro.com.tw/?p=67721.
[3] 趨勢科技, "工業設備網路攻擊造成企業數百萬美元損失," 20220609 2022. [Online]. Available: https://blog.trendmicro.com.tw/?p=72865.
[4] 數位資安, "美國佛州淨水廠網路攻擊事件，凸顯關鍵基礎設施資安防護仍顯脆弱," 20210304 2021. [Online]. Available: https://www.isecurity.com.tw/news-and-events/20210304_us_water_purification_facilities_cyber_attack/.
[5] 周峻佑, "伊朗鐵路系統遭入侵，駭客散布班次延誤或取消的不實資訊," 電週文化事業, 2021. [Online]. Available: https://www.ithome.com.tw/news/145592.
[6] I. Ilascu, "Iranian gas stations out of service after distribution network hacked," BLEEPINGCOMPUTER, 20211026 2021. [Online]. Available: https://www.bleepingcomputer.com/news/security/iranian-gas-stations-out-of-service-after-distribution-network-hacked/.
[7] 陳曉莉, "FBI證實攻擊燃油管道系統Colonial Pipeline的兇手為DarkSide," in iThome, ed, 2021.
[8] 周峻佑, "多國警告全球關鍵基礎設施成俄羅斯下一波攻擊目標、手機晶片漏洞恐波及安卓用戶," 電週文化事業, 2022. [Online]. Available: https://www.ithome.com.tw/news/150572.
[9] P. H. Duy and N. N. Diep, "Intrusion detection using deep neural network," Southeast Asian Journal of Sciences, vol. 5, no. 2, pp. 111-125, 2017.
[10] T. A. Tang, L. Mhamdi, D. McLernon, S. A. R. Zaidi, and M. Ghogho, "Deep learning approach for network intrusion detection in software defined networking," in 2016 international conference on wireless networks and mobile communications (WINCOM), 2016: IEEE, pp. 258-263.
[11] C. Yin, Y. Zhu, J. Fei, and X. He, "A deep learning approach for intrusion detection using recurrent neural networks," Ieee Access, vol. 5, pp. 21954-21961, 2017.
[12] N. Akhtar and A. Mian, "Threat of adversarial attacks on deep learning in computer vision: A survey," Ieee Access, vol. 6, pp. 14410-14430, 2018.
[13] H. Qiu, T. Dong, T. Zhang, J. Lu, G. Memmi, and M. Qiu, "Adversarial attacks against network intrusion detection in IoT systems," IEEE Internet of Things Journal, vol. 8, no. 13, pp. 10327-10335, 2020.
[14] J. Dong, Z. Guan, L. Wu, X. Du, and M. Guizani, "A sentence-level text adversarial attack algorithm against IIoT based smart grid," Computer Networks, vol. 190, p. 107956, 2021.
[15] V. Ballet, X. Renard, J. Aigrain, T. Laugel, P. Frossard, and M. Detyniecki, "Imperceptible adversarial attacks on tabular data," arXiv preprint arXiv:1911.03274, 2019.
[16] I. Goodfellow et al., "Generative adversarial networks," Communications of the ACM, vol. 63, no. 11, pp. 139-144, 2020.
[17] M. H. Shahriar, N. I. Haque, M. A. Rahman, and M. Alonso, "G-ids: Generative adversarial networks assisted intrusion detection system," in 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC), 2020: IEEE, pp. 376-385.
[18] L. Xu, M. Skoularidou, A. Cuesta-Infante, and K. Veeramachaneni, "Modeling tabular data using conditional gan," Advances in Neural Information Processing Systems, vol. 32, 2019.
[19] A. A. Alqarni and E.-S. M. El-Alfy, "Improving Intrusion Detection for Imbalanced Network Traffic using Generative Deep Learning," International Journal of Advanced Computer Science and Applications, vol. 13, no. 4, 2022.
[20] J. Jia, P. Wu, K. Zhang, and J. Zhong, "Imbalanced Disk Failure Data Processing Method Based on CTGAN," in International Conference on Intelligent Computing, 2022: Springer, pp. 638-649.
[21] S. Ndichu, T. Ban, T. Takahashi, and D. Inoue, "Security-Alert Screening with Oversampling Based on Conditional Generative Adversarial Networks," in 2022 17th Asia Joint Conference on Information Security (AsiaJCIS), 2022: IEEE, pp. 1-7.
[22] D. G. Nyambo, N. Ngulumbi, N. Mduma, R. Sinde, and T. Lyimo, "Data Synthesis Technique for Categorical Pestes Des Petits Ruminants (PPR) Data Using CTGAN Model," 2023.
[23] K. Sauka, G.-Y. Shin, D.-W. Kim, and M.-M. Han, "Adversarial robust and explainable network intrusion detection systems based on deep learning," Applied Sciences, vol. 12, no. 13, p. 6451, 2022.
[24] M. Lopez-Martin, A. Sanchez-Esguevillas, J. I. Arribas, and B. Carro, "Supervised contrastive learning over prototype-label embeddings for network intrusion detection," Information Fusion, vol. 79, pp. 200-228, 2022.
[25] M. Pawlicki, M. Choraś, and R. Kozik, "Defending network intrusion detection systems against adversarial evasion attacks," Future Generation Computer Systems, vol. 110, pp. 148-154, 2020.
[26] M. Ring, D. Schlör, D. Landes, and A. Hotho, "Flow-based network traffic generation using generative adversarial networks," Computers & Security, vol. 82, pp. 156-172, 2019.
[27] Y. Yang, K. Zheng, B. Wu, Y. Yang, and X. Wang, "Network intrusion detection based on supervised adversarial variational auto-encoder with regularization," IEEE access, vol. 8, pp. 42169-42184, 2020.
[28] G. Caminero, M. Lopez-Martin, and B. Carro, "Adversarial environment reinforcement learning algorithm for intrusion detection," Computer Networks, vol. 159, pp. 96-109, 2019.
[29] I. Debicha, R. Bauwens, T. Debatty, J.-M. Dricot, T. Kenaza, and W. Mees, "TAD: Transfer learning-based multi-adversarial detection of evasion attacks against network intrusion detection systems," Future Generation Computer Systems, vol. 138, pp. 185-197, 2023.
[30] Q. Zou, A. Singhal, X. Sun, and P. Liu, "Generating comprehensive data with protocol fuzzing for applying deep learning to detect network attacks," arXiv preprint arXiv:2012.12743, 2020.
[31] J. Li, B. Zhao, and C. Zhang, "Fuzzing: a survey," Cybersecurity, vol. 1, no. 1, pp. 1-13, 2018.
[32] M. Böhme, V.-T. Pham, M.-D. Nguyen, and A. Roychoudhury, "Directed greybox fuzzing," in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017, pp. 2329-2344.
[33] Á. L. P. Gómez et al., "On the generation of anomaly detection datasets in industrial control systems," IEEE Access, vol. 7, pp. 177460-177473, 2019.