博碩士論文 etd-0610117-165652 詳細資訊


[回到前頁查詢結果 | 重新搜尋]

姓名 王丞儒(Cheng-Ru Wang) 電子郵件信箱 E-mail 資料不公開
畢業系所 電機工程學系研究所(Electrical Engineering)
畢業學位 碩士(Master) 畢業時期 105學年第2學期
論文名稱(中) 機器學習應用於網路入侵偵測的研究
論文名稱(英) Machine Learning Based Network Intrusion Detection
檔案
  • etd-0610117-165652.pdf
  • 本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
    請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
    論文使用權限

    紙本論文:5 年後公開 (2022-07-19 公開)

    電子論文:使用者自訂權限:校內 5 年後、校外 5 年後公開

    論文語文/頁數 中文/66
    統計 本論文已被瀏覽 5635 次,被下載 8 次
    摘要(中) 因為網路於現代生活中的應用與普及,使得網路安全成為一個非常重要的議題及研究領域。為了預防或偵測網路攻擊,網路入侵偵測系統常常會使用機器學習的技術來提升偵測準確度或更快的運行速度。機器學習應用在網路入侵偵測系統上的一大優勢是我們並不需要如建構網路行為黑、白名單(black or white list)那麼多的專家知識。
    而極限學習機(extreme learning machine, ELM)是一種不需要反覆訓練的單層類神經網路,因此它的學習速度非常快。對於需處理大量資料的網路入侵偵測系統來說,在學習或偵測時速度都是一個很重要的考量。Huang et al.提出了改良版本的ELM,稱為C-ELM(equality constrained-optimization-based ELM),C-ELM加入了支援向量機(support vector machine, SVM)以及LS-SVM(least squares SVM)的特性。在此我們使用C-ELM建構網路入侵偵測模型,我們提出一個自適應(adaptively)且遞增(incremental)的學習機制使C-ELM模型可以得到一個最佳化的隱藏層神經元(hidden neuron)數目,此機制包含定義一個最佳化模型的建構條件以及自適應增長並結合二元搜尋決定隱藏層神經元數目的方法,此遞增的學習方法可以解決傳統C-ELM建構過程的運算負擔,而自適應增長的特性則可以使此方法更好用於不同複雜度的問題。
    我們將這個改良的C-ELM使用在網路入侵偵測上,並藉此驗證它的效果。透過數個實驗結果顯示我們提出的方法對於建構攻擊偵測模型是有效的,不僅可以提供不錯的攻擊偵測率,而且具備快速的學習速度。
    摘要(英) Since Internet is so popular and prevailing in human life, network security has become a very important issue and attracted a lot of study and practice. To detect or prevent network attacks, a network intrusion detection (NID) system may be equipped with machine learning algorithms to achieve better accuracy and faster detection speed.
    One of the major advantages of applying machine learning to network intrusion detection is that we don’t need expert knowledge as much as the black or white list model. Extreme learning machines (ELMs) are single-layer artificial neural networks not required to be iteratively trained. Therefore, their learning speed is fast, and speed is crucial in the success of network intrusion detection systems for them to take prompt, appropriate defending reactions. Huang et al. proposed the equality constrained-optimization-based ELM (C-ELM) which is a modified version of ELM by integrating with the features of support vector machines (SVMs) and least squares SVMs. In this paper, we apply C-ELM to network intrusion detection. An adaptively incremental learning strategy is proposed to derive the optimal number of hidden neurons. The optimization criteria and a way of adaptively increasing hidden neurons with binary search are developed.
    The proposed approach is applied to network intrusion detection to examine its capability. A broad of experiments have been done and the results show that our proposed approach is effective in building models with good attack detection rates and fast learning speed.
    關鍵字(中)
  • 網路攻擊
  • 支援向量機
  • 自適應遞增學習
  • 極限學習機
  • 監督式學習
  • 關鍵字(英)
  • support vector machine
  • extreme learning machine
  • adaptively incremental learning
  • supervised learning
  • network intrusion
  • 論文目次 致謝 i
    摘要 ii
    圖目錄 vi
    表目錄 viii
    第一章 導論 1
    1.1. 研究背景與目的 1
    1.2. 論文架構 4
    第二章 文獻探討 5
    2.1. 網路入侵偵測系統 5
    2.2. C-ELM 8
    第三章 研究方法 11
    3.1. 演算法簡介 11
    3.2. 遞增學習 12
    3.3. 建構C-ELM 15
    3.3.1. 第一階段 17
    3.3.2. 第二階段 20
    3.3.3. 完整演算法(CAI) 23
    第四章 網路入侵偵測應用實驗結果分析 25
    4.1. Benchmark Data 25
    4.2. 評估標準 27
    4.3. CAI參數設定 28
    4.4. 與其他方法比較 34
    4.4.1. CAI與Lin的方法比較 34
    4.4.2. CAI與Tan的方法比較 36
    4.4.3. CAI與Singh的方法比較 37
    4.4.4. CAI與Hu的方法比較 40
    4.4.5. CAI與IC-ELM的比較 41
    第五章 結論與未來展望 48
    5.1. 結論 48
    5.2. 未來研究方向 48
    參考文獻 49
    參考文獻 [1] Z. Tan, A. Jamdagni, X. He, P. Nanda, R. P. Liu, A system for denial-of-service attack detection based on multivariate correlation analysis, IEEE Transactions on Parallel and Distributed Systems 25 (2) (2014) 447–456.
    [2] M. H. Bhuyan, D. K. Bhattacharyya, J. K. Kalita, Network anomaly detection: Methods, systems and tools, IEEE Communications Surveys & Tutorials 16 (1) (2014) 303–336.
    [3] W. Meng, W. Li, L.-F. Kwok, EFM: Enhancing the performance of signature based network intrusion detection systems using enhanced filter mechanism, Computers & Security 43 (2014) 189–204.
    [4] A. Jamdagni, Z. Tan, X. He, P. Nanda, R. P. Liu, Repids: A multi tier real-time payload-based intrusion detection system, Computer Networks 57 (2013) 811–824.
    [5] S. Elhag, A. Fernández, A. Bawakid, S. Alshomrani, F. Herrera, On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on intrusion detection systems, Expert Systems with Applications 42 (22) (2015) 193–202.
    [6] W.-C. Lin, S.-W. Ke, C.-F. Tsai, CANN: An intrusion detection system based on combining cluster centers and nearest neighbors, Knowledge-Based Systems 78 (2015) 13–21.
    [7] D. E. Rumelhart, J. L. McClelland, Parallel Distributed Processing: Explorations in the Microstructure of Cognition, Vol. 1-2, Cambridge, MA, 1986.
    [8] M. T. Hagan, H. B. Demuth, M. H. Beale, O. De Jesús, Neural Network Design, Vol. 20, PWS publishing company Boston, 1996.
    [9] G.-B. Huang, Q.-Y. Zhu, C.-K. Siew, Extreme learning machine: Theory and applications, Neurocomputing 70 (1) (2006) 489–501.
    [10] G.-B. Huang, C.-K. Siew, Extreme learning machine with randomly assigned RBF kernels, International Journal of Information Technology 11 (1) (2005) 16–24.
    [11] H.-J. Rong, G.-B. Huang, N. Sundararajan, P. Saratchandran, Online sequential fuzzy extreme learning machine for function approximation and classification problems, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics) 39 (4) (2009) 1067–1072.
    [12] G.-B. Huang, Q.-Y. Zhu, K. Z. Mao, C.-K. Siew, P. Saratchandran, N. Sundararajan, Can threshold networks be trained directly?, IEEE Transactions on Circuits and Systems Part 2: Express Briefs 53 (3) (2006) 187–191.
    [13] F. Han, D.-S. Huang, Improved extreme learning machine for function approximation by encoding a priori information, Neurocomputing 69 (16) (2006) 2369–2373.
    [14] G.-B. Huang, M.-B. Li, L. Chen, C.-K. Siew, Incremental extreme learning machine with fully complex hidden nodes, Neurocomputing 71 (4) (2008) 576–583.
    [15] G.-B. Huang, L. Chen, Convex incremental extreme learning machine, Neurocomputing 70 (16) (2007) 3056–3062.
    [16] Z.-L. Sun, K.-F. Au, T.-M. Choi, A neuro-fuzzy inference system through integration of fuzzy logic and extreme learning machines, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics) 37 (5) (2007) 1321–1331.
    [17] W.-B. Zhang, H.-B. Ji, Fuzzy extreme learning machine for classification, Electronics Letters 49 (7) (2013) 448–450.
    [18] Z. Deng, K.-S. Choi, L. Cao, S. Wang, T2FELA: Type-2 fuzzy extreme learning algorithm for fast training of interval type-2 TSK fuzzy logic system, IEEE Transactions on Neural Networks and Learning Systems 25 (4) (2014) 664–676.
    [19] C. Cheng,W. P. Tay, G.-B. Huang, Extreme learning machines for intrusion detection, in: The 2012 International Joint Conference on Neural Networks (IJCNN), 2012.
    [20] G.-B. Huang, X. Ding, H. Zhou, Optimization method based extreme learning machine for classification, Neurocomputing 74 (1) (2010) 155–163.
    [21] G.-B. Huang, H. Zhou, X. Ding, R. Zhang, Extreme learning machine for regression and multiclass classification, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics) 42 (2) (2012) 513–529.
    [22] C. Cortes, V. Vapnik, Support-vector networks, Machine learning 20 (3) (1995) 273–297.
    [23] J. A. K. Suykens, J. Vandewalle, Least squares support vector machine classifiers, Neural processing letters 9 (3) (1999) 293–300.
    [24] W. Zong, G.-B. Huang, Y. Chen, Weighted extreme learning machine for imbalance learning, Neurocomputing 101 (2013) 229–242.
    [25] G. Huang, S. Song, J. N. D. Gupta, C. Wu, Semi-supervised and unsupervised extreme learning machines, IEEE Transactions on Cybernetics 44 (12) (2014) 2405–2417.
    [26] Z. Bai, G.-B. Huang, D. Wang, H. Wang, M. B. Westover, Sparse extreme learning machine for classification, IEEE Transactions on Cybernetics 44 (10) (2014) 1858–1870.
    [27] R. Wang, S. Kwong, D. D. Wang, An analysis of ELM approximate error based on random weight matrix, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 21 (supp02) (2013) 1–12.
    [28] G.-B. Huang, L. Chen, C.-K. Siew, Universal approximation using incremental constructive feedforward networks with random hidden nodes, IEEE Transactions on Neural Networks 17 (4) (2006) 879–892.
    [29] G.-B. Huang, L. Chen, Enhanced random search based incremental extreme learning machine, Neurocomputing 71 (16) (2008) 3460–3468.
    [30] G. Feng, G.-B. Huang, Q. Lin, R. Gay, Error minimized extreme learning machine with growth of hidden nodes and incremental learning, IEEE Transactions on Neural Networks 20 (8) (2009) 1352–1357.
    [31] R.-F. Xu, Z.-Y. Wang, S.-J. Lee, Constrained-optimization-based extreme learning machine with incremental learning, in: Multimedia, Communication and Computing Application: Proceedings of the 2014 International Conference on Multimedia, Communication and Computing Application (MCCA 2014), CRC Press, 2015, pp. 315–318.
    [32] R.-F. Xu, Dimensionality reduction by feture clustering for regression problems and an incremental learning method for equality constrained-optimization based extreme learning machine, Master’s thesis, National Sun Yat-sen University (2014).
    [33] P. Coulibaly, F. Anctil, B. Bobée, Daily reservoir inflow forecasting using artificial neural networks with stopped training approach, Journal of Hydrology 230 (3-4) (2000) 244–257.
    [34] V. Das, V. Pathak, S. Sharma, R. Sreevathsan, M. Srikanth, G. Kumart, Network intrusion detection system based on machine learning algorithms, International Journal of Computer Science & Information Technology 2 (6) (2010) 138–151.
    [35] R. Shanmugavadivu, N. Nagarajan, Network intrusion detection system using fuzzy logic, Indian Journal of Computer Science and Engineering 2 (1) (2011) 101–111.
    [36] R. Borgohain, Fugeids: Fuzzy genetic paradigms in intrusion detection systems, International Journal of Advanced Networking & Applications 3 (2012) 1409–1415.
    [37] M.-H. Chen, P.-C. Chang, J.-L.Wu, A population-based incremental learning approach with artificial immune system for network intrusion detection, Engineering Applications of Artificial Intelligence 56 (2016) 171–181.
    [38] W. Hu, J. Gao, Y. Wang, O. Wu, S. Maybank, Online Adaboost-based parameterized methods for dynamic distributed network intrusion detection, IEEE Transactions on Cybernetics 44 (2014) 66–82.
    [39] R. Singh, H. Kumar, R. K. Singla, An intrusion detection system using network traffic profiling and online sequential extreme learning machine, Expert Systems with Applications 42 (2015) 8609–8624.
    [40] W. L. Al-Yaseen, Z. A. Othman, M. Z. A. Nazri, Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system, Expert Systems with Applications 67 (2017) 296–303.
    [41] A. A. Aburomman, M. B. I. Reaz, A novel SVM-KNN-PSO ensemble method for intrusion detection system, Applied Soft Computing 38 (2016) 360–372.
    [42] C. Guo, Y. Ping, N. Liu, S.-S. Luo, A two-level hybrid approach for intrusion detection, Neurocomputing 214 (2016) 391–400.
    [43] Y. Zhu, J. Liang, J. Chen, Z. Ming, An improved NSGA-III algorithm for feature selection used in intrusion detection, Knowledge-Based Systems 116 (2017) 74–85.
    [44] R. A. R. Ashfaq, X.-Z. Wang, J. Z. Huang, H. Abbas, Y.-L. He, Fuzziness based semi-supervised learning approach for intrusion detection system, Information Sciences 378 (2017) 484–497.
    [45] S. P. Boyd, L. El Ghaoui, E. Feron, V. Balakrishnan, Linear Matrix Inequalities in System and Control Theory, Vol. 15, SIAM, 1994.
    [46] S.-C. Huang, Y.-F. Huang, Bounds on the number of hidden neurons in multilayer perceptrons, IEEE Transactions on Neural Network 2 (1) (1991) 47–55.
    [47] KDD-Cup 99 data set, https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (1999).
    [48] NSL-KDD data set, http://www.unb.ca/research/iscx/dataset/iscx-NSL-KDD-dataset.html (2009).
    [49] M. Tavallaee, E. Bagheri, W. Lu, A. Ghorbani, A detailed analysis of the KDD CUP 99 data set, in: IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), 2009, 2009.
    口試委員
  • 吳志宏 - 召集委員
  • 侯俊良 - 委員
  • 林展霈 - 委員
  • 歐陽振森 - 委員
  • 李錫智 - 指導教授
  • 口試日期 2017-07-12 繳交日期 2017-07-19

    [回到前頁查詢結果 | 重新搜尋]


    如有任何問題請與論文審查小組聯繫