Responsive image
博碩士論文 etd-0610117-165652 詳細資訊
Title page for etd-0610117-165652
論文名稱
Title
機器學習應用於網路入侵偵測的研究
Machine Learning Based Network Intrusion Detection
系所名稱
Department
畢業學年期
Year, semester
語文別
Language
學位類別
Degree
頁數
Number of pages
66
研究生
Author
指導教授
Advisor
召集委員
Convenor
口試委員
Advisory Committee
口試日期
Date of Exam
2017-07-12
繳交日期
Date of Submission
2017-07-19
關鍵字
Keywords
網路攻擊、支援向量機、自適應遞增學習、極限學習機、監督式學習
support vector machine, extreme learning machine, adaptively incremental learning, supervised learning, network intrusion
統計
Statistics
本論文已被瀏覽 5944 次,被下載 32
The thesis/dissertation has been browsed 5944 times, has been downloaded 32 times.
中文摘要
因為網路於現代生活中的應用與普及,使得網路安全成為一個非常重要的議題及研究領域。為了預防或偵測網路攻擊,網路入侵偵測系統常常會使用機器學習的技術來提升偵測準確度或更快的運行速度。機器學習應用在網路入侵偵測系統上的一大優勢是我們並不需要如建構網路行為黑、白名單(black or white list)那麼多的專家知識。
而極限學習機(extreme learning machine, ELM)是一種不需要反覆訓練的單層類神經網路,因此它的學習速度非常快。對於需處理大量資料的網路入侵偵測系統來說,在學習或偵測時速度都是一個很重要的考量。Huang et al.提出了改良版本的ELM,稱為C-ELM(equality constrained-optimization-based ELM),C-ELM加入了支援向量機(support vector machine, SVM)以及LS-SVM(least squares SVM)的特性。在此我們使用C-ELM建構網路入侵偵測模型,我們提出一個自適應(adaptively)且遞增(incremental)的學習機制使C-ELM模型可以得到一個最佳化的隱藏層神經元(hidden neuron)數目,此機制包含定義一個最佳化模型的建構條件以及自適應增長並結合二元搜尋決定隱藏層神經元數目的方法,此遞增的學習方法可以解決傳統C-ELM建構過程的運算負擔,而自適應增長的特性則可以使此方法更好用於不同複雜度的問題。
我們將這個改良的C-ELM使用在網路入侵偵測上,並藉此驗證它的效果。透過數個實驗結果顯示我們提出的方法對於建構攻擊偵測模型是有效的,不僅可以提供不錯的攻擊偵測率,而且具備快速的學習速度。
Abstract
Since Internet is so popular and prevailing in human life, network security has become a very important issue and attracted a lot of study and practice. To detect or prevent network attacks, a network intrusion detection (NID) system may be equipped with machine learning algorithms to achieve better accuracy and faster detection speed.
One of the major advantages of applying machine learning to network intrusion detection is that we don’t need expert knowledge as much as the black or white list model. Extreme learning machines (ELMs) are single-layer artificial neural networks not required to be iteratively trained. Therefore, their learning speed is fast, and speed is crucial in the success of network intrusion detection systems for them to take prompt, appropriate defending reactions. Huang et al. proposed the equality constrained-optimization-based ELM (C-ELM) which is a modified version of ELM by integrating with the features of support vector machines (SVMs) and least squares SVMs. In this paper, we apply C-ELM to network intrusion detection. An adaptively incremental learning strategy is proposed to derive the optimal number of hidden neurons. The optimization criteria and a way of adaptively increasing hidden neurons with binary search are developed.
The proposed approach is applied to network intrusion detection to examine its capability. A broad of experiments have been done and the results show that our proposed approach is effective in building models with good attack detection rates and fast learning speed.
目次 Table of Contents
致謝 i
摘要 ii
圖目錄 vi
表目錄 viii
第一章 導論 1
1.1. 研究背景與目的 1
1.2. 論文架構 4
第二章 文獻探討 5
2.1. 網路入侵偵測系統 5
2.2. C-ELM 8
第三章 研究方法 11
3.1. 演算法簡介 11
3.2. 遞增學習 12
3.3. 建構C-ELM 15
3.3.1. 第一階段 17
3.3.2. 第二階段 20
3.3.3. 完整演算法(CAI) 23
第四章 網路入侵偵測應用實驗結果分析 25
4.1. Benchmark Data 25
4.2. 評估標準 27
4.3. CAI參數設定 28
4.4. 與其他方法比較 34
4.4.1. CAI與Lin的方法比較 34
4.4.2. CAI與Tan的方法比較 36
4.4.3. CAI與Singh的方法比較 37
4.4.4. CAI與Hu的方法比較 40
4.4.5. CAI與IC-ELM的比較 41
第五章 結論與未來展望 48
5.1. 結論 48
5.2. 未來研究方向 48
參考文獻 49
參考文獻 References
[1] Z. Tan, A. Jamdagni, X. He, P. Nanda, R. P. Liu, A system for denial-of-service attack detection based on multivariate correlation analysis, IEEE Transactions on Parallel and Distributed Systems 25 (2) (2014) 447–456.
[2] M. H. Bhuyan, D. K. Bhattacharyya, J. K. Kalita, Network anomaly detection: Methods, systems and tools, IEEE Communications Surveys & Tutorials 16 (1) (2014) 303–336.
[3] W. Meng, W. Li, L.-F. Kwok, EFM: Enhancing the performance of signature based network intrusion detection systems using enhanced filter mechanism, Computers & Security 43 (2014) 189–204.
[4] A. Jamdagni, Z. Tan, X. He, P. Nanda, R. P. Liu, Repids: A multi tier real-time payload-based intrusion detection system, Computer Networks 57 (2013) 811–824.
[5] S. Elhag, A. Fernández, A. Bawakid, S. Alshomrani, F. Herrera, On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on intrusion detection systems, Expert Systems with Applications 42 (22) (2015) 193–202.
[6] W.-C. Lin, S.-W. Ke, C.-F. Tsai, CANN: An intrusion detection system based on combining cluster centers and nearest neighbors, Knowledge-Based Systems 78 (2015) 13–21.
[7] D. E. Rumelhart, J. L. McClelland, Parallel Distributed Processing: Explorations in the Microstructure of Cognition, Vol. 1-2, Cambridge, MA, 1986.
[8] M. T. Hagan, H. B. Demuth, M. H. Beale, O. De Jesús, Neural Network Design, Vol. 20, PWS publishing company Boston, 1996.
[9] G.-B. Huang, Q.-Y. Zhu, C.-K. Siew, Extreme learning machine: Theory and applications, Neurocomputing 70 (1) (2006) 489–501.
[10] G.-B. Huang, C.-K. Siew, Extreme learning machine with randomly assigned RBF kernels, International Journal of Information Technology 11 (1) (2005) 16–24.
[11] H.-J. Rong, G.-B. Huang, N. Sundararajan, P. Saratchandran, Online sequential fuzzy extreme learning machine for function approximation and classification problems, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics) 39 (4) (2009) 1067–1072.
[12] G.-B. Huang, Q.-Y. Zhu, K. Z. Mao, C.-K. Siew, P. Saratchandran, N. Sundararajan, Can threshold networks be trained directly?, IEEE Transactions on Circuits and Systems Part 2: Express Briefs 53 (3) (2006) 187–191.
[13] F. Han, D.-S. Huang, Improved extreme learning machine for function approximation by encoding a priori information, Neurocomputing 69 (16) (2006) 2369–2373.
[14] G.-B. Huang, M.-B. Li, L. Chen, C.-K. Siew, Incremental extreme learning machine with fully complex hidden nodes, Neurocomputing 71 (4) (2008) 576–583.
[15] G.-B. Huang, L. Chen, Convex incremental extreme learning machine, Neurocomputing 70 (16) (2007) 3056–3062.
[16] Z.-L. Sun, K.-F. Au, T.-M. Choi, A neuro-fuzzy inference system through integration of fuzzy logic and extreme learning machines, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics) 37 (5) (2007) 1321–1331.
[17] W.-B. Zhang, H.-B. Ji, Fuzzy extreme learning machine for classification, Electronics Letters 49 (7) (2013) 448–450.
[18] Z. Deng, K.-S. Choi, L. Cao, S. Wang, T2FELA: Type-2 fuzzy extreme learning algorithm for fast training of interval type-2 TSK fuzzy logic system, IEEE Transactions on Neural Networks and Learning Systems 25 (4) (2014) 664–676.
[19] C. Cheng,W. P. Tay, G.-B. Huang, Extreme learning machines for intrusion detection, in: The 2012 International Joint Conference on Neural Networks (IJCNN), 2012.
[20] G.-B. Huang, X. Ding, H. Zhou, Optimization method based extreme learning machine for classification, Neurocomputing 74 (1) (2010) 155–163.
[21] G.-B. Huang, H. Zhou, X. Ding, R. Zhang, Extreme learning machine for regression and multiclass classification, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics) 42 (2) (2012) 513–529.
[22] C. Cortes, V. Vapnik, Support-vector networks, Machine learning 20 (3) (1995) 273–297.
[23] J. A. K. Suykens, J. Vandewalle, Least squares support vector machine classifiers, Neural processing letters 9 (3) (1999) 293–300.
[24] W. Zong, G.-B. Huang, Y. Chen, Weighted extreme learning machine for imbalance learning, Neurocomputing 101 (2013) 229–242.
[25] G. Huang, S. Song, J. N. D. Gupta, C. Wu, Semi-supervised and unsupervised extreme learning machines, IEEE Transactions on Cybernetics 44 (12) (2014) 2405–2417.
[26] Z. Bai, G.-B. Huang, D. Wang, H. Wang, M. B. Westover, Sparse extreme learning machine for classification, IEEE Transactions on Cybernetics 44 (10) (2014) 1858–1870.
[27] R. Wang, S. Kwong, D. D. Wang, An analysis of ELM approximate error based on random weight matrix, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 21 (supp02) (2013) 1–12.
[28] G.-B. Huang, L. Chen, C.-K. Siew, Universal approximation using incremental constructive feedforward networks with random hidden nodes, IEEE Transactions on Neural Networks 17 (4) (2006) 879–892.
[29] G.-B. Huang, L. Chen, Enhanced random search based incremental extreme learning machine, Neurocomputing 71 (16) (2008) 3460–3468.
[30] G. Feng, G.-B. Huang, Q. Lin, R. Gay, Error minimized extreme learning machine with growth of hidden nodes and incremental learning, IEEE Transactions on Neural Networks 20 (8) (2009) 1352–1357.
[31] R.-F. Xu, Z.-Y. Wang, S.-J. Lee, Constrained-optimization-based extreme learning machine with incremental learning, in: Multimedia, Communication and Computing Application: Proceedings of the 2014 International Conference on Multimedia, Communication and Computing Application (MCCA 2014), CRC Press, 2015, pp. 315–318.
[32] R.-F. Xu, Dimensionality reduction by feture clustering for regression problems and an incremental learning method for equality constrained-optimization based extreme learning machine, Master’s thesis, National Sun Yat-sen University (2014).
[33] P. Coulibaly, F. Anctil, B. Bobée, Daily reservoir inflow forecasting using artificial neural networks with stopped training approach, Journal of Hydrology 230 (3-4) (2000) 244–257.
[34] V. Das, V. Pathak, S. Sharma, R. Sreevathsan, M. Srikanth, G. Kumart, Network intrusion detection system based on machine learning algorithms, International Journal of Computer Science & Information Technology 2 (6) (2010) 138–151.
[35] R. Shanmugavadivu, N. Nagarajan, Network intrusion detection system using fuzzy logic, Indian Journal of Computer Science and Engineering 2 (1) (2011) 101–111.
[36] R. Borgohain, Fugeids: Fuzzy genetic paradigms in intrusion detection systems, International Journal of Advanced Networking & Applications 3 (2012) 1409–1415.
[37] M.-H. Chen, P.-C. Chang, J.-L.Wu, A population-based incremental learning approach with artificial immune system for network intrusion detection, Engineering Applications of Artificial Intelligence 56 (2016) 171–181.
[38] W. Hu, J. Gao, Y. Wang, O. Wu, S. Maybank, Online Adaboost-based parameterized methods for dynamic distributed network intrusion detection, IEEE Transactions on Cybernetics 44 (2014) 66–82.
[39] R. Singh, H. Kumar, R. K. Singla, An intrusion detection system using network traffic profiling and online sequential extreme learning machine, Expert Systems with Applications 42 (2015) 8609–8624.
[40] W. L. Al-Yaseen, Z. A. Othman, M. Z. A. Nazri, Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system, Expert Systems with Applications 67 (2017) 296–303.
[41] A. A. Aburomman, M. B. I. Reaz, A novel SVM-KNN-PSO ensemble method for intrusion detection system, Applied Soft Computing 38 (2016) 360–372.
[42] C. Guo, Y. Ping, N. Liu, S.-S. Luo, A two-level hybrid approach for intrusion detection, Neurocomputing 214 (2016) 391–400.
[43] Y. Zhu, J. Liang, J. Chen, Z. Ming, An improved NSGA-III algorithm for feature selection used in intrusion detection, Knowledge-Based Systems 116 (2017) 74–85.
[44] R. A. R. Ashfaq, X.-Z. Wang, J. Z. Huang, H. Abbas, Y.-L. He, Fuzziness based semi-supervised learning approach for intrusion detection system, Information Sciences 378 (2017) 484–497.
[45] S. P. Boyd, L. El Ghaoui, E. Feron, V. Balakrishnan, Linear Matrix Inequalities in System and Control Theory, Vol. 15, SIAM, 1994.
[46] S.-C. Huang, Y.-F. Huang, Bounds on the number of hidden neurons in multilayer perceptrons, IEEE Transactions on Neural Network 2 (1) (1991) 47–55.
[47] KDD-Cup 99 data set, https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (1999).
[48] NSL-KDD data set, http://www.unb.ca/research/iscx/dataset/iscx-NSL-KDD-dataset.html (2009).
[49] M. Tavallaee, E. Bagheri, W. Lu, A. Ghorbani, A detailed analysis of the KDD CUP 99 data set, in: IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), 2009, 2009.
電子全文 Fulltext
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available


紙本論文 Printed copies
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。
開放時間 available 已公開 available

QR Code