- 學位論文
運用深度學習於網路入侵檢測之探討
Conducting Network Intrusion Detection with Enhanced Deep Learning
摘要
隨著近年來資通訊的高速發展,人們所使用的傳輸量也隨之上升,除此之外,大量物聯網設備開始流入市面,這樣的情況也造成大量的數據傳輸,隨著這些流量的產生,將會對入侵檢測系統產生挑戰。 最近幾年的研究發現入侵檢測系統遭遇的挑戰主要可以分為下列幾類,分別是(1)在網路中大量生成的資料(2)入侵檢測系統檢測的深度(3)多樣的協議和資料,這三個問題是近年來入侵檢測系統主要面對的挑戰,而第一點網路中大量生成的資料主要是因為近年來資通訊產業的發展迅速,且物聯網設備的發展也日漸多元,因此造成大量的設備流入市面,因而造成大量的資訊在網路中傳輸,而在網路中的資料也變得更加龐大,這將會對入侵檢測系統造成負擔,因為大量的資料在傳輸的過程中,需要更密集的去處理大量的資料,即使在電腦效能有所提升的情況下,仍然不足以應付日漸增加的傳輸量,而在入侵檢測系統檢測的深度方面,為了提升入侵檢測系統的有效性和準確性,入侵檢測系統不能再依靠一些簡易或明顯的特徵來辨識攻擊與否,而必須要能更深度來觀察與檢測,這也意謂入侵檢測系統需要觀察更多特徵。 本論文提出了使用深度學習的方法來解決目前流行的入侵檢測資料集各類別資料集不平衡的情況,我們使用深度變分自動編碼機生成新資料來使不平衡的資料集變的平衡,平衡過後的資料將可以使分類器在訓練時,因為各資料不平衡而產生分類上的偏差被降低,除此之外,我們還使用平衡過後的資料集來訓練深度自動編碼器,利用深度自動編碼器可以壓縮精華特徵的特性,我們可以去除特徵中冗餘的部份,這將使我們可以更準確地去分類我們的資料。 實驗結果證實,在使用平衡的資料集的情況下,分類的準確率有更好的表現,再加上使用平衡過後的資料集所訓練的特徵壓縮模型下,我們可以得更好的準確率,和未平衡的資料集相比,我們在面對未知的攻擊時,我們有更好的強健性,我們也可以解決因為各類別資料的不平衡所造成的模型在訓練時所發生的過擬合的問題,這將使我們的入侵檢測模型在遭遇新型態的資料時,不會因為資料不曾出現在訓練資料集中,而發生誤判的問題。
並列摘要
Abstract: With the rapid development of information and communication in recent years, the amount of transmission used by people increase. In addition, a large number of internet of things devices are entering the market, which also results in a large amount of data transmission. With the generation of these flows, intrusion detection systems will be challenged. In recent years, research has found that the challenges encountered by intrusion detection systems can be divided into the following categories: (1) the volume of data both stored and passing through networks continues to increase; (2) the depth of intrusion detection systems; (3) a variety of protocols and data. These three problems are the main challenges of intrusion detection systems in recent years. The first reason for the large amount of data generated in the network is the rapid development of the information and communication industry in recent years. The development of internet of things devices is also increasingly diversified, resulting in a large number of devices into the market. As a result, a large amount of information is transmitted over the network, and the data in the network becomes even larger. This will impose a burden on the intrusion detection system, because a large number of traffics in the transmission process, needs to be more intensive to deal with a large number of traffics. Even with the improvement in computing performance, it is still not enough to cope with the increasing traffic. In terms of the detection depth of intrusion detection system, in order to improve the effectiveness and accuracy of intrusion detection system, intrusion detection system can no longer rely on some simple or obvious features to identify whether the traffic is an attack. Must be able to observe and detect in greater depth, which means that intrusion detection system needs to observe more characteristics. This paper proposes the method of deep learning to solve the imbalance of intrusion detection data set. We use deep variational autoencoders to generate new data to balance the unbalanced dataset. The balanced data can reduce the deviation of classifier in training because of the imbalance of data. In addition, we used a balanced dataset to train the deep autoencoder. By using the depth autoencoder to compress the features of the essential features, we can remove the redundant parts of the features. This will enable us to classify data more accurately. Experimental results show that classification accuracy is better when balanced datasets are used. Coupled with the use of the balanced dataset trained by the feature compression model, we can get better accuracy. Compared to unbalanced datasets, we have better robustness against unknown attacks. We can also solve the problem of over-fitting in the training of the model caused by the imbalance of various types of data. This will ensure that our intrusion detection model will not misjudge new types of data because they are not in the training data set.