题名

適用於當代網路入侵資料集之混合式入侵偵測系統

并列篇名

A Hybrid Intrusion Detection System for Contemporary Network Intrusion Dataset

DOI

10.6342/NTU201700042

作者

廖證模

关键词

入侵偵測系統 ; 機器學習 ; 當代攻擊偵測 ; Intrusion detection system ; Machine learning ; Contemporary attack detection

期刊名称

國立臺灣大學電機工程學系學位論文

卷期/出版年月

2017年

学位类别

碩士
导师

王勝德
内容语文

英文
中文摘要

隨著科技進步,現代網路情況也與過往不同。本研究針對當代的新型網路入侵偵測資料集。建構混合式入侵偵測系統偵測現代的網路異常資料。本論文提出使用離散演算法和群集演算法將訓練樣本分割成兩個群集,針對子群建立新分類模型以提升分類效能。離散訓練樣本時採用考慮特徵與標籤相依性的方法。標籤資訊添加進特徵中以改善分群結果。針對其中富含異常的子群,選擇具有代表性的特徵建立分類模型,提升整體分類效果。本實驗採用決策樹與貝氏網路,兩個分類效果良好的機器學習演算法。實驗結果顯示本論文的方法,有效提升正常與異常的偵測率、精準度及準確度。對於分類新型態的現代攻擊,亦能提升整體的準確度。
英文摘要

As the Internet technology advances, the modern network traffic is different from the past. Our study is aimed at the contemporary network intrusion detection dataset. By constructing a hybrid intrusion detection system to detect network anomalies, we propose using a feature discretization method and a cluster analysis algorithm to separate the training samples into two groups, the normal group and the anomaly group and then the new classification model is built to improve the performance of the anomaly group classification. The feature discretization method considers the interdependence between features and labels. Class information is added into the attributes to enhance the clustering results. For the anomaly group, several representative features are selected to construct classification model to improve the overall classification performance. Two efficient machine learning algorithms, the Decision Tree algorithm and the Bayesian Network algorithm, are adopted in our experiment. The experiment results show that our method can increase both the normal and anomaly detection rate, precision and accuracy. For the classification of new types of modern attacks, our approach also can improve the overall accuracy.
主题分类 電機資訊學院 > 電機工程學系
工程學 > 電機工程
参考文献
  1. [1] Naser Fallahi, Ashkan Sami, Morteza Tajbakhsh, “Automated Flow-based Rule Generation for Network Intrusion Detection Systems,” Electrical Engineering (ICEE), 2016
    連結:
  2. [2] S. García, J. Luengo, J.A. Sáez, V. López and F.Herrera, “A Survey of Discretization Techniques: Taxonomy and Empirical Analysis in Supervised Learning,” IEEE Transactions on Knowledge and Data Engineering, vol. 25, pp. 734-750, April 2013
    連結:
  3. [3] P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández and E. Vázquez, “Anomaly-based network intrusion detection: Techniques, systems and challenges,” Computers & Security, vol. 28, pp. 18-28, February-March 2009
    連結:
  4. [4] Anna L. Buczak and Erhan Guven, “A survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection,” IEEE Communications Surveys & Tutorials, vol. 18, pp. 1153-1176, Second quarter 2015
    連結:
  5. [5] Chun Guo, Yuan Ping, Nian Liu and Shou-Shan Luo, “A two level hybrid approach for intrusion detection,” Neurocomputing, vol. 214, pp. 391-400, November 2016
    連結:
  6. [7] Wei-Chao Lin, Shih-Wen Ke and Chih-Fong Tsai, “CANN: An intrusion detection system based on combining cluster centers and nearest neighbors,” Knowledge-Based Systems, vol. 78, pp.13-21, April 2015
    連結:
  7. [8] Chunyong Yin, Sun Zhang, Jin Wang and Jeong-Uk Kim, “An Improved K-Means Using in Anomaly Detection,” Computational Intelligence Theory, Systems and Applications (CCITSA), 2015
    連結:
  8. [9] Hari Om and Aritra Kundu, “A Hybrid System for Reducing the False Alarm Rate of Anomaly Intrusion Detection System,” Recent Advances in Information Technology (RAIT), 2012
    連結:
  9. [10] Wathiq Laftah Al-Yaseen, Zulaiha Ali Othman and Mohd Zakree Ahmad Nazri, “Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system,” Expert Systems with Applications, vol. 67, pp. 296-303, January 2017
    連結:
  10. [11] Chordia Anita S. and Sunil Gupta, “An Effective Model for anomaly IDS to Improve the Efficiency,” Green Computing and Internet of Things (ICGCIoT), 2015
    連結:
  11. [13] Li Liu, Pengyuan Wan, Yingmei Wang and Songtao Liu, “Clustering and Hybrid Genetic Algorithm based Intrusion Detection Strategy,” TELKOMNIKA Indonesian Journal of Electrical Engineering, vol. 12, January 2014
    連結:
  12. [14] Mohsen Eslamnezhad and Ali Yazdian Varjani, “Intrusion Detection Based on MinMax K-means Clustering,” Telecommunications (IST), 2014
    連結:
  13. [15] S. Varuna and P. Natesan, “An Integration of K-Means Clustering and Naïve Bayes Classifier for Intrusion Detection,” Signal Processing, Communication and Networking (ICSCN), 2015
    連結:
  14. [17] Rajveer Kaur, Gulshan Kumar and Krishan Kumar, “A Comparative Study of Feature Selection Techniques for Intrusion Detection,” Computing for Sustainable Global Development (INDIACom), 2015
    連結:
  15. [18] Nutan Farah Haq, Abdur Rahman Onik and Faisal Muhammad Shah, “An Ensemble Framework of Anomaly Detection using Hybridized Feature Selection Approach (HFSA),” SAI Intelligent Systems Conference (IntelliSys), 2015
    連結:
  16. [19] Mohammed A. Ambusaidi, Xiangjian He and Priyadarsi Nanda, “Unsupervised Feature Selection Method for Intrusion Detection System,” Trustcom/BigDataSE/ISPA, 2015
    連結:
  17. [21] Ketan Sanjay Desale and Roshani Ade, “Genetic Algorithm Based Feature Selection Approach for Effective Intrusion Detection System,” Computer Communication and Informatics (ICCCI), 2015
    連結:
  18. [22] Datta H. Deshmukh, Tushar Ghorpade and Puja Padiya, “Improving Classification Using Preprocessing and Machine Learning Algorithms on NSL-KDD Dataset,” Communication, Information & Computing Technology (ICCICT), 2015
    連結:
  19. [23] Chunyong Yin, Luyu Ma, Lu Feng, Jin Wang, Zhichao Yin and Jeong-Uk Kim, “A Hybrid Feature Selection Algorithm,” Advanced Information Technology and Sensor Application (AITS), 2015
    連結:
  20. [24] Aditya Harbola, Jyoti Harbola and Kunwar Singh Vaisla, “Improved Intrusion Detection in DDoS Applying feature selection Using Rank & Score of Attributes in KDD-99 data set,” Computational Intelligence and Communication Networks (CICN), 2014
    連結:
  21. [25] Muhammad Shakil Pervez and Dewan Md. Farid, “Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs,” Software, Knowledge, Information Management and Applications (SKIMA), 2014
    連結:
  22. [26] Fang Huang, Jing Liu, Xinmin Liu and Jun Long, “Academic Relation Classification Rules Extraction with Correlation Feature Weight Selection,” Intelligent Systems (GCIS), 2012
    連結:
  23. [27] Nour Moustafa and Jill Slay, “The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set,” Information Security Journal: A Global Perspective, vol.25, pp. 18-31, January 2016
    連結:
  24. [28] Nour Moustafa and Jill Slay, “A Hybrid Feature Selection for Network Intrusion Detection Systems: Central Points and Association Rules,” Australian Information Warfare Conference, December 2015
    連結:
  25. [29] Nour Moustafa and Jill Slay, “The significant feature of the UNSW-NB15 and the KDD99 Datasets for Network Intrusion Detection Systems,” Proceedings of the 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2015), November 2015
    連結:
  26. [30] Kailas Shivshankar Elekar, “Combination of Data Mining Techniques for Intrusion Detection System,” Computer, Communication and Control (IC4), 2015
    連結:
  27. [31] Yanjie Zhao, “Network Intrusion Detection System Based on Data Mining,” Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), 2016
    連結:
  28. [32] Kathleen Goeschel, “Reducing False Positives in Intrusion Detection Systems Using Data-Mining Techniques Utilizing Support Vector Machines, Decision Trees, and Naïve Bayes for Off Line Analysis,” SoutheastCon, 2016
    連結:
  29. [33] Shailendra Sahu and B M Mehtre, “Network Intrusion Detection System Using J48 Decision Tree,” Advances in Computing, Communications and Informatics (ICACCI), 2015
    連結:
  30. [34] Tom Fawcett, “An introduction to ROC analysis,” Pattern Recognition Letters, vol. 27, pp. 861-874, June 2006
    連結:
  31. [6] L.A. Kurgan and K.J. Cios, “CAIM Discretization Algorithm,” IEEE Transactions on Knowledge and Data Engineering, vol. 16, pp. 145-153, February 2004
  32. [12] Naila Belhadj Aissa and Mohamed Guerroumi, “A Genetic Clustering Technique for Anomaly Based Intrusion Detection Systems,” Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), 2015
  33. [16] Mark A. Hall, “Correlation-based Feature Selection for Machine Learning,” Ph.D. dissertation, University of Waikato, New Zealand, April 1999
  34. [20] Amira Sayed A. Aziz, Ahmad Taher Azar, Mostafa A. Salama, Aboul Ella Hassanien and Sanaa El-Ola Hanafy, “Genetic Algorithm with Different Feature Selection Techniques for Anomaly Detectors Generation,” Computer Science and Information Systems (FedCSIS), 2013
print cancel