學術產出-Theses
Article View/Open
Publication Export
-
題名 探索類神經網路於網路流量異常偵測中的時效性需求
Exploring the timeliness requirement of artificial neural networks in network traffic anomaly detection作者 連茂棋
Lian, Mao-Ci貢獻者 蔡瑞煌
Tsaih, Rua-Huan
連茂棋
Lian, Mao-Ci關鍵詞 網路流量異常偵測
機器學習
GPU平行運算
類神經網絡
張量流
Network traffic anomaly detection
Machine learning
GPU parallel operation
Artificial neural networks
TensorFlow日期 2017 上傳時間 13-Sep-2017 14:15:54 (UTC+8) 摘要 雲端的盛行使得人們做任何事都要透過網路,但是總會有些有心人士使用一些惡意程式來創造攻擊或通過網絡連接竊取資料。為了防止這些網路惡意攻擊,我們必須不斷檢查網路流量資料,然而現在這個雲端時代,網路的資料是非常龐大且複雜,若要檢查所有網路資料不僅耗時而且非常沒有效率。本研究使用TensorFlow與多個圖形處理器(Graphics Processing Unit, GPU)來實作類神經網路(Artificial Neural Networks, ANN)機制,用以分析網路流量資料,並得到一個可以判斷正常與異常網路流量的偵測規則,也設計一個實驗來驗證我們提出的類神經網路機制是否符合網路流向異常偵測的時效性和有效性。在實驗過程中,我們發現使用更多的GPU可以減少訓練類神經網路的時間,並且在我們的實驗設計中使用三個GPU進行運算可以達到網路流量異常偵測的時效性。透過該方法得到的初步實驗結果,我們提出機制的結果優於使用反向傳播算法訓練類神經網路得到的結果。
The prosperity of the cloud makes people do anything through the Internet, but there are people with bad intention to use some malicious programs to create attacks or steal information through the network connection. In order to prevent these cyber-attacks, we have to keep checking the network traffic information. However, in the current cloud environment, the network information is huge and complex that to check all the information is not only time-consuming but also inefficient. This study uses TensorFlow with multiple Graphic Processing Units (GPUs) to implement an Artificial Neural Networks (ANN) mechanism to analyze network traffic data and derive detection rules that can identify normal and malicious traffics, and we call it Network Traffic Anomaly Detection (NTAD). Experiments are also designed to verify the timeliness and effectiveness of the derived ANN mechanism. During the experiment, we found that using more GPUs can reduce training time, and using three GPUs to do the operation can meet the timeliness in NTAD. As a result of this method, the experiment result was better than ANN with back propagation mechanism.參考文獻 1. Abadi, M., Agarwal, A., Barham, P., Brevdo, E., Chen, Z., Citro, C., ... & Ghemawat, S. (2016). Tensorflow: Large-scale machine learning on heterogeneous distributed systems. arXiv preprint arXiv:1603.04467.2. Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.3. Coates, A., Huval, B., Wang, T., Wu, D., Catanzaro, B., & Andrew, N. (2013, February). Deep learning with COTS HPC systems. In International Conference on Machine Learning (pp. 1337-1345).4. Ghiassi, M., Saidane, H., & Zimbra, D. K. (2005). A dynamic artificial neural network model for forecasting time series events. International Journal of Forecasting, 21(2), 341-362.5. Huang, G. B., Zhu, Q. Y., & Siew, C. K. (2006). Extreme learning machine: theory and applications. Neurocomputing, 70(1), 489-501.6. Huang, S. Y., Yu, F., Tsaih, R. H., & Huang, Y. (2014, July). Resistant learning on the envelope bulk for identifying anomalous patterns. In Neural Networks (IJCNN), 2014 International Joint Conference on (pp. 3303-3310). IEEE.7. Kim, M. S., Kong, H. J., Hong, S. C., Chung, S. H., & Hong, J. W. (2004, April). A flow-based method for abnormal network traffic detection. In Network operations and management symposium, 2004. NOMS 2004. IEEE/IFIP (Vol. 1, pp. 599-612). IEEE.8. Kirk, D. (2007, October). NVIDIA CUDA software and GPU parallel computing architecture. In ISMM (Vol. 7, pp. 103-104).9. Mahoney, M. V. (2003, March). Network traffic anomaly detection based on packet bytes. In Proceedings of the 2003 ACM symposium on Applied computing (pp. 346-350). ACM.10. Mahoney, M. V., & Chan, P. K. (2003, November). Learning rules for anomaly detection of hostile network traffic. In Data Mining, 2003. ICDM 2003. Third IEEE International Conference on (pp. 601-604). IEEE.11. Mukherjee, B., Heberlein, L. T., & Levitt, K. N. (1994). Network intrusion detection. IEEE network, 8(3), 26-41.12. Owens, J. D., Houston, M., Luebke, D., Green, S., Stone, J. E., & Phillips, J. C. (2008). GPU computing. Proceedings of the IEEE, 96(5), 879-899.13. Paxson, V. (1999). Bro: a system for detecting network intruders in real-time. Computer networks, 31(23), 2435-2463.14. Rasmussen, C. E. (2004). Gaussian processes in machine learning. In Advanced lectures on machine learning (pp. 63-71). Springer Berlin Heidelberg.15. Roesch, M. (1999, November). Snort: Lightweight intrusion detection for networks. In Lisa (Vol. 99, No. 1, pp. 229-238).16. Roger, P. (2016). Why Deep Learning Is Suddenly Changing Your Life. FORTUNE. [Online]. Available: http://fortune.com/ai-artificial-intelligence-deep-machine-learning/17. Ryan, J., Lin, M. J., & Miikkulainen, R. Intrusion detection with neural networks. 1998. http://citeseer. ist. psu. edu/ryan98intrusion. html-consultado em, 30, 03-04.18. Shon, T., & Moon, J. (2007). A hybrid machine learning approach to network anomaly detection. Information Sciences, 177(18), 3799-3821.19. Shon, T., Kim, Y., Lee, C., & Moon, J. (2005, June). A machine learning framework for network anomaly detection using SVM and GA. In Information Assurance Workshop, 2005. IAW`05. Proceedings from the Sixth Annual IEEE SMC (pp. 176-183). IEEE.20. Singh, S., & Silakari, S. (2009). A survey of cyber attack detection systems. International Journal of Computer Science and Network Security, 9(5), 1-10.21. Sommer, R., & Paxson, V. (2010, May). Outside the closed world: On using machine learning for network intrusion detection. In Security and Privacy (SP), 2010 IEEE Symposium on (pp. 305-316). IEEE.22. Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. (2013). Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199.23. Tsaih, R. R. (1993). The softening learning procedure. Mathematical and computer modelling, 18(8), 61-64.24. Want China Times. (2013). Taiwan and Philippines in cyber war over fatal shooting. May 12th.25. William, T. (2017). What Machine Learning Can (and Can`t). DMNEWS. [Online]. Available: http://www.dmnews.com/what-machine-learning--can-and-cant-do/printarticle/642415/26. Zander, S., Nguyen, T., & Armitage, G. (2005, November). Automated traffic classification and application identification using machine learning. In Local Computer Networks, 2005. 30th Anniversary. The IEEE Conference on (pp. 250-257). IEEE.27. Zweiri, Y. H., Seneviratne, L. D., & Althoefer, K. (2005). Stability analysis of a three-term backpropagation algorithm. Neural Networks, 18(10), 1341-1347. 描述 碩士
國立政治大學
資訊管理學系
104356040資料來源 http://thesis.lib.nccu.edu.tw/record/#G0104356040 資料類型 thesis dc.contributor.advisor 蔡瑞煌 zh_TW dc.contributor.advisor Tsaih, Rua-Huan en_US dc.contributor.author (Authors) 連茂棋 zh_TW dc.contributor.author (Authors) Lian, Mao-Ci en_US dc.creator (作者) 連茂棋 zh_TW dc.creator (作者) Lian, Mao-Ci en_US dc.date (日期) 2017 en_US dc.date.accessioned 13-Sep-2017 14:15:54 (UTC+8) - dc.date.available 13-Sep-2017 14:15:54 (UTC+8) - dc.date.issued (上傳時間) 13-Sep-2017 14:15:54 (UTC+8) - dc.identifier (Other Identifiers) G0104356040 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/112622 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊管理學系 zh_TW dc.description (描述) 104356040 zh_TW dc.description.abstract (摘要) 雲端的盛行使得人們做任何事都要透過網路,但是總會有些有心人士使用一些惡意程式來創造攻擊或通過網絡連接竊取資料。為了防止這些網路惡意攻擊,我們必須不斷檢查網路流量資料,然而現在這個雲端時代,網路的資料是非常龐大且複雜,若要檢查所有網路資料不僅耗時而且非常沒有效率。本研究使用TensorFlow與多個圖形處理器(Graphics Processing Unit, GPU)來實作類神經網路(Artificial Neural Networks, ANN)機制,用以分析網路流量資料,並得到一個可以判斷正常與異常網路流量的偵測規則,也設計一個實驗來驗證我們提出的類神經網路機制是否符合網路流向異常偵測的時效性和有效性。在實驗過程中,我們發現使用更多的GPU可以減少訓練類神經網路的時間,並且在我們的實驗設計中使用三個GPU進行運算可以達到網路流量異常偵測的時效性。透過該方法得到的初步實驗結果,我們提出機制的結果優於使用反向傳播算法訓練類神經網路得到的結果。 zh_TW dc.description.abstract (摘要) The prosperity of the cloud makes people do anything through the Internet, but there are people with bad intention to use some malicious programs to create attacks or steal information through the network connection. In order to prevent these cyber-attacks, we have to keep checking the network traffic information. However, in the current cloud environment, the network information is huge and complex that to check all the information is not only time-consuming but also inefficient. This study uses TensorFlow with multiple Graphic Processing Units (GPUs) to implement an Artificial Neural Networks (ANN) mechanism to analyze network traffic data and derive detection rules that can identify normal and malicious traffics, and we call it Network Traffic Anomaly Detection (NTAD). Experiments are also designed to verify the timeliness and effectiveness of the derived ANN mechanism. During the experiment, we found that using more GPUs can reduce training time, and using three GPUs to do the operation can meet the timeliness in NTAD. As a result of this method, the experiment result was better than ANN with back propagation mechanism. en_US dc.description.tableofcontents Chapter 1 Introduction 11.1 Background & Motivation 11.2 Purpose 3Chapter 2 Literature Review 52.1 Cyber-Attack and Network Anomaly Detection 52.2 Machine Learning & Artificial Neural network 72.3 GPU Parallel Operation & Tensorflow 82.3.1 The Developing of GPU Parallel Operation 82.3.2 Tensorflow 92.4 A Mechanism for Detecting Outlier 132.4.1 Concept Drifting 132.4.2 Single-Hidden Layer Feedforward Neural Networks (SLFN) 142.4.3 The Resistant Learning with Envelope Module 152.4.4 Moving Window 18Chapter 3 Experiment 203.1 Network Traffic Data Set & Data Preprocessing 203.2 ANN of NTAD 233.3 Timeliness & Effectiveness of NTAD 243.4 The derived ANN mechanism 263.5 Experiment Environment 28Chapter 4 Experimental Results 304.1 The Relationship between Training Time and Amounts of GPUs 304.2 The effectiveness of the derived ANN mechanism. 344.3 Comparing with other ANN mechanism 40Chapter 5 Conclusions and Future Works 475.1 Conclusions 475.2 Future Works 49Reference 50 zh_TW dc.format.extent 1722921 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0104356040 en_US dc.subject (關鍵詞) 網路流量異常偵測 zh_TW dc.subject (關鍵詞) 機器學習 zh_TW dc.subject (關鍵詞) GPU平行運算 zh_TW dc.subject (關鍵詞) 類神經網絡 zh_TW dc.subject (關鍵詞) 張量流 zh_TW dc.subject (關鍵詞) Network traffic anomaly detection en_US dc.subject (關鍵詞) Machine learning en_US dc.subject (關鍵詞) GPU parallel operation en_US dc.subject (關鍵詞) Artificial neural networks en_US dc.subject (關鍵詞) TensorFlow en_US dc.title (題名) 探索類神經網路於網路流量異常偵測中的時效性需求 zh_TW dc.title (題名) Exploring the timeliness requirement of artificial neural networks in network traffic anomaly detection en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) 1. Abadi, M., Agarwal, A., Barham, P., Brevdo, E., Chen, Z., Citro, C., ... & Ghemawat, S. (2016). Tensorflow: Large-scale machine learning on heterogeneous distributed systems. arXiv preprint arXiv:1603.04467.2. Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.3. Coates, A., Huval, B., Wang, T., Wu, D., Catanzaro, B., & Andrew, N. (2013, February). Deep learning with COTS HPC systems. In International Conference on Machine Learning (pp. 1337-1345).4. Ghiassi, M., Saidane, H., & Zimbra, D. K. (2005). A dynamic artificial neural network model for forecasting time series events. International Journal of Forecasting, 21(2), 341-362.5. Huang, G. B., Zhu, Q. Y., & Siew, C. K. (2006). Extreme learning machine: theory and applications. Neurocomputing, 70(1), 489-501.6. Huang, S. Y., Yu, F., Tsaih, R. H., & Huang, Y. (2014, July). Resistant learning on the envelope bulk for identifying anomalous patterns. In Neural Networks (IJCNN), 2014 International Joint Conference on (pp. 3303-3310). IEEE.7. Kim, M. S., Kong, H. J., Hong, S. C., Chung, S. H., & Hong, J. W. (2004, April). A flow-based method for abnormal network traffic detection. In Network operations and management symposium, 2004. NOMS 2004. IEEE/IFIP (Vol. 1, pp. 599-612). IEEE.8. Kirk, D. (2007, October). NVIDIA CUDA software and GPU parallel computing architecture. In ISMM (Vol. 7, pp. 103-104).9. Mahoney, M. V. (2003, March). Network traffic anomaly detection based on packet bytes. In Proceedings of the 2003 ACM symposium on Applied computing (pp. 346-350). ACM.10. Mahoney, M. V., & Chan, P. K. (2003, November). Learning rules for anomaly detection of hostile network traffic. In Data Mining, 2003. ICDM 2003. Third IEEE International Conference on (pp. 601-604). IEEE.11. Mukherjee, B., Heberlein, L. T., & Levitt, K. N. (1994). Network intrusion detection. IEEE network, 8(3), 26-41.12. Owens, J. D., Houston, M., Luebke, D., Green, S., Stone, J. E., & Phillips, J. C. (2008). GPU computing. Proceedings of the IEEE, 96(5), 879-899.13. Paxson, V. (1999). Bro: a system for detecting network intruders in real-time. Computer networks, 31(23), 2435-2463.14. Rasmussen, C. E. (2004). Gaussian processes in machine learning. In Advanced lectures on machine learning (pp. 63-71). Springer Berlin Heidelberg.15. Roesch, M. (1999, November). Snort: Lightweight intrusion detection for networks. In Lisa (Vol. 99, No. 1, pp. 229-238).16. Roger, P. (2016). Why Deep Learning Is Suddenly Changing Your Life. FORTUNE. [Online]. Available: http://fortune.com/ai-artificial-intelligence-deep-machine-learning/17. Ryan, J., Lin, M. J., & Miikkulainen, R. Intrusion detection with neural networks. 1998. http://citeseer. ist. psu. edu/ryan98intrusion. html-consultado em, 30, 03-04.18. Shon, T., & Moon, J. (2007). A hybrid machine learning approach to network anomaly detection. Information Sciences, 177(18), 3799-3821.19. Shon, T., Kim, Y., Lee, C., & Moon, J. (2005, June). A machine learning framework for network anomaly detection using SVM and GA. In Information Assurance Workshop, 2005. IAW`05. Proceedings from the Sixth Annual IEEE SMC (pp. 176-183). IEEE.20. Singh, S., & Silakari, S. (2009). A survey of cyber attack detection systems. International Journal of Computer Science and Network Security, 9(5), 1-10.21. Sommer, R., & Paxson, V. (2010, May). Outside the closed world: On using machine learning for network intrusion detection. In Security and Privacy (SP), 2010 IEEE Symposium on (pp. 305-316). IEEE.22. Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. (2013). Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199.23. Tsaih, R. R. (1993). The softening learning procedure. Mathematical and computer modelling, 18(8), 61-64.24. Want China Times. (2013). Taiwan and Philippines in cyber war over fatal shooting. May 12th.25. William, T. (2017). What Machine Learning Can (and Can`t). DMNEWS. [Online]. Available: http://www.dmnews.com/what-machine-learning--can-and-cant-do/printarticle/642415/26. Zander, S., Nguyen, T., & Armitage, G. (2005, November). Automated traffic classification and application identification using machine learning. In Local Computer Networks, 2005. 30th Anniversary. The IEEE Conference on (pp. 250-257). IEEE.27. Zweiri, Y. H., Seneviratne, L. D., & Althoefer, K. (2005). Stability analysis of a three-term backpropagation algorithm. Neural Networks, 18(10), 1341-1347. zh_TW