1. NCCU Academic Hub
  2. 學術產出
  3. College of Commerce
  4. Theses
  5. Item

學術產出-Theses

Article View/Open

Publication Export

Google ScholarTM

政大圖書館

Citation Infomation

  • No doi shows Citation Infomation
題名 探索類神經網路於網路流量異常偵測中的時效性需求
Exploring the timeliness requirement of artificial neural networks in network traffic anomaly detection
作者 連茂棋
Lian, Mao-Ci
貢獻者 蔡瑞煌
Tsaih, Rua-Huan
連茂棋
Lian, Mao-Ci
關鍵詞 網路流量異常偵測
機器學習
GPU平行運算
類神經網絡
張量流
Network traffic anomaly detection
Machine learning
GPU parallel operation
Artificial neural networks
TensorFlow
日期 2017
上傳時間 13-Sep-2017 14:15:54 (UTC+8)
摘要 雲端的盛行使得人們做任何事都要透過網路,但是總會有些有心人士使用一些惡意程式來創造攻擊或通過網絡連接竊取資料。為了防止這些網路惡意攻擊,我們必須不斷檢查網路流量資料,然而現在這個雲端時代,網路的資料是非常龐大且複雜,若要檢查所有網路資料不僅耗時而且非常沒有效率。
本研究使用TensorFlow與多個圖形處理器(Graphics Processing Unit, GPU)來實作類神經網路(Artificial Neural Networks, ANN)機制,用以分析網路流量資料,並得到一個可以判斷正常與異常網路流量的偵測規則,也設計一個實驗來驗證我們提出的類神經網路機制是否符合網路流向異常偵測的時效性和有效性。
在實驗過程中,我們發現使用更多的GPU可以減少訓練類神經網路的時間,並且在我們的實驗設計中使用三個GPU進行運算可以達到網路流量異常偵測的時效性。透過該方法得到的初步實驗結果,我們提出機制的結果優於使用反向傳播算法訓練類神經網路得到的結果。
The prosperity of the cloud makes people do anything through the Internet, but there are people with bad intention to use some malicious programs to create attacks or steal information through the network connection. In order to prevent these cyber-attacks, we have to keep checking the network traffic information. However, in the current cloud environment, the network information is huge and complex that to check all the information is not only time-consuming but also inefficient.
This study uses TensorFlow with multiple Graphic Processing Units (GPUs) to implement an Artificial Neural Networks (ANN) mechanism to analyze network traffic data and derive detection rules that can identify normal and malicious traffics, and we call it Network Traffic Anomaly Detection (NTAD).
Experiments are also designed to verify the timeliness and effectiveness of the derived ANN mechanism. During the experiment, we found that using more GPUs can reduce training time, and using three GPUs to do the operation can meet the timeliness in NTAD. As a result of this method, the experiment result was better than ANN with back propagation mechanism.
參考文獻 1. Abadi, M., Agarwal, A., Barham, P., Brevdo, E., Chen, Z., Citro, C., ... & Ghemawat, S. (2016). Tensorflow: Large-scale machine learning on heterogeneous distributed systems. arXiv preprint arXiv:1603.04467.
2. Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
3. Coates, A., Huval, B., Wang, T., Wu, D., Catanzaro, B., & Andrew, N. (2013, February). Deep learning with COTS HPC systems. In International Conference on Machine Learning (pp. 1337-1345).
4. Ghiassi, M., Saidane, H., & Zimbra, D. K. (2005). A dynamic artificial neural network model for forecasting time series events. International Journal of Forecasting, 21(2), 341-362.
5. Huang, G. B., Zhu, Q. Y., & Siew, C. K. (2006). Extreme learning machine: theory and applications. Neurocomputing, 70(1), 489-501.
6. Huang, S. Y., Yu, F., Tsaih, R. H., & Huang, Y. (2014, July). Resistant learning on the envelope bulk for identifying anomalous patterns. In Neural Networks (IJCNN), 2014 International Joint Conference on (pp. 3303-3310). IEEE.
7. Kim, M. S., Kong, H. J., Hong, S. C., Chung, S. H., & Hong, J. W. (2004, April). A flow-based method for abnormal network traffic detection. In Network operations and management symposium, 2004. NOMS 2004. IEEE/IFIP (Vol. 1, pp. 599-612). IEEE.
8. Kirk, D. (2007, October). NVIDIA CUDA software and GPU parallel computing architecture. In ISMM (Vol. 7, pp. 103-104).
9. Mahoney, M. V. (2003, March). Network traffic anomaly detection based on packet bytes. In Proceedings of the 2003 ACM symposium on Applied computing (pp. 346-350). ACM.
10. Mahoney, M. V., & Chan, P. K. (2003, November). Learning rules for anomaly detection of hostile network traffic. In Data Mining, 2003. ICDM 2003. Third IEEE International Conference on (pp. 601-604). IEEE.
11. Mukherjee, B., Heberlein, L. T., & Levitt, K. N. (1994). Network intrusion detection. IEEE network, 8(3), 26-41.
12. Owens, J. D., Houston, M., Luebke, D., Green, S., Stone, J. E., & Phillips, J. C. (2008). GPU computing. Proceedings of the IEEE, 96(5), 879-899.
13. Paxson, V. (1999). Bro: a system for detecting network intruders in real-time. Computer networks, 31(23), 2435-2463.
14. Rasmussen, C. E. (2004). Gaussian processes in machine learning. In Advanced lectures on machine learning (pp. 63-71). Springer Berlin Heidelberg.
15. Roesch, M. (1999, November). Snort: Lightweight intrusion detection for networks. In Lisa (Vol. 99, No. 1, pp. 229-238).
16. Roger, P. (2016). Why Deep Learning Is Suddenly Changing Your Life. FORTUNE. [Online]. Available: http://fortune.com/ai-artificial-intelligence-deep-machine-learning/
17. Ryan, J., Lin, M. J., & Miikkulainen, R. Intrusion detection with neural networks. 1998. http://citeseer. ist. psu. edu/ryan98intrusion. html-consultado em, 30, 03-04.
18. Shon, T., & Moon, J. (2007). A hybrid machine learning approach to network anomaly detection. Information Sciences, 177(18), 3799-3821.
19. Shon, T., Kim, Y., Lee, C., & Moon, J. (2005, June). A machine learning framework for network anomaly detection using SVM and GA. In Information Assurance Workshop, 2005. IAW`05. Proceedings from the Sixth Annual IEEE SMC (pp. 176-183). IEEE.
20. Singh, S., & Silakari, S. (2009). A survey of cyber attack detection systems. International Journal of Computer Science and Network Security, 9(5), 1-10.
21. Sommer, R., & Paxson, V. (2010, May). Outside the closed world: On using machine learning for network intrusion detection. In Security and Privacy (SP), 2010 IEEE Symposium on (pp. 305-316). IEEE.
22. Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. (2013). Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199.
23. Tsaih, R. R. (1993). The softening learning procedure. Mathematical and computer modelling, 18(8), 61-64.
24. Want China Times. (2013). Taiwan and Philippines in cyber war over fatal shooting. May 12th.
25. William, T. (2017). What Machine Learning Can (and Can`t). DMNEWS. [Online]. Available: http://www.dmnews.com/what-machine-learning--can-and-cant-do/printarticle/642415/
26. Zander, S., Nguyen, T., & Armitage, G. (2005, November). Automated traffic classification and application identification using machine learning. In Local Computer Networks, 2005. 30th Anniversary. The IEEE Conference on (pp. 250-257). IEEE.
27. Zweiri, Y. H., Seneviratne, L. D., & Althoefer, K. (2005). Stability analysis of a three-term backpropagation algorithm. Neural Networks, 18(10), 1341-1347.
描述 碩士
國立政治大學
資訊管理學系
104356040
資料來源 http://thesis.lib.nccu.edu.tw/record/#G0104356040
資料類型 thesis
dc.contributor.advisor 蔡瑞煌zh_TW
dc.contributor.advisor Tsaih, Rua-Huanen_US
dc.contributor.author (Authors) 連茂棋zh_TW
dc.contributor.author (Authors) Lian, Mao-Cien_US
dc.creator (作者) 連茂棋zh_TW
dc.creator (作者) Lian, Mao-Cien_US
dc.date (日期) 2017en_US
dc.date.accessioned 13-Sep-2017 14:15:54 (UTC+8)-
dc.date.available 13-Sep-2017 14:15:54 (UTC+8)-
dc.date.issued (上傳時間) 13-Sep-2017 14:15:54 (UTC+8)-
dc.identifier (Other Identifiers) G0104356040en_US
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/112622-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 資訊管理學系zh_TW
dc.description (描述) 104356040zh_TW
dc.description.abstract (摘要) 雲端的盛行使得人們做任何事都要透過網路,但是總會有些有心人士使用一些惡意程式來創造攻擊或通過網絡連接竊取資料。為了防止這些網路惡意攻擊,我們必須不斷檢查網路流量資料,然而現在這個雲端時代,網路的資料是非常龐大且複雜,若要檢查所有網路資料不僅耗時而且非常沒有效率。
本研究使用TensorFlow與多個圖形處理器(Graphics Processing Unit, GPU)來實作類神經網路(Artificial Neural Networks, ANN)機制,用以分析網路流量資料,並得到一個可以判斷正常與異常網路流量的偵測規則,也設計一個實驗來驗證我們提出的類神經網路機制是否符合網路流向異常偵測的時效性和有效性。
在實驗過程中,我們發現使用更多的GPU可以減少訓練類神經網路的時間,並且在我們的實驗設計中使用三個GPU進行運算可以達到網路流量異常偵測的時效性。透過該方法得到的初步實驗結果,我們提出機制的結果優於使用反向傳播算法訓練類神經網路得到的結果。		zh_TW
dc.description.abstract (摘要) The prosperity of the cloud makes people do anything through the Internet, but there are people with bad intention to use some malicious programs to create attacks or steal information through the network connection. In order to prevent these cyber-attacks, we have to keep checking the network traffic information. However, in the current cloud environment, the network information is huge and complex that to check all the information is not only time-consuming but also inefficient.
This study uses TensorFlow with multiple Graphic Processing Units (GPUs) to implement an Artificial Neural Networks (ANN) mechanism to analyze network traffic data and derive detection rules that can identify normal and malicious traffics, and we call it Network Traffic Anomaly Detection (NTAD).
Experiments are also designed to verify the timeliness and effectiveness of the derived ANN mechanism. During the experiment, we found that using more GPUs can reduce training time, and using three GPUs to do the operation can meet the timeliness in NTAD. As a result of this method, the experiment result was better than ANN with back propagation mechanism.		en_US
dc.description.tableofcontents Chapter 1 Introduction 1
1.1 Background & Motivation 1
1.2 Purpose 3
Chapter 2 Literature Review 5
2.1 Cyber-Attack and Network Anomaly Detection 5
2.2 Machine Learning & Artificial Neural network 7
2.3 GPU Parallel Operation & Tensorflow 8
2.3.1 The Developing of GPU Parallel Operation 8
2.3.2 Tensorflow 9
2.4 A Mechanism for Detecting Outlier 13
2.4.1 Concept Drifting 13
2.4.2 Single-Hidden Layer Feedforward Neural Networks (SLFN) 14
2.4.3 The Resistant Learning with Envelope Module 15
2.4.4 Moving Window 18
Chapter 3 Experiment 20
3.1 Network Traffic Data Set & Data Preprocessing 20
3.2 ANN of NTAD 23
3.3 Timeliness & Effectiveness of NTAD 24
3.4 The derived ANN mechanism 26
3.5 Experiment Environment 28
Chapter 4 Experimental Results 30
4.1 The Relationship between Training Time and Amounts of GPUs 30
4.2 The effectiveness of the derived ANN mechanism. 34
4.3 Comparing with other ANN mechanism 40
Chapter 5 Conclusions and Future Works 47
5.1 Conclusions 47
5.2 Future Works 49
Reference 50		zh_TW
dc.format.extent 1722921 bytes-
dc.format.mimetype application/pdf-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0104356040en_US
dc.subject (關鍵詞) 網路流量異常偵測zh_TW
dc.subject (關鍵詞) 機器學習zh_TW
dc.subject (關鍵詞) GPU平行運算zh_TW
dc.subject (關鍵詞) 類神經網絡zh_TW
dc.subject (關鍵詞) 張量流zh_TW
dc.subject (關鍵詞) Network traffic anomaly detectionen_US
dc.subject (關鍵詞) Machine learningen_US
dc.subject (關鍵詞) GPU parallel operationen_US
dc.subject (關鍵詞) Artificial neural networksen_US
dc.subject (關鍵詞) TensorFlowen_US
dc.title (題名) 探索類神經網路於網路流量異常偵測中的時效性需求zh_TW
dc.title (題名) Exploring the timeliness requirement of artificial neural networks in network traffic anomaly detectionen_US
dc.type (資料類型) thesisen_US
dc.relation.reference (參考文獻) 1. Abadi, M., Agarwal, A., Barham, P., Brevdo, E., Chen, Z., Citro, C., ... & Ghemawat, S. (2016). Tensorflow: Large-scale machine learning on heterogeneous distributed systems. arXiv preprint arXiv:1603.04467.
2. Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
3. Coates, A., Huval, B., Wang, T., Wu, D., Catanzaro, B., & Andrew, N. (2013, February). Deep learning with COTS HPC systems. In International Conference on Machine Learning (pp. 1337-1345).
4. Ghiassi, M., Saidane, H., & Zimbra, D. K. (2005). A dynamic artificial neural network model for forecasting time series events. International Journal of Forecasting, 21(2), 341-362.
5. Huang, G. B., Zhu, Q. Y., & Siew, C. K. (2006). Extreme learning machine: theory and applications. Neurocomputing, 70(1), 489-501.
6. Huang, S. Y., Yu, F., Tsaih, R. H., & Huang, Y. (2014, July). Resistant learning on the envelope bulk for identifying anomalous patterns. In Neural Networks (IJCNN), 2014 International Joint Conference on (pp. 3303-3310). IEEE.
7. Kim, M. S., Kong, H. J., Hong, S. C., Chung, S. H., & Hong, J. W. (2004, April). A flow-based method for abnormal network traffic detection. In Network operations and management symposium, 2004. NOMS 2004. IEEE/IFIP (Vol. 1, pp. 599-612). IEEE.
8. Kirk, D. (2007, October). NVIDIA CUDA software and GPU parallel computing architecture. In ISMM (Vol. 7, pp. 103-104).
9. Mahoney, M. V. (2003, March). Network traffic anomaly detection based on packet bytes. In Proceedings of the 2003 ACM symposium on Applied computing (pp. 346-350). ACM.
10. Mahoney, M. V., & Chan, P. K. (2003, November). Learning rules for anomaly detection of hostile network traffic. In Data Mining, 2003. ICDM 2003. Third IEEE International Conference on (pp. 601-604). IEEE.
11. Mukherjee, B., Heberlein, L. T., & Levitt, K. N. (1994). Network intrusion detection. IEEE network, 8(3), 26-41.
12. Owens, J. D., Houston, M., Luebke, D., Green, S., Stone, J. E., & Phillips, J. C. (2008). GPU computing. Proceedings of the IEEE, 96(5), 879-899.
13. Paxson, V. (1999). Bro: a system for detecting network intruders in real-time. Computer networks, 31(23), 2435-2463.
14. Rasmussen, C. E. (2004). Gaussian processes in machine learning. In Advanced lectures on machine learning (pp. 63-71). Springer Berlin Heidelberg.
15. Roesch, M. (1999, November). Snort: Lightweight intrusion detection for networks. In Lisa (Vol. 99, No. 1, pp. 229-238).
16. Roger, P. (2016). Why Deep Learning Is Suddenly Changing Your Life. FORTUNE. [Online]. Available: http://fortune.com/ai-artificial-intelligence-deep-machine-learning/
17. Ryan, J., Lin, M. J., & Miikkulainen, R. Intrusion detection with neural networks. 1998. http://citeseer. ist. psu. edu/ryan98intrusion. html-consultado em, 30, 03-04.
18. Shon, T., & Moon, J. (2007). A hybrid machine learning approach to network anomaly detection. Information Sciences, 177(18), 3799-3821.
19. Shon, T., Kim, Y., Lee, C., & Moon, J. (2005, June). A machine learning framework for network anomaly detection using SVM and GA. In Information Assurance Workshop, 2005. IAW`05. Proceedings from the Sixth Annual IEEE SMC (pp. 176-183). IEEE.
20. Singh, S., & Silakari, S. (2009). A survey of cyber attack detection systems. International Journal of Computer Science and Network Security, 9(5), 1-10.
21. Sommer, R., & Paxson, V. (2010, May). Outside the closed world: On using machine learning for network intrusion detection. In Security and Privacy (SP), 2010 IEEE Symposium on (pp. 305-316). IEEE.
22. Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. (2013). Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199.
23. Tsaih, R. R. (1993). The softening learning procedure. Mathematical and computer modelling, 18(8), 61-64.
24. Want China Times. (2013). Taiwan and Philippines in cyber war over fatal shooting. May 12th.
25. William, T. (2017). What Machine Learning Can (and Can`t). DMNEWS. [Online]. Available: http://www.dmnews.com/what-machine-learning--can-and-cant-do/printarticle/642415/
26. Zander, S., Nguyen, T., & Armitage, G. (2005, November). Automated traffic classification and application identification using machine learning. In Local Computer Networks, 2005. 30th Anniversary. The IEEE Conference on (pp. 250-257). IEEE.
27. Zweiri, Y. H., Seneviratne, L. D., & Althoefer, K. (2005). Stability analysis of a three-term backpropagation algorithm. Neural Networks, 18(10), 1341-1347.		zh_TW