 |
English
|
正體中文
|
简体中文
|
Items with full text/Total items : 21921/27947 (78%)
Visitors : 4197708
Online Users : 480
|
|
|
Loading...
|
Please use this identifier to cite or link to this item:
http://140.128.103.80:8080/handle/310901/31838
|
| Title: | 基於Ceph 儲存環境架構建構應用於NetFlow 日誌資料之深度學習辨識網路攻擊模型實作 |
| Other Titles: | The Implementation of Deep Learning Modules for Cyberattack Identification in NetFlow Data Log with Ceph Storage |
| Authors: | 劉明倫
LIU, MING-LUN |
| Contributors: | 楊朝棟;劉榮春
YANG, CHAO-TUNG;LIU, JUNG-CHUN
資訊工程學系 |
| Keywords: | 資料儲存;Ceph;深度學習;網路攻擊;網路日誌資料
Data Storage;Ceph;Deep Learning;Cyberattack;NetFlow Log |
| Date: | 2019 |
| Issue Date: | 2019-12-16T06:51:44Z (UTC)
|
| Abstract: | 在現今資訊快速流動的時代,毫無疑問的網路成為人類生活中不可或缺的部分,隨著日漸增長的網路使用量,長久累積下來的日誌資料是非常龐大的,傳統的儲存方式已經漸漸不足以應付龐大的網路日誌資料,而在網路日誌資料中隱藏著一些不正當的網路行為,如何儲存龐大的網路日誌資料並透過資料做即時分析找出可疑的網路行為,將是一項具有挑戰的研究。本篇論文提出一套完整架構的來對收集到的網路日誌資料進行儲存與分析,我們將校園內各台路由器所收集到的網路資料進行處理整合,並將整合完的資料處存到具有開源、高性能、高可靠性與可擴展性的Ceph分散式儲存環境,並通過Python對原始資料做初步預處理,去除冗餘欄位以及單位統一。將整理後的資料集分為兩個部分分析,一部分是異常分析一部份是攻擊辨識。在分異常分析中,我們透過三倍標準差規則找出流量異常時間段與總流量。另一方面我們透過Keras來對取得資料進行網路攻擊辨別。通過遞迴時間網路(RNN)建立自動化辨識模型,用來辨識具有固定特徵之攻擊。另外使用NSL-KDD數據集作為訓練集,評估各種深度學習模型對無固定特徵之攻擊的辨識能力,並且本論文提出了一個辨識模型,在NSL-KDD數據集的辨識準確度可達99.65%。最後,將即時分析結果透過MySQL資料庫進行存取,並將分析結果透過ECharts作視覺化呈現,以利於管理者可以快速掌握異常的網路行為,以及即時的攻擊辨識。
In todays fast-moving information era, there is no doubt that the Internet has become an indispensable part of human life. However, in the world of the Internet, it also hides unusual network behavior. Find the hidden unusual network behavior can reduce the vulnerability in the network. This paper proposes a complete architecture to store and analyze the collected network log data. We process and integrate the network data collected by each router on the campus, and store the integrated data. Ceph distributed storage environment with open source, high performance, high reliability and scalability, and preliminary preprocessing of raw materials through Python, eliminating redundant fields and unit unification. The collated data set is divided into two parts analysis, and part of the abnormal analysis is part of attack identification. In the sub-analysis, we find the abnormal time period and total flow through the standard deviation of three standard deviations. On the other hand, we use Keras to identify the cyber attacks on the data. An automated identification model is built through the Recurring Time Network (RNN) to identify attacks with fixed features. In addition, the NSL-KDD data set is used as a training set to evaluate the ability of various deep learning models to identify attacks without fixed features. In this paper, an identification model is proposed, and the identification accuracy in the NSL-KDD data set can reach 99.65%. Finally, the real-time analysis results are accessed through the MySQL database, and the analysis results are visualized through ECharts, so that managers can quickly grasp abnormal network behavior and instant attack identification. |
| Appears in Collections: | [資訊工程學系所] 碩士論文
|
Files in This Item:
| File |
Description |
Size | Format | |
|---|
| 107THU00394018-001.pdf | | 4025Kb | Adobe PDF | 157 | View/Open |
|
All items in THUIR are protected by copyright, with all rights reserved.
|
