Tunghai University Institutional Repository:Item 310901/31838
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 21921/27947 (78%)
Visitors : 4216280      Online Users : 254
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://140.128.103.80:8080/handle/310901/31838


    Title: 基於Ceph 儲存環境架構建構應用於NetFlow 日誌資料之深度學習辨識網路攻擊模型實作
    Other Titles: The Implementation of Deep Learning Modules for Cyberattack Identification in NetFlow Data Log with Ceph Storage
    Authors: 劉明倫
    LIU, MING-LUN
    Contributors: 楊朝棟;劉榮春
    YANG, CHAO-TUNG;LIU, JUNG-CHUN
    資訊工程學系
    Keywords: 資料儲存;Ceph;深度學習;網路攻擊;網路日誌資料
    Data Storage;Ceph;Deep Learning;Cyberattack;NetFlow Log
    Date: 2019
    Issue Date: 2019-12-16T06:51:44Z (UTC)
    Abstract: 在現今資訊快速流動的時代,毫無疑問的網路成為人類生活中不可或缺的部分,隨著日漸增長的網路使用量,長久累積下來的日誌資料是非常龐大的,傳統的儲存方式已經漸漸不足以應付龐大的網路日誌資料,而在網路日誌資料中隱藏著一些不正當的網路行為,如何儲存龐大的網路日誌資料並透過資料做即時分析找出可疑的網路行為,將是一項具有挑戰的研究。本篇論文提出一套完整架構的來對收集到的網路日誌資料進行儲存與分析,我們將校園內各台路由器所收集到的網路資料進行處理整合,並將整合完的資料處存到具有開源、高性能、高可靠性與可擴展性的Ceph分散式儲存環境,並通過Python對原始資料做初步預處理,去除冗餘欄位以及單位統一。將整理後的資料集分為兩個部分分析,一部分是異常分析一部份是攻擊辨識。在分異常分析中,我們透過三倍標準差規則找出流量異常時間段與總流量。另一方面我們透過Keras來對取得資料進行網路攻擊辨別。通過遞迴時間網路(RNN)建立自動化辨識模型,用來辨識具有固定特徵之攻擊。另外使用NSL-KDD數據集作為訓練集,評估各種深度學習模型對無固定特徵之攻擊的辨識能力,並且本論文提出了一個辨識模型,在NSL-KDD數據集的辨識準確度可達99.65%。最後,將即時分析結果透過MySQL資料庫進行存取,並將分析結果透過ECharts作視覺化呈現,以利於管理者可以快速掌握異常的網路行為,以及即時的攻擊辨識。
    In todays fast-moving information era, there is no doubt that the Internet has become an indispensable part of human life. However, in the world of the Internet, it also hides unusual network behavior. Find the hidden unusual network behavior can reduce the vulnerability in the network. This paper proposes a complete architecture to store and analyze the collected network log data. We process and integrate the network data collected by each router on the campus, and store the integrated data. Ceph distributed storage environment with open source, high performance, high reliability and scalability, and preliminary preprocessing of raw materials through Python, eliminating redundant fields and unit unification. The collated data set is divided into two parts analysis, and part of the abnormal analysis is part of attack identification. In the sub-analysis, we find the abnormal time period and total flow through the standard deviation of three standard deviations. On the other hand, we use Keras to identify the cyber attacks on the data. An automated identification model is built through the Recurring Time Network (RNN) to identify attacks with fixed features. In addition, the NSL-KDD data set is used as a training set to evaluate the ability of various deep learning models to identify attacks without fixed features. In this paper, an identification model is proposed, and the identification accuracy in the NSL-KDD data set can reach 99.65%. Finally, the real-time analysis results are accessed through the MySQL database, and the analysis results are visualized through ECharts, so that managers can quickly grasp abnormal network behavior and instant attack identification.
    Appears in Collections:[Department of Computer Science and Information ] Master's Theses

    Files in This Item:

    File Description SizeFormat
    107THU00394018-001.pdf4025KbAdobe PDF158View/Open


    All items in THUIR are protected by copyright, with all rights reserved.


    本網站之東海大學機構典藏數位內容,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback