 |
English
|
正體中文
|
简体中文
|
Items with full text/Total items : 21921/27947 (78%)
Visitors : 4197428
Online Users : 211
|
|
|
Loading...
|
Please use this identifier to cite or link to this item:
http://140.128.103.80:8080/handle/310901/31839
|
| Title: | 運用RNN執行攻擊檢測與建置即時巨量日誌儲存系統之視覺化分析應用 |
| Other Titles: | Using RNN for Cyberattack Detection in a Network Log System with Data Visualization |
| Authors: | 江瑋哲
JIANG, WEI-JE |
| Contributors: | 楊朝棟;劉榮春
YANG, CHAO-TUNG;LIU, JUNG-CHUN
資訊工程學系 |
| Keywords: | 網路日誌資料;Elasticsearch;Logstash;Kibana;深度學習;RNN
Network Log Data;Elasticsearch;Logstash;Kibana;Deep Learning;RNN |
| Date: | 2019 |
| Issue Date: | 2019-12-16T06:51:56Z (UTC)
|
| Abstract: | 近年來,資訊安全的問題討論度越來越高,從 OpenSSL Heartbleed 漏洞、美國 摩根銀行資訊系統遭駭客入侵、GitHub 遭遇到的 DDoS 的威脅。種種的資訊攻擊事件都透露出雲端資訊安全的重要性已經是現今所不可忽視的議題。正常情況下,每個有使用網路的地方就有其網路日誌資料,而日誌資料對於網路管理人員是非常重要的數據。網路日誌資料包含著種種因素,例如系統錯誤、攻擊警告、流量大小、訊息傳送情形等等。本文的目的是提供一個網路日誌管理系 統,可對於各類型的用戶做更進一步的視覺化分析。本系統使用 ELK Stack 技術,資料分析部分則是根據需要的分析目的而去分別對日誌資料做過濾、篩選、 分析之類的處理,最後在視覺化呈現在 Web 瀏覽器上。系統運行的服務上主要 是分別為 Elasticsearch、Logstash 與 Kibana,藉由數據蒐集、過濾處理與資料分析視覺化的功能,來提供一個網路日誌管理與視覺化分析之服務系統。網路攻擊檢測部分則是採用深度學習模型進行學習訓練,讓模型可以藉由已知的網路攻擊特徵來學習每種攻擊的特徵,然後在跟日誌系統上的分析資訊進行交叉比對,以達到驗證的效果。本文的最終目標是運用視覺化分析呈現各種客製化 的 Network Log 相關圖形,並運用校內計算機中心相關資源,分別過濾出重要的網路資訊,例如來源地理位置與網路攻擊相關行為,都有在文內作成果展示, 深度學習方面則是運用 RNN 模型對攻擊行為的分類,利用不同的模型進行訓練 與測試比較,包含 DNN、LSTM,找出哪一種模型較適合本文的實驗數據。而 分類出攻擊行為種類希望能有不錯的準確性,使其能夠跟 ELK Stack 運用相關特徵過濾得來的網路攻擊資訊做交叉比對,讓資訊正確性更為提高。
In recent years, information security issues have become more and more discussed, from the OpenSSL Heartbleed vulnerability, the hacking of the US Morgan Bank information system, and the DDoS threats GitHub encountered. The purpose of this paper is to provide a network log management system that allows for further visual analysis of all types of users. The system uses ELK Stack technology, and the data analysis part is to filter, analyze and analyze the log data according to the analysis purpose required, and finally visually present it on the web browser. The services of the system are mainly Elasticsearch, Logstash and Kibana, which provide a network log management and visual analysis service. The network attack detection part uses the deep learning model for learning and training, so that the model can learn the characteristics of each attack by known network attack features. The ultimate goal of this paper is to use visual analysis to present various customized Network Log related graphics, and use the relevant resources of the school computer center to filter out important network information, such as source location and cyberattack related behavior. In the paper, the results of deep learning are the classification of attack behavior using RNN model. Different models are used for training and testing comparison, including DNN and LSTM, to find out which model is more suitable for the experimental data in this paper. |
| Appears in Collections: | [資訊工程學系所] 碩士論文
|
Files in This Item:
| File |
Description |
Size | Format | |
|---|
| 107THU00394019-001.pdf | | 2792Kb | Adobe PDF | 198 | View/Open |
|
All items in THUIR are protected by copyright, with all rights reserved.
|
