基於長短期記憶模型之異常網路流量偵測系統及方法

專利類型

發明

專利國別 (專利申請國家)

中華民國

專利申請案號

109107038

專利證號

I 780411

專利獲證名稱

基於長短期記憶模型之異常網路流量偵測系統及方法

專利所屬機關 (申請機關)

國立中正大學

獲證日期

2022/10/11

技術說明

本發明基於深度學習建立一網路流量即時分析系統，分析短時間內的封包是否有異常狀況出現。不同於以往研究以一個連線(flow)為分析辨識單位，本研究首創提出透過分析每個封包(packet)來辨識是否為惡意流量的封包，藉此減少發現異常流量所需的時間，以實現線上即時惡意封包偵測的目標，可應用於實際場域，幫助連網設備即時防禦分散式阻斷服務攻擊。 本研究提出兩階段的深度學習架構來實現即時惡意封包偵測。第一階段我們先使用現有資料集擷取每個封包的表頭欄位，搭配詞嵌入方法增加欄位之間的關係程度，訓練長短期記憶模型，使模型能夠分辨封包是否異常。第二階段我們將用此模型測試真實流量，偵測短時間內的流量中是否出現異常封包。根據實驗結果，本研究提出之架構可以在四種不同的資料集上精準偵測出異常流量，準確率、精確率、回現率、與 F1-measure 皆接近 100%，錯誤回報率也接近 0%。 The goal of this invention is to design an online real-time malicious IoT traffic detection mechanism. In contrast to the traditional flow-based approach, we proposed a packet-based approach which classifies malicious traffic based on packets instead of flows. Deep learning techniques, include Word embedding and Long Short-Term Memory, are adopted for malicious packet classification. Our packet-based approach could reduce the time for pre-processing packets into flows, thus is more suitable for on-line malicious packet detection work. In particular, it helps network devices to defend against Distributed Denial of Service attacks in time. The proposed approach consists of two stages. In the first stage, we will use the existing data set to train and test our deep learning model. We first extract the header fields of each packet from the data set and apply word embedding method to extract the semantics of each packet. Word vectors of a packet header are then fed into the Long Short-Term Memory model to explore the temporal relation between header fields. A softmax function is then used to classify a packet into benign or malicious. In the second stage, a set of real traffic is used to validate the proposed mechanism. According to the experimental results, the method proposed in this invention can accurately detect abnormal packets. The accuracy rate, precision rate, recall rate, and F1-measure is up to 100%, and the false alarm rate is nearly 0%.

備註

連絡單位 (專責單位/部門名稱)

技術移轉授權中心

連絡電話

05-2720411轉16001

網址