研究生: 徐家銘
Chia-Ming Hsu
論文名稱: 運用機器學習強化網路攻擊偵測之研究
A Study of Enhancement of Cyberattack Detection with Machine Learning
指導教授: 呂政修
Jenq-Shiou Leu
口試委員: 周承復
Cheng-Fu Chou
Ke-Chin Chang
Yu-Chuan Chen
Shun-Ji Su
Wen-Hsien Fang
Yie-Tarng Chen
Ray-Guang Cheng
Rong-Jong Wai
學位類別: 博士
系所名稱: 電資學院 - 電子工程系
Department of Electronic and Computer Engineering
論文出版年: 2022
畢業學年度: 110
語文別: 英文
論文頁數: 70
中文關鍵詞: 網路安全網路攻擊網路威脅勒索軟體機器學習深度學習入侵偵測
外文關鍵詞: Cyber Security, Cyberthreat, Cyberattack, ransomware, Machine Learning, Deep Learning, Intrusion detection
The digital age drives the rapid development of technology and brings new threats to the Internet. With changes in work patterns, the post-epidemic era, the wave of digital transformation has been pushed to the highest level, and the trend of cyber threats has also accelerated. For example, in the past, the ransomware attacks required advanced hacking techniques, but with the maturity of the black industry chain and the emergence of the RaaS crime model. Now you just purchase the services and will have complete tools and detailed operating manuals. Anyone can be a hacker. The traditional security defense methods are facing huge challenges. Machine learning techniques that have emerged in recent years offer another solution to the problem of cyberattack detection and prevention.
This thesis first studies the nature of cyberattack, clarifies the core issues, redefines the original seven steps of the current cyberattack process as three key detection points, and discusses the technology and principles used in each key detection point. Then, referring to previous research on network attack detection, we propose suitable detection models for the three key detection points, and use network resources and establish a simulation environment to collect datasets. The results show that the proposed models have good detection rates.
Besides proposing the detection models with good detection rates, our main contribution is to redefine the key detection points and understand the complete picture of cyberattack via combining practical experience to find a suitable solution. At the end of the thesis, we also provide some suggestions for future researchers for each key detection point, hoping to help improve the research capabilities of cyberattack detection.

中文摘要 English Abstract Acknowledgment Glossary of Symbols Abbreviations Contents Chapter1 Introduction 1.1 Motivation 1.2 Literature Review 1.3 Research Purposes 1.4 Research Process 1.5 Research Tools Chapter2 Cyberattack Process Redefined 2.1 Kill Chain Introduction 2.2 Cyberattack Key Detection Point Analysis Chapter3 The Detection of Building Access Point 3.1 Overview 3.2 Methodology 3.2.1 Dataset Description 3.2.2 Data Preprocessing 3.2.3 Machine Learning Model 3.2.4 Proposed Schemes 3.2.5 Result and Discussion Chapter4 The Detection of Remote Persistent Access 4.1 Overview 4.2 Methodology 4.2.1 Dataset Description 4.2.2 Data Preprocessing 4.2.3 Machine Learning Model 4.2.4 Proposed Schemes 4.2.5 Result and Discussion Chapter5 The Detection of the Goal Harvest 5.1 Overview 5.2 Methodology 5.2.1 Dataset Description and Preprocessing 5.2.2 Machine Learning Model 5.2.3 Proposed Schemes 5.2.4 Result and Discussion Chapter6 Conclusion and Future Works 6.1 Conclusion 6.2 Future Works References

