近幾年以來網路的攻擊事件層出不窮，並且出現的頻率越來越頻繁，不管是政府機關網站、電商平台、甚至是銀行網銀平台，都是經常性常被網路攻擊的對象。現行最常被用來發動攻擊的種類為分散式阻斷服務攻擊(DDoS)，此攻擊方式不管是針對網站也能對電子郵件主機以及DNS主機做惡意攻擊，各種遭受攻擊影響的程度可大可小，小則造成服務異常變慢；大則造成服務中斷，倘若仰賴網路為主要收入來源的企業，那可會損失慘重。
在本篇論文中，我們提出了兩種方法用於偵測網路流量異常的判斷，分別是流量門檻職實驗法及機器學習流量監控判斷法，這個系統可以有效的從網路流量中識別異常攻擊流量。於方法一，流量門檻職實驗法中使用Cold Start方法當預設參數，經由平均值及標準差做優化數據調整，於方法二中，從網路流量中提取卷積神經系統的特徵屬性，並通過使用人工神經網絡來訓練分類出模型。而實驗結果也證明了，使用機器學習作為異常流量判斷的檢測準確度優於使用傳統人工判斷檢測的準確度，且能降低人力等支出的額外成本。

In recent years, Internet attacks have arisen in an endless stream and the frequency of occurrence has become more frequent. Whether it is a government website, an e-commerce platform or even an online banking platform, it is often the frequent subject of attacks on the network. The most frequently used type of attack is the Distributed Denial of Service (DDoS, for short). This attack method can also maliciously attack email and Domain Name Server (DNS, for short). hosts for websites, and the extension of several attacks can be seriously affected. the slight situation might cause the service to be abnormally slow, and the severe situation cause the service to be interrupted. If the company depends on the Internet as the main source of income, it will be very expensive.

In this thesis, we propose two methods to detect network traffic anomalies, those are the traffic threshold test method and the automatic learning traffic monitoring evaluation method. This system can effectively identify abnormal attacking traffic in network. In the first method, the flow threshold method uses the Cold Start method as a pre-set parameter, the optimization data is adjusted through the average value and the standard deviation. In the second method, the characteristic attribute of the convolutional nervous system is extracted from network traffic, and through the using artificial neural networks, the corresponding classification mold will be trained. The experimental results also show that the detection accuracy where the machine learning like the abnormal flow judgment is better than the traditional manual judgment detection, besides could reduce the additional cost of labor and other expenses.

英文文獻
Bengio, Y. (2009).“Learning deep architectures for AI,” in Foundations and Trends in Machine Learning, vol.2, no.1, pp.1-127.

Ciresan, D.C., Meier, U., Masci, J., Gambardella, L.M., and Schmidhuber, J. (2011).“High-performance neural networks for visual object classification,” Arxiv Preprint arXiv:1102.0183, Cornell University.

Ciresan, D.C., Meier, U., and Schmidhuber, J. (2012).“Multi-column deep neural networks for image classification,” Arxiv Preprint arXiv: 1202.2745, Cornell University.

Gao, Z., and Ansari, N. (2006).“Differentiating malicious DDoS attack traffic from normal TCP flows by proactive tests,” IEEE Communications Letters, vol.10, no.11, pp.793-795.

Hinton, G.E., Osindero, S., and Teh, Y.W. (2006).“A fast learning algorithm for deep belief nets,” Neural Computation, vol.18, no.7, pp. 1527-1554.

Hinton, G.E., and Salakhutdinov, R.R. (2006).“Reducing the dimensionality of data with neural networks,” Science, vol.313, no.5786, pp.505-507.

Khoa, N.L.D., Sakakibara, K., and Nishikawa, I. (2006).“Stock price forecasting using back propagation neural networks with time and profit based adjusted weight factors,”2006 SICE-ICASE International Joint Conference, Busan, South Korea.

Kondo, T., Ueno, J., and Takao, S. (2011).“Medical image diagnosis of lung cancer by revised GMDH-type neural network self-selecting optimum neuron architectures,” Proceedings of 2011 IEEE/SICE International Symposium on System Integration, Kyoto, Japan.

Krizhevsky A., Sutskever I., and Hinton G. (2012).“ImageNet classification with deep convolutional neural networks,” Proceedings of the 25th International Conference on Neural Information Processing Systems,vol.1, pp.1097-1105, Lake Tahoe, Nevada.

LeCun, Y., Bottou, L., Bengio, Y., and Haffner, P. (1998).“Gradient-based learning applied to document recognition,” Proceedings of the IEEE, vol.86, no.11, pp.2278-2324.

LeCun, Y., Bengio, Y., and Hinton, G.E. (2015).“Deep learning,” Nature, vol.521, no.7553, pp.436-444.

LeCun, Y., Kavukcuoglu, K., and Farabet, C. (2010).“Convolutional networks and applications in vision,” Proceedings of 2010 IEEE International Symposium on Circuits and Systems (ISCAS), Paris, France.

Liu, Y., Liu, H., Zhang, B., and Wu, G. (2004).“Extraction of if-then rules from trained neural network and its application to earthquake prediction,” Proceedings of the Third IEEE International Conference on Cognitive Informatics, Victoria, BC, Canada.

Shevtekar, A. and Ansari, N. (2009).“Is it congestion or a DDoS attack?” IEEE Communications Letters, vol.13, no.7, pp.576-548.

Thomas, R., Householder, A., Manion, A., Pesante, L., and Weaver, G.M. (2001).“Managing the threat of Denial-of-Service attacks,” CERT® Coordination Center, v10.0, Carnegie Mellon University.

中文文獻
李毓展，2016，雲端環境下改良式 DDoS 防禦機制之研究，東吳大學商學院資訊管理學系碩士論文

紀宏宜，2005，應用倒傳遞類神經網路偵測網際網路阻斷服務攻擊之研究，樹德科技大學電腦與通訊系碩士班碩士論文

黃忠祥，2012，軍事資訊網路即時監控暨回報系統設計與實作-以自動化資訊系統為例，國防大學管理學院資訊管理學系碩士班碩士論文

林育生，2002，以流量分析為基礎之網路攻擊偵測系統，中正理工學院資訊科學所碩士論文。

林光興，2006，以 SNMP 與資料探勘技術建構入侵偵測系統，世新大學資訊管理系碩士論文。

網路部分
Akamai’s security Q3 2016 report. (2016, Q3). 2019/03/10, Retrieved from :
https://www.akamai.com/us/en/multimedia/documents/state-of-the- internet/q3-2016-state-of-the-internet-security-report.pdf

Chollet, F. (2015). Keras, 2019/03/10, Retrieved from : https://github.com/fchollet/keras

LISA. Lab. (2008-2016). Theano 0.7 documentation, 2019/03/10, Retrieved from :http://deeplearning.net/software/theano/index.html

Michael, C. (2016). “What’s the Difference Between Artificial Intelligence, Machine Learning, and Deep Learning?,” 2019/03/10, Retrieved from :
https://blogs.nvidia.com/blog/2016/07/29/whats-difference-artificial-intelligence-machine-learning-deep-learning-ai/

SNMP Research International, Inc. 2019/03/10, Retrieved from :
http://www.snmp.com/company/snmpcompanies.shtml

Kottler, S.“February 28th DDoS Incident Report,”2019/03/10, Retrieved from : https://github.blog/2018-03-01-ddos-incident-report/

行政院國家資通安全會報技術服務中心 ，「104年第2次政府資通安全防護巡迴研討會」教材 DDoS 攻擊簡介與案例分享，(2015)，2019/03/10 取自 :
https://www.nccst.nat.gov.tw/HandoutDetail?lang=zh&seq=1251