數位時代驅動科技快速發展，同時也帶來網路新型態威脅。後疫情時代帶來工作型態的改變，更將世界數位轉型浪潮推至最高，網路威脅趨勢亦加速攀升。以近年快速發展的勒索軟體威脅為例，黑色產業鏈的成熟與勒索軟體即服務（Ransomware-as-a-Service，RaaS）犯罪模式的出現，使得過去需要高深技術的網路攻擊，現在只要透過購買服務，就有完整工具與教學。任何人都可以是駭客。傳統資安防禦形式已面臨巨大挑戰；而近年興起的機器學習技術，則為網路攻擊偵測問題提供另一解決之道。
本論文首先深入研究網路攻擊本質，釐清問題核心，透過分析現行網路攻擊流程，將原有7個步驟重新定義為3個關鍵偵測點，並探討各關鍵偵測點所用技術與原理；接續，提出可行之機器學習偵測模型並實作驗證，我們參考過去網路攻擊偵測的相關研究，針對3個關鍵偵測點分別運用現行網路資源與建立仿真模擬環境，收集資料集，並選擇合適偵測模型進行實驗，實驗結果顯示所提出之模型均有不錯的偵測率。
本研究主要貢獻在於結合實務經驗，分析完整網路攻擊全貌與問題本質，歸納定義攻擊流程關鍵偵測點，並找出可行之機器學習解決方案，論文最後亦針對3個關鍵偵測點分別提出未來研究建議，以協助完善網路攻擊偵測研究能量。

The digital age drives the rapid development of technology and brings new threats to the Internet. With changes in work patterns, the post-epidemic era, the wave of digital transformation has been pushed to the highest level, and the trend of cyber threats has also accelerated. For example, in the past, the ransomware attacks required advanced hacking techniques, but with the maturity of the black industry chain and the emergence of the RaaS crime model. Now you just purchase the services and will have complete tools and detailed operating manuals. Anyone can be a hacker. The traditional security defense methods are facing huge challenges. Machine learning techniques that have emerged in recent years offer another solution to the problem of cyberattack detection and prevention.
This thesis first studies the nature of cyberattack, clarifies the core issues, redefines the original seven steps of the current cyberattack process as three key detection points, and discusses the technology and principles used in each key detection point. Then, referring to previous research on network attack detection, we propose suitable detection models for the three key detection points, and use network resources and establish a simulation environment to collect datasets. The results show that the proposed models have good detection rates.
Besides proposing the detection models with good detection rates, our main contribution is to redefine the key detection points and understand the complete picture of cyberattack via combining practical experience to find a suitable solution. At the end of the thesis, we also provide some suggestions for future researchers for each key detection point, hoping to help improve the research capabilities of cyberattack detection.

[1]H. J. Highland, "The BRAIN Virus: Fact and Fantasy," Computers & Security, vol. 7, no. 4, pp. 367-370, 1988.
[2]AV-TEST Company, "Facts & Analyses on the Threat Scenario: The AV-TEST Security Report 2019/2020," AV-TEST Company, Germany, 2020.
[3]SONICWALL, "Cyber Threat Intelligence for Navigating The New Business Reality," SONICWALL, 2021.
[4]B. G. Janus Agcaoili. "An Analysis of the Nefilim Ransomware." Trend Micro. Retrieved from https://www.trendmicro.com/en_us/research/21/b/nefilim-ransomware.html, 2021.
[5]FIREEYE, "Cyber Threat Intelligence on Advanced Attack Groups and Technology Vulnerabilities." from https://www.fireeye.com/current-threats/reports-by-industry.html, 2021.
[6]Yang Xin, Lingshuang Kong, Zhi Liu, Yuling Chen, Yanmiao Li, Hongliang Zhu, Mingcheng Gao, Haixia Hou, and Chunhua Wang, "Machine Learning and Deep Learning Methods for Cybersecurity," Ieee access, vol. 6, pp. 35365-35381, 2018.
[7]I. H. Sarker, A. Kayes, S. Badsha, H. Alqahtani, P. Watters, and A. Ng, "Cybersecurity Data Science: An Overview from Machine Learning Perspective," Journal of Big data, vol. 7, no. 1, pp. 1-29, 2020.
[8]J. Martínez Torres, C. Iglesias Comesaña, and P. J. García-Nieto, "Review: Machine Learning Techniques Applied to Cybersecurity," International Journal of Machine Learning and Cybernetics, vol. 10, no. 10, pp. 2823-2836, 2019/10/01 2019, doi: 10.1007/s13042-018-00906-1.
[9]B. Geluvaraj, P. Satwik, and T. A. Kumar, "The Future of Cybersecurity: Major Role of Artificial Intelligence, Machine Learning, and Deep Learning in Cyberspace," in International Conference on Computer Networks and Communication Technologies, 2019: Springer, pp. 739-747.
[10]S. Gilda, "Notice of violation of IEEE publication principles: Evaluating Machine Learning Algorithms for Fake News Detection," in 2017 IEEE 15th student conference on research and development (SCOReD), 2017: IEEE, pp. 110-115.
[11]Peijun Du, Xuyu Bai, Kun Tan, Zhaohui Xue, Alim Samat, Junshi Xia, Erzhu Li, Hongjun Su, and Wei Liu, "Advances of Four Machine Learning Methods for Spatial Data Handling: A review," Journal of Geovisualization and Spatial Analysis, vol. 4, pp. 1-25, 2020.
[12]B. K. Mohanta, D. Jena, U. Satapathy, and S. Patnaik, "Survey on IoT Security: Challenges and Solution Using Machine Learning, Artificial Intelligence and Blockchain Technology," Internet of Things, vol. 11, p. 100227, 2020.
[13]G. Gui, F. Liu, J. Sun, J. Yang, Z. Zhou, and D. Zhao, "Flight Delay Prediction Based on Aviation Big Data and Machine Learning," IEEE Transactions on Vehicular Technology, vol. 69, no. 1, pp. 140-150, 2019.
[14]F. Kuang, W. Xu, and S. Zhang, "A Novel Hybrid KPCA and SVM with GA Model for Intrusion Detection," Applied Soft Computing, vol. 18, pp. 178-184, 2014.
[15]S. Hettich, "The Uci Kdd Archive," http://kdd. ics. uci. edu, 1999.
[16]R. R. Reddy, Y. Ramadevi, and K. N. Sunitha, "Effective Discriminant Function for Intrusion Detection Using SVM," in 2016 International conference on advances in computing, communications and informatics (ICACCI), 2016: IEEE, pp. 1148-1153.
[17]B. Ingre and A. Yadav, "Performance Analysis of NSL-KDD Dataset Using ANN," in 2015 international conference on signal processing and communication engineering systems, 2015: IEEE, pp. 92-96.
[18]N. Farnaaz and M. Jabbar, "Random Forest Modeling for Network Intrusion Detection System," Procedia Computer Science, vol. 89, pp. 213-217, 2016.
[19]J. Zhang, M. Zulkernine, and A. Haque, "Random-Forests-Based Network Intrusion Detection Systems," IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), vol. 38, no. 5, pp. 649-659, 2008.
[20]A. Javaid, Q. Niyaz, W. Sun, and M. Alam, "A Deep Learning Approach for Network Intrusion Detection System," Eai Endorsed Transactions on Security and Safety, vol. 3, no. 9, p. e2, 2016.
[21]S. M. Kasongo and Y. Sun, "A Deep Learning Method with Filter Based Feature Engineering for Wireless Intrusion Detection System," IEEE Access, vol. 7, pp. 38597-38607, 2019.
[22]G. Cusack, O. Michel, and E. Keller, "Machine Learning-Based Detection of Ransomware Using SDN," in Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, 2018, pp. 1-6.
[23]Y. Takeuchi, K. Sakai, and S. Fukumoto, "Detecting Ransomware Using Support Vector Machines," in Proceedings of the 47th International Conference on Parallel Processing Companion, 2018, pp. 1-6.
[24]O. M. Alhawi, J. Baldwin, and A. Dehghantanha, "Leveraging Machine Learning Techniques for Windows Ransomware Network Traffic Detection," in Cyber threat intelligence: Springer, 2018, pp. 93-106.
[25]S. Poudyal, K. P. Subedi, and D. Dasgupta, "A Framework for Analyzing Ransomware Using Machine Learning," in 2018 IEEE Symposium Series on Computational Intelligence (SSCI), 2018: IEEE, pp. 1692-1699.
[26]S. K. Shaukat and V. J. Ribeiro, "RansomWall: A Layered Defense System Against Cryptographic Ransomware Attacks Using Machine Learning," in 2018 10th International Conference on Communication Systems & Networks (COMSNETS), 2018: IEEE, pp. 356-363.
[27]U. Adamu and I. Awan, "Ransomware Prediction Using Supervised Learning Algorithms," in 2019 7th International Conference on Future Internet of Things and Cloud (FiCloud), 2019: IEEE, pp. 57-63.
[28]K. Lee, S.-Y. Lee, and K. Yim, "Machine Learning Based File Entropy Analysis for Ransomware Detection in Backup Systems," IEEE Access, vol. 7, pp. 110205-110215, 2019.
[29]M. Hirano and R. Kobayashi, "Machine Learning Based Ransomware Detection Using Storage Access Patterns Obtained from Live-Forensic Hypervisor," in 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS), 2019: IEEE, pp. 1-6.
[30]S. Maniath, A. Ashok, P. Poornachandran, V. Sujadevi, P. S. AU, and S. Jan, "Deep Learning LSTM Based Ransomware Detection," in 2017 Recent Developments in Control, Automation & Power Engineering (RDCAPE), 2017: IEEE, pp. 442-446.
[31]J. Straub, "Modeling Attack, Defense and Threat Trees and the Cyber Kill Chain, ATT&CK and STRIDE Frameworks as Blackboard Architecture Networks," in 2020 IEEE International Conference on Smart Cloud (SmartCloud), 2020: IEEE, pp. 148-153.
[32]S. S. B. Shirazi, M. Rashid, F. Azam, Y. Rasheed, and M. W. Anwar, "A Model-Driven Framework for Early Analysis of Kill Chain Attacks," in 2021 National Computing Colleges Conference (NCCC), 2021: IEEE, pp. 1-5.
[33]C.-M. Hsu, M. Z. Azhari, H.-Y. Hsieh, S. W. Prakosa, and J.-S. Leu, "Robust Network Intrusion Detection Scheme Using Long-Short Term Memory Based Convolutional Neural Networks," Mobile Networks and Applications, vol. 26, no. 3, pp. 1137-1144, 2021.
[34]C.-M. Hsu, C.-C. Yang, H.-H. Cheng, P. E. Setiasabda, and J.-S. Leu, "Enhancing File Entropy Analysis to Improve Machine Learning Detection Rate of Ransomware," IEEE Access, vol. 9, pp. 138345-138351, 2021.
[35]S. R. Safavian and D. Landgrebe, "A Survey of Decision Tree Classifier Methodology," IEEE transactions on systems, man, and cybernetics, vol. 21, no. 3, pp. 660-674, 1991.
[36]J. Shawe-Taylor and N. Cristianini, "Kernel Methods for Pattern Analysis," Cambridge university press, 2004.
[37]J. Neter, M. H. Kutner, C. J. Nachtsheim, and W. Wasserman, "Applied Linear Statistical Models," 1996.
[38]A. McCallum and K. Nigam, "A Comparison of Event Models for Naive Bayes Text Classification," in AAAI-98 workshop on learning for text categorization, 1998, vol. 752, no. 1: Citeseer, pp. 41-48.
[39]Y. LeCun, Y. Bengio, and G. Hinton, "Deep learning," nature, vol. 521, no. 7553, pp. 436-444, 2015.
[40]Y. Zhang and B. Wallace, "A Sensitivity Analysis of (and practitioners' guide to) Convolutional Neural Networks for Sentence Classification," arXiv preprint arXiv:1510.03820, 2015.
[41]A. Graves, A.-r. Mohamed, and G. Hinton, "Speech Recognition with Deep Recurrent Neural Networks," in 2013 IEEE international conference on acoustics, speech and signal processing, 2013: Ieee, pp. 6645-6649.
[42]M. Li, W. Huang, Y. Wang, W. Fan, and J. Li, "The Study of APT Attack Stage Model," in 2016 IEEE/ACIS 15th International Conference on Computer and Information Science (ICIS), 2016: IEEE, pp. 1-5.
[43]K. Xing, A. Li, R. Jiang, and Y. Jia, "A Review of APT Attack Detection Methods and Defense Strategies," in 2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC), 2020: IEEE, pp. 67-70.
[44]D. Liu, H. Zhang, H. Yu, X. Liu, Y. Zhao, and G. Lv, "Research and Application of APT Attack Defense and Detection Technology Based on Big Data Technology," in 2019 IEEE 9th International Conference on Electronics Information and Emergency Communication (ICEIEC), 2019: IEEE, pp. 1-4.
[45]A. Tyagi, L. Ahuja, S. K. Khatri, and S. Som, "Prevention of Drive by Download Attack (URL Malware Detector)," in 2019 Third International Conference on Inventive Systems and Control (ICISC), 2019: IEEE, pp. 114-118.
[46]Y. Fang, C. Zhang, C. Huang, L. Liu, and Y. Yang, "Phishing Email Detection Using Improved RCNN Model with Multilevel Vectors and Attention Mechanism," IEEE Access, vol. 7, pp. 56329-56340, 2019.
[47]S. Sharma and R. Gupta, "Intrusion Detection System: A Review," International Journal of Security and Its Applications, vol. 9, no. 5, pp. 69-76, 2015.
[48]S. S. Kaushik and P. Deshmukh, "Detection of Attacks in An Intrusion Detection System," International Journal of Computer Science and Information Technologies (IJCSIT), vol. 2, no. 3, pp. 982-986, 2011.
[49]S. Revathi and A. Malathi, "A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection," International Journal of Engineering Research & Technology (IJERT), vol. 2, no. 12, pp. 1848-1853, 2013.
[50]L. Dhanabal and S. Shantharajah, "A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms," International journal of advanced research in computer and communication engineering, vol. 4, no. 6, pp. 446-452, 2015.
[51]S. Hochreiter and J. Schmidhuber, "Long Short-Term Memory," Neural computation, vol. 9, no. 8, pp. 1735-1780, 1997.
[52]T. S. Pham, T. H. Hoang, and V. Van Canh, "Machine Learning Techniques for Web Intrusion Detection—A Comparison," in 2016 Eighth International Conference on Knowledge and Systems Engineering (KSE), 2016: IEEE, pp. 291-297.
[53]H. Pereira and E. Jamhour, "A Clustering-Based Method for Intrusion Detection in Web Servers," in ICT 2013, 2013: IEEE, pp. 1-5.
[54]A. D. Landress, "A Hybrid Approach to Reducing The False Positive Rate in Unsupervised Machine Learning Intrusion Detection," in SoutheastCon 2016, 2016: IEEE, pp. 1-6.
[55]C. Yin, Y. Zhu, J. Fei, and X. He, "A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks," Ieee Access, vol. 5, pp. 21954-21961, 2017.
[56]C. Xu, J. Shen, X. Du, and F. Zhang, "An Intrusion Detection System Using A Deep Neural Network with Gated Recurrent Units," IEEE Access, vol. 6, pp. 48697-48707, 2018.
[57]Y. Shen, K. Zheng, C. Wu, M. Zhang, X. Niu, and Y. Yang, "An Ensemble Method Based on Selection Using Bat Algorithm for Intrusion Detection," The Computer Journal, vol. 61, no. 4, pp. 526-538, 2018.
[58]S. Waskle, L. Parashar, and U. Singh, "Intrusion Detection System Using PCA with Random Forest Approach," in 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC), 2020: IEEE, pp. 803-808.
[59]R. Vinayakumar, M. Alazab, K. Soman, P. Poornachandran, A. Al-Nemrat, and S. Venkatraman, "Deep Learning Approach for Intelligent Intrusion Detection System," IEEE Access, vol. 7, pp. 41525-41550, 2019.
[60]L.-H. Li, R. Ahmad, W.-C. Tsai, and A. K. Sharma, "A Feature Selection Based DNN for Intrusion Detection System," in 2021 15th International Conference on Ubiquitous Information Management and Communication (IMCOM), 2021: IEEE, pp. 1-8.
[61]A. I. Elkhawas and N. Abdelbaki, "Malware Detection Using Opcode Trigram Sequence with SVM," in 2018 26th International Conference on Software, Telecommunications and Computer Networks (SoftCOM), 2018: IEEE, pp. 1-6.