簡易檢索 / 詳目顯示
| 研究生: |
宋柏儒 Sung, Po-Ru |
|---|---|
| 論文名稱: |
應用於殭屍網路偵測的聯邦式學習之在地化全域模型 Localizing global model of Federated Learning for Botnet Detection |
| 指導教授: |
謝錫堃
Shieh, Ce-Kuen |
| 共同指導教授: |
張志標
Chang, Jyh-Biau |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電機資訊學院 - 電機工程學系 Department of Electrical Engineering |
| 論文出版年: | 2022 |
| 畢業學年度: | 110 |
| 語文別: | 英文 |
| 論文頁數: | 31 |
| 中文關鍵詞: | 殭屍網路偵測 、聯邦式學習 、深度神經網路 、在地化聯邦式學習 |
| 外文關鍵詞: | Botnet Detection, Federated Learning, Deep neural Network,, Localized Federated learning |
| 相關次數: | 點閱:135 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
由於殭屍網路所有網路使用者造成許多重大威脅,因此偵測殭屍網路在資訊安全領域為一項十分重要的議題。近年已有多個使用深度學習被提出做為偵測殭屍網路的方法,但傳統深度學習訓練只能使用集中後的資料作為訓練模型的資料。聯邦式學習為一個可跨多個組織的分散式深度訓練方法,並在不侵犯使用者資料隱私的前提下訓練出一個全域模型供所有用戶使用。但由於各用戶上資料的異構性使全域模型在偵測用戶本地殭屍網路時偵測表現會有所下降。在本文中我們使用深度神經網路作為我們的偵測模型並應用於聯邦式學習,並且提出在地化聯邦式學習方法來改善全域模型在偵測用戶端本地殭屍網路的偵測表現下降的問題。我們的在地化聯邦式學習方法為在地化層。我們以全域殭屍網路偵測表現和本地殭屍網路偵測表現兩個面向來探討我們的在地化聯邦式學習方法。在全域殭屍網路偵測表現中,在地化層的最佳準確率和F1-score都能夠比全域模型稍高。在本地殭屍網路偵測表現中,在地化層方法的最佳準確率和F1-score能夠表現的比全域模型來的好。
Botnet detection is an essential issue in cyber security since botnet has dealt enormous damages on internet users. Multiple deep learning methods are proposed to detect botnet in recent years, but traditional deep learning training methods can only train their model with centralized data. Federated learning is a distributed deep learning training method that can train a global model across organizations without invading user data privacy, but the detection performance of global model on client’s local botnet will be declined due to data heterogeneity across all clients. In this paper we use deep neural network as the detection model in federated learning framework, and propose localized federated training methods, which are localized layers and mixture of local and global model, to improve detection ability of global model on clients’ local botnet. We discuss the results of our localized federated learning methods in two aspects, global and local botnet detection performance. In global botnet detection performance, the best accuracy and macro average F1-score of localized layers can perform slightly better than original global model. In local botnet detection performance, the accuracy and macro average F1-score of localized layers also perform better than global model.
[1] C.-Y. Wang, C.-L. Ou, Y.-E. Zhang, F.-M. Cho, J.-B. Chang, and C.-K. Shieh, "BotCluster: A Session-based P2P Botnet Clustering System on NetFlow", Computer Networks, Volume 145, 9 November 2018, pp. 175-189.
[2] M.G. Arivazhagan, V. Aggarwal, A.K. Singh, S. Choudhary, “Federated Learning with Personalization Layers”, https://doi.org/10.48550/arXiv.1912.00818.
[3] F. Hanzely, P. Richtárik, “Federated Learning of a Mixture of Global and Local Models”, https://doi.org/10.48550/arXiv.2002.05516.
[4] Rahbarinia B., Perdisci R., Lanzi A. and Li K., Peerrush “Mining for unwanted p2p traffic”, Journal of Information Security and Applications, 2014, pp. 194-208
[5] Malware Capture Facility Project (2020) – [online] Available at: https://www.stratosphereips.org/datasets-malware
[6] Stratosphere IPS. (2020). CTU-13 Dataset — Stratosphere IPS. [online] Available at: https://www.stratosphereips.org/datasets-ctu13
校內:2025-09-30公開校外:2025-09-30公開