本研究先探討了KDD Cup 99、NSL-KDD、UNSW-NB15及CIC-IDS2017等4個常見的入侵偵測任務資料集，並分析其優劣後，選擇使用UNSW-NB15資料集。接下來分析並選擇該資料集最佳的時間步(time steps)，交由改良後的seq2seq、R-Transformer和TCN-BiLSTM 等3種最佳的深度學習模型訓練並評估。
實驗結果顯示，本研究所改良之3種模型之準確率(Accuracy)在UNSW-NB15的10個分類攻擊中分別得到97.55%、97.52%及97.59%的準確率，以及1.30%、1.44%及1.21%的加權平均誤判率，優於未改良前模型的準確率96.80%、96.68%及97.40%和1.54%、2.24%及1.62%的加權平均誤判率。
此外，本研究也發現了CIC-IDS2017資料集會將同一筆TCP 會話(conversation)整理成兩筆紀錄，並且在某情況下會標上不同標籤的情況，此將影響模擬結果。最後本研究亦提出一種模型視覺化的呈現方式，可以瞭解深度學習模型所提供的隱藏資訊，初步判斷是否遭受入侵攻擊。

In this study, we firstly evaluated the strengths and weakness of four network intrusion detection (NID) datasets, namely, KDD Cup 99, NSL-KDD, UNSW-NB15 and CIC-IDS2017 NID datasets. The UNSW-NB15 dataset was selected for this study. We also analyzed the best sequence length (time steps). Secondly, we choosed seq2seq, R-transformer and TCN-BiLSTM models that perform well in time series, and improved these models for the NID.
The NID experimental results were that the accuracies obtained in this study were 97.55%, 97.52%, and 97.59%, a little bit higher than the current existing models.
We also found that the CIC-IDS2017 dataset generates two records of the same TCP conversation, and in some cases, such a record was marked with different labels. In addition, we implemented a visualization tool which could highlight the hidden information of the deep learning model and hint the user there may be an intrusion.

[1] I. Sutskever, O. Vinyals, and Q. V. Le, "Sequence to Sequence learning with neural networks," arXiv:1409.3215, September 2014.
[2] 羅政翔, 利用從序列到序列模型改善入侵偵測系統之惡意入侵偵測能力, 碩士論文, 電腦與通信工程研究所, 國立成功大學, 台南市, 2019.
[3] Z. Muda, W. Yassin, M. N. Sulaiman, and N. I. Udzir, "Intrusion detection based on K-Means clustering and Naïve Bayes classification," 2011 7th International Conference on Information Technology in Asia, 2011, pp. 1-6.
[4] S. S. Sivatha Sindhu, S. Geetha, and A. Kannan, "Decision tree based light weight intrusion detection using a wrapper approach," Expert Systems with Applications, vol. 39, no. 1, pp. 129-141, 2012.
[5] L. Kunlun and T. Guifa, "Unsupervised SVM based on p-kernels for anomaly detection," First International Conference on Innovative Computing, Information and Control - Volume I (ICICIC'06), 2006, vol. 2, pp. 59-62.
[6] G. E. Hinton and R. R. Salakhutdinov, "Reducing the dimensionality of data with neural networks," Science, vol. 313, no. 5786, p. 504, 2006.
[7] Y. LeCun, Y. Bengio, and G. Hinton, "Deep learning," Nature, vol. 521, no. 7553, pp. 436-444, 2015.
[8] K. Shaukat, S. Luo, V. Varadharajan, I. A. Hameed, and M. Xu, "A survey on machine learning techniques for cyber security in the last decade," IEEE Access, vol. 8, pp. 222310-222354, 2020.
[9] X. Jing-Sheng, S. Ji-Zhou, and Z. Xu, "Recurrent network in network intrusion detection system," Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826), 2004, vol. 5, pp. 2676-2679 vol.5.
[10] R. C. Staudemeyer, "Applying long short-term memory recurrent neural networks to intrusion detection," South African Computer Journal, vol. 56, 2015, pp. 136-154.
[11] R. Vinayakumar, K. P. Soman, and P. Poornachandran, "Applying convolutional neural network for network intrusion detection," 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2017, pp. 1222-1228.
[12] W. Lin, H. Lin, P. Wang, B. Wu, and J. Tsai, "Using convolutional neural networks to network intrusion detection for cyber threats," 2018 IEEE International Conference on Applied System Invention (ICASI), 2018, pp. 1107-1110.
[13] G. Loganathan, J. Samarabandu, and X. Wang, "Sequence to Sequence pattern learning algorithm for Real-Time anomaly detection in network traffic," 2018 IEEE Canadian Conference on Electrical & Computer Engineering (CCECE), 2018, pp. 1-4.
[14] P. Ding, J. Li, M. Wen, L. Wang, and H. Li, "Efficient BiSRU combined with feature dimensionality reduction for abnormal traffic detection," IEEE Access, vol. 8, pp. 164414-164427, 2020.
[15] M. Ring, S. Wunderlich, D. Scheuring, D. Landes, and A. Hotho, "A survey of network-based intrusion detection data sets," arXiv:1903.02460, March 2019.
[16] M. I. O. T. LINCOLN LABORATORY. (1998). 1998 DARPA intrusion detection evaluation dataset [Online]. Available: https://www.ll.mit.edu/r-d/datasets/1998-darpa-intrusion-detection-evaluation-dataset. (last access Jan. 23, 2021)
[17] T. U. K. Archive. (1999). KDD Cup 1999 Data [Online]. Available: https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. (last access Jan. 23, 2021)
[18] W. Lee and S. J. Stolfo, "A framework for constructing features and models for intrusion detection systems," ACM Trans. Inf. Syst. Secur., vol. 3, no. 4, pp. 227–261, 2000.
[19] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009, pp. 1-6.
[20] N. Moustafa and J. Slay, "UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)," 2015 Military Communications and Information Systems Conference (MilCIS), 2015, pp. 1-6.
[21] I. Sharafaldin, A. Habibi Lashkari, and A. Ghorbani, "Toward generating a new intrusion detection dataset and intrusion traffic characterization," Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,, 2018, pp. 108-116.
[22] Y. Xin et al., "Machine learning and deep learning methods for cybersecurity," IEEE Access, vol. 6, pp. 35365-35381, 2018.
[23] R. Jozefowicz, W. Zaremba, and I. Sutskever, "An empirical exploration of recurrent network architectures," Proceedings of the 32nd International Conference on International Conference on Machine Learning - Volume 37, Lille, France, 2015: JMLR.org, pp. 2342–2350.
[24] H.-y. Lee. (2015). Training recurrent neural network [Online]. Available: http://speech.ee.ntu.edu.tw/~tlkagk/courses_MLSD15_2.html. (last access Jan. 23, 2021)
[25] S. Hochreiter and J. Schmidhuber, "Long Short-Term Memory," Neural Computation, vol. 9, no. 8, pp. 1735-1780, 1997.
[26] F. A. Gers, J. Schmidhuber, and F. Cummins, "Learning to forget: Continual prediction with LSTM," Neural Computation, vol. 12, no. 10, pp. 2451-2471, 2000.
[27] K. Cho et al., "Learning phrase representations using RNN Encoder-Decoder for Statistical Machine Translation," arXiv:1406.1078, June 2014.
[28] D. Bahdanau, K. Cho, and Y. Bengio, "Neural Machine Translation by jointly learning to align and translate," arXiv:1409.0473, September 2014.
[29] A. Vaswani et al., "Attention is all you need," arXiv:1706.03762, June 2017.
[30] J. Long, E. Shelhamer, and T. Darrell, "Fully convolutional networks for semantic segmentation," arXiv:1411.4038, November 2014.
[31] S. Bai, J. Zico Kolter, and V. Koltun, "An empirical evaluation of generic convolutional and recurrent networks for sequence modeling," arXiv:1803.01271, March 2018.
[32] K. Siddique, Z. Akhtar, F. A. Khan, and Y. Kim, "KDD Cup 99 data sets: A perspective on the role of data sets in network intrusion detection research," Computer, vol. 52, no. 2, pp. 41-51, 2019.
[33] M. Uğurlu and İ. A. Doğru, "A survey on deep learning based intrusion detection system," 2019 4th International Conference on Computer Science and Engineering (UBMK), 2019, pp. 223-228.
[34] L. Mahmoud and R. Praveen, "Artificial neural networks for detecting Intrusions: A survey," 2020 Fifth International Conference on Research in Computational Intelligence and Communication Networks (ICRCICN), 2020, pp. 41-48.
[35] S. Gamage and J. Samarabandu, "Deep learning methods in network intrusion detection: A survey and an objective comparison," Journal of Network and Computer Applications, vol. 169, p. 102767, 2020.
[36] S. Wang, B. Z. Li, M. Khabsa, H. Fang, and H. Ma, "Linformer: Self-Attention with linear complexity," arXiv:2006.04768, June 2020.
[37] S. Mehran Kazemi et al., "Time2Vec: Learning a vector representation of time," arXiv:1907.05321, July 2019.
[38] Z. Wang, Y. Ma, Z. Liu, and J. Tang, "R-Transformer: Recurrent neural network enhanced transformer," arXiv:1907.05572, July 2019.
[39] F.-F. L. A. K. J. Johnson. (2016). Spatial localization and detection [Online]. Available: http://cs231n.stanford.edu/slides/2016/winter1516_lecture8.pdf. (last access Jan. 23, 2021)
[40] O. Faker and E. Dogdu, "Intrusion detection using big data and deep learning techniques," Proceedings of the 2019 ACM Southeast Conference, Kennesaw, GA, USA, 2019: Association for Computing Machinery, pp. 86–93.
[41] R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-Nemrat, and S. Venkatraman, "Deep learning approach for intelligent intrusion detection system," IEEE Access, vol. 7, pp. 41525-41550, 2019.
[42] N. Elmrabit, F. Zhou, F. Li, and H. Zhou, "Evaluation of machine learning algorithms for anomaly detection," 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), 2020, pp. 1-8.
[43] J. Zhang, F. Li, and F. Ye, "An Ensemble-based network intrusion detection scheme with Bayesian deep learning," ICC 2020 - 2020 IEEE International Conference on Communications (ICC), 2020, pp. 1-6.