隨著網路攻擊日益頻繁，資訊安全已成為各界關注的焦點。近年來，RESTful API 的廣泛應用與生成式AI技術的迅速發展，進一步提高了API漏洞遭受攻擊的風險，導致傳統資安架構在面對此類新興威脅時，預警與偵測能力普遍不足。對中小企業而言，更因資源與預算有限，難以建置高成本的資安防護設備，卻同樣暴露於高度的資安風險中。為因應上述挑戰，本研究針對中小企業的實務需求，提出一套結合機器學習與訊號分解技術的深度學習模型，並建構異常監測與預警系統，整體系統架構設計共分為三個階段：
1. 日誌分類：透過機器學習模型分析網站日誌，並將其分為六個類別。經多種模型比較後，選擇決策樹（Decision Tree）作為第一階段的分類器，因其在分類準確率與執行效率之間達成最佳平衡。
2. 流量預測：結合訊號分解技術與深度學習模型進行網站流量預測。實驗結果顯示，採用變分模態分解（Variational Mode Decomposition, VMD）進行異常前處理並搭配VMD分解與長短期記憶網路（Long Short-Term Memory, LSTM）模型的組合表現最佳。此結果說明，若能有效分離異常資料，即使僅使用基礎的LSTM模型，亦足以滿足異常監控系統之預測需求。
3. 異常監控系統：整合前述模型建構即時異常偵測與預警系統，透過儀表板即時呈現結果，並於偵測異常時發送LINE通知，協助中小企業即時應對潛在威脅。
本研究的主要貢獻在於建立一套兼顧準確率、運算效能與實用性的異常監控框架，特別適用於資源有限的中小企業，有效強化其資訊安全防護。未來亦可進一步探討系統在不同網站架構下的適應性，並優化模型使其能處理長期異常波動，提升整體穩定性與預測能力。

With the increasing frequency of cyberattacks, information security has become a critical focus across industries. The widespread adoption of RESTful APIs and the rapid advancement of generative AI technologies have heightened the risk of API vulnerabilities being exploited, rendering traditional security architectures inadequate in early warning and detection capabilities against these emerging threats. For small and medium-sized enterprises (SMEs), limited resources and budgets make it challenging to implement costly security infrastructure, yet they face equally significant cybersecurity risks. To address these challenges, this study proposes a deep learning model integrating machine learning and signal decomposition techniques, alongside an anomaly detection and early warning system tailored to the practical needs of SMEs. The system architecture is designed in three phases:
1. Log Classification: A machine learning model analyzes website logs and categorizes them into six classes. After comparing multiple models, the Decision Tree was selected as the classifier for the first phase due to its optimal balance between classification accuracy and computational efficiency.
2. Traffic Prediction: Website traffic prediction is performed using a combination of signal decomposition techniques and deep learning models. Experimental results demonstrate that the combination of Variational Mode Decomposition (VMD) for anomaly preprocessing, followed by VMD decomposition and Long Short-Term Memory (LSTM) models, yields the best performance. This indicates that effective separation of anomalous data enables even a basic LSTM model to meet the predictive requirements of an anomaly monitoring system.
3. Anomaly Monitoring System: The system integrates the aforementioned models to build a real-time anomaly detection and early warning framework. Results are displayed on a dashboard in real time, and LINE notifications are sent upon detecting anomalies, enabling SMEs to respond promptly to potential threats.
The primary contribution of this study lies in developing an anomaly monitoring framework that balances accuracy, computational efficiency, and practicality, specifically tailored for resource-constrained SMEs to enhance their cybersecurity defenses. Future work could explore the system’s adaptability across different website architectures and optimize the model to handle long-term anomalous fluctuations, further improving overall stability and predictive capabilities.

[1] A. Alahmari Ph.D and B. Duncan, Investigating Potential Barriers to Cybersecurity Risk Management Investment in SMEs. 2021.
[2] A. Mendoza and G. Gu, "Mobile Application Web API Reconnaissance: Web-to-Mobile Inconsistencies & Vulnerabilities," in 2018 IEEE Symposium on Security and Privacy (SP), 20-24 May 2018 2018, pp. 756-769, doi: 10.1109/SP.2018.00039. [Online]. Available: https://ieeexplore.ieee.org/abstract/document/8418636
[3] 財團法人台灣網路資訊中心. "針對中小企業不斷演變的網路威脅." https://blog.twnic.tw/2024/02/16/29527/ (accessed.
[4] Akamai, "2024 API Security Impact Study," 2024. [Online]. Available: https://www.akamai.com/lp/api-security-study-2024
[5] G. I. Symposium. "Analysts to Discuss Generative AI Trends and Technologies." https://www.gartner.com/en/newsroom/press-releases/2023-10-11-gartner-says-more-than-80-percent-of-enterprises-will-have-used-generative-ai-apis-or-deployed-generative-ai-enabled-applications-by-2026 (accessed.
[6] M. Alqatf, L. Yu, M. Alhabib, and K. Al-Sabahi, "Deep Learning Approach Combining Sparse Autoencoder With SVM for Network Intrusion Detection," IEEE Access, vol. 6, pp. 1-1, 09/11 2018, doi: 10.1109/ACCESS.2018.2869577.
[7] 宋典曄, "一個使用二階段深度學習架構之網路流量異常偵測機制," 碩士, 資訊工程學系所, 國立中興大學, 台中市, 2020. [Online]. Available: https://hdl.handle.net/11296/q3m9p7
[8] 林文彬, "實作網路預警機制於機器學習與深度學習之網路入侵偵測系統建置," 碩士, 工程科學系碩士在職專班, 國立成功大學, 台南市, 2023. [Online]. Available: https://hdl.handle.net/11296/nj67w6
[9] G. Baye, F. Hussain, A. Oracevic, R. Hussain, and S. M. A. Kazmi, "API Security in Large Enterprises: Leveraging Machine Learning for Anomaly Detection," in 2021 International Symposium on Networks, Computers and Communications (ISNCC), 31 Oct.-2 Nov. 2021 2021, pp. 1-6, doi: 10.1109/ISNCC52172.2021.9615638. [Online]. Available: https://ieeexplore.ieee.org/abstract/document/9615638
[10] J. R. Quinlan, "Induction of decision trees," Machine Learning, vol. 1, no. 1, pp. 81-106, 1986/03/01 1986, doi: 10.1007/BF00116251.
[11] J. R. Quinlan, "C4.5 Programs for Machine Learning," in C4.5, J. R. Quinlan Ed. San Francisco (CA): Morgan Kaufmann, 1993, pp. 291-296.
[12] L. Breiman, J. Friedman, C. J. Stone, and R. A. Olshen, Classification and Regression Trees. Taylor & Francis, 1984.
[13] A. Guezzaz, S. Benkirane, M. Azrour, and S. Khurram, "A Reliable Network Intrusion Detection Approach Using Decision Tree with Enhanced Data Quality," Security and Communication Networks, vol. 2021, no. 1, p. 1230593, 2021, doi: https://doi.org/10.1155/2021/1230593.
[14] C.-L. Lin and C.-L. and Fan, "Evaluation of CART, CHAID, and QUEST algorithms: a case study of construction defects in Taiwan," Journal of Asian Architecture and Building Engineering, vol. 18, no. 6, pp. 539-553, 2019/11/02 2019, doi: 10.1080/13467581.2019.1696203.
[15] J. Mrva, N. Š, L. Hudec, J. Ševcech, and P. Kapec, "Decision Support in Medical Data Using 3D Decision Tree Visualisation," in 2019 E-Health and Bioengineering Conference (EHB), 21-23 Nov. 2019 2019, pp. 1-4, doi: 10.1109/EHB47216.2019.8969926.
[16] H. Tin Kam, "Random decision forests," in Proceedings of 3rd International Conference on Document Analysis and Recognition, 14-16 Aug. 1995 1995, vol. 1, pp. 278-282 vol.1, doi: 10.1109/ICDAR.1995.598994.
[17] L. Breiman, "Random Forests," Machine Learning, vol. 45, no. 1, pp. 5-32, 2001/10/01 2001, doi: 10.1023/A:1010933404324.
[18] L. Breiman, "Bagging predictors," Machine Learning, vol. 24, no. 2, pp. 123-140, 1996/08/01 1996, doi: 10.1007/BF00058655.
[19] E. Fix and J. L. Hodges, Discriminatory Analysis: Nonparametric Discrimination: Consistency Properties. USAF School of Aviation Medicine, 1951.
[20] T. Cover and P. Hart, "Nearest neighbor pattern classification," IEEE Transactions on Information Theory, vol. 13, no. 1, pp. 21-27, 1967, doi: 10.1109/TIT.1967.1053964.
[21] R. Li and S. Li, "Multimedia Image Data Analysis Based on KNN Algorithm," Computational Intelligence and Neuroscience, vol. 2022, no. 1, p. 7963603, 2022, doi: https://doi.org/10.1155/2022/7963603.
[22] T. Admassu, "An optimized K-Nearest Neighbor based breast cancer detection," Journal of Robotics and Control (JRC), vol. 2, 05/01 2021, doi: 10.18196/jrc.2363.
[23] C. Ma, X. Du, and L. Cao, "Improved KNN Algorithm for Fine-Grained Classification of Encrypted Network Flow," Electronics, vol. 9, no. 2, doi: 10.3390/electronics9020324.
[24] M. Injadat, A. Moubayed, A. B. Nassif, and A. Shami, "Multi-Stage Optimized Machine Learning Framework for Network Intrusion Detection," IEEE Transactions on Network and Service Management, vol. 18, no. 2, pp. 1803-1816, 2021, doi: 10.1109/TNSM.2020.3014929.
[25] N. Huang et al., "The empirical mode decomposition and the Hilbert spectrum for nonlinear and non-stationary time series analysis," Proceedings of the Royal Society of London. Series A: Mathematical, Physical and Engineering Sciences, vol. 454, pp. 903-995, 03/08 1998, doi: 10.1098/rspa.1998.0193.
[26] Z. Wu and N. Huang, "Ensemble Empirical Mode Decomposition: a Noise-Assisted Data Analysis Method," Advances in Adaptive Data Analysis, vol. 1, pp. 1-41, 01/01 2009, doi: 10.1142/S1793536909000047.
[27] K. Dragomiretskiy and D. Zosso, "Variational Mode Decomposition," IEEE Transactions on Signal Processing, vol. 62, no. 3, pp. 531-544, 2014, doi: 10.1109/TSP.2013.2288675.
[28] C. E. Shannon, "A mathematical theory of communication," The Bell System Technical Journal, vol. 27, no. 3, pp. 379-423, 1948, doi: 10.1002/j.1538-7305.1948.tb01338.x.
[29] A. Waibel, T. Hanazawa, G. Hinton, K. Shikano, and K. J. Lang, "Phoneme recognition using time-delay neural networks," IEEE Transactions on Acoustics, Speech, and Signal Processing, vol. 37, no. 3, pp. 328-339, 1989, doi: 10.1109/29.21701.
[30] E. U. H. Qazi, A. Almorjan, and T. Zia, "A One-Dimensional Convolutional Neural Network (1D-CNN) Based Deep Learning System for Network Intrusion Detection," Applied Sciences, vol. 12, no. 16, p. 7986, 2022. [Online]. Available: https://www.mdpi.com/2076-3417/12/16/7986.
[31] M. Azizjon, A. Jumabek, and W. Kim, "1D CNN based network intrusion detection with normalization on imbalanced data," in 2020 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), 19-21 Feb. 2020 2020, pp. 218-224, doi: 10.1109/ICAIIC48513.2020.9064976.
[32] A. Jain. "Understanding the 1D Convolutional Layer in Deep Learning." https://medium.com/@abhishekjainindore24/understanding-the-1d-convolutional-layer-in-deep-learning-7a4cb994c981 (accessed.
[33] S. Hochreiter and J. Schmidhuber, "Long Short-Term Memory," Neural Computation, vol. 9, no. 8, pp. 1735-1780, 1997, doi: 10.1162/neco.1997.9.8.1735.
[34] F. Laghrissi, S. Douzi, K. Douzi, and B. Hssina, "Intrusion detection systems using long short-term memory (LSTM)," Journal of Big Data, vol. 8, no. 1, p. 65, 2021/05/07 2021, doi: 10.1186/s40537-021-00448-4.
[35] R.-H. Hwang, M.-C. Peng, V.-L. Nguyen, and Y.-L. Chang, "An LSTM-Based Deep Learning Approach for Classifying Malicious Traffic at the Packet Level," Applied Sciences, vol. 9, no. 16, p. 3414, 2019. [Online]. Available: https://www.mdpi.com/2076-3417/9/16/3414.
[36] A. Lazaris and V. Prasanna, An LSTM Framework For Modeling Network Traffic. 2019.
[37] colah. "Understanding LSTM Networks." https://colah.github.io/posts/2015-08-Understanding-LSTMs/ (accessed.
[38] M. Schuster and K. Paliwal, "Bidirectional recurrent neural networks," Signal Processing, IEEE Transactions on, vol. 45, pp. 2673-2681, 12/01 1997, doi: 10.1109/78.650093.
[39] S. Cornegruta, R. Bakewell, S. Withey, and G. Montana, "Modelling Radiological Language with Bidirectional Long Short-Term Memory Networks," 09/27 2016, doi: 10.48550/arXiv.1609.08409.
[40] G. E. P. a. G. M. J. Box, Time Series Analysis, Forecasting and Control ( Holden Day: San Francisco). 1970.
[41] A. H. Yaacob, I. K. T. Tan, S. F. Chien, and H. K. Tan, "ARIMA Based Network Anomaly Detection," in 2010 Second International Conference on Communication Software and Networks, 26-28 Feb. 2010 2010, pp. 205-209, doi: 10.1109/ICCSN.2010.55.
[42] Q. Yu, L. Jibin, and L. Jiang, "An Improved ARIMA-Based Traffic Anomaly Detection Algorithm for Wireless Sensor Networks," International Journal of Distributed Sensor Networks, vol. 12, no. 1, p. 9653230, 2016, doi: 10.1155/2016/9653230.
[43] 蔡宗儀, "結合訊號分解方法與深度學習預測比特幣價格之研究," 碩士, 工程科學系碩士在職專班, 國立成功大學, 台南市, 2023. [Online]. Available: https://hdl.handle.net/11296/ft456s
[44] "This repository contains a list of of HTTP user-agents used by robots, crawlers, and spiders as in single JSON file." https://github.com/monperrus/crawler-user-agents (accessed.
[45] H. Akaike, "A new look at the statistical model identification," IEEE Transactions on Automatic Control, vol. 19, no. 6, pp. 716-723, 1974, doi: 10.1109/TAC.1974.1100705.