政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/77179
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 91913/122132 (75%)
Visitors : 25772743      Online Users : 250
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    政大典藏 > College of Commerce > Department of MIS > Theses >  Item 140.119/77179
    Please use this identifier to cite or link to this item: http://nccur.lib.nccu.edu.tw/handle/140.119/77179

    Title: 惡意行為檢測規則生成之研究
    Rule Synthesis for Malicious Behavior Detection
    Authors: 彭雅筠
    Peng, Ya Yun
    Contributors: 蔡瑞煌

    Tsaih, Rua Huan
    Yu, Fang

    Peng, Ya Yun
    Keywords: 惡意行為
    Malicious behavior
    Distributed computing
    Learning algorithm
    Anomaly detection
    Date: 2015
    Issue Date: 2015-08-03 13:21:14 (UTC+8)
    Abstract: 未知的惡意行為對電腦安全機制造成很大的威脅,如果沒有有效的檢測規則,那些透過監控系統行為的工具可能無法識別未知攻擊,即使是那些配備了比傳統電腦系統還能收集更多更詳細資訊的虛擬機管理員的雲端系統仍然會受到其威脅,要能夠從大量資料中辨別出異常行為才能夠解決這個問題。因此,我們提出一個新的分散式異常值偵測演算法,利用倒傳導類神經網路與信封模組來找出大部份行為的模式,而那些沒有被歸類至此模式的行為則會被當作是異常值,具體而言,此演算法所產生的規則可以用來找出未知攻擊,因為那些不屬於已知攻擊與正常行為的樣本,會被當作是異常值。而透過分散式運算,我們可以加強演算法的效能,並處理大量資料。
    Malicious behavior that has unknown patterns poses a great challenge to security mechanisms of computers. Without effective detection rules, tools via monitoring system behaviors may fail to identify unknown attacks. The threats continue to cloud systems, even for those equipped with VMMs that are capable of collecting much larger and more detailed online system and operation information in a virtualization environment than a traditional PC system. It is essential to be able to identify abnormal behavior out from a large data set to detect unknown attacks. To address this issue, we propose a new distributed outlier detection algorithm that characterizes the majority pattern of observations as a backpropagation neural network and derive detection rules to reveal abnormal samples that fail to fall into the majority. Specifically, the rules generated by the algorithm can be used to distinguish samples as outliers that violate patterns of known attacks and normal behaviors and hence to identify unknown attacks and reform their patterns. With distributed computing we can enhance the performance of the algorithm and handle huge amounts of data.
    Reference: [1] Almeida, L., & Silva, F. (1990). Speeding up backpropagation. Adv Neural Comput, 151-158.
    [2] Bayer, U., Comparetti, P. M., Hlauschek, C., Kruegel, C., & Kirda, E. (2009, February). Scalable, Behavior-Based Malware Clustering. In NDSS (Vol. 9, pp. 8-11).
    [3] Cortes, C., & Vapnik, V. (1995). Support-vector networks. Machine learning,20(3), 273-297.
    [4] Faour, A., Leray, P., & Bassam, E. T. E. R. (2007). Growing hierarchical self-organizing map for alarm filtering in network intrusion detection systems. InNew Technologies, Mobility and Security (pp. 631-631). Springer Netherlands.
    [5] Faour, A., Leray, P., & Eter, B. (2006). A SOM and Bayesian network architecture for alert filtering in network intrusion detection systems. InInformation and Communication Technologies, 2006. ICTTA'06. 2nd (Vol. 2, pp. 3175-3180). IEEE.
    [6] Feyereisl, J., & Aickelin, U. (2009). Self-Organising Maps in Computer Security.Computer Security: Intrusion, Detection and Prevention, Ed. Ronald D. Hopkins, Wesley P. Tokere, 1-30.
    [7] Figueroa-Nazuno, J. Neural Networks: A Comprehensive Foundation.Computación y Sistemas, 4(2), 188-190.
    [8] Garfinkel, T., & Rosenblum, M. (2003, February). A Virtual Machine Introspection Based Architecture for Intrusion Detection. In NDSS (Vol. 3, pp. 191-206).
    [9] Hodge, V. J., & Austin, J. (2004). A survey of outlier detection methodologies. Artificial Intelligence Review, 22(2), 85-126.
    [10] Hofmeyr, S. A., Forrest, S., & Somayaji, A. (1998). Intrusion detection using sequences of system calls. Journal of computer security, 6(3), 151-180.
    [11] Huang, S. Y., Yu, F., Tsaih, R. H., & Huang, Y. (2014, July). Resistant learning on the envelope bulk for identifying anomalous patterns. In Neural Networks (IJCNN), 2014 International Joint Conference on (pp. 3303-3310). IEEE.
    [12] Jianliang, M., Haikun, S., & Ling, B. (2009, May). The application on intrusion detection based on -means cluster algorithm. In Information Technology and Applications, 2009. IFITA'09. International Forum on (Vol. 1, pp. 150-152). IEEE.
    [13] Kosoresow, A. P., & Hofmeyr, S. A. (1997). Intrusion detection via system call traces. IEEE software, 14(5), 35-42.
    [14] Kramer, A. H., & Sangiovanni-Vincentelli, A. (1989). Efficient parallel learning algorithms for neural networks. In Advances in neural information processing systems (pp. 40-48).
    [15] Lee, S. W., & Yu, F. (2014, January). Securing KVM-Based Cloud Systems via Virtualization Introspection. In System Sciences (HICSS), 2014 47th Hawaii International Conference on (pp. 5028-5037). IEEE.
    [16] Leonard, J., & Kramer, M. A. (1990). Improvement of the backpropagation algorithm for training neural networks. Computers & Chemical Engineering, 14(3), 337-341.
    [17] Leung, K., & Leckie, C. (2005, January). Unsupervised anomaly detection in network intrusion detection using clusters. In Proceedings of the Twenty-eighth Australasian conference on Computer Science-Volume 38 (pp. 333-342). Australian Computer Society, Inc..
    [18] Muda, Z., Yassin, W., Sulaiman, M. N., & Udzir, N. I. (2011, July). Intrusion detection based on K-Means clustering and Naïve Bayes classification. InInformation Technology in Asia (CITA 11), 2011 7th International Conference on (pp. 1-6). IEEE.
    [19] Mukkamala, S., Janoski, G., & Sung, A. (2002). Intrusion detection using neural networks and support vector machines. In Neural Networks, 2002. IJCNN'02. Proceedings of the 2002 International Joint Conference on (Vol. 2, pp. 1702-1707). IEEE.
    [20] Om, H., & Kundu, A. (2012, March). A hybrid system for reducing the false alarm rate of anomaly intrusion detection system. In Recent Advances in Information Technology (RAIT), 2012 1st International Conference on (pp. 131-136). IEEE.
    [21] Payne, B. D. (2012). Simplifying virtual machine introspection using libvmi.Sandia Report.
    [22] Pethick, M., Liddle, M., Werstein, P., & Huang, Z. (2003, November). Parallelization of a backpropagation neural network on a cluster computer. InInternational conference on parallel and distributed computing and systems (PDCS 2003).
    [23] Portnoy, L. (2000). Intrusion detection with unlabeled data using clustering.
    [24] Rauber, A., Merkl, D., & Dittenbach, M. (2002). The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data. Neural Networks, IEEE Transactions on, 13(6), 1331-1341.
    [25] Rieck, K., Holz, T., Willems, C., Düssel, P., & Laskov, P. (2008). Learning and classification of malware behavior. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 108-125). Springer Berlin Heidelberg.
    [26] Rieck, K., Trinius, P., Willems, C., & Holz, T. (2011). Automatic analysis of malware behavior using machine learning. Journal of Computer Security, 19(4), 639-668.
    [27] Riedmiller, M., & Braun, H. (1993). A direct adaptive method for faster backpropagation learning: The RPROP algorithm. In Neural Networks, 1993., IEEE International Conference on (pp. 586-591). IEEE.
    [28] Rumelhart, D. E., Hinton, G. E., & Williams, R. J. (1985). Learning internal representations by error propagation (No. ICS-8506). CALIFORNIA UNIV SAN DIEGO LA JOLLA INST FOR COGNITIVE SCIENCE.
    [29] Sahs, J., & Khan, L. (2012, August). A machine learning approach to android malware detection. In Intelligence and Security Informatics Conference (EISIC), 2012 European (pp. 141-147). IEEE.
    [30] Salomon, R. (1989). Adaptive Regelung der Lernrate bei back-propagation. Technische Universität Berlin. FB 20. Institut für Software und Theoretische Informatik.
    [31] Schiffmann, W., Joost, M., & Werner, R. (1993, April). Comparison of optimized backpropagation algorithms. In ESANN (Vol. 93, pp. 97-104).
    [32] Schmidhuber, J., Pfeifer, I. R., Schreter, Z., Fogelman, Z., & Steels, L. (1989). Accelerated learning in back-propagation nets.
    [33] SO, K. (2011). Cloud computing security issues and challenges. International Journal of Computer Networks, 11-14.
    [34] Tsai, C. F., & Lin, C. Y. (2010). A triangle area based nearest neighbors approach to intrusion detection. Pattern Recognition, 43(1), 222-229.
    [35] Tsaih, R. H., & Cheng, T. C. (2009). A resistant learning procedure for coping with outliers. Annals of Mathematics and Artificial Intelligence, 57(2), 161-180.
    [36] Yoo, I. (2004, October). Visualizing windows executable viruses using self-organizing maps. In Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security (pp. 82-89). ACM.
    Description: 碩士
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0102356045
    Data Type: thesis
    Appears in Collections:[Department of MIS] Theses

    Files in This Item:

    File SizeFormat
    604501.pdf2056KbAdobe PDF0View/Open

    All items in 政大典藏 are protected by copyright, with all rights reserved.

    社群 sharing

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback