Forecasting Anomalous Behavior from Network Connection Logs by Deep Learning

• Main Authors: Huang, Shin-Ping, 黃馨平
• Other Authors: Lin, Po-Ching
• Format: Others
• Language: en_US
• Published: 2018
• Online Access: http://ndltd.ncl.edu.tw/handle/ex246c

碩士 === 國立中正大學 === 資訊工程研究所 === 106 === In the past, predicting anomalous behaviors should rely on known attack models, but building the models are complicated and may not work for unknown attacks. This work presents a deep leaning model, namely EagleNET, which redefines how to predict the occurrence of anomalous behavior. First, this model can work with only connection information to predict anomalous behaviors. The deep learning model can also learn features automatically. Second, we choose CNN in the training model instead of RNN and LSTM for training time-series data. The experiments demonstrate that using CNN is more than 20 times faster than LSTM. The prediction accuracy is as high as 95.51% and the miss rate is only 2.63%. In the end, we also demonstrate that the model can predict anomalous behavior with which the model is not trained, and the accuracy of this prediction 73.63%. The results show that the EagleNET model can not only achieve high prediction rate, but also have low miss rate.