Using RNN for Cyberattack Detection in a Network Log System with Data Visualization

• Main Authors: JIANG, WEI-JE, 江瑋哲
• Other Authors: YANG, CHAO-TUNG
• Format: Others
• Language: en_US
• Published: 2019
• Online Access: http://ndltd.ncl.edu.tw/handle/4na65g

碩士 === 東海大學 === 資訊工程學系 === 107 === In recent years, information security issues have become more and more discussed, from the OpenSSL Heartbleed vulnerability, the hacking of the US Morgan Bank information system, and the DDoS threats GitHub encountered. The purpose of this paper is to provide a network log management system that allows for further visual analysis of all types of users. The system uses ELK Stack technology, and the data analysis part is to filter, analyze and analyze the log data according to the analysis purpose required, and finally visually present it on the web browser. The services of the system are mainly Elasticsearch, Logstash and Kibana, which provide a network log management and visual analysis service. The network attack detection part uses the deep learning model for learning and training, so that the model can learn the characteristics of each attack by known network attack features. The ultimate goal of this paper is to use visual analysis to present various customized Network Log related graphics, and use the relevant resources of the school computer center to filter out important network information, such as source location and cyberattack related behavior. In the paper, the results of deep learning are the classification of attack behavior using RNN model. Different models are used for training and testing comparison, including DNN and LSTM, to find out which model is more suitable for the experimental data in this paper.