Heterogeneous Atypical Data Processing and Deep Learning Methods for Network Intrusion Detection
- 주제(키워드) Network Intrusion , Anomaly Detection , Association Rule Mining , Dynamic Thresholding , Hidden Markov Model , Transformer-based Temporal Analysis , Heterogeneous Data Integration
- 발행기관 아주대학교 일반대학원
- 지도교수 Young-June Choi
- 발행년도 2025
- 학위수여년월 2025. 2
- 학위명 박사
- 학과 및 전공 일반대학원 컴퓨터공학과
- 실제URI http://www.dcollection.net/handler/ajou/000000034701
- 본문언어 영어
- 저작권 아주대학교 논문은 저작권에 의해 보호받습니다.
목차
1 Introduction 1
1.1 Background 1
1.2 Motivation 3
1.2.1 The Need for Data-Invariant Detection Mechanisms 4
1.2.2 Integration and Cross-Device Consistency 4
1.2.3 Adaptive Thresholding, Real-Time Analysis, and Anomaly Clustering 4
1.3 Contributions 7
1.3.1 Novel Data-Invariant Anomaly Detection Approach 7
1.3.2 Integrated Cross-Device Detection Framework 7
1.3.3 HMM-Based Dynamic Thresholding and Real-Time Anomaly Detection 8
1.3.4 Transformer-Based Temporal Analysis and K-means Clustering 8
1.4 Organization 8
2 Related Works 10
2.1 Datasets 10
2.2 Network Intrusion Detection using Association Rule 13
2.3 Machine Learning Approaches for Anomaly Detection and Classification 16
2.4 Machine Learning Techniques for Anomaly Clustering 18
3 Network Attack Detection and Analysis Based on Association Rule 21
3.1 Problem definition 22
3.2 Proposed method 24
3.2.1 Data preprocessing 24
3.2.2 Association rules 25
3.2.3 Network Attack Analysis 26
3.3 Experiments 28
3.3.1 Dataset 28
3.3.2 Evaluation Metrics 29
3.3.3 Experimental Results 30
3.4 summary 36
4 Unsupervised Security Threats Identification for Heterogeneous Events 37
4.1 Problem definition 38
4.2 Proposed method 40
4.2.1 Dataset Generation 40
4.2.2 Data Preprocessing 45
4.2.3 Anomaly Detection 48
4.2.4 Integrated Relevance Analysis 49
4.3 Experiment 51
4.3.1 Experimental Environment 51
4.3.2 Experimental Results 52
4.4 Summary 63
5 AutoMarkTransSystem (AMTS): An Integrated System for Real-Time Anomaly Detection and Clustering 64
5.1 Problem Definition 65
5.2 Proposed method 68
5.2.1 Data Preprocessing and Autoencoder 69
5.2.2 HMM-Based Anomaly Detection and Early Warning 70
5.2.3 Transformer and K-Means for Anomaly Clustering 73
5.3 Experiment 79
5.3.1 Experimental Environment 79
5.3.2 Experimental Results 79
5.4 summary 94
6 Conclusion 95
6.1 Key Contributions 95
6.1.1 Association Rule-Based Network Attack Detection 95
6.1.2 Unsupervised Security Threat Identification for Heterogeneous Events 96
6.1.3 Real-Time Anomaly Detection and Clustering with AutoMark-TransSystem 96
6.2 Overall Contributions 97
6.3 Future Research Directions 98
6.3.1 Empirical Validation in Real-World Industrial Settings 98
6.3.2 Enhancing Online Learning and Dynamic Adaptability 98
6.3.3 Development of Domain-Specific Clustering Techniques 98
6.4 Final Remarks 99
Bibliography 100
