计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (12): 359-367.doi: 10.11896/jsjkx.221000155

• 信息安全 • 上一篇    下一篇

使用RAP生成可传输的对抗网络流量

杨有欢1,2, 孙磊2, 戴乐育2, 郭松2, 毛秀青2, 汪小芹2   

  1. 1 郑州大学网络空间安全学院 郑州 450000
    2 信息工程大学密码工程学院 郑州 450001
  • 收稿日期:2022-10-10 修回日期:2023-03-03 出版日期:2023-12-15 发布日期:2023-12-07
  • 通讯作者: 孙磊(diyage0418@163.com)
  • 作者简介:(202012332015247@gs.zzu.edu.cn)

Generate Transferable Adversarial Network Traffic Using Reversible Adversarial Padding

YANG Youhuan1,2, SUN Lei2, DAI Leyu2, GUO Song2, MAO Xiuqing2, WANG Xiaoqin2   

  1. 1 School of Cyber Science and Engineering,Zhengzhou University,Zhengzhou 450000,China
    2 School of Cryptography Engineering,Information Engineering University,Zhengzhou 450001,China
  • Received:2022-10-10 Revised:2023-03-03 Online:2023-12-15 Published:2023-12-07
  • About author:YANG Youhuan,born in 1998,postgraduate.His main research interests include deep learning and adversarial attack/defense.
    SUN Lei,born in 1973,Ph.D,professor.His in research interests include artificial intelligence and information systems security.

PDF (PC)

2464

摘要: 越来越多的深度学习方法被用于解决网络流量分类任务,但同时也带来了对抗网络流量(ANT)的威胁。对抗网络流量会使基于深度学习方法的网络流量分类器预测错误,进而导致安全防护系统做出错误的决策。视觉领域的对抗攻击算法虽然也可以运用于网络流量上产生对抗网络流量,但是这些算法产生的对抗扰乱会改变网络流量的头部信息,使得网络流量丢失了自己的特有属性和信息。文中分析了对抗样本在网络流量任务和视觉任务上的不同之处,提出了适用于对抗网络流量的攻击算法Reversible Adversarial Padding(RAP)。RAP利用网络流量Packet长度和网络流量分类器输入长度的不同,在尾部填充区域填充没有-ball限制的对抗扰乱。并且,为了解决无法比较不同长度的对抗扰乱会导致不同攻击效果的问题,文中提出了指标收益,其综合考虑了对抗扰乱长度和对抗攻击算法强度对分类器攻击效果的影响。结果表明,RAP不仅保留了网络流量可传递性的属性,而且获得了比传统对抗攻击算法更高的攻击收益。

关键词: 深度学习, 网络流量, 对抗攻击

Abstract: More and more deep learning methods are used for network traffic classification,at the same time,it also brings the threat of adversarial network traffic(ANT).ANT will make network traffic classifier based on deep learning method predict incorrectly,and then cause the security protection system to make wrong decision.Although the adversarial algorithms in the vision field can be used to generate ANT,the perturbations generated by these algorithms will change the header information of the network traffic,causing the network traffic to lose its attributes and information.In this paper,the differences of adversarial examples between network traffic tasks and vision tasks are analyzed,and an attack algorithm suitable for generating ANT is proposed,i.e.,reversible adversarial padding(RAP).RAP uses the difference between the length of the network traffic packet and the input length of the network traffic classifier to fill the tail padding area with no -ball perturbations.Besides,to solve the pro-blem that it is difficult to compare the effects of different lengths perturbations,this paper proposes gain on evaluating metrics,which comprehensively considers the impact of the length of the perturbations and the strength of the adversarial attack algorithm.Experimental results show that RAP not only retains the property of network traffic transferability but also obtains a higher gain of attack than traditional algorithms.

Key words: Deep learning, Netwok traffic, Adversarial attack

中图分类号: 

  • TP181
[1]WANG W,SHENG Y Q,WANG J L,et al.HAST-IDS:Lear-ning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection[J].IEEE Access,2017,6:1792-1806.
[2]WANG W,ZHU M,ZENG X W,et al.Malware traffic classification using convolutional neural network for representation learning[C]//2017 International Conference on Information Networking(ICOIN).IEEE,2017:712-717.
[3]LASHKARI A H,KADIR A F A,GONZALEZ H,et al.To-wards a network-based framework for android malware detection and characterization[C]//2017 15th Annual Conference on Privacy,Security and Trust(PST).IEEE,2017.
[4]PACHECO F,EXPOSITO E,GINESTE M,et al.Towards the deployment of machine learning solutions in network traffic classification:A systematic survey[J].IEEE Communications Surveys & Tutorials,2018,21(2):1988-2014.
[5]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[J].arXiv:1312.6199,2013.
[6]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining andharnessing adversarial examples[J].arXiv:1412.6572,2014.
[7]KURAKIN A,GOODFELLOW I J,BENGIO S.Adversarialexamples in the physical world[J].arXiv:1607.02533,2016.
[8]MADRY A,MAKELOV A,SCHMIDT L,et al.Towards deep learning models resistant to adversarial attacks[J].arXiv:1706.06083,2017.
[9]TAVALLAEE M,BAGHERI E,LU W,et al.A detailed analysis of the KDD CUP 99 data set[C]//2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.IEEE,2009:1-6.
[10]SADEGHZADEH A M,SHIRAVI S,JALILI R.Adversarialnetwork traffic:Towards evaluating the robustness of deep-learning-based network traffic classification[J].IEEE Transactions on Network and Service Management,2021,18(2):1962-1976.
[11]WANG Z Y.The applications of deep learning on traffic identification[J].BlackHat USA,2015,24(11):1-10.
[12]LOPEZ-MARTIN M,CARRO B,SANCHEZ-ESGUEVILLASA,et al.Network traffic classifier with convolutional and recurrent neural networks for Internet of Things[J].IEEE Access,2017,5:18042-18050.
[13]RIMMER V,PREUVENEERS D,JUAREZ M,et al.Automated website fingerprinting through deep learning[J].arXiv:1708.06376,2017.
[14]SIRINAM P,IMANI M,JUAREZ M,et al.Deep fingerprinting:Undermining website fingerprinting defenses with deep learning[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.2018:1928-1943.
[15]ABE K,GOTO S.Fingerprinting attack on Tor anonymity using deep learning[C]//Proceedings of the Asia-Pacific Advanced Network.2016.
[16]WANG P,YE F,CHEN X J,et al.Datanet:Deep learning based encrypted network traffic classification in sdn home gateway[J].IEEE Access,2018,6:55380-55391.
[17]LOTFOLLAHI M,JAFARI S M,SHIRALI H Z R,et al.Deep packet:A novel approach for encrypted traffic classification using deep learning[J].Soft Computing,2020,24(3):1999-2012.
[18]REZAEI S,KROENCKE B,LIU X.Large-scale mobile appidentification using deep learning[J].IEEE Access,2019,8:348-362.
[19]ACETO G,CIUONZO D,MONTIERI A,et al.Mobile encryp-ted traffic classification using deep learning:Experimental evaluation,lessons learned,and challenges[J].IEEE Transactions on Network and Service Management,2019,16(2):445-458.
[20]DRAPER-GIL G,LASHKARI A H,MAMUN M S I,et al.Characterization of encrypted and vpn traffic using time-related[C]//Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP).2016:407-414.
[21]WANG W,ZHU M,WANG J L,et al.End-to-end encrypted traffic classification with one-dimensional convolution neural networks[C]//2017 IEEE International Conference on Intelligence and Security Informatics(ISI).IEEE,2017:43-48.
[22]CAICEDO-MUNOZ J A,ESPINO A L,CORRALES J C,et al.QoS-Classifier for VPN and Non-VPN traffic based on time-related features[J].Computer Networks,2018,144:271-279.
[23]SIMONYAN K,ZISSERMAN A.Very deep convolutional networks for large-scale image recognition[J].arXiv:1409.1556,2014.
[24]SZEGEDY C,LIU W,JIA Y Q,et al.Going deeper with convolutions[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2015:1-9.
[25]IOFFE S,SZEGEDY C.Batch normalization:Accelerating deep network training by reducing internal covariate shift[C]//International Conference on Machine Learning.PMLR,2015:448-456.
[26]SZEGEDY C,IOFFE S,VANHOUCKE V,et al.Inception-v4,inception-resnet and the impact of residual connections on lear-ning[C]//Thirty-first AAAI Conference on Artificial Intelligence.2017.
[27]SZEGEDY C,VANHOUCKE V,IOFFE S,et al.Rethinking the inception architecture for computer vision[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:2818-2826.
[28]HE K M,ZHANG X Y,REN S Q,et al.Deep residual learning for image recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:770-778.
[29]SIMONYAN K,VEDALDI A,ZISSERMAN A.Deep insideconvolutional networks:Visualising image classification models and saliency maps[J].arXiv:1312.6034,2013.
[30]CARLINI N,WAGNER D.Towards evaluating he robustness of neural networks[C]//2017 IEEE Symposium on Security and Privacy.IEEE,2017:39-57.
[31]MOOSAVI-DEZFOOLI S M,FAWZI A,FROSSARD P.Deepfool:a simple and accurate method to fool deep neural networks[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:2574-2582.
[32]CHEN P Y,ZHANG H,SHARMA Y,et al.Zoo:Zeroth order optimization based black-box attacks to deep neural networks without training substitute models[C]//Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security.2017:15-26.
[33]MOOSAVI-DEZFOOLI S M,FAWZI A,FAWZI O,et al.Universal adversarial perturbations[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2017:1765-1773.
[34]BRANCO P,TORGO L,RIBEIRO R P.A survey of predictive modeling on imbalanced domains[J].ACM Computing Surveys(CSUR),2016,49(2):1-50.
[35]KINGMA D P,BA J.Adam:A method for stochastic optimization[J].arXiv:1412.6980,2014.
[36]HINTON G E,SRIVASTAVA N,KRIZHEVSKY A,et al.Improving neural networks by preventing co-adaptation of feature detectors[J].arXiv:1207.0580,2012.
[37]ZHANG J Z,HE T X,SRA S,et al.Why gradient clipping accelerates training:A theoretical justification for adaptivity[J].arXiv:1905.11881,2019.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发