计算机科学 ›› 2023, Vol. 50 ›› Issue (12): 359-367.doi: 10.11896/jsjkx.221000155
杨有欢1,2, 孙磊2, 戴乐育2, 郭松2, 毛秀青2, 汪小芹2
YANG Youhuan1,2, SUN Lei2, DAI Leyu2, GUO Song2, MAO Xiuqing2, WANG Xiaoqin2
摘要: 越来越多的深度学习方法被用于解决网络流量分类任务,但同时也带来了对抗网络流量(ANT)的威胁。对抗网络流量会使基于深度学习方法的网络流量分类器预测错误,进而导致安全防护系统做出错误的决策。视觉领域的对抗攻击算法虽然也可以运用于网络流量上产生对抗网络流量,但是这些算法产生的对抗扰乱会改变网络流量的头部信息,使得网络流量丢失了自己的特有属性和信息。文中分析了对抗样本在网络流量任务和视觉任务上的不同之处,提出了适用于对抗网络流量的攻击算法Reversible Adversarial Padding(RAP)。RAP利用网络流量Packet长度和网络流量分类器输入长度的不同,在尾部填充区域填充没有-ball限制的对抗扰乱。并且,为了解决无法比较不同长度的对抗扰乱会导致不同攻击效果的问题,文中提出了指标收益,其综合考虑了对抗扰乱长度和对抗攻击算法强度对分类器攻击效果的影响。结果表明,RAP不仅保留了网络流量可传递性的属性,而且获得了比传统对抗攻击算法更高的攻击收益。
中图分类号:
[1]WANG W,SHENG Y Q,WANG J L,et al.HAST-IDS:Lear-ning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection[J].IEEE Access,2017,6:1792-1806. [2]WANG W,ZHU M,ZENG X W,et al.Malware traffic classification using convolutional neural network for representation learning[C]//2017 International Conference on Information Networking(ICOIN).IEEE,2017:712-717. [3]LASHKARI A H,KADIR A F A,GONZALEZ H,et al.To-wards a network-based framework for android malware detection and characterization[C]//2017 15th Annual Conference on Privacy,Security and Trust(PST).IEEE,2017. [4]PACHECO F,EXPOSITO E,GINESTE M,et al.Towards the deployment of machine learning solutions in network traffic classification:A systematic survey[J].IEEE Communications Surveys & Tutorials,2018,21(2):1988-2014. [5]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[J].arXiv:1312.6199,2013. [6]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining andharnessing adversarial examples[J].arXiv:1412.6572,2014. [7]KURAKIN A,GOODFELLOW I J,BENGIO S.Adversarialexamples in the physical world[J].arXiv:1607.02533,2016. [8]MADRY A,MAKELOV A,SCHMIDT L,et al.Towards deep learning models resistant to adversarial attacks[J].arXiv:1706.06083,2017. [9]TAVALLAEE M,BAGHERI E,LU W,et al.A detailed analysis of the KDD CUP 99 data set[C]//2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.IEEE,2009:1-6. [10]SADEGHZADEH A M,SHIRAVI S,JALILI R.Adversarialnetwork traffic:Towards evaluating the robustness of deep-learning-based network traffic classification[J].IEEE Transactions on Network and Service Management,2021,18(2):1962-1976. [11]WANG Z Y.The applications of deep learning on traffic identification[J].BlackHat USA,2015,24(11):1-10. [12]LOPEZ-MARTIN M,CARRO B,SANCHEZ-ESGUEVILLASA,et al.Network traffic classifier with convolutional and recurrent neural networks for Internet of Things[J].IEEE Access,2017,5:18042-18050. [13]RIMMER V,PREUVENEERS D,JUAREZ M,et al.Automated website fingerprinting through deep learning[J].arXiv:1708.06376,2017. [14]SIRINAM P,IMANI M,JUAREZ M,et al.Deep fingerprinting:Undermining website fingerprinting defenses with deep learning[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.2018:1928-1943. [15]ABE K,GOTO S.Fingerprinting attack on Tor anonymity using deep learning[C]//Proceedings of the Asia-Pacific Advanced Network.2016. [16]WANG P,YE F,CHEN X J,et al.Datanet:Deep learning based encrypted network traffic classification in sdn home gateway[J].IEEE Access,2018,6:55380-55391. [17]LOTFOLLAHI M,JAFARI S M,SHIRALI H Z R,et al.Deep packet:A novel approach for encrypted traffic classification using deep learning[J].Soft Computing,2020,24(3):1999-2012. [18]REZAEI S,KROENCKE B,LIU X.Large-scale mobile appidentification using deep learning[J].IEEE Access,2019,8:348-362. [19]ACETO G,CIUONZO D,MONTIERI A,et al.Mobile encryp-ted traffic classification using deep learning:Experimental evaluation,lessons learned,and challenges[J].IEEE Transactions on Network and Service Management,2019,16(2):445-458. [20]DRAPER-GIL G,LASHKARI A H,MAMUN M S I,et al.Characterization of encrypted and vpn traffic using time-related[C]//Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP).2016:407-414. [21]WANG W,ZHU M,WANG J L,et al.End-to-end encrypted traffic classification with one-dimensional convolution neural networks[C]//2017 IEEE International Conference on Intelligence and Security Informatics(ISI).IEEE,2017:43-48. [22]CAICEDO-MUNOZ J A,ESPINO A L,CORRALES J C,et al.QoS-Classifier for VPN and Non-VPN traffic based on time-related features[J].Computer Networks,2018,144:271-279. [23]SIMONYAN K,ZISSERMAN A.Very deep convolutional networks for large-scale image recognition[J].arXiv:1409.1556,2014. [24]SZEGEDY C,LIU W,JIA Y Q,et al.Going deeper with convolutions[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2015:1-9. [25]IOFFE S,SZEGEDY C.Batch normalization:Accelerating deep network training by reducing internal covariate shift[C]//International Conference on Machine Learning.PMLR,2015:448-456. [26]SZEGEDY C,IOFFE S,VANHOUCKE V,et al.Inception-v4,inception-resnet and the impact of residual connections on lear-ning[C]//Thirty-first AAAI Conference on Artificial Intelligence.2017. [27]SZEGEDY C,VANHOUCKE V,IOFFE S,et al.Rethinking the inception architecture for computer vision[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:2818-2826. [28]HE K M,ZHANG X Y,REN S Q,et al.Deep residual learning for image recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:770-778. [29]SIMONYAN K,VEDALDI A,ZISSERMAN A.Deep insideconvolutional networks:Visualising image classification models and saliency maps[J].arXiv:1312.6034,2013. [30]CARLINI N,WAGNER D.Towards evaluating he robustness of neural networks[C]//2017 IEEE Symposium on Security and Privacy.IEEE,2017:39-57. [31]MOOSAVI-DEZFOOLI S M,FAWZI A,FROSSARD P.Deepfool:a simple and accurate method to fool deep neural networks[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:2574-2582. [32]CHEN P Y,ZHANG H,SHARMA Y,et al.Zoo:Zeroth order optimization based black-box attacks to deep neural networks without training substitute models[C]//Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security.2017:15-26. [33]MOOSAVI-DEZFOOLI S M,FAWZI A,FAWZI O,et al.Universal adversarial perturbations[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2017:1765-1773. [34]BRANCO P,TORGO L,RIBEIRO R P.A survey of predictive modeling on imbalanced domains[J].ACM Computing Surveys(CSUR),2016,49(2):1-50. [35]KINGMA D P,BA J.Adam:A method for stochastic optimization[J].arXiv:1412.6980,2014. [36]HINTON G E,SRIVASTAVA N,KRIZHEVSKY A,et al.Improving neural networks by preventing co-adaptation of feature detectors[J].arXiv:1207.0580,2012. [37]ZHANG J Z,HE T X,SRA S,et al.Why gradient clipping accelerates training:A theoretical justification for adaptivity[J].arXiv:1905.11881,2019. |
|