计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (8): 420-428.doi: 10.11896/jsjkx.230500101

• 信息安全 • 上一篇    下一篇

针对网络流量测量的完整性干扰攻击与防御方法

郑海斌1,2, 刘欣然1, 陈晋音1,2, 王鹏程1, 王楦烨1   

  1. 1 浙江工业大学信息工程学院 杭州 310023
    2 浙江工业大学网络空间安全研究院 杭州 310023
  • 收稿日期:2023-05-16 修回日期:2023-08-21 出版日期:2024-08-15 发布日期:2024-08-13
  • 通讯作者: 陈晋音(chenjinyin@zjut.edu.cn)
  • 作者简介:(haibinzheng320@gmail.com)
  • 基金资助:
    浙江省自然科学基金(LDQ23F020001);国家自然科学基金(62072406)

Integrity Interference Attack and Defense Methods for Network Traffic Measurement

ZHENG Haibin1,2, LIU Xinran1, CHEN Jinyin1,2, WANG Pengcheng1, WANG Xuanye1   

  1. 1 College of Information Engineering,Zhejiang University of Technology,Hangzhou 310023,China
    2 Institute of Cyberspace Security,Zhejiang University of Technology,Hangzhou 310023,China
  • Received:2023-05-16 Revised:2023-08-21 Online:2024-08-15 Published:2024-08-13
  • About author:ZHENG Haibin,born in 1995,Ph.D,lecturer.His main research interests include deep learning and artificial intelligence security.
    CHEN Jinyin,born in 1982,Ph.D,professor.Her main research interests include artificial intelligence security,graph data mining and evolutionary computing.
  • Supported by:
    Natural Science Foundation of Zhejiang Province,China(LDQ23F020001) and National Natural Science Foundation of China(62072406)

PDF (PC)

363

摘要: 近年来,网络测量在评估网络状态、提高网络自适应能力方面取得了较好的性能,被广泛运用于网络管理中。然而,目前的大规模网络中存在异常行为导致的网络流量数据污染问题。例如,自治系统中的恶意节点通过伪造恶意流量数据来故意操纵网络指标,影响网络测量,误导下游任务决策。基于此,首先提出完整性干扰攻击方法,通过修改流量矩阵的最小代价,利用多策略干扰生成器生成恶意扰动流量的攻击策略,实现干扰流量测量的目的。然后,通过一种混合对抗训练策略,设计在网络中抵御此类攻击的防御方法,实现流量测量模型的安全加固。实验中对攻击目标进行了相应的限定,验证了完整性干扰攻击在受限场景下的攻击有效性。并通过混合训练的方式进行对比实验,验证了常规模型的加固方法可以提升模型的鲁棒性。

关键词: 网络流量测量, 安全性, 攻击可行性, 攻击检测

Abstract: In recent years,network measurement has achieved good performance in evaluating network status and improving network self-adaptability,and is widely used in network management.However,there is a problem of network traffic data pollution caused by abnormal behavior in the current large-scale network.For example,malicious nodes in autonomous systems intentionally manipulate network metrics by forging malicious traffic data,affecting network measurements and misleading downstream task decisions.Based on this,this paper first proposes an integrity jamming attack method.By modifying the minimum cost of the traffic matrix,a multi-strategy jamming generator is used to generate an attack strategy that maliciously disturbs traffic,so as to achieve the purpose of jamming traffic measurement.Then,by providing a hybrid adversarial training strategy,a defense method against such attacks in the network is designed to achieve security hardening of the traffic measurement model.In the experiment,the attack target is limited accordingly,and the effectiveness of the integrity interference attack in the restricted scenario is verified.And through the comparison of the mixed training method,the robustness of the reinforcement method of the conventional model is verified.

Key words: Network traffic measurement, Security, Attack feasibility, Attack detection

中图分类号: 

  • TP391
[1]PAPADOGIANNAKI E,IOANNIDIS S.A survey on encrypted network traffic analysis applications,techniques,and countermeasures[J].ACM Computing Surveys(CSUR),2021,54(6):1-35.
[2]XIAO Y,LIU J,WU J,et al.Leveraging deep reinforcementlearning for traffic engineering:A survey[J].IEEE Communications Surveys & Tutorials,2021,23(4):2064-2097.
[3]ABBASI M,SHAHRAKI A,TAHERKORDI A.Deep learning for network traffic monitoring and analysis(NTMA):A survey[J].Computer Communications,2021,170:19-41.
[4]GAO Z Y,WANG T J,WANG Y,et al.Traffic PredictionMethod for 5G Network Based on Generative Adversarial Network[J].Computer Science,2022,49(4):321-328.
[5]SONG Y L,LV G H,WANG G Z,et al.SDN Traffic Prediction Based on Graph Convolutional Network[J].Computer Science,2021,48(S1):392-397.
[6]YAO L S,LIU D,PEI Z F,et al.Real-time Network Traffic Prediction Model Based on EMD and Clustering[J].Computer Science,2020,47(S2):316-320.
[7]LI M,HAN D,YIN X,et al.Design and implementation of ananomaly network traffic detection model integrating temporal and spatial features[J].Security and Communication Networks,2021,2021:1-15.
[8]SOULE A,LAKHINA A,TAFT N,et al.Traffic matrices:ba-lancing measurements,inference and modeling[C]//Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems.2005:362-373.
[9]LIU W,HONG A,OU L,et al.Prediction and correction of traffic matrix in an IP backbone network[C]//2014 IEEE 33rd International Performance Computing and Communications Conference(IPCCC).IEEE,2014:1-9.
[10]VALADARSKY A,SCHAPIRA M,SHAHAF D,et al.Lear-ning to route[C]//Proceedings of the 16th ACM Workshop on Hot Topics in Networks.2017:185-191.
[11]AZZOUNI A,PUJOLLE G.NeuTM:A neural network-based framework for traffic matrix prediction in SDN[C]//NOMS 2018-2018 IEEE/IFIP Network Operations and Management Symposium.IEEE,2018:1-5.
[12]ZHAO J,QU H,ZHAO J,et al.Towards traffic matrix prediction with LSTM recurrent neural networks[J].Electronics Letters,2018,54(9):566-568.
[13]LIU Z,WANG Z,YIN X,et al.Traffic matrix prediction based on deep learning for dynamic traffic engineering[C]//2019 IEEE Symposium on Computers and Communications(ISCC).IEEE,2019:1-7.
[14]HANG L,KIM B H,KIM D H.A transaction traffic control approach based on fuzzy logic to improve hyperledger fabric performance[J].Wireless Communications and Mobile Computing,2022,2022:1-19.
[15]DYER K P,COULL S E,SHRIMPTON T.Marionette:A programmable network traffic obfuscation system[C]//24th USENIX Security Symposium(USENIX Security 15).2015:367-382.
[16]DYER K P,COULL S E,RISTENPART T,et al.Protocol mis-identification made easy with format-transforming encryption[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security.2013:61-72.
[17]TROIA S,ALVIZU R,ZHOU Y,et al.Deep learning-basedtraffic prediction for network optimization[C]//2018 20th International Conference on Transparent Optical Networks(ICTON).IEEE,2018:1-4.
[18]RAMAKRISHNAN N,SONI T.Network traffic predictionusing recurrent neural networks[C]//2018 17th IEEE International Conference on Machine Learning and Applications(ICMLA).IEEE,2018:187-193.
[19]DONAHUE J,ANNE HENDRICKS L,GUADARRAMA S,et al.Long-term recurrent convolutional networks for visual re-cognition and description[C]//Proceedings of the IEEE Confe-rence on Computer Vision and Pattern Recognition.2015:2625-2634.
[20]LEA C,FLYNN M D,VIDAL R,et al.Temporal convolutional networks for action segmentation and detection[C]//Procee-dings of the IEEE Conference on Computer Vision and Pattern Recognition.2017:156-165.
[21]NIE L,JIANG D,GUO L,et al.Traffic matrix prediction andestimation based on deep learning in large-scale IP backbone networks[J].Journal of Network and Computer Applications,2016,76:16-22.
[22]BI J,ZHANG X,YUAN H,et al.A hybrid prediction method for realistic network traffic with temporal convolutional network and LSTM[J].IEEE Transactions on Automation Science and Engineering,2021,19(3):1869-1879.
[23]LI N,HU L,DENG Z L,et al.Research on GRU neural network Satellite traffic prediction based on transfer learning[J].Wireless Personal Communications,2021,118:815-827.
[24]RAI A,ALEEM A,GORE M M.Employing LRCN model for application classification in SDN[M]//Soft Computing for Problem Solving:Proceedings of SocProS 2020,Volume 2.Singapore:Springer Singapore,2021:347-359.
[25]LIU X,LIU Z A ,ZHANG Y L,et al.TCN enhanced novel malicious traffic detection for IoT devices[J].Connection Science,2022,34(1):1322-1341.
[26]昌武洋,付雄,王俊昌.基于eBPF与LSTM的DDoS攻击检测系统[J].重庆工商大学学报(自然科学版),2023,40(2):36-43.
[27]LI D H,GE L N,WANG Z,et al.Research on Network Intrusion Detection Model Combining DCVAE and DPC[J].Journal of Chinese Computer Systems,2024,45(4):998-1006.
[28]SHEN X Y,JI W F,LI Y Q,et al.TCA1C DDoS Detection Model for Edge Computing[J].Computer Engineering,2024,50(1):198-205.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发