计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (2): 362-373.doi: 10.11896/jsjkx.240300009

• 信息安全 • 上一篇    下一篇

基于特征迁移的流量对抗样本防御

何元康1, 马海龙1,2, 胡涛1, 江逸茗1,2, 张鹏1, 梁浩1   

  1. 1 解放军战略支援部队信息工程大学 郑州 450000
    2 网络空间安全教育部重点实验室 郑州 450000
  • 收稿日期:2024-03-01 修回日期:2024-07-19 出版日期:2025-02-15 发布日期:2025-02-17
  • 通讯作者: 马海龙(longmanclear@163.com)
  • 作者简介:(yuankang_he@163.com)
  • 基金资助:
    雄安新区科技创新专项(2022XAGG0111);国家自然科学基金青年科学基金(62002383)

Traffic Adversarial Example Defense Based on Feature Transfer

HE Yuankang1, MA Hailong1,2, HU Tao1, JIANG Yiming1,2, ZHANG Peng1, LIANG Hao1   

  1. 1 PLA Strategic Support Force Information Engineering University,Zhengzhou 450000,China
    2 Key Laboratory of Cyberspace Security Ministry of Education,Zhengzhou 450000,China
  • Received:2024-03-01 Revised:2024-07-19 Online:2025-02-15 Published:2025-02-17
  • About author:HE Yuankang,born in 1999,postgraduate.His main research interests include cyberspace security,machine learning and adversarial example attack.
    MA Hailong,born in 1980.Ph.D,professor,Ph.D supervisor.His main research interests include endogenous security in cyberspace,intelligent awareness of cyber threats,and innovative cyber systems.
  • Supported by:
    Xiong'an New Area Science and Technology Innovation Special Project(2022XAGG0111) and Young Scientists Fund of the National Natural Science Foundation of China(62002383).

PDF (PC)

114

摘要: 在流量检测领域,基于对抗训练的对抗样本防御方法需要大量对抗样本且训练后会降低对原始数据的识别准确率。针对该问题,提出了一种基于特征迁移的流量对抗样本防御方法,该方法结合了增强模型鲁棒性和隐藏对抗样本空间两种防御思路,由具有降噪功能的底层防御模块和具有识别功能的识别模块组成。首先,使用堆叠自编码器作为底层防御模块进行对抗知识学习,使其拥有对抗样本特征提取能力;其次,根据流量特征进行功能自适应构造,使用非对抗流量对识别模块进行训练从而获得识别能力。通过防御+识别功能的拆分,降低了防御成本消耗并减少了对抗训练对原始数据识别准确率的影响,实现了快速适配且提高了模型防御弹性,对新的对抗样本的识别准确率提升至40%左右。

关键词: 入侵检测, 流量对抗样本, 对抗样本防御, 防御知识迁移

Abstract: In the domain of traffic detection,the challenge of defending against adversarial examples is significant.Traditional adversarial example defense methods,which rely heavily on adversarial training,necessitate a vast quantity of adversarial examples for training purposes.However,a notable drawback of such approaches is the resultant decrease in the recognition accuracy of the original,unaltered data.This reduction in accuracy poses a substantial problem,as it compromises the effectiveness of the defense mechanism in recognizing legitimate traffic patterns.To address these challenges,a novel approach to traffic adversarial example defense has been proposed,leveraging the concept of feature transfer.This innovative method ingeniously combines two strategic defense philosophies:firstly,enhancing the robustness of the model against adversarial attacks,and secondly,obfuscating the space within which adversarial examples operate.The defense mechanism is architecturally composed of two integral modules:a lower-level defense module equipped with denoising capabilities,and a recognition module designed for the explicit purpose of identifying traffic patterns.The cornerstone of this approach is the employment of a stacked autoencoder as the foundational element of the lower-level defense module.This choice is pivotal,as the autoencoder excels in adversarial knowledge learning,thereby endowing the system with the capability to extract and understand adversarial features effectively.This is a critical step in ensuring that the defense mechanism can preemptively neutralize potential adversarial threats.Subsequently,the system embarks on a phase of functional adaptation,tailored specifically to the characteristics of network traffic.This phase involves the construction of adaptive functionalities based on the distinct features of traffic,followed by the training of the recognition module using non-adversarial traffic data.This strategic training empowers the recognition module with the ability to accurately identify legitimate traffic patterns,thereby significantly enhancing the overall efficacy of the defense mechanism.A key innovation of this method is the conceptual separation of defense and recognition functionalities.This separation not only reduces the operational costs asso-ciated with defense but also minimizes the adverse impact of adversarial training on the recognition accuracy of original data.As a result,the system achieves a rapid adaptation to evolving threats,significantly improving the model's defensive resilience.Empirical evidence supports the effectiveness of this approach,with the recognition accuracy for new adversarial examples experiencing a substantial increase to approximately 40%.This improvement marks a significant advancement in the field of traffic detection and adversarial example defense,offering a promising avenue for future research and development.

Key words: Intrusion detection, Traffic adversarial example, Adversarial example defense, Defensive knowledge transfer

中图分类号: 

  • TP309
[1]LECUN Y,BOTTOU L,BENGIO Y,et al.Gradient-BasedLearning Applied to Document Recognition[J].The IEEE,1998,86(11):2278-2324.
[2]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[J].arXiv:1312.6199,2013.
[3]SHARON Y,BEREND D,LIU Y,et al.Tantra:Timing-based adversarial network traffic reshaping attack[J].IEEE Transactions on Information Forensics and Security,2022,17:3225-3237.
[4]ZHENG Y,DANG Z,PENG C,et al.Multi-view Multi-labelAnomaly Network Traffic Classification based on MLP-Mixer Neural Network[J].arXiv:2210.16719,2022.
[5]YU Y,BIAN N.An intrusion detection method using few-shot learning[J].IEEE Access,2020,8:49730-49740.
[6]SHU D,LESLIE N O,KAMHOUA C A,et al.Generative adversarial attacks against intrusion detection systems using active learning[C]//Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning.2020:1-6.
[7]MACHADO G R,SILVA E,GOLDSCHMIDT R R.Adversarial machine learning in image classification:A survey toward the defender's perspective[J].ACM Computing Surveys(CSUR),2021,55(1):1-38.
[8]RUST-NGUYEN N,SHARMA S,STAMP M.Darknet Traffic Classification and Adversarial Attacks Using Machine Learning[J].Computers & Security,2023,127:103098.
[9]CHENG Q,ZHOU S,SHEN Y,et al.Packet-level adversarial network traffic crafting using sequence generative adversarial networks[J].arXiv:2103.04794,2021.
[10]CHERNIKOVA A,OPREA A.Fence:Feasible evasion attacks on neural networks in constrained environments[J].ACM Transactions on Privacy and Security,2022,25(4):1-34.
[11]SADEGHZADEH A M,SHIRAVI S,JALILI R.Adversarialnetwork traffic:Towards evaluating the robustness of deep-learning-based network traffic classification[J].IEEE Transactions on Network and Service Management,2021,18(2):1962-1976.
[12]NOVO C,MORLA R.Flow-based detection and proxy-based evasion of encrypted malware c2 traffic[C]//Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security.2020:83-91.
[13]HUANG W,PENG X,SHI Z,et al.Adversarial attack against LSTM-based DDoS intrusion detection system[C]//2020 IEEE 32nd International Conference on Tools with Artificial Intelligence(ICTAI).IEEE,2020:686-693.
[14]CHEN J Y,WU C A,ZHENG H B.Novel defense based onsoftmax activation transformation[J].Chinese Journal of Network and Information Security,2022,8(2):48-63.
[15]ROSS A,DOSHI-VELEZ F.Improving the adversarial robustness and interpretability of deep neural networks by regularizing their input gradients[C]//Proceedings of the AAAI Conference on Artificial Intelligence.2018.
[16]PAPERNOT N,MCDANIEL P,WU X,et al.Distillation as adefense to adversarial perturbations against deep neural networks[C]//2016 IEEE Symposium on Security and Privacy(SP).IEEE,2016:582-597.
[17]MCCARTHY A,GHADAFI E,ANDRIOTIS P,et al.Defending against adversarial machine learning attacks using hierarchical learning:A case study on network traffic attack classification[J].Journal of Information Security and Applications,2023,72:103398.
[18]CHEN S H,SHEN H J,WANG R,et al.Relationship Between Prediction Uncertainty and Adversarial Robustness[J].Journal of Software,2022,33(2):524-538.
[19]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[J].arXiv:1412.6572,2014.
[20]WANG B,GUO Y K,QIAN Y G,et al.Defense of Traffic Classifiers based on Convolutional Networks against Adversarial Examples[J].Journal of Cyber Security,2022,7(1):145-156.
[21]HASHEMI M J,KELLER E.Enhancing robustness against ad-versarial examples in network intrusion detection systems[C]//2020 IEEE Conference on Network Function Virtualization and Software Defined Networks(NFV-SDN).IEEE,2020:37-43.
[22]SAHA S,HAQUE A,SIDEBOTTOM G.Transfer learningbased efficient traffic prediction with limited training data[C]//2023 IEEE 20th Consumer Communications & Networking Conference(CCNC).IEEE,2023:477-480.
[23]WAN X,LIU H,XU H,et al.Network traffic prediction based on LSTM and transfer learning[J].IEEE Access,2022,10:86181-86190.
[24]BIERBRAUER D A,DE LUCIA M J,REDDY K,et al.Transfer learning for raw network traffic detection[J].Expert Systems with Applications,2023,211:118641.
[25]DEBICHA I,BAUWENS R,DEBATTY T,et al.TAD:Transfer learning-based multi-adversarial detection of evasion attacks against network intrusion detection systems[J].Future Generation Computer Systems,2023,138:185-197.
[26]SHARAFALDIN I,LASHKARI A H,GHORBANI A A.Toward generating a new intrusion detection dataset and intrusion traffic characterization[J].ICISSp,2018,1:108-116.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发