Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (4): 369-380.doi: 10.11896/jsjkx.240200092

• Information Security • Previous Articles     Next Articles

Defense Architecture for Adversarial Examples of Ensemble Model Traffic Based on FeatureDifference Selection

HE Yuankang1, MA Hailong1,2, HU Tao1, JIANG Yiming1,2   

  1. 1 PLA Strategic Support Force Information Engineering University,Zhengzhou 450000,China
    2 Key Laboratory of Cyberspace Security Ministry of Education,Zhengzhou 450000,China
  • Received:2024-02-26 Revised:2024-07-25 Online:2025-04-15 Published:2025-04-14
  • About author:HE Yuankang,born in 1999,master.His main research interests include network security and cyberspace security,machine learning and adversarial example.
    MA Hailong,born in 1980,Ph.D,professor,Ph.D supervisor.His main research interests include endogenous security in cyberspace,intelligent awareness of cyber threats,and innovative cyber systems.
  • Supported by:
    Xiong’an New Area Science and Technology Innovation Special Project(2022XAGG0111).

PDF (PC)

160

Abstract: Currently,anomaly traffic detection models that leverage deep learning technologies are increasingly vulnerable to adversarial example attacks.Adversarial training has emerged as a potent defense mechanism against these adversarial attacks.By incorporating adversarial examples into the training process,it aims to enhance the model’s robustness,making it more resistant to similar attacks in the future.However,this approach is not without its drawbacks.While it indeed increases the model’s robustness,it also inadvertently leads to a decrease in the model’s detection accuracy.This trade-off between robustness and accuracy has become a pivotal concern in the realm of deep learning-based anomaly detection,sparking intense debate and research within the academic community.Addressing this critical issue,this paper proposes a novel framework that seeks to balance the model’s detection performance with its robustness against adversarial attacks.Drawing inspiration from ensemble learning,we construct a multi-model adversarial defense framework.This framework not only enhances the model’s adversarial robustness but also aims to improve its detection performance.By integrating proactive feature differential selection with passive adversarial training,we develop a comprehensive strategy that fortifies the model against adversarial threats while maintaining high detection accuracy.The model consists of a feature differential selection module,a detection body integration module,and a voting decision module,to address the issue that a single detection model cannot balance detection performance and robustness,and the problem of defense lagging.In the aspect of model training,we introduce a sophisticated method for constructing training data based on feature differential selection.This method involves selectively combining traffic features that exhibit significant differences,thereby creating a set of differentiated traffic example data.These examples are then used to train multiple heterogeneous detection models.This approach is designed to bolster the models’ resistance to adversarial attacks targeted at single models,presenting a more formidable challenge to attackers.Furthermore,the framework includes a novel adjudication mechanism for the detection results produced by the multiple models.Leveraging an improved heuristic population algorithm,we optimize the ensemble model’s adjudication strategy.This not only enhances the detection accuracy but also significantly increases the complexity and difficulty of generating effective adversarial examples,thereby providing an additional layer of defense.Experimental results underscore the efficacy of the proposed method.Compared to traditional single -model adversarial training approaches,the multi-model framework demonstrates a substantial improvement,with nearly a 10% increase in both accuracy and robustness.

Key words: Abnormal traffic detection, Adversarial example attack, Integrated learning, Multimode adjudication

CLC Number: 

  • TP309
[1]LECUN Y,BOTTOU L,BENGIO Y,et al.Gradient-BasedLearning Applied to Document Recognition[J].The IEEE,1998,86(11):2278-2324.
[2]MCCARTHY A,GHADAFI E,ANDRIOTIS P,et al.Defending against adversarial machine learning attacks using hierarchical learning:A case study on network traffic attack classification[J].Journal of Information Security and Applications,2023,72:103398.
[3]BONNET B.Understanding,taming,and defending from adversarial examples[D].Université de Rennes,2023.
[4]KO K,KIM S H,KWON H.Multi-targeted audio adversarial example for use against speech recognition systems[J].Computers & Security,2023,128:103168.
[5]MACAS M,WU C,FUERTES W.Adversarial examples:A survey of attacks and defenses in deep learning-enabled cybersecurity systems[J].Expert Systems with Applications,2023:122223.
[6]FAN H,WANG R,HUANG X,et al.Deep joint adversariallearning for anomaly detection on attribute networks[J].Information Sciences,2024,654:119840.
[7]WANG K,WANG Z,HAN D,et al.BARS:Local Robustness Certification for Deep Learning based Traffic Analysis Systems[C]//NDSS.2023.
[8]ANTHI E,WILLIAMS L,RHODE M,et al.Adversarial attacks on machine learning cybersecurity defences in industrial control systems[J].Journal of Information Security and Applications,2021,58:102717.
[9]HORCHULHACK P,VIEGAS E K,LOPEZ M A.A StreamLearning Intrusion Detection System for Concept Drifting Network Traffic[C]//2022 6th Cyber Security in Networking Conference(CSNet).IEEE,2022:1-7.
[10]HU Y J,GUO Y B,MA J,et al.Method to generate cyber deception traffic based on adversarial example[J].Journal on Communications,2020,41(9):59-70.
[11]SHARON Y,BEREND D,LIU Y,et al.Tantra:timing-basedadversarial network traffic reshaping attack[J].IEEE Transactions on Information Forensics and Security,2022,17:3225-3237.
[12]NOVO C,MORLA R.Flow-based detection and proxy-basedevasion of encrypted malware c2 traffic[C]//Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security.2020:83-91.
[13]SADEGHZADEH A M,SHIRAVI S,JALILI R.Adversarialnetwork traffic:Towards evaluating the robustness of deep-learning-based network traffic classification[J].IEEE Transactions on Network and Service Management,2021,18(2):1962-1976.
[14]XIANG Y,HØJVANG J L,RASMUSSEN M H,et al.A two-stage deep representation learning-based speech enhancement method using variational autoencoder and adversarial training[J].IEEE/ACM Transactions on Audio,Speech,and Language Processing,2023,32:164-177.
[15]YIN Y,JANG-JACCARD J,XU W,et al.IGRF-RFE:a hybrid feature selection method for MLP-based network intrusion detection on UNSW-NB15 dataset[J].Journal of Big data,2023,10(1):15.
[16]ARIVAZHAGAN S,RUSSEL N S,SARANYAA M.CNN-based Approach for Robust Detection of Copy-Move Forgery in Images[J].Inteligencia Artificial,2024,27(73):80-91.
[17]DEBICHA I,BAUWENS R,DEBATTY T,et al.TAD:Transfer learning-based multi-adversarial detection of evasion attacks against network intrusion detection systems[J].Future Generation Computer Systems,2023,138:185-197.
[18]SHU D,LESLIE N O,KAMHOUA C A,et al.Generative adversarial attacks against intrusion detection systems using active learning[C]//Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning.2020:1-6.
[19]MACHADO G R,SILVA E,GOLDSCHMIDT R R.Adversarial machine learning in image classification:A survey toward the defender’s perspective[J].ACM Computing Surveys,2021,55(1):1-38.
[20]SUN P,LI S,XIE J,et al.GPMT:Generating practical malicious traffic based on adversarial attacks with little prior knowledge[J].Computers & Security,2023,130:103257.
[21]RUST-NGUYEN N,SHARMA S,STAMP M.Darknet Traffic Classification and Adversarial Attacks Using Machine Learning[J].Computers & Security,2023,127:103098.
[22]CHENG Q,ZHOU S,SHEN Y,et al.Packet-level adversarialnetwork traffic crafting using sequence generative adversarial networks[J].arXiv:2103.04794,2021.
[23]CHERNIKOVA A,OPREA A.Fence:Feasible evasion attacks on neural networks in constrained environments[J].ACM Transactions on Privacy and Security,2022,25(4):1-34.
[24]WANG N,CHEN Y,XIAO Y,et al.Manda:On adversarial example detection for network intrusion detection system[J].IEEE Transactions on Dependable and Secure Computing,2022,20(2):1139-1153.
[25]HUANG W,PENG X,SHI Z,et al.Adversarial attack against LSTM-based DDoS intrusion detection system[C]//2020 IEEE 32nd International Conference on Tools with Artificial Intelligence(ICTAI).IEEE,2020:686-693.
[26]CHEN J Y,WU C A,ZHENG H B.Novel defense based onsoftmax activation transformation[J].Chinese Journal of Network and Information Security,2022,8(2):48-63.
[27]PAPERNOT N,MCDANIEL P,WU X,et al.Distillation as a defense to adversarial perturbations against deep neural networks[C]//2016 IEEE Symposium on Security and Privacy(SP).IEEE,2016:582-597.
[28]WANG B,GUO Y K,QIAN Y G,et al.Defense of Traffic Classifiers based on Convolutional Networks against Adversarial Examples[J].Journal of Cyber Security,2022,7(1):145-156.
[29]DE LUCIA M J,COTTON C.A network security classifier defense:against adversarial machine learning attacks[C]//Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning.2020:67-73.
[30]RUST-NGUYEN N,SHARMA S,STAMP M.Darknet trafficclassification and adversarial attacks using machine learning[J].Computers & Security,2023,127:103098.
[31]ROSS A,MACHADO G R,SILVA E,et al.Adversarial machine learning in image classification:A survey toward the defender’s perspective[J].ACM Computing Surveys(CSUR),2021,55(1):1-38.
[32]HASHEMI M J,KELLER E.Enhancing robustness against adversarial examples in network intrusion detection systems[C]//2020 IEEE Conference on Network Function Virtualization and Software Defined Networks(NFV-SDN).IEEE,2020:37-43.
[33]BEECHEY M,LAMBOTHARAN S,KYRIAKOPOULOS KG.Evidential classification for defending against adversarial attacks on network traffic[J].Information Fusion,2023,92:115-126.
[34]CHEN S H,SHEN H J,WANG R,et al.Relationship Between Prediction Uncertainty and Adversarial Robustness[J].Journal of Software,2022,33(2):524-538.
[35]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[J].arXiv:1412.6572,2014.
[36]HINTON G,VINYALS O,DEAN J.Distilling the knowledge in a neural network[J].arXiv:1503.02531,2015.
[37]MACAS M,WU C,FUERTES W.Adversarial examples:A survey of attacks and defenses in deep learning-enabled cybersecurity systems[J].Expert Systems with Applications,2023,238:122223.
[38]BORGONJON T,MAENHOUT B.A genetic algorithm for the personnel task rescheduling problem with time preemption[J].Expert Systems with Applications,2024,238:121868.
[39]SHARAFALDIN I,LASHKARI A H,GHORBANI A A.Toward generating a new intrusion detection dataset and intrusion traffic characterization[J].ICISSP,2018,1:108-116.
[1] CHEN Xiangxiao, CUI Xin, DU Qin, TANG Haoyao. Study on Optimization of Abnormal Traffic Detection Model Based on Machine Learning [J]. Computer Science, 2024, 51(6A): 230700051-5.
[2] LI Jia, GUO Jian-yi, LIU Yan-chao, YU Zheng-tao, XIAN Yan-tuan and NGUY~N Qing’e. Vietnamese Combinational Ambiguity Disambiguation Based on Weighted Voting Method of Multiple Classifiers [J]. Computer Science, 2018, 45(1): 167-172.
[3] TAN Ai-ping,CHEN Hao and WU Bo-qiao. Network Intrusion Intelligent Detection Algorithm Based on AdaBoost [J]. Computer Science, 2014, 41(2): 197-200.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.