网络与信息安全学报 ›› 2020, Vol. 6 ›› Issue (4): 67-76.doi: 10.11959/j.issn.2096-109x.2020052

• 学术论文 • 上一篇    

敌对攻击环境下基于移动目标防御的算法稳健性增强方法

何康1,2,祝跃飞1,2(),刘龙1,2,芦斌1,2,刘彬1,2   

  1. 1 信息工程大学网络空间安全学院,河南 郑州450001
    2 数学工程与先进计算国家重点实验室,河南 郑州 450001
  • 修回日期:2020-02-04 出版日期:2020-08-01 发布日期:2020-08-13
  • 作者简介:何康(1992- ),男,山东济宁人,信息工程大学博士生,主要研究方向为网络空间安全|祝跃飞(1962- ),男,河南郑州人,信息工程大学教授、博士生导师,主要研究方向为入侵检测、密码学、信息安全|刘龙(1983- ),男,河南郑州人,信息工程大学讲师,主要研究方向为入侵检测和信息安全|芦斌(1983- ),男,河南郑州人,信息工程大学副教授,主要研究方向为信息安全、机器学习和网络分析|刘彬(1981- ),女,河南郑州人,信息工程大学副教授,主要研究方向为网络安全
  • 基金资助:
    国家重点研发计划基金(2016YFB0801505);国家重点研发计划前沿科技创新专项基金(2019QY1305)

Improve the robustness of algorithm under adversarial environment by moving target defense

Kang HE1,2,Yuefei ZHU1,2(),Long LIU1,2,Bin LU1,2,Bin LIU1,2   

  1. 1 Cyberspace Security Institute,Information Engineering University,Zhengzhou 450001,China
    2 State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China
  • Revised:2020-02-04 Online:2020-08-01 Published:2020-08-13
  • Supported by:
    The National Key R&D Program of China(2016YFB0801505);Cutting-edge Science and Technology Innovation Project of the Key R&D Program of China(2019QY1305)

摘要:

传统的机器学习模型工作在良性环境中,通常假设训练数据和测试数据是同分布的,但在恶意文档检测等领域该假设被打破。敌人通过修改测试样本对分类算法展开攻击,使精巧构造的恶意样本能够逃过机器学习算法的检测。为了提高机器学习算法的安全性,提出了基于移动目标防御技术的算法稳健性增强方法。实验证明,该方法通过在算法模型、特征选择、结果输出等阶段的动态变换,能够有效抵御攻击者对检测算法的逃逸攻击。

关键词: 机器学习, 算法稳健性, 移动目标防御, 动态变换

Abstract:

Traditional machine learning models works in peace environment,assuming that training data and test data share the same distribution.However,the hypothesis does not hold in areas like malicious document detection.The enemy attacks the classification algorithm by modifying the test samples so that the well-constructed malicious samples can escape the detection by machine learning models.To improve the security of machine learning algorithms,moving target defense (MTD) based method was proposed to enhance the robustness.Experimental results show that the proposed method could effectively resist the evasion attack to detection algorithm by dynamic transformation in the stages of algorithm model,feature selection and result output.

Key words: machine learning, algorithm robustness, moving target defense, dynamic transformation

中图分类号: 

No Suggested Reading articles found!