Chinese Journal of Network and Information Security ›› 2020, Vol. 6 ›› Issue (4): 67-76.doi: 10.11959/j.issn.2096-109x.2020052
• Papers • Previous Articles Next Articles
Kang HE1,2,Yuefei ZHU1,2(),Long LIU1,2,Bin LU1,2,Bin LIU1,2
Revised:
2020-02-04
Online:
2020-08-15
Published:
2020-08-13
Supported by:
CLC Number:
Kang HE,Yuefei ZHU,Long LIU,Bin LU,Bin LIU. Improve the robustness of algorithm under adversarial environment by moving target defense[J]. Chinese Journal of Network and Information Security, 2020, 6(4): 67-76.
"
对抗样本集序号 | 模型序号 | |||||||||||||||||||
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | |
1 | 0.63% | 0.92% | 64.25% | 98.71% | 86.20% | 96.94% | 99.26% | 16.80% | 81.92% | 82.97% | 98.58% | 42.92% | 88.12% | 66.15% | 87.73% | 82.44% | 27.42% | 90.58% | 4.82% | 76.49% |
2 | 1.20% | 1.19% | 55.81% | 98.72% | 86.08% | 98.30% | 99.25% | 15.59% | 72.96% | 92.00% | 95.59% | 89.12% | 15.16% | 66.11% | 27.89% | 82.45% | 90.40% | 90.58% | 71.14% | 76.86% |
3 | 99.36% | 80.36% | 22.58% | 98.72% | 85.23% | 85.72% | 37.44% | 41.57% | 82.80% | 87.12% | 35.45% | 87.06% | 33.73% | 65.93% | 54.76% | 82.45% | 89.79% | 90.58% | 83.68% | 77.92% |
4 | 99.28% | 91.3% | 55.32% | 1.20% | 86.81% | 98.36% | 1.23% | 18.07% | 82.80% | 86.82% | 97.62% | 89.12% | 81.85% | 66.15% | 87.20% | 82.37% | 1.80% | 90.58% | 75.90% | 76.53% |
5 | 20.88% | 22.07% | 56.72% | 98.75% | 18.31% | 98.54% | 99.26% | 26.24% | 82.11% | 96.67% | 99.19% | 89.12% | 80.40% | 65.86% | 87.66% | 52.94% | 97.92% | 90.58% | 73.63% | 78.96% |
6 | 99.36% | 91.36% | 50.28% | 98.75% | 86.75% | 2.29% | 2.88% | 30.69% | 88.04% | 85.54% | 98.59% | 89.12% | 88.12% | 66.15% | 87.73% | 82.58% | 89.82% | 84.39% | 83.68% | 87.02% |
7 | 99.36% | 91.28% | 18.63% | 53.83% | 86.81% | 1.77% | 0.73% | 89.76% | 82.74% | 88.66% | 89.90% | 89.07% | 89.43% | 62.30% | 87.43% | 82.37% | 89.81% | 90.58% | 75.84% | 84.65% |
8 | 2.91% | 5.43% | 6.48% | 13.98% | 84.57% | 84.96% | 99.26% | 2.83% | 82.37% | 86.87% | 99.19% | 7.50% | 23.09% | 66.15% | 87.21% | 82.45% | 5.50% | 90.58% | 71.34% | 78.91% |
9 | 22.09% | 22.16% | 63.89% | 98.75% | 85.46% | 99.30% | 98.81% | 28.62% | 18.44% | 89.44% | 22.22% | 85.98% | 76.36% | 65.89% | 86.28% | 82.16% | 21.88% | 30.14% | 77.60% | 77.78% |
10 | 8.04% | 98.81% | 64.16% | 98.72% | 88.16% | 99.50% | 99.26% | 58.65% | 82.80% | 7.50% | 15.48% | 87.34% | 23.47% | 66.15% | 87.8% | 82.45% | 10.25% | 84.79% | 71.94% | 76.8% |
11 | 99.36% | 98.06% | 3.59% | 98.72% | 86.81% | 97.55% | 84.87% | 97.10% | 81.92% | 8.12% | 0.79% | 89.12% | 8.34% | 66.15% | 87.73% | 82.45% | 90.35% | 90.58% | 75.92% | 75.79% |
12 | 10.83% | 92.09% | 17.79% | 98.75% | 86.81% | 98.42% | 99.26% | 17.24% | 72.42% | 18.70% | 99.19% | 9.66% | 88.12% | 65.86% | 86.58% | 82.45% | 90.00% | 90.58% | 83.68% | 76.19% |
13 | 99.36% | 13.28% | 13.45% | 98.81% | 86.17% | 98.30% | 99.82% | 62.91% | 82.04% | 78.19% | 12.00% | 89.12% | 10.60% | 66.15% | 25.4% | 82.45% | 89.8% | 90.58% | 72.45% | 84.63% |
14 | 99.36% | 93.83% | 57.98% | 98.75% | 89.49% | 98.36% | 33.55% | 45.58% | 82.75% | 92.03% | 99.19% | 88.77% | 88.12% | 22.23% | 87.52% | 82.41% | 90.4% | 90.58% | 75.18% | 84.65% |
15 | 99.36% | 85.32% | 58.91% | 98.72% | 86.77% | 98.30% | 98.79% | 60.57% | 52.80% | 78.32% | 99.19% | 86.25% | 19.99% | 66.12% | 10.96% | 82.37% | 89.97% | 90.58% | 64.67% | 24.30% |
16 | 99.36% | 98.81% | 63.94% | 98.72% | 88.42% | 99.12% | 98.87% | 92.33% | 82.67% | 91.16% | 99.19% | 89.12% | 88.12% | 66.12% | 87.38% | 30.14% | 89.90% | 90.58% | 83.68% | 79.58% |
17 | 99.28% | 98.81% | 32.43% | 16.31% | 87.28% | 93.77% | 98.79% | 24.54% | 82.68% | 86.01% | 98.68% | 84.54% | 79.17% | 66.15% | 87.62% | 82.45% | 8.65% | 90.58% | 76.62% | 77.24% |
18 | 99.36% | 92.8% | 57.21% | 98.75% | 86.80% | 89.80% | 99.26% | 91.24% | 22.64% | 82.91% | 98.75% | 89.12% | 88.12% | 65.89% | 87.72% | 82.55% | 89.85% | 20.00% | 77.65% | 84.61% |
19 | 16.61% | 90.47% | 63.84% | 98.71% | 86.19% | 97.70% | 17.03% | 62.08% | 82.78% | 23.27% | 90.78% | 89.12% | 74.98% | 64.20% | 80.34% | 82.45% | 89.81% | 90.58% | 13.83% | 77.17% |
20 | 99.28% | 92.35% | 15.26% | 98.71% | 86.80% | 99.47% | 99.26% | 24.51% | 82.53% | 26.54% | 90.51% | 84.28% | 88.12% | 66.15% | 30.19% | 82.25% | 89.51% | 90.58% | 89.60% | 13.03% |
[1] | JIANG H , NAGRA J , AHAMMAD P . Sok:applying machine learning in security-a survey[J]. arXiv preprint arXiv:1611.03186, 2016 |
[2] | PITROPAKIS N , PANAOUSIS E , GIANNETSOS T ,et al. A taxonomy and survey of attacks against machine learning[J]. Computer Science Review, 2019,34100199. |
[3] | 张东, 张尧, 刘刚 ,等. 基于机器学习算法的主机恶意代码检测技术研究[J]. 网络与信息安全学报, 2017,3(7): 25-32. |
ZHANG D , ZHANG Y , LIU G ,et al. Research on host malcode detection using machine learning[J]. Chinese Journal of Network and Information Security, 2017,3(7): 25-32. | |
[4] | 张骁敏, 刘静, 庄俊玺 ,等. 基于权限与行为的 Android 恶意软件检测研究[J]. 网络与信息安全学报, 2017,3(3): 51-57. |
ZHANG X M , LIU J , ZHUANG J X ,et al. Research on Android malware detection based on permission and behavior[J]. Chinese Journal of Network and Information Security, 2017,3(3): 51-57. | |
[5] | SZEGEDY C , ZAREMBA W , SUTSKEVER I ,et al. Intriguing properties of neural networks[J]. arXiv preprint arXiv:1312.6199, 2013 |
[6] | GOODFELLOW I J , SHLENS J , SZEGEDY C . Explaining and harnessing adversarial examples[J]. arXiv preprint arXiv:1412.6572, 2014 |
[7] | ZHANG G , YAN C , JI X ,et al. Dolphinattack:inaudible voice commands[C]// The 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017: 103-117. |
[8] | GROSSE K , PAPERNOT N , MANOHARAN P ,et al. Adversarial perturbations against deep neural networks for malware classification[J]. arXiv preprint arXiv:1606.04435, 2016 |
[9] | CHEN S , XUE M , FAN L ,et al. Automated poisoning attacks and defenses in malware detection systems:an adversarial machine learning approach[J]. Computers & Security, 2018,73: 326-344. |
[10] | PAPERNOT N , MCDANIEL P , WU X ,et al. Distillation as a defense to adversarial perturbations against deep neural networks[C]// 2016 IEEE Symposium on Security and Privacy (SP). 2016: 582-597. |
[11] | CARLINI N , WAGNER D . Towards evaluating the robustness of neural networks[C]// 2017 IEEE Symposium on Security and Privacy (SP). 2017: 39-57. |
[12] | 蔡桂林, 王宝生, 王天佐 ,等. 移动目标防御技术研究进展[J]. 计算机研究与发展, 2016,53(5): 968-987. |
CAI G L , WANG B S , WANG T Z ,et al. Research and development of moving target defense technology[J]. Journal of Computer Research and Development, 2016,53(5): 968-987. | |
[13] | EVANS D,NGUYEN-TUONG A , KNIGHT J . Effectiveness of moving target defenses[M]// Moving Target Defense. 2011: 29-48. |
[14] | JAFARIAN J H , AL-SHAER E , DUAN Q . Openflow random host mutation:transparent moving target defense using software defined networking[C]// The First Workshop on Hot Topics in Software Defined Networks. 2012: 127-132. |
[15] | SENGUPTA S , CHAKRABORTI T , KAMBHAMPATI S . MTDeep:boosting the security of deep neural nets against adversarial attacks with moving target defense[C]// Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence. 2018. |
[16] | LEI C , MA D H , ZHANG H Q . Optimal strategy selection for moving target defense based on Markov game[J]. IEEE Access, 2017,5: 156-169. |
[17] | ROY A , CHHABRA A , KAMHOUA C A ,et al. A moving target defense against adversarial machine learning[C]// The 4th ACM/IEEE Symposium on Edge Computing. 2019: 383-388. |
[18] | 李亚龙, 陈勤, 张旻 . 基于博弈论的移动目标最优防御策略研究[J]. 计算机工程与应用, 2019,55(19): 141-146. |
LI Y L , CHEN Q , ZHANG M . Research on optimal defense strategy of moving targets based on game theory[J]. Computer Engineering and Applications, 2019,55(19): 141-146. | |
[19] | KANTCHELIAN A , TYGAR J D , JOSEPH A . Evasion and hardening of tree ensemble classifiers[C]// International Conference on Machine Learning. 2016: 2387-2396. |
[20] | NISSIM N , COHEN A , GLEZER C ,et al. Detection of malicious PDF files and directions for enhancements:a state-of-the art survey[J]. Computers & Security, 2015,48: 246-266. |
[21] | CHEN P Y , ZHANG H , SHARMA Y ,et al. Zoo:zeroth order optimization based black-box attacks to deep neural networks without training substitute models[C]// The 10th ACM Workshop on Artificial Intelligence and Security. 2017: 15-26. |
[22] | MU?OZ-GONZáLEZ L , BIGGIO B , DEMONTIS A ,et al. Towards poisoning of deep learning algorithms with back-gradient optimization[C]// The 10th ACM Workshop on Artificial Intelligence and Security. 2017: 27-38. |
[1] | Ruiqi XIA, Manman LI, Shaozhen CHEN. Identification on the structures of block ciphers using machine learning [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 79-89. |
[2] | Nan WEI, Lihua YIN, Hong NING, Binxing FANG. Preliminary study on the reform of machine learning teaching [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 182-189. |
[3] | Cheng HUANG, Mingxu SUN, Renyu DUAN, Susheng WU, Bin CHEN. Vulnerability identification technology research based on project version difference [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 52-62. |
[4] | Weizhen HE, Fucai CHEN, Jie NIU, Jinglei TAN, Shumin HUO, Guozhen CHENG. Research progress on dynamic hopping technology for network layer [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 44-55. |
[5] | Wei ZENG, Hongchao HU, Lingshu LI, Shumin HUO. Dynamic heterogeneous scheduling method based on Stackelberg game model in container cloud [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 95-104. |
[6] | Bin WANG, Liang CHEN, Yaguan QIAN, Yankai GUO, Qiqi SHAO, Jiamin WANG. Moving target defense against adversarial attacks [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 113-120. |
[7] | Yingjun ZHANG,Ushangqi LI,Mu YANG,Haixia ZHANG,Kezhen HUANG. Survey on anomaly detection technology based on logs [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 1-12. |
[8] | Xi FU,Hui LI,Xingwen ZHAO. Survey on phishing detection research [J]. Chinese Journal of Network and Information Security, 2020, 6(5): 1-10. |
[9] | Fuxiang YUAN,Fenlin LIU,Chong LIU,Yan LIU,Xiangyang LUO. MLAR:large-scale network alias resolution for IP geolocation [J]. Chinese Journal of Network and Information Security, 2020, 6(4): 77-94. |
[10] | Ziming LUO,Shubin XU,Xiaodong LIU. Scheme for identifying malware traffic with TLS data based on machine learning [J]. Chinese Journal of Network and Information Security, 2020, 6(1): 77-83. |
[11] | Wei HUANG,Cuncai LIU,Sibo QI. LSTM network traffic prediction and link congestion warning scheme for single port and single link [J]. Chinese Journal of Network and Information Security, 2019, 5(6): 50-57. |
[12] | Lei SONG, Chunguang MA, Guanghan DUAN. Machine learning security and privacy:a survey [J]. Chinese Journal of Network and Information Security, 2018, 4(8): 1-11. |
[13] | Jinglei TAN, Hongqi ZHANG, Cheng LEI, Xiaohu LIU, Shuo WANG. Research progress on moving target defense for SDN [J]. Chinese Journal of Network and Information Security, 2018, 4(7): 1-12. |
[14] | Tuosiyu MING, Hongchang CHEN. Research progress and trend of text summarization [J]. Chinese Journal of Network and Information Security, 2018, 4(6): 1-10. |
[15] | Yuyang ZHOU, Guang CHENG, Chunsheng GUO. Risk assessment method for network attack surface based on Bayesian attack graph [J]. Chinese Journal of Network and Information Security, 2018, 4(6): 11-22. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|