对抗机器学习在网络入侵检测领域的应用

doi:10.11959/j.issn.1000-436x.2021193

通信学报 ›› 2021, Vol. 42 ›› Issue (11): 1-12.doi: 10.11959/j.issn.1000-436x.2021193

• 专题：计算机通信与网络系统安全技术 • 下一篇

对抗机器学习在网络入侵检测领域的应用

刘奇旭¹^,², 王君楠¹^,², 尹捷¹, 陈艳辉¹^,², 刘嘉熹¹^,²

¹ 中国科学院信息工程研究所，北京 100093
² 中国科学院大学网络空间安全学院，北京 100049

修回日期:2021-09-15 出版日期:2021-11-25 发布日期:2021-11-01
作者简介:刘奇旭（1984− ），男，江苏徐州人，博士，中国科学院信息工程研究所研究员，中国科学院大学教授，主要研究方向为网络攻防技术、网络安全评测
王君楠（1995− ），女，吉林省吉林市人，中国科学院大学博士生，主要研究方向为机器学习、机器学习安全和恶意流量检测
尹捷（1991− ），女，重庆人，博士，中国科学院信息工程研究所工程师，主要研究方向为网络攻防技术、恶意代码分析
陈艳辉（1996− ），男，山东潍坊人，中国科学院大学博士生，主要研究方向为网络攻防技术和恶意软件分析与检测
刘嘉熹（1997− ），女，山东淄博人，中国科学院大学博士生，主要研究方向为恶意代码分析
基金资助:
中国科学院青年创新促进会基金资助项目(2019163);国家自然科学基金资助项目(61902396);中国科学院战略性先导科技专项基金资助项目(XDC02040100);中国科学院网络测评技术重点实验室和网络安全防护技术北京市重点实验室基金资助项目

Application of adversarial machine learning in network intrusion detection

Qixu LIU¹^,², Junnan WANG¹^,², Jie YIN¹, Yanhui CHEN¹^,², Jiaxi LIU¹^,²

¹ Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
² School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China

Revised:2021-09-15 Online:2021-11-25 Published:2021-11-01
Supported by:
The Youth Innovation Promotion Association CAS(2019163);The National Natural Science Foundation of China(61902396);The Strategic Priority Research Program of Chinese Academy of Sciences(XDC02040100);The Key Laboratory of Network Assessment Technology at Chinese Academy of Sciences and Beijing Key Laboratory of Network Security and Protection Technology

摘要/Abstract

摘要：

近年来，机器学习技术逐渐成为主流网络入侵检测方案。然而机器学习模型固有的安全脆弱性，使其难以抵抗对抗攻击，即通过在输入中施加细微扰动而使模型得出错误结果。对抗机器学习已经在图像识别领域进行了广泛的研究，在具有高对抗性的入侵检测领域中，对抗机器学习将使网络安全面临更严峻的安全威胁。为应对此类威胁，从攻击、防御2个角度，系统分析并整理了将对抗机器学习技术应用于入侵检测场景的最新工作成果。首先，揭示了在入侵检测领域应用对抗机器学习技术所具有的独特约束和挑战；其次，根据对抗攻击阶段提出了一个多维分类法，并以此为依据对比和整理了现有研究成果；最后，在总结应用现状的基础上，讨论未来的发展方向。

关键词: 入侵检测, 恶意流量, 对抗攻击, 对抗防御

Abstract:

In recent years, machine learning (ML) has become the mainstream network intrusion detection system(NIDS).However, the inherent vulnerabilities of machine learning make it difficult to resist adversarial attacks, which can mislead the models by adding subtle perturbations to the input sample.Adversarial machine learning (AML) has been extensively studied in image recognition.In the field of intrusion detection, which is inherently highly antagonistic, it may directly make ML-based detectors unavailable and cause significant property damage.To deal with such threats, the latest work of applying AML technology was systematically investigated in NIDS from two perspectives: attack and defense.First, the unique constraints and challenges were revealed when applying AML technology in the NIDS field; secondly, a multi-dimensional taxonomy was proposed according to the adversarial attack stage, and current work was compared and summarized on this basis; finally, the future research directions was discussed.

Key words: intrusion detection, malicious traffic, adversarial attack, adversarial defense

中图分类号:

TN92

刘奇旭, 王君楠, 尹捷, 陈艳辉, 刘嘉熹. 对抗机器学习在网络入侵检测领域的应用[J]. 通信学报, 2021, 42(11): 1-12.

Qixu LIU, Junnan WANG, Jie YIN, Yanhui CHEN, Jiaxi LIU. Application of adversarial machine learning in network intrusion detection[J]. Journal on Communications, 2021, 42(11): 1-12.

图/表 4

图1

图2

表1

对抗攻击方法"

文献	年份	攻击目标	威胁模型	对抗攻击方法	输出	约束	影响的对象	数据集	评估指标
文献[26]	2017	MLP, 集成分类器	白盒	FGSM, JSMA	特征	No	流特征	NSL-KDD	acc, F1-score, AUC
文献[27]	2018	MLP	白盒	FGSM, JSMA, C＆W, DeepFool	特征	No	流特征	NSL-KDD	acc, F1-score, P, R
文献[28]	2019	FNN, SNN	白盒	FGSM, BIM, PGD	特征	No	流特征	Bot-IoT	acc
文献[29]	2017	KitNet	白盒	FGSM, JSMA, C＆W, ENM	特征	No	流特征	Mirai	FP, FN
文献[30]	2020	DNN	白盒	FGSM	流量	Yes	流特征	MTA	ER
文献[31]	2019	FFDNN, FFNN	白盒	PGD, C＆W	流量	Yes	网络流, 流特征	CTU- 13	ASR, ROC曲线
文献[32]	2021	1D-CNN	白盒	UAP	流量	Yes	数据包, 网络流,流特征	ISCXVPN2016	R
文献[33]	2018	MLP	灰盒(特征)	C＆W, ZOO, GAN	特征	No	流特征	NSL-KDD	acc, F1-score, P,R
文献[34]	2018	SVM, NB, MLP, LR, DT, RF, KNN	灰盒(特征)	WGAN	特征	Yes	流特征	NSL-KDD	DR, EIR
文献[35]	2020	GBDT	灰盒(特征)	Gen-AAL	特征	No	流特征	CIC-IDS2017	ASR
文献[36]	2019	LR, RF, SVM, KNN	灰盒(得分)	随机添加噪声	特征	Yes	流特征	DARPA	DR
文献[37]	2019	DNN, DT	灰盒(得分)	ATN：StarGAN	特征	Yes	流特征	Meek流量	FPR, PR-AUC
文献[38]	2021	MLP, RF, GB, LR, LDA, QDA, BAG,集成分类器	灰盒(特征)	遗传算法，粒子群算法，GAN	特征	Yes	流特征	NSL-KDD, UNSW-NB-15	ER
文献[39]	2019	DAGMM, IF, AE, AnoGAN, ALAD, DSVDD, OC-SVM	灰盒(特征)	球形局部子空间	流量	Yes	流特征	CIC-IDS2018	ASR
文献[40]	2018	Stratosphere IPS	黑盒	GAN	流量	Yes	流特征	CC流量	DR
文献[41]	2019	KitNet, DAGMM, BiGAN	黑盒	迭代搜索	流量	Yes	数据包，流特征	CIC-IDS2017	TPR, FPR
文献[42]	2019	DT CNN	黑盒	Deep Q-learmng	流量	Yes	网络流	CTU-13	acc, ER
文献[43]	2021	MLP, DT, LR, SVM	黑盒	SeqGAN+RL	流量	Yes	数据包	CTU-13	MAPE, AFR, ASR
文献[44]	2021	AE, KitNet, IS	黑盒	LSTM	流量	Yes	网络流	CIC-IDS2017	DR
注：acc表示准确度（accuracy）；P表示精确度（precision）；R表示召回率（recall）；TPR表示真阳率；FPR表示假阳率；EIR表示规避增长率（evasion increase rate），即未检测到的敌对恶意流量实例相对于原始恶意流量实例的增长速度，EIR=1-(adversarial detection ate)/(original detection rate)；ER/ASR表示规避率（evasion rate）/攻击成功率（attack success rate），即攻击流量被识别成正常的百分比，与模型的召回率线性相关。

表1

表2

参考文献 78

[1]	ANDERSON J P . Computer security threat monitoring and surveillance[J]. Technical Report James P Anderson Co Fort Washington Pa, 1980:56.
[2]	SINCLAIR C , PIERCE L , MATZNER S . An application of machine learning to network intrusion detection[C]// Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC’99). Piscataway:IEEE Press, 1999: 371-377.
[3]	WU S X , BANZHAF W . The use of computational intelligence in intrusion detection systems:a review[J]. Applied Soft Computing, 2010,10(1): 1-35.
[4]	SZEGEDY C , ZAREMBA W , SUTSKEVER I ,et al. Intriguing properties of neural networks[C]// International Conference on Learning Representations.[S.l.:s.n.], 2014.
[5]	PAPERNOT N , MCDANIEL P , GOODFELLOW I . Transferability in machine learning:from phenomena to black-box attacks using adversarial samples[J]. arXiv Preprint,arXiv:1605.07277, 2016.
[6]	KURAKIN A , GOODFELLOW I J , BENGIO S . Adversarial examples in the physical world[C]// International Conference on Learning Representations.[S.l.:s.n.], 2017.
[7]	ALZANTOT M , SHARMA Y , ELGOHARY A ,et al. Generating natural language adversarial examples[C]// Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing. Brussels:Association for Computational Linguistics, 2018: 2890-2896.
[8]	QIN Y , CARLINI N , GOODFELLOWI ,et al. Imperceptible,robust,and targeted adversarial examples for automatic speech recognition[C]// Proceedings of the 36th International Conference on Machine Learning. Australia:PMLR, 2019: 5231-5240.
[9]	FREDRIKSON M , LANTZ E , JHA S ,et al. Privacy in pharmacogenetics:an end-to-end case study of personalized warfarin dosing[C]// Proceedings of the USENIX Security Symposium. Berkeley:USENIX Association, 2014: 17-32.
[10]	PAPERNOT N , MCDANIEL P , GOODFELLOW I ,et al. Practical black-box attacks against machine learning[J]. arXiv Preprint,arXiv:1602.02697, 2016.
[11]	SHARIF M , BHAGAVATULA S , BAUER L ,et al. Accessorize to a crime:real and stealthy attacks on state-of-the-art face recognition[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2016: 1528-1540.
[12]	张玉清, 董颖, 柳彩云 ,等. 深度学习应用于网络空间安全的现状、趋势与展望[J]. 计算机研究与发展, 2018,55(6): 1117-1142.
	ZHANG Y Q , DONG Y , LIU C Y ,et al. Situation,trends and prospects of deep learning applied to cyberspace security[J]. Journal of Computer Research and Development, 2018,55(6): 1117-1142.
[13]	AKHTAR N , MIAN A . Threat of adversarial attacks on deep learning in computer vision:a survey[J]. IEEE Access, 2018,6: 14410-14430.
[14]	MARTINS N , CRUZ J M , CRUZ T ,et al. Adversarial machine learning applied to intrusion and malware scenarios:a systematic review[J]. IEEE Access, 2020,8: 35403-35419.
[15]	ROSENBERG I , SHABTAI A , ELOVICI Y ,et al. Adversarial learning in the cyber security domain[J]. arXiv Preprint,arXiv:2007.02407, 2020.
[16]	段广晗, 马春光, 宋蕾 ,等. 深度学习中对抗样本的构造及防御研究[J]. 网络与信息安全学报, 2020,6(2): 1-11.
	DUAN G H , MA C G , SONG L ,et al. Research on structure and defense of adversarial example in deep learning[J]. Chinese Journal of Network and Information Security, 2020,6(2): 1-11.
[17]	YUAN X Y , HE P , ZHU Q L ,et al. Adversarial examples:attacks and defenses for deep learning[J]. IEEE Transactions on Neural Networks and Learning Systems, 2019,30(9): 2805-2824.
[18]	GOODFELLOW I J , SHLENS J , SZEGEDY C . Explaining and harnessing adversarial examples[C]// International Conference on Learning Representations.[S.l.:s.n.], 2015.
[19]	PAPERNOT N , MCDANIEL P , JHA S ,et al. The limitations of deep learning in adversarial settings[C]// Proceedings of 2016 IEEE European Symposium on Security and Privacy (EuroS＆P). Piscataway:IEEE Press, 2016: 372-387.
[20]	MOOSAVI-DEZFOOLI S M , FAWZI A , FROSSARD P . DeepFool:a simple and accurate method to fool deep neural networks[C]// Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition(CVPR). Piscataway:IEEE Press, 2016: 2574-2582.
[21]	CARLINI N , WAGNER D . Towards evaluating the robustness of neural networks[C]// Proceedings of 2017 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2017: 39-57.
[22]	MOOSAVI-DEZFOOLI S M , FAWZI A , FAWZI O ,et al. Universal adversarial perturbations[C]// Proceedings of 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway:IEEE Press, 2017: 86-94.
[23]	KURAKIN A , GOODFELLOW I J , BENGIO S . Adversarial machine learning at scale[C]// International Conference on Learning Representation.[S.l.:s.n.], 2017.
[24]	PIERAZZI F , PENDLEBURY F , CORTELLAZZI J ,et al. Intriguing properties of adversarial ML attacks in the problem space[C]// Proceedings of 2020 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2020: 1332-1349.
[25]	SCHOLKOPF B , MIKA S , BURGES C J C ,et al. Input space versus feature space in kernel-based methods[J]. IEEE Transactions on Neural Networks, 1999,10(5): 1000-1017.
[26]	RIGAKI M . Adversarial deep learning against intrusion detection classifiers[EB]. 2017.
[27]	WANG Z . Deep learning-based intrusion detection with adversaries[J]. IEEE Access, 2018,6: 38367-38384.
[28]	IBITOYE O , SHAFIQ O , MATRAWY A . Analyzing adversarial attacks against deep learning for intrusion detection in IoT networks[C]// Proceedings of 2019 IEEE Global Communications Conference (GLOBECOM). Piscataway:IEEE Press, 2019: 1-6.
[29]	KLAMBAUER G , UNTERTHINER T , MAYR A ,et al. Self-normalizing neural networks[C]// Proceedings of the 31st Conference on Neural Information Processing Systems (NIPS 2017). New York:Curran Associates Inc, 2017: 1-8.
[30]	NOVO C , MORLA R . Flow-based detection and proxy-based evasion of encrypted malware c2 traffic[C]// Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security. New York:ACM Press, 2020:83.
[31]	CHERNIKOVA A , OPREA A . Fence:feasible evasion attacks on neural networks in constrained environments[J]. arXiv Preprint,arXiv:1909.10480, 2019.
[32]	SADEGHZADEH A M , SHIRAVI S , JALILI R . Adversarial network traffic:towards evaluating the robustness of deep-learning-based network traffic classification[J]. IEEE Transactions on Network and Service Management, 2021,18(2): 1962-1976.
[33]	YANG K C , LIU J Q , ZHANG C ,et al. Adversarial examples against the deep learning based network intrusion detection systems[C]// Proceedings of MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM). Piscataway:IEEE Press, 2018: 559-564.
[34]	LIN Z , SHI Y , XUE Z . IDSGAN:Generative adversarial networks for attack generation against intrusion detection[J]. arXiv Preprint,arXiv:1809.02077, 2018.
[35]	SHU D L , LESLIE N O , KAMHOUA C A ,et al. Generative adversarial attacks against intrusion detection systems using active learning[C]// Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning. New York:ACM Press, 2020: 1-6.
[36]	AIKEN J , SCOTT-HAYWARD S , . Investigating adversarial attacks against network intrusion detection systems in SDNs[C]// Proceedings of 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks(NFV-SDN). Piscataway:IEEE Press, 2019: 1-7.
[37]	SHEFFEY S , ADERHOLDT F . Improving meek with adversarial techniques[C]// Proceedings of the 9th USENIX Workshop on Free and Open Communications on the Internet. Santa Clara:USENIX Association, 2019: 1-10.
[38]	ALHAJJAR E , MAXWELL P ， BASTIANN . Adversarial machine learning in network intrusion detection systems[J]. Expert Systems With Applications, 2021,186: 115782.
[39]	KUPPA A , GRZONKOWSKI S , ASGHAR M R ,et al. Black box attacks on deep anomaly detectors[C]// Proceedings of the 14th International Conference on Availability,Reliability and Security. New York:ACM Press, 2019: 1-10.
[40]	RIGAKI M , GARCIA S . Bringing a GAN to a knife-fight:adapting malware communication to avoid detection[C]// Proceedings of 2018 IEEE Security and Privacy Workshops (SPW). Piscataway:IEEE Press, 2018: 70-75.
[41]	HASHEMI M J , CUSACK G , KELLER E . Towards evaluation of NIDSs in adversarial setting[C]// Proceedings of the 3rd ACM CoNEXT Workshop on BigDAta,Machine Learning and Artificial Intelligence for Data Communication Networks. New York:ACM Press, 2019: 14-21.
[42]	WU D , FANG B X , WANG J N ,et al. Evading machine learning botnet detection models via deep reinforcement learning[C]// Proceedings of ICC 2019 - 2019 IEEE International Conference on Communications(ICC). Piscataway:IEEE Press, 2019: 1-6.
[43]	CHENG Q , ZHOU S , SHEN Y ,et al. Packet-level adversarial network traffic crafting using sequence generative adversarial networks[J]. arXiv Preprint,arXiv:2103.04794, 2021.
[44]	SHARON Y , BEREND D , LIU Y ,et al. Tantra:timing-based adversarial network traffic reshaping attack[J]. arXiv Preprint,arXiv:2103.06297, 2021.
[45]	KORONIOTIS N , MOUSTAFA N , SITNIKOVA E ,et al. Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics:Bot-IoT dataset[J]. Future Generation Computer Systems, 2019,100: 779-796.
[46]	CLEMENTS J , YANG Y , SHARMA A ,et al. Rallying adversarial techniques against deep learning for network security[J]. arXiv Preprint,arXiv:1903.11688, 2019.
[47]	MIRSKY Y , DOITSHMAN T , ELOVICI Y ,et al. Kitsune:an ensemble of Autoencoders for online network intrusion detection[C]// Proceedings of 2018 Network and Distributed System Security Symposium. Reston:Internet Society, 2018: 18-21.
[48]	GARCíA S , GRILL M , STIBOREK J ,et al. An empirical comparison of botnet detection methods[J]. Computers ＆ Security, 2014,45: 100-123.
[49]	CHEN P Y , ZHANG H , SHARMA Y ,et al. ZOO:zeroth order optimization based black-box attacks to deep neural networks without training substitute models[C]// Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security. New York：ACM Press, 2017: 15-26.
[50]	ARJOVSKY M , CHINTALA S , BOTTOU L . Wasserstein generative adversarial networks[C]// Proceedings of the 34th International Conference on Machine Learning. Australia:PMLR, 2017,(70): 214-223.
[51]	CHOI Y , CHOI M , KIM M ,et al. StarGAN:unified generative adversarial networks for multi-domain image-to-image translation[C]// Proceedings of 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition. Piscataway:IEEE Press, 2018: 8789-8797.
[52]	MOUSTAFA N , SLAY J . UNSW-NB15:a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]// Proceedings of 2015 Military Communications and Information Systems Conference(MilCIS). Piscataway:IEEE Press, 2015: 1-6.
[53]	LI D , MUKHOPADHYAY M , DUNSON D B . Efficient manifold and sub-space approximations with spherelets[J]. arXiv Preprint,arXiv:1706.08263, 2017.
[54]	LI J , ZHOU L , LI H X ,et al. Dynamic traffic feature camouflaging via generative adversarial networks[C]// Proceedings of 2019 IEEE Conference on Communications and Network Security(CNS). Piscataway:IEEE Press, 2019: 268-276.
[55]	YU L , ZHANG W , WANG J ,et al. SeqGAN:sequence generative adversarial nets with policy gradient[C]// Proceedings of the AAAI Conference on Artificial Intelligence. Palo Alto:AAAI Press, 2017: 2852-2858.
[56]	SHARAFALDIN I , HABIBI L A , GHORBANI A A . Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]// Proceedings of the 4th International Conference on Information Systems Security and Privacy.[S.l.]: SciTeOress, 2018: 108-116.
[57]	PAPERNOT N , MCDANIEL P , WU X ,et al. Distillation as a defense to adversarial perturbations against deep neural networks[C]// Proceedings of 2016 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2016: 582-597.
[58]	GU S , RIGAZIO L . Towards deep neural network architectures robust to adversarial examples[C]// International Conference on Learning Representations.[S.l.:s.n.], 2015.
[59]	HASHEMI M J , KELLER E . Enhancing robustness against adversarial examples in network intrusion detection systems[C]// Proceedings of 2020 IEEE Conference on Network Function Virtualization and Software Defined Networks(NFV-SDN). Piscataway:IEEE Press, 2020: 37-43.
[60]	DE L M J , COTTON C . A network security classifier defense:against adversarial machine learning attacks[C]// Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning. New York:ACM Press, 2020: 67-73.
[61]	VENKATESAN S , SUGRIM S , IZMAILOV R ,et al. On detecting manifestation of adversary characteristics[C]// Proceedings of MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM). Piscataway:IEEE Press, 2018: 431-437.
[62]	DE L M J , COTTON C . Adversarial machine learning for cybersecurity[J]. JISAR, 2019,12(1): 26.
[63]	CAO X Y , GONG N Z . Mitigating evasion attacks to deep neural networks via region-based classification[C]// Proceedings of the 33rd Annual Computer Security Applications Conference. New York:ACM Press, 2017: 278-287.
[64]	KHAMIS R A , SHAFIQ M O , MATRAWY A . Investigating resistance of deep Learning-based ids against adversaries using Min-max optimization[C]// Proceedings of ICC 2020 - 2020 IEEE International Conference on Communications (ICC). Piscataway:IEEE Press, 2020: 1-7.
[65]	KHAMIS R A , MATRAWY A . Evaluation of adversarial training on different types of neural networks in deep learning-based IDSs[C]// Proceedings of 2020 International Symposium on Networks,Computers and Communications (ISNCC). Piscataway:IEEE Press, 2020: 1-6.
[66]	ANTHI E , WILLIAMS L , RHODE M ,et al. Adversarial attacks on machine learning cybersecurity defences in Industrial Control Systems[J]. Journal of Information Security and Applications, 2021,58: 102717.
[67]	PAN S Y , MORRIS T , ADHIKARI U . Classification of disturbances and cyber-attacks in power systems using heterogeneous time-synchronized data[J]. IEEE Transactions on Industrial Informatics, 2015,11(3): 650-662.
[68]	HAN D , WANG Z , ZHONG Y ,et al. Practical traffic-space adversarial attacks on learning-based NIDSs[J]. arXiv Preprint,arXiv:2005.07519, 2020.
[69]	SAMANGOUEI P , KABKAB M , CHELLAPPA R . Defense-gan:protecting classifiers against adversarial attacks using generative models[C]// International Conference on Learning Representations.[S.l.:s.n.], 2018.
[70]	JIN G Q , SHEN S W , ZHANG D M ,et al. APE-GAN:adversarial perturbation elimination with GAN[C]// Proceedings of ICASSP 2019 2019 IEEE International Conference on Acoustics,Speech and Signal Processing (ICASSP). Piscataway:IEEE Press, 2019: 3842-3846.
[71]	MENG D Y , CHEN H . MagNet:a two-pronged defense against adversarial examples[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2017: 135-147.
[72]	METZEN J H , GENEWEIN T , FISCHER V ,et al. On detecting adversarial perturbations[C]// Proceedings of Internet Conference on Learning Representations.[S.l.:s.n.], 2017.
[73]	PAWLICKI M , CHORA? M , KOZIK R . Defending network intrusion detection systems against adversarial evasion attacks[J]. Future Generation Computer Systems, 2020,110: 148-154.
[74]	MADRY A , MAKELOV A , SCHMIDT L ,et al. Towards deep learning models resistant to adversarial attacks[J]. arXiv Preprint,arXiv:1706.06083, 2017.
[75]	TRAM`ER F , KURAKIN A , PAPERNOT N ,et al. Ensemble adversarial training:attacks and defenses[J]. arXiv Preprint,arXiv:1705.07204, 2017.
[76]	XU W L , EVANS D , QI Y J . Feature squeezing:detecting adversarial examples in deep neural networks[C]// Proceedings of 2018 Network and Distributed System Security Symposium. Reston:Internet Society, 2018: 18-21.
[77]	VENTURI A , APRUZZESE G , ANDREOLINI M ,et al. DReLAB Deep reinforcement learning adversarial botnet:a benchmark dataset for adversarial attacks against botnet Intrusion Detection Systems[J]. Data in Brief, 2021,34: 106631.
[78]	HOMOLIAK I , MALINKA K , HANACEK P . ASNM datasets:a collection of network attacks for testing of adversarial classifiers and intrusion detectors[J]. IEEE Access, 2020,8: 112427-112453.

文献	年份	类别	方法	评估指标	数据集	可以抵抗的攻击
文献[57]	2016	模型修正	防御蒸馏	ASR变化，扰动特征数量	MNIST, CIFAR-10	文献[18]
文献[58]	2015	模型修正	DCN	测试误差，平均扰动大小	MNIST	文献[4]
文献[59]	2020	模型修正	DAE+随机掩码	TPR, FPR	CIC-IDS2017	文献[41]
文献[60]	2020	模型修正	层次集成分类	混淆矩阵	网络扫描流量数据集^[61]	文献[62]
文献[63]	2017	模型修正	邻域分类	ASR变化,平均扰动大小	MNIST, CIFAR-10	文献[18-21],BIM
文献[64-65]	2020	数据修正	对抗训练（文献[21,24,49], BIM, PGD），特征选择	accuracy, precision, TPR, AUC	UNSW-NB 15	文献[19-21],BIM, PGD
文献[66]	2021	数据修正	对抗训练（文献[18-19]）	F1-score	ICS流量数据集^[67]	文献[18]
文献[68]	2020	数据修正	非稳健特征删减	ASR变化,平均扰动大小	Kitsunet dataset	文献[38]
文献[69]	2018	附加网络	Defence-GAN	accuracy, ROC	MNIST, F-MNIST	文献[18,21]
文献[70]	2019	附加网络	APE-GAN	对抗样本的分类错误率	MNIST,CIFAR-10,ImageNet	文献[4,18-21]
文献[71]	2017	附加网络	MagNet	accuracy	MNIST, CIFAR-10	文献[18-21], BIM
文献[72]	2017	附加网络	基于分类子网的检测	accuracy	CIFAR-10	文献[18,20], BIM
文献[73]	2020	附加网络	基于分类子网的检测	precision, recall, F1-score	CIC-IDS-2017	文献[18,21], BIM, PGD

对抗机器学习在网络入侵检测领域的应用

Application of adversarial machine learning in network intrusion detection

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 78

相关文章 15

Metrics

推荐阅读 0

[1]	苏新, 张桂福, 行鸿彦, Zenghui Wang. 基于平衡生成对抗网络的海洋气象传感网入侵检测研究[J]. 通信学报, 2023, 44(4): 124-136.
[2]	王一丰, 郭渊博, 陈庆礼, 方晨, 林韧昊. 基于对比学习的细粒度未知恶意流量分类方法[J]. 通信学报, 2022, 43(10): 12-25.
[3]	吴翼腾, 刘伟, 于洪涛. 图神经网络的标签翻转对抗攻击[J]. 通信学报, 2021, 42(9): 65-74.
[4]	程旭, 王莹莹, 张年杰, 付章杰, 陈北京, 赵国英. 基于空间感知的多级损失目标跟踪对抗攻击方法[J]. 通信学报, 2021, 42(11): 242-254.
[5]	田有亮,吴雨龙,李秋贤. 基于信息论的入侵检测最佳响应方案[J]. 通信学报, 2020, 41(7): 121-130.
[6]	张兴兰,尹晟霖. 可变融合的随机注意力胶囊网络入侵检测模型[J]. 通信学报, 2020, 41(11): 160-168.
[7]	孙伟,张鹏,何永全,邢丽超. 内网环境下基于时空事件关联的攻击检测方法[J]. 通信学报, 2020, 41(1): 33-41.
[8]	李佳,云晓春,李书豪,张永铮,谢江,方方. 基于混合结构深度神经网络的HTTP恶意流量检测方法[J]. 通信学报, 2019, 40(1): 24-33.
[9]	张震,魏鹏,李玉峰,兰巨龙,徐萍,陈博. 改进粒子群联合禁忌搜索的特征选择算法[J]. 通信学报, 2018, 39(12): 60-68.
[10]	高一为,周睿康,赖英旭,范科峰,姚相振,李琳. 基于仿真建模的工业控制网络入侵检测方法研究[J]. 通信学报, 2017, 38(7): 186-198.
[11]	赖英旭,刘增辉,蔡晓田,杨凯翔. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017, 38(2): 143-156.
[12]	张萍,何慧敏,张春燕,曹聪,刘燕兵,谭建龙. FilterFA：一种基于字符集规约的模式串匹配算法[J]. 通信学报, 2016, 37(12): 103-114.
[13]	杜晔,张亚丹,黎妹红,张大伟. 基于改进FastICA算法的入侵检测样本数据优化方法[J]. 通信学报, 2016, 37(1): 42-48.
[14]	苏洁,董伟伟,许璇,刘帅,谢立鹏. 基于Dempster-Shafer理论的GHSOM入侵检测方法[J]. 通信学报, 2015, 36(Z1): 60-64.
[15]	肖阳,白磊,王仙. 基于朋友机制的移动ad hoc网络路由入侵检测模型研究[J]. 通信学报, 2015, 36(Z1): 203-214.