通信学报 ›› 2021, Vol. 42 ›› Issue (11): 1-12.doi: 10.11959/j.issn.1000-436x.2021193
• 专题:计算机通信与网络系统安全技术 • 下一篇
刘奇旭1,2, 王君楠1,2, 尹捷1, 陈艳辉1,2, 刘嘉熹1,2
修回日期:
2021-09-15
出版日期:
2021-11-25
发布日期:
2021-11-01
作者简介:
刘奇旭(1984− ),男,江苏徐州人,博士,中国科学院信息工程研究所研究员,中国科学院大学教授,主要研究方向为网络攻防技术、网络安全评测基金资助:
Qixu LIU1,2, Junnan WANG1,2, Jie YIN1, Yanhui CHEN1,2, Jiaxi LIU1,2
Revised:
2021-09-15
Online:
2021-11-25
Published:
2021-11-01
Supported by:
摘要:
近年来,机器学习技术逐渐成为主流网络入侵检测方案。然而机器学习模型固有的安全脆弱性,使其难以抵抗对抗攻击,即通过在输入中施加细微扰动而使模型得出错误结果。对抗机器学习已经在图像识别领域进行了广泛的研究,在具有高对抗性的入侵检测领域中,对抗机器学习将使网络安全面临更严峻的安全威胁。为应对此类威胁,从攻击、防御2个角度,系统分析并整理了将对抗机器学习技术应用于入侵检测场景的最新工作成果。首先,揭示了在入侵检测领域应用对抗机器学习技术所具有的独特约束和挑战;其次,根据对抗攻击阶段提出了一个多维分类法,并以此为依据对比和整理了现有研究成果;最后,在总结应用现状的基础上,讨论未来的发展方向。
中图分类号:
刘奇旭, 王君楠, 尹捷, 陈艳辉, 刘嘉熹. 对抗机器学习在网络入侵检测领域的应用[J]. 通信学报, 2021, 42(11): 1-12.
Qixu LIU, Junnan WANG, Jie YIN, Yanhui CHEN, Jiaxi LIU. Application of adversarial machine learning in network intrusion detection[J]. Journal on Communications, 2021, 42(11): 1-12.
表1
对抗攻击方法"
文献 | 年份 | 攻击目标 | 威胁模型 | 对抗攻击方法 | 输出 | 约束 | 影响的对象 | 数据集 | 评估指标 |
文献[ | 2017 | MLP, 集成分类器 | 白盒 | FGSM, JSMA | 特征 | No | 流特征 | NSL-KDD | acc, F1-score, AUC |
文献[ | 2018 | MLP | 白盒 | FGSM, JSMA, C&W, DeepFool | 特征 | No | 流特征 | NSL-KDD | acc, F1-score, P, R |
文献[ | 2019 | FNN, SNN | 白盒 | FGSM, BIM, PGD | 特征 | No | 流特征 | Bot-IoT | acc |
文献[ | 2017 | KitNet | 白盒 | FGSM, JSMA, C&W, ENM | 特征 | No | 流特征 | Mirai | FP, FN |
文献[ | 2020 | DNN | 白盒 | FGSM | 流量 | Yes | 流特征 | MTA | ER |
文献[ | 2019 | FFDNN, FFNN | 白盒 | PGD, C&W | 流量 | Yes | 网络流, 流特征 | CTU- 13 | ASR, ROC曲线 |
文献[ | 2021 | 1D-CNN | 白盒 | UAP | 流量 | Yes | 数据包, 网络流,流特征 | ISCXVPN2016 | R |
文献[ | 2018 | MLP | 灰盒(特征) | C&W, ZOO, GAN | 特征 | No | 流特征 | NSL-KDD | acc, F1-score, P,R |
文献[ | 2018 | SVM, NB, MLP, LR, DT, RF, KNN | 灰盒(特征) | WGAN | 特征 | Yes | 流特征 | NSL-KDD | DR, EIR |
文献[ | 2020 | GBDT | 灰盒(特征) | Gen-AAL | 特征 | No | 流特征 | CIC-IDS2017 | ASR |
文献[ | 2019 | LR, RF, SVM, KNN | 灰盒(得分) | 随机添加噪声 | 特征 | Yes | 流特征 | DARPA | DR |
文献[ | 2019 | DNN, DT | 灰盒(得分) | ATN:StarGAN | 特征 | Yes | 流特征 | Meek流量 | FPR, PR-AUC |
文献[ | 2021 | MLP, RF, GB, LR, LDA, QDA, BAG,集成分类器 | 灰盒(特征) | 遗传算法,粒子群算法,GAN | 特征 | Yes | 流特征 | NSL-KDD, UNSW-NB-15 | ER |
文献[ | 2019 | DAGMM, IF, AE, AnoGAN, ALAD, DSVDD, OC-SVM | 灰盒(特征) | 球形局部子空间 | 流量 | Yes | 流特征 | CIC-IDS2018 | ASR |
文献[ | 2018 | Stratosphere IPS | 黑盒 | GAN | 流量 | Yes | 流特征 | CC流量 | DR |
文献[ | 2019 | KitNet, DAGMM, BiGAN | 黑盒 | 迭代搜索 | 流量 | Yes | 数据包,流特征 | CIC-IDS2017 | TPR, FPR |
文献[ | 2019 | DT CNN | 黑盒 | Deep Q-learmng | 流量 | Yes | 网络流 | CTU-13 | acc, ER |
文献[ | 2021 | MLP, DT, LR, SVM | 黑盒 | SeqGAN+RL | 流量 | Yes | 数据包 | CTU-13 | MAPE, AFR, ASR |
文献[ | 2021 | AE, KitNet, IS | 黑盒 | LSTM | 流量 | Yes | 网络流 | CIC-IDS2017 | DR |
注:acc表示准确度(accuracy);P表示精确度(precision);R表示召回率(recall);TPR表示真阳率;FPR表示假阳率;EIR表示规避增长率(evasion increase rate),即未检测到的敌对恶意流量实例相对于原始恶意流量实例的增长速度,EIR=1-(adversarial detection ate)/(original detection rate);ER/ASR表示规避率(evasion rate)/攻击成功率(attack success rate),即攻击流量被识别成正常的百分比,与模型的召回率线性相关。 |
表2
对抗防御方法"
文献 | 年份 | 类别 | 方法 | 评估指标 | 数据集 | 可以抵抗的攻击 |
文献[ | 2016 | 模型修正 | 防御蒸馏 | ASR变化,扰动特征数量 | MNIST, CIFAR-10 | 文献[ |
文献[ | 2015 | 模型修正 | DCN | 测试误差,平均扰动大小 | MNIST | 文献[ |
文献[ | 2020 | 模型修正 | DAE+随机掩码 | TPR, FPR | CIC-IDS2017 | 文献[ |
文献[ | 2020 | 模型修正 | 层次集成分类 | 混淆矩阵 | 网络扫描流量数据集[ | 文献[ |
文献[ | 2017 | 模型修正 | 邻域分类 | ASR变化,平均扰动大小 | MNIST, CIFAR-10 | 文献[ |
文献[ | 2020 | 数据修正 | 对抗训练(文献[21,24,49], BIM, PGD),特征选择 | accuracy, precision, TPR, AUC | UNSW-NB 15 | 文献[ |
文献[ | 2021 | 数据修正 | 对抗训练(文献[ | F1-score | ICS流量数据集[ | 文献[ |
文献[ | 2020 | 数据修正 | 非稳健特征删减 | ASR变化,平均扰动大小 | Kitsunet dataset | 文献[ |
文献[ | 2018 | 附加网络 | Defence-GAN | accuracy, ROC | MNIST, F-MNIST | 文献[ |
文献[ | 2019 | 附加网络 | APE-GAN | 对抗样本的分类错误率 | MNIST,CIFAR-10,ImageNet | 文献[4,18-21] |
文献[ | 2017 | 附加网络 | MagNet | accuracy | MNIST, CIFAR-10 | 文献[ |
文献[ | 2017 | 附加网络 | 基于分类子网的检测 | accuracy | CIFAR-10 | 文献[ |
文献[ | 2020 | 附加网络 | 基于分类子网的检测 | precision, recall, F1-score | CIC-IDS-2017 | 文献[ |
[1] | ANDERSON J P . Computer security threat monitoring and surveillance[J]. Technical Report James P Anderson Co Fort Washington Pa, 1980:56. |
[2] | SINCLAIR C , PIERCE L , MATZNER S . An application of machine learning to network intrusion detection[C]// Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC’99). Piscataway:IEEE Press, 1999: 371-377. |
[3] | WU S X , BANZHAF W . The use of computational intelligence in intrusion detection systems:a review[J]. Applied Soft Computing, 2010,10(1): 1-35. |
[4] | SZEGEDY C , ZAREMBA W , SUTSKEVER I ,et al. Intriguing properties of neural networks[C]// International Conference on Learning Representations.[S.l.:s.n.], 2014. |
[5] | PAPERNOT N , MCDANIEL P , GOODFELLOW I . Transferability in machine learning:from phenomena to black-box attacks using adversarial samples[J]. arXiv Preprint,arXiv:1605.07277, 2016. |
[6] | KURAKIN A , GOODFELLOW I J , BENGIO S . Adversarial examples in the physical world[C]// International Conference on Learning Representations.[S.l.:s.n.], 2017. |
[7] | ALZANTOT M , SHARMA Y , ELGOHARY A ,et al. Generating natural language adversarial examples[C]// Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing. Brussels:Association for Computational Linguistics, 2018: 2890-2896. |
[8] | QIN Y , CARLINI N , GOODFELLOWI ,et al. Imperceptible,robust,and targeted adversarial examples for automatic speech recognition[C]// Proceedings of the 36th International Conference on Machine Learning. Australia:PMLR, 2019: 5231-5240. |
[9] | FREDRIKSON M , LANTZ E , JHA S ,et al. Privacy in pharmacogenetics:an end-to-end case study of personalized warfarin dosing[C]// Proceedings of the USENIX Security Symposium. Berkeley:USENIX Association, 2014: 17-32. |
[10] | PAPERNOT N , MCDANIEL P , GOODFELLOW I ,et al. Practical black-box attacks against machine learning[J]. arXiv Preprint,arXiv:1602.02697, 2016. |
[11] | SHARIF M , BHAGAVATULA S , BAUER L ,et al. Accessorize to a crime:real and stealthy attacks on state-of-the-art face recognition[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2016: 1528-1540. |
[12] | 张玉清, 董颖, 柳彩云 ,等. 深度学习应用于网络空间安全的现状、趋势与展望[J]. 计算机研究与发展, 2018,55(6): 1117-1142. |
ZHANG Y Q , DONG Y , LIU C Y ,et al. Situation,trends and prospects of deep learning applied to cyberspace security[J]. Journal of Computer Research and Development, 2018,55(6): 1117-1142. | |
[13] | AKHTAR N , MIAN A . Threat of adversarial attacks on deep learning in computer vision:a survey[J]. IEEE Access, 2018,6: 14410-14430. |
[14] | MARTINS N , CRUZ J M , CRUZ T ,et al. Adversarial machine learning applied to intrusion and malware scenarios:a systematic review[J]. IEEE Access, 2020,8: 35403-35419. |
[15] | ROSENBERG I , SHABTAI A , ELOVICI Y ,et al. Adversarial learning in the cyber security domain[J]. arXiv Preprint,arXiv:2007.02407, 2020. |
[16] | 段广晗, 马春光, 宋蕾 ,等. 深度学习中对抗样本的构造及防御研究[J]. 网络与信息安全学报, 2020,6(2): 1-11. |
DUAN G H , MA C G , SONG L ,et al. Research on structure and defense of adversarial example in deep learning[J]. Chinese Journal of Network and Information Security, 2020,6(2): 1-11. | |
[17] | YUAN X Y , HE P , ZHU Q L ,et al. Adversarial examples:attacks and defenses for deep learning[J]. IEEE Transactions on Neural Networks and Learning Systems, 2019,30(9): 2805-2824. |
[18] | GOODFELLOW I J , SHLENS J , SZEGEDY C . Explaining and harnessing adversarial examples[C]// International Conference on Learning Representations.[S.l.:s.n.], 2015. |
[19] | PAPERNOT N , MCDANIEL P , JHA S ,et al. The limitations of deep learning in adversarial settings[C]// Proceedings of 2016 IEEE European Symposium on Security and Privacy (EuroS&P). Piscataway:IEEE Press, 2016: 372-387. |
[20] | MOOSAVI-DEZFOOLI S M , FAWZI A , FROSSARD P . DeepFool:a simple and accurate method to fool deep neural networks[C]// Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition(CVPR). Piscataway:IEEE Press, 2016: 2574-2582. |
[21] | CARLINI N , WAGNER D . Towards evaluating the robustness of neural networks[C]// Proceedings of 2017 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2017: 39-57. |
[22] | MOOSAVI-DEZFOOLI S M , FAWZI A , FAWZI O ,et al. Universal adversarial perturbations[C]// Proceedings of 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway:IEEE Press, 2017: 86-94. |
[23] | KURAKIN A , GOODFELLOW I J , BENGIO S . Adversarial machine learning at scale[C]// International Conference on Learning Representation.[S.l.:s.n.], 2017. |
[24] | PIERAZZI F , PENDLEBURY F , CORTELLAZZI J ,et al. Intriguing properties of adversarial ML attacks in the problem space[C]// Proceedings of 2020 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2020: 1332-1349. |
[25] | SCHOLKOPF B , MIKA S , BURGES C J C ,et al. Input space versus feature space in kernel-based methods[J]. IEEE Transactions on Neural Networks, 1999,10(5): 1000-1017. |
[26] | RIGAKI M . Adversarial deep learning against intrusion detection classifiers[EB]. 2017. |
[27] | WANG Z . Deep learning-based intrusion detection with adversaries[J]. IEEE Access, 2018,6: 38367-38384. |
[28] | IBITOYE O , SHAFIQ O , MATRAWY A . Analyzing adversarial attacks against deep learning for intrusion detection in IoT networks[C]// Proceedings of 2019 IEEE Global Communications Conference (GLOBECOM). Piscataway:IEEE Press, 2019: 1-6. |
[29] | KLAMBAUER G , UNTERTHINER T , MAYR A ,et al. Self-normalizing neural networks[C]// Proceedings of the 31st Conference on Neural Information Processing Systems (NIPS 2017). New York:Curran Associates Inc, 2017: 1-8. |
[30] | NOVO C , MORLA R . Flow-based detection and proxy-based evasion of encrypted malware c2 traffic[C]// Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security. New York:ACM Press, 2020:83. |
[31] | CHERNIKOVA A , OPREA A . Fence:feasible evasion attacks on neural networks in constrained environments[J]. arXiv Preprint,arXiv:1909.10480, 2019. |
[32] | SADEGHZADEH A M , SHIRAVI S , JALILI R . Adversarial network traffic:towards evaluating the robustness of deep-learning-based network traffic classification[J]. IEEE Transactions on Network and Service Management, 2021,18(2): 1962-1976. |
[33] | YANG K C , LIU J Q , ZHANG C ,et al. Adversarial examples against the deep learning based network intrusion detection systems[C]// Proceedings of MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM). Piscataway:IEEE Press, 2018: 559-564. |
[34] | LIN Z , SHI Y , XUE Z . IDSGAN:Generative adversarial networks for attack generation against intrusion detection[J]. arXiv Preprint,arXiv:1809.02077, 2018. |
[35] | SHU D L , LESLIE N O , KAMHOUA C A ,et al. Generative adversarial attacks against intrusion detection systems using active learning[C]// Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning. New York:ACM Press, 2020: 1-6. |
[36] | AIKEN J , SCOTT-HAYWARD S , . Investigating adversarial attacks against network intrusion detection systems in SDNs[C]// Proceedings of 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks(NFV-SDN). Piscataway:IEEE Press, 2019: 1-7. |
[37] | SHEFFEY S , ADERHOLDT F . Improving meek with adversarial techniques[C]// Proceedings of the 9th USENIX Workshop on Free and Open Communications on the Internet. Santa Clara:USENIX Association, 2019: 1-10. |
[38] | ALHAJJAR E , MAXWELL P , BASTIANN . Adversarial machine learning in network intrusion detection systems[J]. Expert Systems With Applications, 2021,186: 115782. |
[39] | KUPPA A , GRZONKOWSKI S , ASGHAR M R ,et al. Black box attacks on deep anomaly detectors[C]// Proceedings of the 14th International Conference on Availability,Reliability and Security. New York:ACM Press, 2019: 1-10. |
[40] | RIGAKI M , GARCIA S . Bringing a GAN to a knife-fight:adapting malware communication to avoid detection[C]// Proceedings of 2018 IEEE Security and Privacy Workshops (SPW). Piscataway:IEEE Press, 2018: 70-75. |
[41] | HASHEMI M J , CUSACK G , KELLER E . Towards evaluation of NIDSs in adversarial setting[C]// Proceedings of the 3rd ACM CoNEXT Workshop on BigDAta,Machine Learning and Artificial Intelligence for Data Communication Networks. New York:ACM Press, 2019: 14-21. |
[42] | WU D , FANG B X , WANG J N ,et al. Evading machine learning botnet detection models via deep reinforcement learning[C]// Proceedings of ICC 2019 - 2019 IEEE International Conference on Communications(ICC). Piscataway:IEEE Press, 2019: 1-6. |
[43] | CHENG Q , ZHOU S , SHEN Y ,et al. Packet-level adversarial network traffic crafting using sequence generative adversarial networks[J]. arXiv Preprint,arXiv:2103.04794, 2021. |
[44] | SHARON Y , BEREND D , LIU Y ,et al. Tantra:timing-based adversarial network traffic reshaping attack[J]. arXiv Preprint,arXiv:2103.06297, 2021. |
[45] | KORONIOTIS N , MOUSTAFA N , SITNIKOVA E ,et al. Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics:Bot-IoT dataset[J]. Future Generation Computer Systems, 2019,100: 779-796. |
[46] | CLEMENTS J , YANG Y , SHARMA A ,et al. Rallying adversarial techniques against deep learning for network security[J]. arXiv Preprint,arXiv:1903.11688, 2019. |
[47] | MIRSKY Y , DOITSHMAN T , ELOVICI Y ,et al. Kitsune:an ensemble of Autoencoders for online network intrusion detection[C]// Proceedings of 2018 Network and Distributed System Security Symposium. Reston:Internet Society, 2018: 18-21. |
[48] | GARCíA S , GRILL M , STIBOREK J ,et al. An empirical comparison of botnet detection methods[J]. Computers & Security, 2014,45: 100-123. |
[49] | CHEN P Y , ZHANG H , SHARMA Y ,et al. ZOO:zeroth order optimization based black-box attacks to deep neural networks without training substitute models[C]// Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security. New York:ACM Press, 2017: 15-26. |
[50] | ARJOVSKY M , CHINTALA S , BOTTOU L . Wasserstein generative adversarial networks[C]// Proceedings of the 34th International Conference on Machine Learning. Australia:PMLR, 2017,(70): 214-223. |
[51] | CHOI Y , CHOI M , KIM M ,et al. StarGAN:unified generative adversarial networks for multi-domain image-to-image translation[C]// Proceedings of 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition. Piscataway:IEEE Press, 2018: 8789-8797. |
[52] | MOUSTAFA N , SLAY J . UNSW-NB15:a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]// Proceedings of 2015 Military Communications and Information Systems Conference(MilCIS). Piscataway:IEEE Press, 2015: 1-6. |
[53] | LI D , MUKHOPADHYAY M , DUNSON D B . Efficient manifold and sub-space approximations with spherelets[J]. arXiv Preprint,arXiv:1706.08263, 2017. |
[54] | LI J , ZHOU L , LI H X ,et al. Dynamic traffic feature camouflaging via generative adversarial networks[C]// Proceedings of 2019 IEEE Conference on Communications and Network Security(CNS). Piscataway:IEEE Press, 2019: 268-276. |
[55] | YU L , ZHANG W , WANG J ,et al. SeqGAN:sequence generative adversarial nets with policy gradient[C]// Proceedings of the AAAI Conference on Artificial Intelligence. Palo Alto:AAAI Press, 2017: 2852-2858. |
[56] | SHARAFALDIN I , HABIBI L A , GHORBANI A A . Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]// Proceedings of the 4th International Conference on Information Systems Security and Privacy.[S.l.]: SciTeOress, 2018: 108-116. |
[57] | PAPERNOT N , MCDANIEL P , WU X ,et al. Distillation as a defense to adversarial perturbations against deep neural networks[C]// Proceedings of 2016 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2016: 582-597. |
[58] | GU S , RIGAZIO L . Towards deep neural network architectures robust to adversarial examples[C]// International Conference on Learning Representations.[S.l.:s.n.], 2015. |
[59] | HASHEMI M J , KELLER E . Enhancing robustness against adversarial examples in network intrusion detection systems[C]// Proceedings of 2020 IEEE Conference on Network Function Virtualization and Software Defined Networks(NFV-SDN). Piscataway:IEEE Press, 2020: 37-43. |
[60] | DE L M J , COTTON C . A network security classifier defense:against adversarial machine learning attacks[C]// Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning. New York:ACM Press, 2020: 67-73. |
[61] | VENKATESAN S , SUGRIM S , IZMAILOV R ,et al. On detecting manifestation of adversary characteristics[C]// Proceedings of MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM). Piscataway:IEEE Press, 2018: 431-437. |
[62] | DE L M J , COTTON C . Adversarial machine learning for cybersecurity[J]. JISAR, 2019,12(1): 26. |
[63] | CAO X Y , GONG N Z . Mitigating evasion attacks to deep neural networks via region-based classification[C]// Proceedings of the 33rd Annual Computer Security Applications Conference. New York:ACM Press, 2017: 278-287. |
[64] | KHAMIS R A , SHAFIQ M O , MATRAWY A . Investigating resistance of deep Learning-based ids against adversaries using Min-max optimization[C]// Proceedings of ICC 2020 - 2020 IEEE International Conference on Communications (ICC). Piscataway:IEEE Press, 2020: 1-7. |
[65] | KHAMIS R A , MATRAWY A . Evaluation of adversarial training on different types of neural networks in deep learning-based IDSs[C]// Proceedings of 2020 International Symposium on Networks,Computers and Communications (ISNCC). Piscataway:IEEE Press, 2020: 1-6. |
[66] | ANTHI E , WILLIAMS L , RHODE M ,et al. Adversarial attacks on machine learning cybersecurity defences in Industrial Control Systems[J]. Journal of Information Security and Applications, 2021,58: 102717. |
[67] | PAN S Y , MORRIS T , ADHIKARI U . Classification of disturbances and cyber-attacks in power systems using heterogeneous time-synchronized data[J]. IEEE Transactions on Industrial Informatics, 2015,11(3): 650-662. |
[68] | HAN D , WANG Z , ZHONG Y ,et al. Practical traffic-space adversarial attacks on learning-based NIDSs[J]. arXiv Preprint,arXiv:2005.07519, 2020. |
[69] | SAMANGOUEI P , KABKAB M , CHELLAPPA R . Defense-gan:protecting classifiers against adversarial attacks using generative models[C]// International Conference on Learning Representations.[S.l.:s.n.], 2018. |
[70] | JIN G Q , SHEN S W , ZHANG D M ,et al. APE-GAN:adversarial perturbation elimination with GAN[C]// Proceedings of ICASSP 2019 2019 IEEE International Conference on Acoustics,Speech and Signal Processing (ICASSP). Piscataway:IEEE Press, 2019: 3842-3846. |
[71] | MENG D Y , CHEN H . MagNet:a two-pronged defense against adversarial examples[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2017: 135-147. |
[72] | METZEN J H , GENEWEIN T , FISCHER V ,et al. On detecting adversarial perturbations[C]// Proceedings of Internet Conference on Learning Representations.[S.l.:s.n.], 2017. |
[73] | PAWLICKI M , CHORA? M , KOZIK R . Defending network intrusion detection systems against adversarial evasion attacks[J]. Future Generation Computer Systems, 2020,110: 148-154. |
[74] | MADRY A , MAKELOV A , SCHMIDT L ,et al. Towards deep learning models resistant to adversarial attacks[J]. arXiv Preprint,arXiv:1706.06083, 2017. |
[75] | TRAM`ER F , KURAKIN A , PAPERNOT N ,et al. Ensemble adversarial training:attacks and defenses[J]. arXiv Preprint,arXiv:1705.07204, 2017. |
[76] | XU W L , EVANS D , QI Y J . Feature squeezing:detecting adversarial examples in deep neural networks[C]// Proceedings of 2018 Network and Distributed System Security Symposium. Reston:Internet Society, 2018: 18-21. |
[77] | VENTURI A , APRUZZESE G , ANDREOLINI M ,et al. DReLAB Deep reinforcement learning adversarial botnet:a benchmark dataset for adversarial attacks against botnet Intrusion Detection Systems[J]. Data in Brief, 2021,34: 106631. |
[78] | HOMOLIAK I , MALINKA K , HANACEK P . ASNM datasets:a collection of network attacks for testing of adversarial classifiers and intrusion detectors[J]. IEEE Access, 2020,8: 112427-112453. |
[1] | 苏新, 张桂福, 行鸿彦, Zenghui Wang. 基于平衡生成对抗网络的海洋气象传感网入侵检测研究[J]. 通信学报, 2023, 44(4): 124-136. |
[2] | 王一丰, 郭渊博, 陈庆礼, 方晨, 林韧昊. 基于对比学习的细粒度未知恶意流量分类方法[J]. 通信学报, 2022, 43(10): 12-25. |
[3] | 吴翼腾, 刘伟, 于洪涛. 图神经网络的标签翻转对抗攻击[J]. 通信学报, 2021, 42(9): 65-74. |
[4] | 程旭, 王莹莹, 张年杰, 付章杰, 陈北京, 赵国英. 基于空间感知的多级损失目标跟踪对抗攻击方法[J]. 通信学报, 2021, 42(11): 242-254. |
[5] | 田有亮,吴雨龙,李秋贤. 基于信息论的入侵检测最佳响应方案[J]. 通信学报, 2020, 41(7): 121-130. |
[6] | 张兴兰,尹晟霖. 可变融合的随机注意力胶囊网络入侵检测模型[J]. 通信学报, 2020, 41(11): 160-168. |
[7] | 孙伟,张鹏,何永全,邢丽超. 内网环境下基于时空事件关联的攻击检测方法[J]. 通信学报, 2020, 41(1): 33-41. |
[8] | 李佳,云晓春,李书豪,张永铮,谢江,方方. 基于混合结构深度神经网络的HTTP恶意流量检测方法[J]. 通信学报, 2019, 40(1): 24-33. |
[9] | 张震,魏鹏,李玉峰,兰巨龙,徐萍,陈博. 改进粒子群联合禁忌搜索的特征选择算法[J]. 通信学报, 2018, 39(12): 60-68. |
[10] | 高一为,周睿康,赖英旭,范科峰,姚相振,李琳. 基于仿真建模的工业控制网络入侵检测方法研究[J]. 通信学报, 2017, 38(7): 186-198. |
[11] | 赖英旭,刘增辉,蔡晓田,杨凯翔. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017, 38(2): 143-156. |
[12] | 张萍,何慧敏,张春燕,曹聪,刘燕兵,谭建龙. FilterFA:一种基于字符集规约的模式串匹配算法[J]. 通信学报, 2016, 37(12): 103-114. |
[13] | 杜晔,张亚丹,黎妹红,张大伟. 基于改进FastICA算法的入侵检测样本数据优化方法[J]. 通信学报, 2016, 37(1): 42-48. |
[14] | 苏洁,董伟伟,许璇,刘帅,谢立鹏. 基于Dempster-Shafer理论的GHSOM入侵检测方法[J]. 通信学报, 2015, 36(Z1): 60-64. |
[15] | 肖阳,白磊,王仙. 基于朋友机制的移动ad hoc网络路由入侵检测模型研究[J]. 通信学报, 2015, 36(Z1): 203-214. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|