通信学报 ›› 2024, Vol. 45 ›› Issue (4): 73-83.doi: 10.11959/j.issn.1000-436x.2024077
收稿日期:
2023-09-27
修回日期:
2024-03-12
出版日期:
2024-04-30
发布日期:
2024-05-27
通讯作者:
郭渊博
E-mail:yuanbo_g@hotmail.com
作者简介:
基金资助:
Bowen MA, Yuanbo GUO(), Jun MA, Qi ZHANG, Chen FANG
Received:
2023-09-27
Revised:
2024-03-12
Online:
2024-04-30
Published:
2024-05-27
Contact:
Yuanbo GUO
E-mail:yuanbo_g@hotmail.com
Supported by:
摘要:
针对基于深度学习模型的流量分类器,提出了一种利用后门攻击实现恶意流量逃逸的方法。通过在训练过程添加毒化数据将后门植入模型,后门模型将带有后门触发器的恶意流量判定为良性,从而实现恶意流量逃逸;同时对不含触发器的干净流量正常判定,保证了模型后门的隐蔽性。采用多种触发器分别生成不同后门模型,比较了多种恶意流量对不同后门模型的逃逸效果,同时分析了不同后门对模型性能的影响。实验验证了所提方法的有效性,为恶意流量逃逸提供了新的思路。
中图分类号:
马博文, 郭渊博, 马骏, 张琦, 方晨. 基于后门攻击的恶意流量逃逸方法[J]. 通信学报, 2024, 45(4): 73-83.
Bowen MA, Yuanbo GUO, Jun MA, Qi ZHANG, Chen FANG. Escape method of malicious traffic based on backdoor attack[J]. Journal on Communications, 2024, 45(4): 73-83.
1 | TING C, FIELD R, FISHER A, et al. Compression analytics for classification and anomaly detection within network communication[J]. IEEE Transactions on Information Forensics and Security, 2019, 14(5): 1366-1376. |
2 | SHAFAHI A, HUANG W R, NAJIBI M, et al. Poison frogs! targeted clean-label poisoning attacks on neural networks[C]//Proceedings of the 32nd International Conference on Neural Information Processing Systems. Piscataway: IEEE Press, 2018: 6106-6116. |
3 | SZEGEDY C, ZAREMBA W, SUTSKEVER I, et al. Intriguing properties of neural networks[J]. arXiv Preprint, arXiv: , 2013. |
4 | LI Y M, JIANG Y, LI Z F, et al. Backdoor learning: a survey[J]. IEEE Transactions on Neural Networks and Learning Systems, 2024, 35(1): 5-22. |
5 | WANG W, ZHU M, ZENG X W, et al. Malware traffic classification using convolutional neural network for representation learning[C]//Proceedings of the 2017 International Conference on Information Networking (ICOIN). Piscataway: IEEE Press, 2017: 712-717. |
6 | XIE G R, LI Q, JIANG Y. Self-attentive deep learning method for online traffic classification and its interpretability[J]. Computer Networks, 2021, 196: 108267. |
7 | 王一丰, 郭渊博, 陈庆礼, 等. 基于对比增量学习的细粒度恶意流量分类方法[J]. 通信学报, 2023, 44(3): 1-11. |
WANG Y F, GUO Y B, CHEN Q L, et al. Method based on contrastive incremental learning for fine-grained malicious traffic classification[J]. Journal on Communications, 2023, 44(3): 1-11. | |
8 | WANG S S, CHEN Z X, ZHANG L, et al. TrafficAV: an effective and explainable detection of mobile malware behavior using network traffic[C]//Proceedings of the 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS). Piscataway: IEEE Press, 2016: 1-6. |
9 | IMTIAZ S I, REHMAN S, JAVED A R, et al. DeepAMD: detection and identification of Android malware using high-efficient deep artificial neural network[J]. Future Generation Computer Systems, 2021, 115: 844-856. |
10 | 刘奇旭, 王君楠, 尹捷, 等. 对抗机器学习在网络入侵检测领域的应用[J]. 通信学报, 2021, 42(11): 1-12. |
LIU Q X, WANG J N, YIN J, et al. Application of adversarial machine learning in network intrusion detection[J]. Journal on Communications, 2021, 42(11): 1-12. | |
11 | 胡永进, 郭渊博, 马骏, 等. 基于对抗样本的网络欺骗流量生成方法[J]. 通信学报, 2020, 41(9): 59-70. |
HU Y J, GUO Y B, MA J, et al. Method to generate cyber deception traffic based on adversarial sample[J]. Journal on Communications, 2020, 41(9): 59-70. | |
12 | DING Y, ZHU G Q, CHEN D J, et al. Adversarial sample attack and defense method for encrypted traffic data[J]. IEEE Transactions on Intelligent Transportation Systems, 2022, 23(10): 18024-18039. |
13 | SHU D L, LESLIE N O, KAMHOUA C A, et al. Generative adversarial attacks against intrusion detection systems using active learning[C]//Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning. New York: ACM Press, 2020: 1-6. |
14 | 张思思, 左信, 刘建伟. 深度学习中的对抗样本问题[J]. 计算机学报, 2019, 42(8): 1886-1904. |
ZHANG S S, ZUO X, LIU J W. The problem of the adversarial examples in deep learning[J]. Chinese Journal of Computers, 2019, 42(8): 1886-1904. | |
15 | GU T Y, DOLAN-GAVITT B, GARG S. BadNets: identifying vulnerabilities in the machine learning model supply chain[J]. arXiv Preprint, arXiv: , 2017. |
16 | LIU Y Q, MA S Q, AAFER Y, et al. Trojaning attack on neural networks[C]//Proceedings of 2018 Network and Distributed System Security Symposium. Reston: Internet Society, 2018: 1-15. |
17 | CHEN X Y, LIU C, LI B, et al. Targeted backdoor attacks on deep learning systems using data poisoning[J]. arXiv Preprint, arXiv: , 2017. |
18 | BARNI M, KALLAS K, TONDI B. A new backdoor attack in CNNS by training set corruption without label poisoning[C]//Proceedings of the 2019 IEEE International Conference on Image Processing (ICIP). Piscataway: IEEE Press, 2019: 101-105. |
19 | LI S F, XUE M H, ZHAO B Z H, et al. Invisible backdoor attacks on deep neural networks via steganography and regularization[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(5): 2088-2105. |
20 | SAHA A, SUBRAMANYA A, PIRSIAVASH H. Hidden trigger backdoor attacks[J]. Proceedings of the AAAI Conference on Artificial Intelligence, 2020, 34(7): 11957-11965. |
21 | ZHAO S H, MA X J, ZHENG X, et al. Clean-label backdoor attacks on video recognition models[C]//Proceedings of the 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway: IEEE Press, 2020: 14431-14440. |
22 | RAKIN A S, HE Z Z, FAN D L. TBT: targeted neural network attack with bit Trojan[C]//Proceedings of the 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway: IEEE Press, 2020: 13195-13204. |
23 | CHEN H L, FU C, ZHAO J S, et al. ProFlip: targeted Trojan attack with progressive bit flips[C]//Proceedings of the 2021 IEEE/CVF International Conference on Computer Vision (ICCV). Piscataway: IEEE Press, 2021: 7698-7707. |
24 | TANG R X, DU M N, LIU N H, et al. An embarrassingly simple approach for Trojan attack in deep neural networks[C]//Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. New York: ACM Press, 2020: 218-228. |
25 | LI Y C, HUA J Y, WANG H Y, et al. DeepPayload: black-box backdoor attack on deep learning models through neural payload injection[C]//Proceedings of the 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE). Piscataway: IEEE Press, 2021: 263-274. |
26 | QI F C, YAO Y, XU S, et al. Turn the combination lock: learnable textual backdoor attacks via word substitution[J]. arXiv Preprint, arXiv: , 2021. |
27 | QI F C, LI M K, CHEN Y Y, et al. Hidden killer: invisible textual backdoor attacks with syntactic trigger[J]. arXiv Preprint, arXiv: , 2021. |
28 | ZHANG Z X, JIA J Y, WANG B H, et al. Backdoor attacks to graph neural networks[C]//Proceedings of the 26th ACM Symposium on Access Control Models and Technologies. New York: ACM Press, 2021: 15-26. |
29 | KIOURTI P, WARDEGA K, JHA S, et al. TrojDRL: evaluation of backdoor attacks on deep reinforcement learning[C]//Proceedings of the 2020 57th ACM/IEEE Design Automation Conference (DAC). Piscataway: IEEE Press, 2020: 1-6. |
30 | LIU X Y, LI H W, XU G W, et al. Privacy-enhanced federated learning against poisoning adversaries[J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 4574-4588. |
31 | COSTALES R, MAO C Z, NORWITZ R, et al. Live Trojan attacks on deep neural networks[C]//Proceedings of the 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW). Piscataway: IEEE Press, 2020: 3460-3469. |
32 | LI C R, CHEN X, WANG D R, et al. Backdoor attack on machine learning based android malware detectors[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(5): 3357-3370. |
33 | SEVERI G, MEYER J, COULL S, et al. Explanation-guided backdoor poisoning attacks against malware classifiers[J]. arXiv Preprint, arXiv: arXiv: , 2020. |
34 | YANG L M, CHEN Z, CORTELLAZZI J, et al. Jigsaw puzzle: selective backdoor attack to subvert malware classifiers[C]//Proceedings of the 2023 IEEE Symposium on Security and Privacy (SP). Piscataway: IEEE Press, 2023: 719-736. |
35 | NING R, XIN C S, WU H Y. TrojanFlow: a neural backdoor attack to deep learning-based network traffic classifiers[C]//Proceedings of the IEEE Conference on Computer Communications. Piscataway: IEEE Press, 2022: 1429-1438. |
36 | HOLODNAK J T, BROWN O, MATTERER J, et al. Backdoor poisoning of encrypted traffic classifiers[C]//Proceedings of the 2022 IEEE International Conference on Data Mining Workshops (ICDMW). Piscataway: IEEE Press, 2022: 577-585. |
37 | SEVERI G, BOBOILA S, OPREA A, et al. Poisoning network flow classifiers[J]. arXiv Preprint, arXiv: 2306.01655v1, 2023. |
38 | LASHKARI A H, KADIR A F A, TAHERI L, et al. Toward developing a systematic approach to generate benchmark Android malware datasets and classification[C]//Proceedings of the 2018 International Carnahan Conference on Security Technology (ICCST). Piscataway: IEEE Press, 2018: 1-7. |
39 | LECUN Y, BOTTOU L, BENGIO Y, et al. Gradient-based learning applied to document recognition[J]. Proceedings of the IEEE, 1998, 86(11): 2278-2324. |
40 | SIMONYAN K, ZISSERMAN A. Very deep convolutional networks for large-scale image recognition[J]. arXiv Preprint, arXiv:, 2014. |
41 | HE K M, ZHANG X Y, REN S Q, et al. Deep residual learning for image recognition[C]//Proceedings of the 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway: IEEE Press, 2016: 770-778. |
42 | HUANG G, LIU Z, LAURENS V D M, et al. Densely connected convolutional networks[C]//Proceedings of the 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway: IEEE Press, 2017: 2261-2269. |
[1] | 付钰, 王坤, 段雪源, 刘涛涛. 面向软件定义网络的异常流量检测研究综述[J]. 通信学报, 2024, 45(3): 208-226. |
[2] | 张佳乐, 朱诚诚, 成翔, 孙小兵, 陈兵. 基于对比训练的联邦学习后门防御方法[J]. 通信学报, 2024, 45(3): 182-196. |
[3] | 杨晓晗, 程国振, 刘文彦, 张帅, 郝兵. 基于深度学习的拟态裁决方法研究[J]. 通信学报, 2024, 45(2): 79-89. |
[4] | 王涛, 冯浩, 秘蓉新, 李林, 何振学, 傅奕茗, 吴姝. 基于改进YOLOv3-SPP算法的道路车辆检测[J]. 通信学报, 2024, 45(2): 68-78. |
[5] | 禹树文, 许威, 姚嘉铖. 面向智能无人通信系统的因果性对抗攻击生成算法[J]. 通信学报, 2024, 45(1): 54-62. |
[6] | 张学军, 张奉鹤, 盖继扬, 杜晓刚, 周文杰, 蔡特立, 赵博. mVulSniffer:一种多类型源代码漏洞检测方法[J]. 通信学报, 2023, 44(9): 149-160. |
[7] | 李勉, 李洋, 张纵辉, 史清江. Massive MIMO中通信高效的分布式预编码设计[J]. 通信学报, 2023, 44(8): 37-48. |
[8] | 王慧娇, 张鑫, 韦永壮, 李灵琛. 基于深度学习的SM4密码算法新型区分器[J]. 通信学报, 2023, 44(7): 171-184. |
[9] | 马帅, 裴科, 祁华艳, 李航, 曹雯, 王洪梅, 熊海良, 李世银. 基于生成模型的地磁室内高精度定位算法研究[J]. 通信学报, 2023, 44(6): 211-222. |
[10] | 李荣鹏, 汪丙炎, 张宏纲, 赵志峰. 知识增强的语义通信接收端设计[J]. 通信学报, 2023, 44(6): 70-76. |
[11] | 陈东昱, 陈华, 范丽敏, 付一方, 王舰. 基于深度学习的随机性检验策略研究[J]. 通信学报, 2023, 44(6): 23-33. |
[12] | 余晟兴, 陈泽凯, 陈钟, 刘西蒙. DAGUARD:联邦学习下的分布式后门攻击防御方案[J]. 通信学报, 2023, 44(5): 110-122. |
[13] | 陈晋音, 熊海洋, 马浩男, 郑雅羽. 基于对比学习的图神经网络后门攻击防御方法[J]. 通信学报, 2023, 44(4): 154-166. |
[14] | 王一丰, 郭渊博, 陈庆礼, 方晨, 林韧昊, 周永良, 马佳利. 基于对比增量学习的细粒度恶意流量分类方法[J]. 通信学报, 2023, 44(3): 1-11. |
[15] | 张昀, 周婧, 黄经纬, 于舒娟, 黄丽亚. 基于深度学习的正交频分复用系统信道估计[J]. 通信学报, 2023, 44(12): 124-133. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|