基于生成对抗网络的恶意网络流生成及验证
|
摘要
针对基于深度学习的分类器面对对抗样本时缺乏稳定性的问题,基于生成对抗网络(GAN)提出了一种新的模型,用于生成对抗样本。该模型首次实现了直接以恶意网络流为原始样本的对抗样本生成,并首次提出了弱相关位的概念,用于保证恶意网络流对抗样本的可执行性和攻击性。利用该模型生成的对抗样本能够有效地欺骗基于深度学习的网络安全检测器,且通过实验验证了该对抗样本具有实际攻击效果。
As deep learning shows great performance for large samples, more and more network security products use deep learning based algorithms to improve the detection performance. However, recent studies have found that deep learning based classifier may have poor stability when confronting adversarial samples. This problem has attracted many attentions and some related research results have been reported. In this paper, a new model based on generative adversarial nets(GAN) is proposed to generate adversarial samples. The proposed model is composed of three modules:generative module, discriminative module, and authentication module. The generative module is responsible for generating new malicious network flow adversarial samples. These adversarial examples are constrained by weakly related bits to guarantee the executability and offensiveness. The discriminative module detects the target via a large number of samples, by which a high-dimensional neural network is constructed to fit the target detector. Its aims is to implement the deception of the black box target detector using adversarial samples. The authentication module includes Snort and target detector, which may be utilized to verify the validity of the adversarial samples by comparing the detection results. The three modules will cooperate with each other to implement the executability and offensiveness protection on malicious network flow samples, and achieve the entire process of generating adversarial samples for deceiving target detector. The main contribution of this work includes: the proposed model can generates adversarial samples via malicious network flow; the weakly related bits are proposed to ensure the executability and offensiveness of malicious network flows adversarial samples; the adversarial samples generated by this model can effectively deceive the deep learning based network security detector. Finally, experiment results show that the adversarial samples can attain actual attack effect.
As deep learning shows great performance for large samples, more and more network security products use deep learning based algorithms to improve the detection performance. However, recent studies have found that deep learning based classifier may have poor stability when confronting adversarial samples. This problem has attracted many attentions and some related research results have been reported. In this paper, a new model based on generative adversarial nets(GAN) is proposed to generate adversarial samples. The proposed model is composed of three modules:generative module, discriminative module, and authentication module. The generative module is responsible for generating new malicious network flow adversarial samples. These adversarial examples are constrained by weakly related bits to guarantee the executability and offensiveness. The discriminative module detects the target via a large number of samples, by which a high-dimensional neural network is constructed to fit the target detector. Its aims is to implement the deception of the black box target detector using adversarial samples. The authentication module includes Snort and target detector, which may be utilized to verify the validity of the adversarial samples by comparing the detection results. The three modules will cooperate with each other to implement the executability and offensiveness protection on malicious network flow samples, and achieve the entire process of generating adversarial samples for deceiving target detector. The main contribution of this work includes: the proposed model can generates adversarial samples via malicious network flow; the weakly related bits are proposed to ensure the executability and offensiveness of malicious network flows adversarial samples; the adversarial samples generated by this model can effectively deceive the deep learning based network security detector. Finally, experiment results show that the adversarial samples can attain actual attack effect.
引文
[1]GROSSE K,PAPERNOT N,MANOHARAN P,et al.Adversarial perturbations against deep neural networks for malware classification[EB/OL].arXiv,2016-6-16[2018-2-10].https://arxiv.org/abs/1606.04435.
[2]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[EB/OL].arXiv,2014-2 -19[2018-2-10].https://arxiv.org/abs/1312.6199.
[3]HU W,TAN Y.Generating adversarial malware examples for black-box attacks based on GAN[EB/OL].arXiv,2017-2-20[2018-1-12].https://arxiv.org/abs/1702.05983.
[4]GOODFELLOW I J,POUGET-ABADIE J,MIRZA M,et al.Generative adversarial nets[C]//International Conference on Neural Information Processing Systems.USA:MITPress,2014:2672-2680.
[5]BARRENO M,NELSON B,JOSEPH A D,et al.The security of machine learning[J].Machine Learning,2010,81(2):121-148.
[6]HU W,TAN Y.Black-box attacks against RNN based malware detection algorithms[EB/OL].arXiv,2017-5-23[2018-1-10].https://arxiv.org/abs/1705.08131.
[7]HU W,TAN Y.On the robustness of machine learning based malware detection algorithms[C]//International Joint Conference on Neural Networks.USA:IEEE,2017:1435-1441.
[8]SHAHAM U,YAMADA Y,NEGAHBAN S.Understanding adversarial training:Increasing local stability of neural nets through robust optimization[EB/OL].arXiv,2016-1-16[2018-2-20].https://arxiv.org/abs/1511.05432.
[9]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[EB/OL].arXiv,2015-3-20[2018-1-23].https://arxiv.org/abs/1412.6572.
[10]MOUSTAFA N,SLAY J.UNSW-NB15:A comprehensive data set for network intrusion detection systems(UNSW-NB15 network data set)[C]//Military Communications and Information Systems Conference.USA:IEEE,2015:1-6.
[11]MOUSTAFA N,SLAY J.The evaluation of network anomaly detection systems:Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set[J].Information Systems Security,2016,25(1/3):18-31.
[2]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[EB/OL].arXiv,2014-2 -19[2018-2-10].https://arxiv.org/abs/1312.6199.
[3]HU W,TAN Y.Generating adversarial malware examples for black-box attacks based on GAN[EB/OL].arXiv,2017-2-20[2018-1-12].https://arxiv.org/abs/1702.05983.
[4]GOODFELLOW I J,POUGET-ABADIE J,MIRZA M,et al.Generative adversarial nets[C]//International Conference on Neural Information Processing Systems.USA:MITPress,2014:2672-2680.
[5]BARRENO M,NELSON B,JOSEPH A D,et al.The security of machine learning[J].Machine Learning,2010,81(2):121-148.
[6]HU W,TAN Y.Black-box attacks against RNN based malware detection algorithms[EB/OL].arXiv,2017-5-23[2018-1-10].https://arxiv.org/abs/1705.08131.
[7]HU W,TAN Y.On the robustness of machine learning based malware detection algorithms[C]//International Joint Conference on Neural Networks.USA:IEEE,2017:1435-1441.
[8]SHAHAM U,YAMADA Y,NEGAHBAN S.Understanding adversarial training:Increasing local stability of neural nets through robust optimization[EB/OL].arXiv,2016-1-16[2018-2-20].https://arxiv.org/abs/1511.05432.
[9]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[EB/OL].arXiv,2015-3-20[2018-1-23].https://arxiv.org/abs/1412.6572.
[10]MOUSTAFA N,SLAY J.UNSW-NB15:A comprehensive data set for network intrusion detection systems(UNSW-NB15 network data set)[C]//Military Communications and Information Systems Conference.USA:IEEE,2015:1-6.
[11]MOUSTAFA N,SLAY J.The evaluation of network anomaly detection systems:Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set[J].Information Systems Security,2016,25(1/3):18-31.