对抗机器学习在网络入侵检测领域的应用

刘奇旭; 王君楠; 尹捷; 陈艳辉; 刘嘉熹

doi:10.11959/j.issn.1000-436x.2021193

您当前的位置：

首页 >

文章列表页 >

对抗机器学习在网络入侵检测领域的应用

专题：计算机通信与网络系统安全技术 | 更新时间：2024-06-05

- 对抗机器学习在网络入侵检测领域的应用
- Application of adversarial machine learning in network intrusion detection
- 通信学报 2021年42卷第11期页码：1-12
- 作者机构：
  
  1. 中国科学院信息工程研究所，北京 100093
  2. 中国科学院大学网络空间安全学院，北京 100049
- 作者简介：
  
  [ "刘奇旭（1984− ），男，江苏徐州人，博士，中国科学院信息工程研究所研究员，中国科学院大学教授，主要研究方向为网络攻防技术、网络安全评测" ]
  [ "王君楠（1995− ），女，吉林省吉林市人，中国科学院大学博士生，主要研究方向为机器学习、机器学习安全和恶意流量检测" ]
  [ "尹捷（1991− ），女，重庆人，博士，中国科学院信息工程研究所工程师，主要研究方向为网络攻防技术、恶意代码分析" ]
  [ "陈艳辉（1996− ），男，山东潍坊人，中国科学院大学博士生，主要研究方向为网络攻防技术和恶意软件分析与检测" ]
  [ "刘嘉熹（1997− ），女，山东淄博人，中国科学院大学博士生，主要研究方向为恶意代码分析" ]
- 基金信息：
  
  中国科学院青年创新促进会基金资助项目(2019163);国家自然科学基金资助项目(61902396);中国科学院战略性先导科技专项基金资助项目(XDC02040100);中国科学院网络测评技术重点实验室和网络安全防护技术北京市重点实验室基金资助项目
- DOI：10.11959/j.issn.1000-436x.2021193
  中图分类号： TN92
- 网络出版日期：2021-11，
  
  纸质出版日期：2021-11-25
- 稿件说明：
移动端阅览
刘奇旭, 王君楠, 尹捷, 等. 对抗机器学习在网络入侵检测领域的应用[J]. 通信学报, 2021,42(11):1-12.

Qixu LIU, Junnan WANG, Jie YIN, et al. Application of adversarial machine learning in network intrusion detection[J]. Journal on communications, 2021, 42(11): 1-12.
刘奇旭, 王君楠, 尹捷, 等. 对抗机器学习在网络入侵检测领域的应用[J]. 通信学报, 2021,42(11):1-12. DOI： 10.11959/j.issn.1000-436x.2021193.

Qixu LIU, Junnan WANG, Jie YIN, et al. Application of adversarial machine learning in network intrusion detection[J]. Journal on communications, 2021, 42(11): 1-12. DOI： 10.11959/j.issn.1000-436x.2021193.

摘要

近年来，机器学习技术逐渐成为主流网络入侵检测方案。然而机器学习模型固有的安全脆弱性，使其难以抵抗对抗攻击，即通过在输入中施加细微扰动而使模型得出错误结果。对抗机器学习已经在图像识别领域进行了广泛的研究，在具有高对抗性的入侵检测领域中，对抗机器学习将使网络安全面临更严峻的安全威胁。为应对此类威胁，从攻击、防御2个角度，系统分析并整理了将对抗机器学习技术应用于入侵检测场景的最新工作成果。首先，揭示了在入侵检测领域应用对抗机器学习技术所具有的独特约束和挑战；其次，根据对抗攻击阶段提出了一个多维分类法，并以此为依据对比和整理了现有研究成果；最后，在总结应用现状的基础上，讨论未来的发展方向。

Abstract

In recent years

machine learning (ML) has become the mainstream network intrusion detection system(NIDS).However

the inherent vulnerabilities of machine learning make it difficult to resist adversarial attacks

which can mislead the models by adding subtle perturbations to the input sample.Adversarial machine learning (AML) has been extensively studied in image recognition.In the field of intrusion detection

which is inherently highly antagonistic

it may directly make ML-based detectors unavailable and cause significant property damage.To deal with such threats

the latest work of applying AML technology was systematically investigated in NIDS from two perspectives: attack and defense.First

the unique constraints and challenges were revealed when applying AML technology in the NIDS field; secondly

a multi-dimensional taxonomy was proposed according to the adversarial attack stage

and current work was compared and summarized on this basis; finally

the future research directions was discussed.

关键词

Keywords

references

ANDERSON J P . Computer security threat monitoring and surveillance [J ] . Technical Report James P Anderson Co Fort Washington Pa , 1980 :56.

SINCLAIR C , PIERCE L , MATZNER S . An application of machine learning to network intrusion detection [C ] // Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC’99) . Piscataway:IEEE Press , 1999 : 371 - 377 .

WU S X , BANZHAF W . The use of computational intelligence in intrusion detection systems:a review [J ] . Applied Soft Computing , 2010 , 10 ( 1 ): 1 - 35 .

SZEGEDY C , ZAREMBA W , SUTSKEVER I , et al . Intriguing properties of neural networks [C ] // International Conference on Learning Representations .[S.l.:s.n. ] , 2014 .

PAPERNOT N , MCDANIEL P , GOODFELLOW I . Transferability in machine learning:from phenomena to black-box attacks using adversarial samples [J ] . arXiv Preprint,arXiv:1605.07277 , 2016 .

KURAKIN A , GOODFELLOW I J , BENGIO S . Adversarial examples in the physical world [C ] // International Conference on Learning Representations .[S.l.:s.n. ] , 2017 .

ALZANTOT M , SHARMA Y , ELGOHARY A , et al . Generating natural language adversarial examples [C ] // Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing . Brussels:Association for Computational Linguistics , 2018 : 2890 - 2896 .

QIN Y , CARLINI N , GOODFELLOWI , et al . Imperceptible,robust,and targeted adversarial examples for automatic speech recognition [C ] // Proceedings of the 36th International Conference on Machine Learning . Australia:PMLR , 2019 : 5231 - 5240 .

FREDRIKSON M , LANTZ E , JHA S , et al . Privacy in pharmacogenetics:an end-to-end case study of personalized warfarin dosing [C ] // Proceedings of the USENIX Security Symposium . Berkeley:USENIX Association , 2014 : 17 - 32 .

PAPERNOT N , MCDANIEL P , GOODFELLOW I , et al . Practical black-box attacks against machine learning [J ] . arXiv Preprint,arXiv:1602.02697 , 2016 .

SHARIF M , BHAGAVATULA S , BAUER L , et al . Accessorize to a crime:real and stealthy attacks on state-of-the-art face recognition [C ] // Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2016 : 1528 - 1540 .

张玉清 , 董颖 , 柳彩云 , 等 . 深度学习应用于网络空间安全的现状、趋势与展望 [J ] . 计算机研究与发展 , 2018 , 55 ( 6 ): 1117 - 1142 .

ZHANG Y Q , DONG Y , LIU C Y , et al . Situation,trends and prospects of deep learning applied to cyberspace security [J ] . Journal of Computer Research and Development , 2018 , 55 ( 6 ): 1117 - 1142 .

AKHTAR N , MIAN A . Threat of adversarial attacks on deep learning in computer vision:a survey [J ] . IEEE Access , 2018 , 6 : 14410 - 14430 .

MARTINS N , CRUZ J M , CRUZ T , et al . Adversarial machine learning applied to intrusion and malware scenarios:a systematic review [J ] . IEEE Access , 2020 , 8 : 35403 - 35419 .

ROSENBERG I , SHABTAI A , ELOVICI Y , et al . Adversarial learning in the cyber security domain [J ] . arXiv Preprint,arXiv:2007.02407 , 2020 .

段广晗 , 马春光 , 宋蕾 , 等 . 深度学习中对抗样本的构造及防御研究 [J ] . 网络与信息安全学报 , 2020 , 6 ( 2 ): 1 - 11 .

DUAN G H , MA C G , SONG L , et al . Research on structure and defense of adversarial example in deep learning [J ] . Chinese Journal of Network and Information Security , 2020 , 6 ( 2 ): 1 - 11 .

YUAN X Y , HE P , ZHU Q L , et al . Adversarial examples:attacks and defenses for deep learning [J ] . IEEE Transactions on Neural Networks and Learning Systems , 2019 , 30 ( 9 ): 2805 - 2824 .

GOODFELLOW I J , SHLENS J , SZEGEDY C . Explaining and harnessing adversarial examples [C ] // International Conference on Learning Representations .[S.l.:s.n. ] , 2015 .

PAPERNOT N , MCDANIEL P , JHA S , et al . The limitations of deep learning in adversarial settings [C ] // Proceedings of 2016 IEEE European Symposium on Security and Privacy (EuroS＆P) . Piscataway:IEEE Press , 2016 : 372 - 387 .

MOOSAVI-DEZFOOLI S M , FAWZI A , FROSSARD P . DeepFool:a simple and accurate method to fool deep neural networks [C ] // Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition(CVPR) . Piscataway:IEEE Press , 2016 : 2574 - 2582 .

CARLINI N , WAGNER D . Towards evaluating the robustness of neural networks [C ] // Proceedings of 2017 IEEE Symposium on Security and Privacy (SP) . Piscataway:IEEE Press , 2017 : 39 - 57 .

MOOSAVI-DEZFOOLI S M , FAWZI A , FAWZI O , et al . Universal adversarial perturbations [C ] // Proceedings of 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway:IEEE Press , 2017 : 86 - 94 .

KURAKIN A , GOODFELLOW I J , BENGIO S . Adversarial machine learning at scale [C ] // International Conference on Learning Representation .[S.l.:s.n. ] , 2017 .

PIERAZZI F , PENDLEBURY F , CORTELLAZZI J , et al . Intriguing properties of adversarial ML attacks in the problem space [C ] // Proceedings of 2020 IEEE Symposium on Security and Privacy (SP) . Piscataway:IEEE Press , 2020 : 1332 - 1349 .

SCHOLKOPF B , MIKA S , BURGES C J C , et al . Input space versus feature space in kernel-based methods [J ] . IEEE Transactions on Neural Networks , 1999 , 10 ( 5 ): 1000 - 1017 .

RIGAKI M . Adversarial deep learning against intrusion detection classifiers [EB ] . 2017 .

WANG Z . Deep learning-based intrusion detection with adversaries [J ] . IEEE Access , 2018 , 6 : 38367 - 38384 .

IBITOYE O , SHAFIQ O , MATRAWY A . Analyzing adversarial attacks against deep learning for intrusion detection in IoT networks [C ] // Proceedings of 2019 IEEE Global Communications Conference (GLOBECOM) . Piscataway:IEEE Press , 2019 : 1 - 6 .

KLAMBAUER G , UNTERTHINER T , MAYR A , et al . Self-normalizing neural networks [C ] // Proceedings of the 31st Conference on Neural Information Processing Systems (NIPS 2017) . New York:Curran Associates Inc , 2017 : 1 - 8 .

NOVO C , MORLA R . Flow-based detection and proxy-based evasion of encrypted malware c2 traffic [C ] // Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security . New York:ACM Press , 2020 :83.

CHERNIKOVA A , OPREA A . Fence:feasible evasion attacks on neural networks in constrained environments [J ] . arXiv Preprint,arXiv:1909.10480 , 2019 .

SADEGHZADEH A M , SHIRAVI S , JALILI R . Adversarial network traffic:towards evaluating the robustness of deep-learning-based network traffic classification [J ] . IEEE Transactions on Network and Service Management , 2021 , 18 ( 2 ): 1962 - 1976 .

YANG K C , LIU J Q , ZHANG C , et al . Adversarial examples against the deep learning based network intrusion detection systems [C ] // Proceedings of MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM) . Piscataway:IEEE Press , 2018 : 559 - 564 .

LIN Z , SHI Y , XUE Z . IDSGAN:Generative adversarial networks for attack generation against intrusion detection [J ] . arXiv Preprint,arXiv:1809.02077 , 2018 .

SHU D L , LESLIE N O , KAMHOUA C A , et al . Generative adversarial attacks against intrusion detection systems using active learning [C ] // Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning . New York:ACM Press , 2020 : 1 - 6 .

AIKEN J , SCOTT-HAYWARD S , . Investigating adversarial attacks against network intrusion detection systems in SDNs [C ] // Proceedings of 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks(NFV-SDN) . Piscataway:IEEE Press , 2019 : 1 - 7 .

SHEFFEY S , ADERHOLDT F . Improving meek with adversarial techniques [C ] // Proceedings of the 9th USENIX Workshop on Free and Open Communications on the Internet . Santa Clara:USENIX Association , 2019 : 1 - 10 .

ALHAJJAR E , MAXWELL P ， BASTIANN . Adversarial machine learning in network intrusion detection systems [J ] . Expert Systems With Applications , 2021 , 186 : 115782 .

KUPPA A , GRZONKOWSKI S , ASGHAR M R , et al . Black box attacks on deep anomaly detectors [C ] // Proceedings of the 14th International Conference on Availability,Reliability and Security . New York:ACM Press , 2019 : 1 - 10 .

RIGAKI M , GARCIA S . Bringing a GAN to a knife-fight:adapting malware communication to avoid detection [C ] // Proceedings of 2018 IEEE Security and Privacy Workshops (SPW) . Piscataway:IEEE Press , 2018 : 70 - 75 .

HASHEMI M J , CUSACK G , KELLER E . Towards evaluation of NIDSs in adversarial setting [C ] // Proceedings of the 3rd ACM CoNEXT Workshop on BigDAta,Machine Learning and Artificial Intelligence for Data Communication Networks . New York:ACM Press , 2019 : 14 - 21 .

WU D , FANG B X , WANG J N , et al . Evading machine learning botnet detection models via deep reinforcement learning [C ] // Proceedings of ICC 2019 - 2019 IEEE International Conference on Communications(ICC) . Piscataway:IEEE Press , 2019 : 1 - 6 .

CHENG Q , ZHOU S , SHEN Y , et al . Packet-level adversarial network traffic crafting using sequence generative adversarial networks [J ] . arXiv Preprint,arXiv:2103.04794 , 2021 .

SHARON Y , BEREND D , LIU Y , et al . Tantra:timing-based adversarial network traffic reshaping attack [J ] . arXiv Preprint,arXiv:2103.06297 , 2021 .

KORONIOTIS N , MOUSTAFA N , SITNIKOVA E , et al . Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics:Bot-IoT dataset [J ] . Future Generation Computer Systems , 2019 , 100 : 779 - 796 .

CLEMENTS J , YANG Y , SHARMA A , et al . Rallying adversarial techniques against deep learning for network security [J ] . arXiv Preprint,arXiv:1903.11688 , 2019 .

MIRSKY Y , DOITSHMAN T , ELOVICI Y , et al . Kitsune:an ensemble of Autoencoders for online network intrusion detection [C ] // Proceedings of 2018 Network and Distributed System Security Symposium . Reston:Internet Society , 2018 : 18 - 21 .

GARCÍA S , GRILL M , STIBOREK J , et al . An empirical comparison of botnet detection methods [J ] . Computers ＆ Security , 2014 , 45 : 100 - 123 .

CHEN P Y , ZHANG H , SHARMA Y , et al . ZOO:zeroth order optimization based black-box attacks to deep neural networks without training substitute models [C ] // Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security . New York：ACM Press , 2017 : 15 - 26 .

ARJOVSKY M , CHINTALA S , BOTTOU L . Wasserstein generative adversarial networks [C ] // Proceedings of the 34th International Conference on Machine Learning . Australia:PMLR , 2017 ,( 70 ): 214 - 223 .

CHOI Y , CHOI M , KIM M , et al . StarGAN:unified generative adversarial networks for multi-domain image-to-image translation [C ] // Proceedings of 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition . Piscataway:IEEE Press , 2018 : 8789 - 8797 .

MOUSTAFA N , SLAY J . UNSW-NB15:a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) [C ] // Proceedings of 2015 Military Communications and Information Systems Conference(MilCIS) . Piscataway:IEEE Press , 2015 : 1 - 6 .

LI D , MUKHOPADHYAY M , DUNSON D B . Efficient manifold and sub-space approximations with spherelets [J ] . arXiv Preprint,arXiv:1706.08263 , 2017 .

LI J , ZHOU L , LI H X , et al . Dynamic traffic feature camouflaging via generative adversarial networks [C ] // Proceedings of 2019 IEEE Conference on Communications and Network Security(CNS) . Piscataway:IEEE Press , 2019 : 268 - 276 .

YU L , ZHANG W , WANG J , et al . SeqGAN:sequence generative adversarial nets with policy gradient [C ] // Proceedings of the AAAI Conference on Artificial Intelligence . Palo Alto:AAAI Press , 2017 : 2852 - 2858 .

SHARAFALDIN I , HABIBI L A , GHORBANI A A . Toward generating a new intrusion detection dataset and intrusion traffic characterization [C ] // Proceedings of the 4th International Conference on Information Systems Security and Privacy .[S.l. ] : SciTeOress , 2018 : 108 - 116 .

PAPERNOT N , MCDANIEL P , WU X , et al . Distillation as a defense to adversarial perturbations against deep neural networks [C ] // Proceedings of 2016 IEEE Symposium on Security and Privacy (SP) . Piscataway:IEEE Press , 2016 : 582 - 597 .

GU S , RIGAZIO L . Towards deep neural network architectures robust to adversarial examples [C ] // International Conference on Learning Representations .[S.l.:s.n. ] , 2015 .

HASHEMI M J , KELLER E . Enhancing robustness against adversarial examples in network intrusion detection systems [C ] // Proceedings of 2020 IEEE Conference on Network Function Virtualization and Software Defined Networks(NFV-SDN) . Piscataway:IEEE Press , 2020 : 37 - 43 .

DE L M J , COTTON C . A network security classifier defense:against adversarial machine learning attacks [C ] // Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning . New York:ACM Press , 2020 : 67 - 73 .

VENKATESAN S , SUGRIM S , IZMAILOV R , et al . On detecting manifestation of adversary characteristics [C ] // Proceedings of MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM) . Piscataway:IEEE Press , 2018 : 431 - 437 .

DE L M J , COTTON C . Adversarial machine learning for cybersecurity [J ] . JISAR , 2019 , 12 ( 1 ): 26 .

CAO X Y , GONG N Z . Mitigating evasion attacks to deep neural networks via region-based classification [C ] // Proceedings of the 33rd Annual Computer Security Applications Conference . New York:ACM Press , 2017 : 278 - 287 .

KHAMIS R A , SHAFIQ M O , MATRAWY A . Investigating resistance of deep Learning-based ids against adversaries using Min-max optimization [C ] // Proceedings of ICC 2020 - 2020 IEEE International Conference on Communications (ICC) . Piscataway:IEEE Press , 2020 : 1 - 7 .

KHAMIS R A , MATRAWY A . Evaluation of adversarial training on different types of neural networks in deep learning-based IDSs [C ] // Proceedings of 2020 International Symposium on Networks,Computers and Communications (ISNCC) . Piscataway:IEEE Press , 2020 : 1 - 6 .

ANTHI E , WILLIAMS L , RHODE M , et al . Adversarial attacks on machine learning cybersecurity defences in Industrial Control Systems [J ] . Journal of Information Security and Applications , 2021 , 58 : 102717 .

PAN S Y , MORRIS T , ADHIKARI U . Classification of disturbances and cyber-attacks in power systems using heterogeneous time-synchronized data [J ] . IEEE Transactions on Industrial Informatics , 2015 , 11 ( 3 ): 650 - 662 .

HAN D , WANG Z , ZHONG Y , et al . Practical traffic-space adversarial attacks on learning-based NIDSs [J ] . arXiv Preprint,arXiv:2005.07519 , 2020 .

SAMANGOUEI P , KABKAB M , CHELLAPPA R . Defense-gan:protecting classifiers against adversarial attacks using generative models [C ] // International Conference on Learning Representations .[S.l.:s.n. ] , 2018 .

JIN G Q , SHEN S W , ZHANG D M , et al . APE-GAN:adversarial perturbation elimination with GAN [C ] // Proceedings of ICASSP 2019 2019 IEEE International Conference on Acoustics,Speech and Signal Processing (ICASSP) . Piscataway:IEEE Press , 2019 : 3842 - 3846 .

MENG D Y , CHEN H . MagNet:a two-pronged defense against adversarial examples [C ] // Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2017 : 135 - 147 .

METZEN J H , GENEWEIN T , FISCHER V , et al . On detecting adversarial perturbations [C ] // Proceedings of Internet Conference on Learning Representations .[S.l.:s.n. ] , 2017 .

PAWLICKI M , CHORAŚ M , KOZIK R . Defending network intrusion detection systems against adversarial evasion attacks [J ] . Future Generation Computer Systems , 2020 , 110 : 148 - 154 .

MADRY A , MAKELOV A , SCHMIDT L , et al . Towards deep learning models resistant to adversarial attacks [J ] . arXiv Preprint,arXiv:1706.06083 , 2017 .

TRAM`ER F , KURAKIN A , PAPERNOT N , et al . Ensemble adversarial training:attacks and defenses [J ] . arXiv Preprint,arXiv:1705.07204 , 2017 .

XU W L , EVANS D , QI Y J . Feature squeezing:detecting adversarial examples in deep neural networks [C ] // Proceedings of 2018 Network and Distributed System Security Symposium . Reston:Internet Society , 2018 : 18 - 21 .

VENTURI A , APRUZZESE G , ANDREOLINI M , et al . DReLAB Deep reinforcement learning adversarial botnet:a benchmark dataset for adversarial attacks against botnet Intrusion Detection Systems [J ] . Data in Brief , 2021 , 34 : 106631 .

HOMOLIAK I , MALINKA K , HANACEK P . ASNM datasets:a collection of network attacks for testing of adversarial classifiers and intrusion detectors [J ] . IEEE Access , 2020 , 8 : 112427 - 112453 .

浏览量

1454

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向异构环境的物联网入侵检测方法

基于VAE-CWGAN和特征统计重要性融合的网络入侵检测方法

面向智能无人通信系统的因果性对抗攻击生成算法

面向纵向联邦学习的对抗样本生成算法

基于平衡生成对抗网络的海洋气象传感网入侵检测研究