摘要
拒绝服务攻击是针对网络化控制系统最典型的攻击方式之一,一般通过产生大量额外流量阻塞网络通道来达到禁用控制操作的目的。现有拒绝服务攻击入侵检测技术通过有监督的学习大量攻击样本来提取敏感的网络流量特征用于检测,未考虑攻击者的智力因素:一旦用于鉴别攻击的流量特征被知悉,攻击者将调整攻击策略来规避检测。研究入侵检测技术的对抗式解决方案,在充分考虑攻击者躲避检测能力的基础上,通过建立斯塔克尔伯格的领导者(攻击方)-追随者(检测方)模型分析各类网络流量特征在攻防博弈中的成本与收益,并推导出理论上的检测均衡点。作为应用实例,对基于决策树集成的入侵检测方法进行对抗式改进,并在实际攻击数据集上验证其有效性。
Denial of service(Do S) attack is one of the most typical attack targeting network control systems(NCS). By initiating lots of additional network traffic,Do S can block the network channel to disable remote control operation. The existed Do S detection methods usually build a detection model on network traffic features. Then this model is utilized to detect new Do S. However,this approach does not consider the factor of the attacker intelligence. If the traffic features for identifying the attack are revealed,attackers are likely to avoid the detection by adjusting their attacking strategy. In this paper,one new type of Do S detection method using adversarial machine learning is proposed. Do S attackers' capacities to avoid detection are considered. Thereby,the Stackelberg leader(the attacker)-followers(the classifier) model to analysis the corresponding cost and benefit is formulated. Finally,the theoretical Stackelberg equilibrium is achieved. As a case study,a new adversarial bagging classifier based on traditional decision tree ensemble classifier is designed. The effectiveness of the proposed method using practical Do S attacking data set is verified.
作者
董彦伯
周鹏
李雪
彭晨
Dong Yanbo;Zhou Peng;Li Xue;Peng Chen(School of Mechatronic Engineering and Automation,Shanghai University,Shanghai 200072,Chin)
出处
《仪器仪表学报》
EI
CAS
CSCD
北大核心
2018年第5期205-213,共9页
Chinese Journal of Scientific Instrument
基金
国家自然科学基金(61502293,61775058,61633016,61773253,61673255)
上海市青年东方学者计划(QD2016030)
上海市科学技术委员会项目(15JC1401900,17511107002)
上海市电站自动化技术重点实验室项目资助
关键词
拒绝服务攻击
入侵检测
对抗式机器学习
斯塔克尔柏格模型
denial of service attack
intrusion detection
adversarial machine learning
Stackelberg game theory
