使用RAP生成可传输的对抗网络流量

Generate Transferable Adversarial Network Traffic Using Reversible Adversarial Padding

越来越多的深度学习方法被用于解决网络流量分类任务,但同时也带来了对抗网络流量(ANT)的威胁。对抗网络流量会使基于深度学习方法的网络流量分类器预测错误,进而导致安全防护系统做出错误的决策。视觉领域的对抗攻击算法虽然也可以运用于网络流量上产生对抗网络流量,但是这些算法产生的对抗扰乱会改变网络流量的头部信息,使得网络流量丢失了自己的特有属性和信息。文中分析了对抗样本在网络流量任务和视觉任务上的不同之处,提出了适用于对抗网络流量的攻击算法Reversible Adversarial Padding(RAP)。RAP利用网络流量Packet长度和网络流量分类器输入长度的不同,在尾部填充区域填充没有-ball限制的对抗扰乱。并且,为了解决无法比较不同长度的对抗扰乱会导致不同攻击效果的问题,文中提出了指标收益,其综合考虑了对抗扰乱长度和对抗攻击算法强度对分类器攻击效果的影响。结果表明,RAP不仅保留了网络流量可传递性的属性,而且获得了比传统对抗攻击算法更高的攻击收益。

More and more deep learning methods are used for network traffic classification,at the same time,it also brings the threat of adversarial network traffic(ANT).ANT will make network traffic classifier based on deep learning method predict incorrectly,and then cause the security protection system to make wrong decision.Although the adversarial algorithms in the vision field can be used to generate ANT,the perturbations generated by these algorithms will change the header information of the network traffic,causing the network traffic to lose its attributes and information.In this paper,the differences of adversarial examples between network traffic tasks and vision tasks are analyzed,and an attack algorithm suitable for generating ANT is proposed,i.e.,reversible adversarial padding(RAP).RAP uses the difference between the length of the network traffic packet and the input length of the network traffic classifier to fill the tail padding area with no-ball perturbations.Besides,to solve the pro-blem that it is difficult to compare the effects of different lengths perturbations,this paper proposes gain on evaluating metrics,which comprehensively considers the impact of the length of the perturbations and the strength of the adversarial attack algorithm.Experimental results show that RAP not only retains the property of network traffic transferability but also obtains a higher gain of attack than traditional algorithms.