| 引用本文: |
-
樊祖薇,张顺亮,刘银龙.对抗环境下基于主动防御的鲁棒加密恶意流量识别[J].信息安全学报,已采用 [点击复制]
- Fan Zuwei,Zhang Shunliang,Liu Yinlong.Robust Encrypted Malicious Traffic Identification based on Proactive Defense in Adversarial Environment[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 随着网络加密技术的不断发展,通过加密流量隐蔽的恶意攻击行为给网络安全带来严峻的挑战。为此,深度学习方法逐渐被用于对加密恶意流量进行准确识别,有助于网络安全防御者及时发现和阻止攻击者的恶意行为。然而,深度学习模式自身存在的一些安全缺陷又导致了新的安全风险。利用对抗学习方法,攻击者通过对抗样本误导基于深度学习的加密恶意流量识别模型做出错误决策,因此迫切需要研究基于深度学习的流量识别方法的脆弱性并进行增强。本文提出结合对抗扰动消除与对抗训练的主动防御方法以提升基于深度学习的识别模型的鲁棒性、实现对抗环境下对加密恶意流量的准确识别。一方面,通过AdvGAN针对目标模型生成对抗样本,构建混合训练数据集。另一方面,通过在干净样本上添加噪声的方法训练降噪自编码器,实现将对抗样本重构成干净样本的功能。在此基础之上,对由降噪自编码器与原模型串联构建的新模型进行对抗训练。大量实验结果表明,在对抗环境下,所提的主动防御方法比其他单一防御机制能够更有效地提高深度学习模型对加密恶意流量的识别准确率,最高能达到99.1%,提升了98.2%。此外,在非对抗环境下,与现有一些经典鲁棒性提升方法相比,本文所提的主动防御方法不仅不会降低甚至还能够提高深度学习模型对加密恶意流量的识别准确率。具体而言,使用本文方法优化后的LSTM相较于原LSTM,对加密恶意流量的识别准确率提高了3.78%。 |
| 关键词: 深度学习 加密恶意流量识别 主动防御 对抗学习 对抗训练 |
| DOI: |
| 投稿时间:2024-04-15修订日期:2024-06-03 |
| 基金项目: |
|
| Robust Encrypted Malicious Traffic Identification based on Proactive Defense in Adversarial Environment |
|
Fan Zuwei, Zhang Shunliang, Liu Yinlong
|
| (Institute of Information Engineering,Chinese Academy of Sciences) |
| Abstract: |
| With the continuous development of network encryption technology, malicious attacks concealed within encrypted traffic pose serious challenges to network security. Consequently, deep learning methods have gradually been used to accurately identify encrypted malicious traffic, which helps cybersecurity defenders promptly detect and prevent malicious behaviors of attackers. However, inherent security flaws within the deep learning models have led to new security risks. By using adversarial learning techniques, attackers could mislead deep learning-based encrypted malicious traffic identification models to make wrong decisions by adversarial samples. Therefore, it is urgent to study the vulnerability of deep learning-based traffic identification methods and reinforce them. This paper proposes a proactive defense method combining adversarial perturbation removal and adversarial training to enhance the robustness of deep learning-based identification models and achieve accurate identification of encrypted malicious traffic in adversarial environments. On the one hand, AdvGAN is employed to generate adversarial samples targeting the objective models for constructing a mixed training data set. On the other hand, a denoising autoencoder is trained with noise-added samples to realize the function of reconstructing adversarial samples into clean ones. On this basis, adversarial training is conducted on the new models constructed by the denoising autoencoder in series with the original models. Extensive experimental results demonstrate that, in the adversarial environment, the proposed proactive defense method is more effective in improving the identification accuracy of deep learning models for encrypted malicious traffic compared to other singular defense methods, achieving the highest accuracy of 99.1%, with an improvement of 98.2%. Furthermore, in the non-adversarial environment, compared with some existing classical robustness enhancement methods, the proposed proactive defense method not only does not reduce but can even improve the identification accuracy of deep learning models for encrypted malicious traffic. Specifically, the LSTM optimized by the proposed method is 3.78% more accurate in identifying encrypted malicious traffic than the original LSTM. |
| Key words: deep learning encrypted malicious traffic identification proactive defense adversarial learning adversarial training |
