| 引用本文: |
-
奚宗棠,邢长友,张国敏,丁科.FlowPatch:一种基于对抗补丁的网络流量混淆机制[J].信息安全学报,已采用 [点击复制]
- xizongtang,xingchangyou,zhangguomin,dingke.FlowPatch: A Network Traffic Obfuscation Mechanism Based on Adversarial Patches[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 利用基于深度学习的流量识别技术,攻击者能够推断出用户的加密网络访问行为,达到窃取用户隐私等目的,但现有防御方法存在资源开销高、难以适应黑盒场景、以及定向扰动能力不足等问题。为此,提出并实现了一种基于对抗补丁的网络流量混淆机制FlowPatch。FlowPatch设计了网络流量图像表征方法来抽象化描述网络流量,并构建了兼顾混淆性能和生成效率的两阶段补丁生成机制,支持根据流量混淆目标策略化生成对抗补丁并注入到网络流量中,实现黑盒条件下的网络流量特征定向混淆。基于真实网络流量数据的测试结果表明,FlowPatch在不同流量业务下,能够实现50%~96%的定向混淆成功率和87%以上的识别规避率,同时带宽开销小于15%。并且,对抗补丁具有良好的迁移性,迁移到其他基于时序特征的深度学习模型时,定向混淆约73%,识别规避率约97%。 |
| 关键词: 流量识别 对抗补丁 流量混淆 |
| DOI: |
| 投稿时间:2024-12-11修订日期:2025-03-17 |
| 基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目),江苏省自然科学基金面上项目 |
|
| FlowPatch: A Network Traffic Obfuscation Mechanism Based on Adversarial Patches |
|
xizongtang, xingchangyou, zhangguomin, dingke
|
| (Army Engineering University of PLA) |
| Abstract: |
| By leveraging deep learning–based traffic identification techniques, attackers can infer users’ encrypted network access behaviors, thereby compromising user privacy. However, existing defense methods suffer from high bandwidth overhead, difficulty adapting to black-box scenarios, and insufficient targeted perturbation capabilities. To address these challenges, we propose and implement FlowPatch, a network traffic obfuscation mechanism based on adversarial patches. FlowPatch introduces a network traffic image representation method to abstract network flows and designs a two-stage patch generation mechanism that balances obfuscation effectiveness and generation efficiency. This approach supports the strategy-based generation and injection of adversarial patches into network traffic, achieving targeted obfuscation of traffic features under black-box conditions. Evaluation on real network traffic data demonstrates that FlowPatch can achieve a targeted obfuscation success rate of 50%–96% and a identification evasion rate of over 87% across various network services, while keeping bandwidth overhead below 15%. Moreover, the adversarial patches exhibit strong transferability: when migrated to other deep learning models based on temporal features, targeted obfuscation is approximately 73%, with a identification evasion rate of about 97%. |
| Key words: traffic identification adversarial patch traffic obfuscation |
