2021-05-11

题目：Packet-Level Adversarial Network Traffic Crafting using Sequence Generative Adversarial Networks

题目：使用顺序的GAN制作数据包级对抗网络流量

左侧

右侧

概要

Abstract—The surge in the internet of things (IoT) devices seriously threatens the current IoT security landscape, which requires a robust network intrusion detection system (NIDS). Despite superior detection accuracy, existing machine learning or deep learning based NIDS are vulnerable to adversarial examples. Recently, generative adversarial networks (GANs) have become a prevailing method in adversarial examples crafting. However, the nature of discrete network traffic at the packet level makes it hard for GAN to craft adversarial traffic as GAN is efficient in generating continuous data like image synthesis. Unlike previous methods that convert discrete network traffic into a grayscale image, this paper gains inspiration from SeqGAN in sequence generation with policy gradient. Based on the structure of SeqGAN, we propose Attack-GAN to generate adversarial network traffic at packet level that complies with do- main constraints. Specifically, the adversarial packet generation is formulated into a sequential decision making process. In this case, each byte in a packet is regarded as a token in a sequence. The objective of the generator is to select a token to maximize its expected end reward. To bypass the detection of NIDS, the generated network traffic and benign traffic are classified by a black-box NIDS. The prediction results returned by the NIDS are fed into the discriminator to guide the update of the generator. We generate malicious adversarial traffic based on a real public available dataset with attack functionality unchanged. The experimental results validate that the generated adversarial samples are able to deceive many existing black-box NIDS. Index Terms—adversarial examples, sequence generative ad- versarial networks, policy gradient, intrusion detection

概要--IoT设备的大量出现严重威胁了当前的IoT安全格局，这就需要一个鲁棒的网络入侵检测系统（NIDS）。尽管其有优秀的检测准确率，现有的基于机器学习或深度学习的NIDS容易受到对抗样本的攻击。最近，生成对抗网络（GANs）已经成为一种流行的生成对抗样本的方法。然而，数据包级别的离散网络流量的性质使得GAN很难生成对抗流量。因为GAN可以高效生成连续数据，如图像合成。不同于以往将离散网络流量转化为灰度图。这篇论文从SeqGAN中获得了策略梯度序列生成的灵感。在SeqGAN的结构基础上，我们提出了Attack-GAN来生成数据包级的对抗网络流量，它遵从域约束。具体地，对抗数据包生成是一个顺序的决策过程。在这种情况下，数据包的每个字节被视为序列中的一个标记。生成器的目标是选择一个标记来最大化其期望的最终奖励。为了绕过NIDS的检测，通过一个黑盒NIDS分类生成的网络流量和良性的流量。NIDS预测的结果喂入判别器来引导生成器的更新。我们基于一个真实的公共可用数据集，在攻击功能不变的情况下，生成恶意对抗流量。实验结果表明，生成的对抗样本能够欺骗许多现有的黑盒NIDS。

介绍

With the surge in the internet of things (IoT) device deployment, network infrastructures have witnessed an unprecedented increase of threats ranging from ransomware to IoT botnets [1]. The current IoT Security landscape al- ways requires resilient and robust network intrusion detection systems (NIDS) to monitor possible anomalies. The recent advancements in machine learning and deep learning have shed light on NIDS and become a prevailing method in identifying network intrusions in the IoT field [2], [3]. Despite superior detection accuracy, NIDS based on ma- chine learning models and state-of-the-art deep neural net- works (DNN) lacks robustness against carefully crafted ad- versarial examples [4]–[6]. Adversarial examples, originally proposed by Szegedy et al. [7], try to mislead a trained model to generate inaccurate outputs by adding imperceptible perturbations to the raw input, which recently gains attention in the security domain. In most cases, an attacker is inclined to launch multiple attempts with minor perturbations of original malicious samples. NIDS responds to each attempt with a signal indicating whether the generated sample is benign or malicious. As a result, this signal guides the attacker to update its generative models. Iteratively, the attacker will generate adversarial samples to successfully deceive NIDS with attack functionality unchanged. In this way, adversarial crafting will trick the NIDS into generating incorrect outputs that the adversary desires. However, generating synthetic but plausible adversarial attack traffic inherits huge challenges and must comply with security domain constraints [8]. The domain constraints can be defined as follows. • The generated network traffic should meet the sanity checks of network data format. • Adversarial network traffic crafting is able to bypass the detection of NIDS while retaining attack functionality. For instance, the packet size of a generated TCP packet shouldn’t exceed the maximum value. The port number of a generated packet should be in the range of 0 to 65535. Unlike image synthesis, a minor change of original malicious traffic may disable the attack functionality [9]. Thus, functional features should remain unchanged, e.g., time-based features.

右侧