题目:Packet-Level Adversarial Network Traffic Crafting using Sequence Generative Adversarial Networks
题目:使用顺序的GAN制作数据包级对抗网络流量
左侧
右侧
概要
Abstract—The surge in the internet of things (IoT) devices seriously threatens the current IoT security landscape, which requires a robust network intrusion detection system (NIDS). Despite superior detection accuracy, existing machine learning or deep learning based NIDS are vulnerable to adversarial examples. Recently, generative adversarial networks (GANs) have become a prevailing method in adversarial examples crafting. However, the nature of discrete network traffic at the packet level makes it hard for GAN to craft adversarial traffic as GAN is efficient in generating continuous data like image synthesis. Unlike previous methods that convert discrete network traffic into a grayscale image, this paper gains inspiration from SeqGAN in sequence generation with policy gradient. Based on the structure of SeqGAN, we propose Attack-GAN to generate adversarial network traffic at packet level that complies with do- main constraints. Specifically, the adversarial packet generation is formulated into a sequential decision making process. In this case, each byte in a packet is regarded as a token in a sequence. The objective of the generator is to select a token to maximize its expected end reward. To bypass the detection of NIDS, the generated network traffic and benign traffic are classified by a black-box NIDS. The prediction results returned by the NIDS are fed into the discriminator to guide the update of the generator. We generate malicious adversarial traffic based on a real public available dataset with attack functionality unchanged. The experimental results validate that the generated adversarial samples are able to deceive many existing black-box NIDS. Index Terms—adversarial examples, sequence generative ad- versarial networks, policy gradient, intrusion detection
With the surge in the internet of things (IoT) device deployment, network infrastructures have witnessed an unprecedented increase of threats ranging from ransomware to IoT botnets [1]. The current IoT Security landscape al- ways requires resilient and robust network intrusion detection systems (NIDS) to monitor possible anomalies. The recent advancements in machine learning and deep learning have shed light on NIDS and become a prevailing method in identifying network intrusions in the IoT field [2], [3]. Despite superior detection accuracy, NIDS based on ma- chine learning models and state-of-the-art deep neural net- works (DNN) lacks robustness against carefully crafted ad- versarial examples [4]–[6]. Adversarial examples, originally proposed by Szegedy et al. [7], try to mislead a trained model to generate inaccurate outputs by adding imperceptible perturbations to the raw input, which recently gains attention in the security domain. In most cases, an attacker is inclined to launch multiple attempts with minor perturbations of original malicious samples. NIDS responds to each attempt with a signal indicating whether the generated sample is benign or malicious. As a result, this signal guides the attacker to update its generative models. Iteratively, the attacker will generate adversarial samples to successfully deceive NIDS with attack functionality unchanged. In this way, adversarial crafting will trick the NIDS into generating incorrect outputs that the adversary desires. However, generating synthetic but plausible adversarial attack traffic inherits huge challenges and must comply with security domain constraints [8]. The domain constraints can be defined as follows. • The generated network traffic should meet the sanity checks of network data format. • Adversarial network traffic crafting is able to bypass the detection of NIDS while retaining attack functionality. For instance, the packet size of a generated TCP packet shouldn’t exceed the maximum value. The port number of a generated packet should be in the range of 0 to 65535. Unlike image synthesis, a minor change of original malicious traffic may disable the attack functionality [9]. Thus, functional features should remain unchanged, e.g., time-based features.