JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2021, Vol. 56 ›› Issue (3): 28-36.doi: 10.6040/j.issn.1671-9352.4.2020.152

•   • Previous Articles     Next Articles

Adversarial examples generation method for network intrusion detection data

Bin XIE1,2,3(),Qing-yang LI1,Xin-yu DONG1,2   

  1. 1. College of Computer and Cyber Security, Hebei Normal University, Shijiazhuang, 050024, Hebei, China
    2. Hebei Provincial Key Laboratory of Network & Information Security, Hebei Normal University, Shijiazhuang, 050024, Hebei, China
    3. Hebei Provincial Engineering Research Center for Supply Chain Big Data Analytics & Data Security, Hebei Normal University, Shijiazhuang, 050024, Hebei, China
  • Received:2020-06-19 Online:2021-03-20 Published:2021-03-16

RichHTML

49

PDF (PC)

474

Abstract:

This paper proposes to add directional perturbations having no impact on results to attack characteristics with Deepfool and JSMA algorithms. Adversarial samples are generated by white-box attacks so that they can interfere with the judgements of models to bypass feature detection. Our work provides intrusion detection models with more training samples. As a result, the robustness of intrusion detection models is improved.

Key words: network intrusion detection, neural network, adversarial example, KDD Cup99

CLC Number: 

  • TP399

Fig.1

Adversarial examples space[10]"

Fig.2

Process of network intrusion detection based on machine learning[11]"

Fig.3

Multi-layer neural network model"

Fig.4

An overview on deep autoencoding Gaussian mixture model[14]"

Fig.5

The disturbance vector in Deepfool"

Table 1

Adversarial examples generated by Deepfool"

训练的模型 扰动特征(变化前→变化后) 范数 DAGMM预测值 KNN预测值
1 num_root (0→3) L0=1,L2=23.67 改变判断(7.085→19.374) 不变
2 hot (1→0) L0=3,L2=2.26 改变判断(7.085→12.611) 不变
num_root (0→1)
dst_host_count (70→7)
3 duration (0→360) L0=6,L2=1.55 不改变判(7.085→7.043) 不变
dst_bytes (7300→26604)
srv_diff_host_rate (0→0.05)
dst_host_count (70→29)
srv_diff_host_rate (70→188)
dst_host_rerror_rate(0.2→0.13)

Table 2

Adversarial examples generated by JSMA"

训练的模型 扰动特征(变化前→变化后) 范数 DAGMM预测值 KNN预测值
1 num_root (0->3) L0=1,L2=23.67 改变判断(7.085->19.374) 不变
2 num_file_creations (0→2) L0=2,L2=23.67 改变判断(7.085→7.671) 不变
dst_host_diff_srv_rate (0→0.1)
3 num_root(0→15) L0=1,L2=22.88 改变判断(7.085→20.076) 不变

Table 3

Results for adversarial experiments contain 1 000 attack connections"

对抗算法 平均迭代次数 平均更改特征数(直接生成不调整) 平均对抗成功率/%
Deepfool 3 18 94.4
JSMA 4 12 97.9

Fig.6

Quantitative distribution of changing features by Deepfool"

Fig.7

Quantitative distribution of changing features by JSMA"

1 刘浩然, 丁攀, 郭长江, 等. 基于贝叶斯算法的中文垃圾邮件过滤系统研究[J]. 通信学报, 2018, 39 (12): 151- 159.
LIU Haoran , DING Pan , GUO Changjiang , et al. Study on Chinese spam filtering system based on Bayes algorithm[J]. Journal on Communications, 2018, 39 (12): 151- 159.
2 彭成维, 云晓春, 张永铮, 等. 一种基于域名请求伴随关系的恶意域名检测方法[J]. 计算机研究与发展, 2019, 56 (6): 1263- 1274.
PENG Chengwei , YUN Xiaochun , ZHANG Yongzheng , et al. Detecting malicious domains using co-occurrence relation between DNS query[J]. Journal of Computer Research and Development, 2019, 56 (6): 1263- 1274.
3 刘金平, 周嘉铭, 刘先锋, 等. 基于聚类簇结构特性的自适应综合采样法在入侵检测中的应用[J/OL]. 控制与决策, (2020-03-31)[2020-04-2]http://kns.cnki.net/kcms/detail/21.1124.TP.20200330.1533.033.html.
LIU Jinping, ZHOU Jiaming, LIU Xianfeng, et al. Toward intrusion detection via cluster structure-based adaptive synthetic sampling approach[J/OL]. Control and Decision, (2020-03-31)[2020-03-28]http://kns.cnki.net/kcms/detail/21.1124.TP.20200330.1533.033.html.
4 江颉, 高甲, 陈铁明. 基于AE-BNDNN模型的入侵检测方法[J]. 小型微型计算机系统, 2019, 40 (8): 1713- 1717.
doi: 10.3969/j.issn.1000-1220.2019.08.025
JIANG Jie , GAO Jia , CHEN Tieming . Network intrusion detection method based on AE-BNDNN model[J]. Journal of Chinese Computer Systems, 2019, 40 (8): 1713- 1717.
doi: 10.3969/j.issn.1000-1220.2019.08.025
5 SZEGEDY C, ZAREMBA W, SUTSKEVER I, et al. Intriguing properties of neural networks[EB/OL]. (2014-02-19)[2020-03-28]. https: //arxiv.org/abs/1312.6199
6 潘文雯, 王新宇, 宋明黎, 等. 对抗样本生成技术综述[J]. 软件学报, 2020, 31 (1): 67- 81.
PAN Wenwen , WANG Xinyu , SONG Mingli , et al. Survey on generating adversarial examples[J]. Journal of Software, 2020, 31 (1): 67- 81.
7 陈岳峰, 毛潇锋, 李裕宏, 等. AI安全: 对抗样本技术综述与应用[J]. 信息安全研究, 2019, 5 (11): 1000- 1007.
doi: 10.3969/j.issn.2096-1057.2019.11.009
CHEN Yuefeng , MAO Xiaofeng , LI Yuhong , et al. AI security: research and application on adversarial example[J]. Journal of Information Security Research, 2019, 5 (11): 1000- 1007.
doi: 10.3969/j.issn.2096-1057.2019.11.009
8 易平, 王科迪, 黄程. 人工智能对抗攻击研究综述[J]. 上海交通大学学报, 2018, 52 (10): 1298- 1306.
YI Ping , WANG Kedi , HUANG Cheng . Adversarial attacks in artificial intelligence: a survey[J]. Journal of Shanghai Jiaotong University, 2018, 52 (10): 1298- 1306.
9 张蕾, 崔勇, 刘静, 等. 机器学习在网络空间安全研究中的应用[J]. 计算机学报, 2018, 41 (9): 1943- 1975.
ZHANG Lei , CUI Yong , LIU Jing , et al. Application of machine learning in cyberspace security research[J]. Chinese Journal of Computers, 2018, 41 (9): 1943- 1975.
10 王晓程, 刘恩德, 谢小权. 攻击分类研究与分布式网络入侵检测系统[J]. 计算机研究与发展, 2001, 38 (6): 727- 734.
WANG Xiaocheng , LIU Ende , XIE Xiaoquan . Attack classification research and a distributed network intrusion detection system[J]. Journal of Computer Research and Development, 2001, 38 (6): 727- 734.
11 杨印根, 王忠洋. 基于深度神经网络的入侵检测技术[J]. 网络安全技术与应用, 2019, (4): 37- 41.
YANG Yingen , WANG Zhongyang . Intrusion detection technology based on deep neural network[J]. Network Security Technology & Application, 2019, (4): 37- 41.
12 SEYED-MOHSEN M D, ALHUSSEIN F. DeepFool: a simple and accurate method to fool deep neural networks[C]//2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Las Vegas: IEEE Computer Society, 2016: 2574-2582.
13 PAPERNOT N, MCDANIEL P, JHA S, et al. The limitations of deep learning in adversarial settings[C]//IEEE European Symposium on Security and Privacy (EuroS&P). Saarbrucken: IEEE, 2016: 372-387.
14 ZONG B, SONG Q, MIN M R, et al. Deep autoencoding Gaussian mixture model for unsupervised anomaly detection[EB/OL]. (2018-03-01)[2020-03-28]https://openreview.net/pdf?id=BJJLHbb0-.
15 李小剑, 谢晓尧. 基于支持向量机与k近邻相结合的网络入侵检测研究[J]. 贵州师范大学学报(自然科学版), 2015, 33 (3): 86- 91.
LI Xiaojian , XIE Xiaoyao . Research on network intrusion detection based on support vector machine combined with k nearest neighbor method[J]. Journal of Guizhou Normal University(Natural Sciences), 2015, 33 (3): 86- 91.
16 GOODFELLOW I, SHLENS J, SZEGEDY C. Explaining and harnessing adversarial examples[C]//3rd International Conference on Learning Representations(ICLR). San Diego: Computer Science, 2015.
17 BRENDEL W, RAUBER J, BETHGE M. Decision-based adversarial attacks: reliable attacks against black-box machine learning models[EB/OL]. (2018-02-16)[2020-03-28]. https://arxiv.org/abs/1712.04248.
18 PAPERNOT N, MCDANIEL P, GOODFELLOW I. Transferability in machine learning: from phenomena to black-box attacks using adversarial samples[EB/OL]. (2016-5-24)[2020-03-28]. https://arxiv.org/abs/1605.07277.
19 张玉清, 董颖, 柳彩云, 等. 深度学习应用于网络空间安全的现状、趋势与展望[J]. 计算机研究与发展, 2018, 55 (6): 1117- 1142.
ZHANG Yuqing , DONG Ying , LIU Caiyun , et al. Situation, trends and prospects of deep learning applied to cyberspace security[J]. Journal of Computer Research and Development, 2018, 55 (6): 1117- 1142.
20 DIEDERIK P K, JIMMY L B. Adam: a method for stochastic optimization[C]//3rd International Conference on Learning Representations(ICLR). San Diego: Computer Science, 2015.
21 聂凯, 周清雷, 朱维军, 等. 基于时序逻辑的3种网络攻击建模[J]. 计算机科学, 2018, 45 (2): 209- 214.
NIE Kai , ZHOU Qinglei , ZHU Weijun , et al. Modeling for three kinds of network attacks based on temporal logic[J]. Computer Science, 2018, 45 (2): 209- 214.
[1] Wen-she YIN,Jian-feng HE. Detection method of hemorrhages of fundus image based on deep learning [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2020, 55(9): 62-71.
[2] WEN Xiao, LIU Qi, GAO Zhen, DON Wai-sun, LYU Xian-qing. Application of local non-intrusive reduced basis method in Rayleigh-Taylor instability [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2020, 55(2): 109-117.
[3] Wen-qing WANG,Ao-yang HAN,Li-tao YU,Zhi-sheng ZHANG. Short-term load forecasting model based on autoencoder and PSOA-CNN [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(7): 50-56.
[4] DAI Li-hua, HUI Yuan-xian. Almost automorphic solutions for shunting inhibitory cellular neural networks with leakage delays on time scales [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(10): 97-108.
[5] LIU Biao, LU Zhe, HUANG Yu-wei, JIAO Meng, LI Quan-qi, XUE Rui. Comparative study on neural network structures in power analysis [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(1): 60-66.
[6] XIAO Wei-ming, WANG Gui-jun. Design and approximation of SISO three layers feedforward neural network based on Bernstein polynomials [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(9): 55-61.
[7] LIU Ming-ming, ZHANG Min-qing, LIU Jia, GAO Pei-xian. Steganalysis method based on shallow convolution neural network [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(3): 63-70.
[8] LI Cui-ping, GAO Xing-bao. A neural network for solving l1-norm problems with constraints [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(12): 90-98.
[9] QIN Jing, LIN Hong-fei, XU Bo. Music retrieval model based on semantic descriptions [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(6): 40-48.
[10] WANG Chang-hong, WANG Lin-shan. Mean square exponential stability of memristor-based stochastic neural networks with S-type distributed delays [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(5): 130-135.
[11] ZHEN Yan, WANG Lin-shan. Mean square exponential stability analysis of stochastic generalized cellular neural networks with S-type distributed delays [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(12): 60-65.
[12] YANG Yang, LIU Long-fei, WEI Xian-hui, LIN Hong-fei. New methods for extracting emotional words based on distributed representations of words [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(11): 51-58.
[13] LIU Ming, ZAN Hong-ying, YUAN Hui-bin. Key sentiment sentence prediction using SVM and RNN [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(11): 68-73.
[14] DU Xi-hua, SHI Xiao-qin, FENG Chang-jun, LI Liang. rediction of chromatograph retention index by artificial neural  network by #br# study on volatile constituents of wild chinese chives [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(1): 50-53.
[15] MA Kui-sen, WANG Lin-shan*. Exponential synchronization of stochastic BAM neural networks with#br# S-type distributed delays [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(03): 73-78.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
[1] LING Si-Chao, CHENG Wue-Han, WEI Mu-Sheng. On Hermitian solutions to general linear quaternionic matrix equations[J]. J4, 2008, 43(12): 1 -4 .
[2] YIN Hua-jun1,2, ZHANG Xi-yong1,2*. A new method to evaluate the exponential sums of quadratic functions on finite field with character 2[J]. J4, 2013, 48(3): 24 -30 .
[3] GENG Jian-yan,YAN Jin,LI Feng . Vertex-disjoint 4-cycle in a bipartite graph[J]. J4, 2008, 43(5): 87 -92 .
[4] MAO Ai-qin1,2, YANG Ming-jun2, 3, YU Hai-yun2, ZHANG Pin1, PAN Ren-ming1*. Study on thermal decomposition mechanism of  pentafluoroethane fire extinguishing agent[J]. J4, 2013, 48(1): 51 -55 .
[5] ZHANG Li,XU Yu-ming . [J]. J4, 2006, 41(5): 30 -32 .
[6] XU Qiu-yan .

A class of parallel finite difference methods for solving a two-dimensional diffusion equation

[J]. J4, 2008, 43(8): 1 -05 .
[7] GUO Hui,LIN Chao . A least-squares mixed finite element procedure with the method of
characteristics for convection-dominated Sobolev equations[J]. J4, 2008, 43(9): 45 -50 .
[8] WANG Zhi-Gang, QIN Xin-Qiang, DANG Fa-Ning, SU Li-Jun. The existence and uniqueness of the solution to meshless methodwith ridge basis functions[J]. J4, 2010, 45(2): 44 -49 .
[9] YANG Zhao-qiang. A kind of European lookback option pricing model under fractional  jump-diffusion mixed fractional Brownian motion[J]. J4, 2013, 48(6): 67 -74 .
[10] TANG Feng-qin1, BAI Jian-ming2. The precise large deviations for a risk model with extended negatively upper orthant dependent claim  sizes[J]. J4, 2013, 48(1): 100 -106 .
Copyright 2018 © Editorial office of JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE)
Supported by Beijing Magtech Co.Ltd