计算机工程与应用 ›› 2022, Vol. 58 ›› Issue (4): 126-133.DOI: 10.3778/j.issn.1002-8331.2008-0298

• 网络、通信与安全 • 上一篇    下一篇

面向规避僵尸网络流量检测的对抗样本生成

李沛洋,李璇,陈俊杰,陈永乐   

  1. 太原理工大学 信息与计算机学院,太原 030024
  • 出版日期:2022-02-15 发布日期:2022-02-15

Adversarial Sample Generation for Evading Botnet Traffic Detection

LI Peiyang, LI Xuan, CHEN Junjie, CHEN Yongle   

  1. College of Information and Computer, Taiyuan University of Technology, Taiyuan 030024, China
  • Online:2022-02-15 Published:2022-02-15

摘要: 基于机器学习的僵尸网络流量检测是现阶段网络安全领域比较热门的研究方向,然而生成对抗网络(generative adversarial networks,GAN)的出现使得机器学习面临巨大的挑战。针对这个问题,在未知僵尸网络流量检测器模型结构和参数的假设条件下,基于生成对抗网络提出了一种新的用于黑盒攻击的对抗样本生成方法。该方法提取网络流量的统计特征,利用生成对抗网络思想,通过训练替代判别器和生成器,来拟合不同类型的黑盒僵尸网络流量检测器和生成可以规避黑盒僵尸网络流量检测器的对抗样本。生成的对抗样本是在原始僵尸网络流量的基础上添加不改变其攻击特性的微小扰动,从而降低僵尸网络流量的被检出率。实验结果表明,开源数据集N_BaIoT中的僵尸网络流量样本经该方法重新生成后,将僵尸网络流量的平均被检出率降低了0.481?8,且该方法适用于规避不同的僵尸网络检测算法以及由不同计算机设备构成的僵尸网络,具有良好的扩展性。

关键词: 生成对抗网络(GAN), 僵尸网络流量检测, 黑盒攻击, 对抗样本生成, 替代判别器

Abstract: Botnet traffic detection based on machine learning is a hot research direction in the field of network security at this stage. However, the emergence of generative adversarial networks(GAN) makes machine learning face huge challenges. In response to this problem, under the assumption of unknown botnet traffic detector model structure and parameters, based on generative adversarial networks, a new method of generating adversarial samples for black box attacks is proposed. This method extracts the statistical characteristics of network traffic, uses the idea of generating adversarial networks to train a substitude detector and a generator, which are used to fit black box botnet traffic detectors and generate adversarial samples that can evade black box botnet traffic detectors. The generated adversarial samples are based on the original botnet traffic with small disturbances that do not change its attack characteristics, thereby reducing the probability of malicious traffic being detected as malicious. The experimental results show that the average detection rate of botnet traffic in the open source data set N_BaIoT is reduced by 0.4818 after the sample is regenerated by this method. Moreover, this method is applicable to many botnets composed of different computer equipments and has good scalability.

Key words: generative adversarial networks(GAN), botnet traffic detector, black box attack, adversarial sample generation, substitude detector