一种针对基于SVM入侵检测系统的毒性攻击方法

doi:10.3969/j.issn.0372-2112.2019.01.008

摘要
图/表
参考文献(0)
相关文章 (15)

全文: PDF (2172 KB) HTML (1 KB)
输出: BibTeX | EndNote (RIS)

摘要在机器学习被广泛应用的背景下，本文提出一种针对基于SVM（Support Vector Machine）入侵检测系统的新颖攻击方法——毒性攻击.该方法通过篡改训练数据，进而误导SVM的机器学习过程，降低入侵检测系统的分类模型对攻击流量的识别率.本文把这种攻击建模为最优化问题，利用数值方法得到攻击样本.通过包含多种攻击类型的NSL-KDD数据集进行实验，从攻击流量的召回率和精度这两个指标对攻击效果进行评估，与已有方法相比，实验结果表明本文方法可更有效地降低入侵检测系统的识别率.本文希望通过该研究进一步认识针对机器学习的新颖攻击，为下一步研究对应的防御机制提供研究基础.

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	钱亚冠
	卢红波
	纪守领
	周武杰
	吴淑慧
	雷景生
	陶祥兴

关键词 ：机器学习, 支持向量机, 入侵检测, 毒性攻击, 双层优化

Abstract：Machine learning is widely applied in various intelligent devices including intrusion detection systems (IDS).We propose a novel approach called poising attack on IDS based on SVM.This attack is to degrade detection rate of IDS by misleading the SVM learning process with poisoned training data set.We model the poisoning attack as an optimization problem and solve it with numerical approach to get poisoned data set.At last,NSL-KDD data including several real attacks is used in our experiments,and two measures of precision and callback are used to evaluate the effectiveness.The result shows the poisoning attack approach can significantly degrade the IDS performance.This study may further understand the possible new attacks on machine learning,and provide the basis for the next study of the corresponding defense methods.

Key words： machine learning SVM intrusion detection poisoning attack bilevel optimization

收稿日期: 2017-11-09 出版日期: 2018-10-16

ZTFLH:

TP309.2

基金资助:浙江省自然科学基金（No.LY17F020011，No.LY18F020012）；国家自然科学基金（No.61772466，No.61672337，No.11771399）

作者简介: 卢红波 男.1993年生于浙江宁波.硕士研究生,研究方向为对抗性机器学习、基于深度学习的图像处理;纪守领 男.1986年生于山东菏泽.博士、研究员.研究方向为人工智能安全、数据驱动安全、隐私保护.

引用本文:

钱亚冠, 卢红波, 纪守领, 周武杰, 吴淑慧, 雷景生, 陶祥兴. 一种针对基于SVM入侵检测系统的毒性攻击方法[J]. 电子学报, 2019, 47(1): 59-65. QIAN Ya-guan, LU Hong-bo, JI Shou-ling, ZHOU Wu-jie, WU Shu-hui, LEI Jing-sheng, TAO Xiang-xing. A Poisoning Attack on Intrusion Detection System Based on SVM. Acta Electronica Sinica, 2019, 47(1): 59-65.

链接本文:

http://www.ejournal.org.cn/CN/10.3969/j.issn.0372-2112.2019.01.008 或 http://www.ejournal.org.cn/CN/Y2019/V47/I1/59

[1] SOMMER R,PAXSON V.Outside the closed world:Onusing machine learning for network intrusion detection[A].IEEE Symposium on Security and Privacy(SP)[C].USA:IEEE,2010.305-316.
[2] ZHANG R,ZHU Q.Secure and resilient distributed machine learning under adversarial environments[A].Proceedings of the 18th International Conference on Information Fusion (Fusion)[C].USA:IEEE,2015.644-651.
[3] BARRENO M,NELSON B,SEARS R,et al.Can machine learning be secure?[A].Proceedings of the ACM Symposium on Information,Computer and Communications Security[C].USA:ACM,2006.16-25.
[4] 高妮,高岭,贺毅岳,等.基于自编码网络特征降维的轻量级入侵检测模型[J].电子学报,2017,45(3):730-739. GAO Ni,GAO Lin,HE Yi-yue,et al.Light weight intrusion detection model based on dimension reduction of self-coding network features[J].Acta Electronica Sinica,2017,45(3):730-739.(in Chinese)
[5] 尚文利,张盛山,万明,等.基于PSO-SVM的Modbus TCP通讯的异常检测方法[J].电子学报,2014,42(11):2314-2320. SHANG Wen-li,ZHANG Sheng-shan,WAN Ming,et al.Abnormal detection method of Modbus TCP communication based on PSO-SVM[J].Acta Electronica Sinica,2014,42(11):2314-2320.(in Chinese)
[6] XIAO H,BIGGIO B,NELSON B,et al.Support vecto rmachines under adversarial label contamination[J].Neuro Computing,2015,160(C):53-62.
[7] PAPERNOT N,MC-DANIEL P,GOODFELLOW I,et al.Practical black-box attacks against machine learning[A].Proceedings of the ACM on Asia Conference on Computer and Communications Security[C].USA:ACM,2017.506-519.
[8] MC-DANIEL P,PAPERNOT N,CELIK Z B.Machine learning in adversarial settings[J].IEEE Security & Privacy,2016,14(3):68-72.
[9] RUBINSTEIN B I P,NELSON B,HUANG L,et al.ANTIDOTE:Understanding and defending against poisoning of anomaly detectors[A].ACM SIGCOMM Conference on Internet Measurement[C].USA:DBLP,2009.1-14.
[10] BIGGIO B,NELSON B,LASKOV P.Poisoning attacks against support vector machines[A].International Coference on International Conference on Machine Learning[C].USA:Omnipress,2012.1467-1474.
[11] COLSON B,MARCOTTE P,SAVARD G.An overview of bilevel optimization[J].Annals of Operations Research,2007,153(1):235-256.
[12] PAPERNOT N,MCDANIEL P,SINHA A,et al.Towards the Science of Security and Privacy in Machine Learning[OL].http://arxiv.org/abs/1611.03814v1,2016.
[13] BEHAL S,KUMAR K.Characterization and comparison of DDoS attack tools and traffic generators:A review[J].International Journal of Network Security,2017,19(3):383-393.
[14] WEIGLE M C,ADURTHI P,HERNÁNDEZ-CAMPOS F,et al.Tmix:A tool for generating realistic TCP application workloads in ns-2[J].ACM SIGCOMM Computer Communication Review,2006,36(3):65-76.
[15] NSL-KDD数据集[OL].http://nsl.cs.unb.ca/NSL-KDD,2017-11-5/2018-5-29.
[16] DHANABAL L,SHANTHARAJAH S P.A study on NSL-KDD dataset for intrusion detection system based on classification algorithms[J].International Journal of Advanced Research in Computerand Communication Engineering,2015,4(6):446-452.