电子学报 ›› 2019, Vol. 47 ›› Issue (1): 59-65.DOI: 10.3969/j.issn.0372-2112.2019.01.008

• 学术论文 • 上一篇    下一篇

一种针对基于SVM入侵检测系统的毒性攻击方法

钱亚冠1, 卢红波1, 纪守领2, 周武杰3, 吴淑慧1, 雷景生1, 陶祥兴1   

  1. 1. 浙江科技学院理学院/大数据学院, 浙江杭州 310023;
    2. 浙江大学计算机学院, 浙江杭州 310058;
    3. 浙江科技学院信息与电子工程学院, 浙江杭州 310023
  • 收稿日期:2017-11-09 修回日期:2018-05-30 出版日期:2019-01-25 发布日期:2019-01-25
  • 作者简介:卢红波 男.1993年生于浙江宁波.硕士研究生,研究方向为对抗性机器学习、基于深度学习的图像处理;纪守领 男.1986年生于山东菏泽.博士、研究员.研究方向为人工智能安全、数据驱动安全、隐私保护.
  • 基金资助:
    浙江省自然科学基金(No.LY17F020011,No.LY18F020012);国家自然科学基金(No.61772466,No.61672337,No.11771399)

A Poisoning Attack on Intrusion Detection System Based on SVM

QIAN Ya-guan1, LU Hong-bo1, JI Shou-ling2, ZHOU Wu-jie3, WU Shu-hui1, LEI Jing-sheng1, TAO Xiang-xing1   

  1. 1. School of Science & Big Data Science, Zhejiang University of Science and Technology, Hangzhou, Zhejiang 310023, China;
    2. College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang 310058, China;
    3. School of Information and Electronic Engineering, Zhejiang University of Science and Technology, Hangzhou, Zhejiang 310023, China
  • Received:2017-11-09 Revised:2018-05-30 Online:2019-01-25 Published:2019-01-25

摘要: 在机器学习被广泛应用的背景下,本文提出一种针对基于SVM(Support Vector Machine)入侵检测系统的新颖攻击方法——毒性攻击.该方法通过篡改训练数据,进而误导SVM的机器学习过程,降低入侵检测系统的分类模型对攻击流量的识别率.本文把这种攻击建模为最优化问题,利用数值方法得到攻击样本.通过包含多种攻击类型的NSL-KDD数据集进行实验,从攻击流量的召回率和精度这两个指标对攻击效果进行评估,与已有方法相比,实验结果表明本文方法可更有效地降低入侵检测系统的识别率.本文希望通过该研究进一步认识针对机器学习的新颖攻击,为下一步研究对应的防御机制提供研究基础.

关键词: 机器学习, 支持向量机, 入侵检测, 毒性攻击, 双层优化

Abstract: Machine learning is widely applied in various intelligent devices including intrusion detection systems (IDS).We propose a novel approach called poising attack on IDS based on SVM.This attack is to degrade detection rate of IDS by misleading the SVM learning process with poisoned training data set.We model the poisoning attack as an optimization problem and solve it with numerical approach to get poisoned data set.At last,NSL-KDD data including several real attacks is used in our experiments,and two measures of precision and callback are used to evaluate the effectiveness.The result shows the poisoning attack approach can significantly degrade the IDS performance.This study may further understand the possible new attacks on machine learning,and provide the basis for the next study of the corresponding defense methods.

Key words: machine learning, SVM, intrusion detection, poisoning attack, bilevel optimization

中图分类号: