Ruiyang Ding , Lei Sun , Weifei Zang , Leyu Dai , Zhiyi Ding , Bayi Xu
{"title":"实现针对网络流量分类的通用和可转移对抗攻击","authors":"Ruiyang Ding , Lei Sun , Weifei Zang , Leyu Dai , Zhiyi Ding , Bayi Xu","doi":"10.1016/j.comnet.2024.110790","DOIUrl":null,"url":null,"abstract":"<div><div>In recent years, deep learning technology has shown astonishing potential in many fields, but at the same time, it also hides serious vulnerabilities. In the field of network traffic classification, attackers exploit this vulnerability to add designed perturbations to normal traffic, causing incorrect network traffic classification to implement adversarial attacks. The existing network traffic adversarial attack methods mainly target specific models or sample application scenarios, which have many problems such as poor transferability, high time cost, and low practicality. Therefore, this article proposes a method towards universal and transferable adversarial attacks against network traffic classification, which can not only perform universal adversarial attacks on all samples in the network traffic dataset, but also achieve cross data and cross model transferable adversarial attacks, that is, it has transferable attack effects at both the network traffic data and classification model levels. This method utilizes the geometric characteristics of the network model to design the target loss function and optimize the generation of universal perturbations, resulting in biased learning of features at each layer of the network model, leading to incorrect classification results. Meanwhile, this article conducted universality and transferability adversarial attack verification experiments on standard network traffic datasets of three different classification applications, USTC-TFC2016, ISCX2016, and CICIoT2023, as well as five common network models such as LeNet5. The results show that the proposed method performs universal adversarial attacks on five network models on three datasets, USTC-TFC2016, ISCX2016, and CICIoT2023, with an average attack success rate of over 80 %, 85 %, and 88 %, respectively, and an average time cost of about 0–0.3 ms; And the method proposed in this article has shown good transferable attack performance between five network models and on three network traffic datasets, with transferable attack rates approaching 100 % across different models and datasets, which is more closely related to practical applications.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"254 ","pages":"Article 110790"},"PeriodicalIF":4.4000,"publicationDate":"2024-09-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Towards universal and transferable adversarial attacks against network traffic classification\",\"authors\":\"Ruiyang Ding , Lei Sun , Weifei Zang , Leyu Dai , Zhiyi Ding , Bayi Xu\",\"doi\":\"10.1016/j.comnet.2024.110790\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>In recent years, deep learning technology has shown astonishing potential in many fields, but at the same time, it also hides serious vulnerabilities. In the field of network traffic classification, attackers exploit this vulnerability to add designed perturbations to normal traffic, causing incorrect network traffic classification to implement adversarial attacks. The existing network traffic adversarial attack methods mainly target specific models or sample application scenarios, which have many problems such as poor transferability, high time cost, and low practicality. Therefore, this article proposes a method towards universal and transferable adversarial attacks against network traffic classification, which can not only perform universal adversarial attacks on all samples in the network traffic dataset, but also achieve cross data and cross model transferable adversarial attacks, that is, it has transferable attack effects at both the network traffic data and classification model levels. This method utilizes the geometric characteristics of the network model to design the target loss function and optimize the generation of universal perturbations, resulting in biased learning of features at each layer of the network model, leading to incorrect classification results. Meanwhile, this article conducted universality and transferability adversarial attack verification experiments on standard network traffic datasets of three different classification applications, USTC-TFC2016, ISCX2016, and CICIoT2023, as well as five common network models such as LeNet5. The results show that the proposed method performs universal adversarial attacks on five network models on three datasets, USTC-TFC2016, ISCX2016, and CICIoT2023, with an average attack success rate of over 80 %, 85 %, and 88 %, respectively, and an average time cost of about 0–0.3 ms; And the method proposed in this article has shown good transferable attack performance between five network models and on three network traffic datasets, with transferable attack rates approaching 100 % across different models and datasets, which is more closely related to practical applications.</div></div>\",\"PeriodicalId\":50637,\"journal\":{\"name\":\"Computer Networks\",\"volume\":\"254 \",\"pages\":\"Article 110790\"},\"PeriodicalIF\":4.4000,\"publicationDate\":\"2024-09-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Networks\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1389128624006224\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128624006224","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
Towards universal and transferable adversarial attacks against network traffic classification
In recent years, deep learning technology has shown astonishing potential in many fields, but at the same time, it also hides serious vulnerabilities. In the field of network traffic classification, attackers exploit this vulnerability to add designed perturbations to normal traffic, causing incorrect network traffic classification to implement adversarial attacks. The existing network traffic adversarial attack methods mainly target specific models or sample application scenarios, which have many problems such as poor transferability, high time cost, and low practicality. Therefore, this article proposes a method towards universal and transferable adversarial attacks against network traffic classification, which can not only perform universal adversarial attacks on all samples in the network traffic dataset, but also achieve cross data and cross model transferable adversarial attacks, that is, it has transferable attack effects at both the network traffic data and classification model levels. This method utilizes the geometric characteristics of the network model to design the target loss function and optimize the generation of universal perturbations, resulting in biased learning of features at each layer of the network model, leading to incorrect classification results. Meanwhile, this article conducted universality and transferability adversarial attack verification experiments on standard network traffic datasets of three different classification applications, USTC-TFC2016, ISCX2016, and CICIoT2023, as well as five common network models such as LeNet5. The results show that the proposed method performs universal adversarial attacks on five network models on three datasets, USTC-TFC2016, ISCX2016, and CICIoT2023, with an average attack success rate of over 80 %, 85 %, and 88 %, respectively, and an average time cost of about 0–0.3 ms; And the method proposed in this article has shown good transferable attack performance between five network models and on three network traffic datasets, with transferable attack rates approaching 100 % across different models and datasets, which is more closely related to practical applications.
期刊介绍:
Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.