基于集成学习与异常检测的对抗流量检测方法

doi:10.19678/j.issn.1000-3428.0069846

摘要/Abstract

摘要： 近年来,深度学习技术在恶意流量检测方面的应用越来越广泛。然而,对抗样本攻击给基于深度学习的恶意流量检测带来了巨大挑战。针对这一问题,提出一种基于集成学习与异常检测的对抗流量检测方法,用于发现针对恶意流量检测系统的对抗样本攻击。首先,为每一类恶意流量类别训练一个二分类集成学习器。对于集成学习器的每一个基模型,采用不同数据子集和特征子集训练,扩大基模型之间的差异性,以增加对抗样本跨越所有模型决策边界的难度。其次,将不同二分类集成学习器中基模型预测输入样本为正常样本的比例作为集成学习模型的信心得分,并将不同二分类集成学习器的信心得分输入孤立森林模型,通过孤立森林模型进行异常检测获得异常得分。最后,将获得的异常得分与在正常样本上获得的异常得分的阈值进行比较,判断样本是否为对抗样本。实验结果表明,该方法在NSL-KDD和CICIDS2017数据集的特征空间和受限空间上分别取得了最高0.986 9、0.989 6、0.999 1、0.999 8的受试者工作特征曲线下面积(AUC)值,优于对比方法。

关键词: 对抗样本, 网络入侵检测, 对抗检测, 集成学习, 异常检测

Abstract: In recent years, deep learning technology has been increasingly used for malicious traffic detection. However, adversarial example attacks pose challenges to deep learning-based malicious traffic detection. To address this problem, this study proposes an adversarial traffic detection method based on ensemble learning and anomaly detection to detect adversarial example attacks against malicious traffic detection. First, a binary ensemble learner is trained for each malicious traffic category. For each base model, different data and feature subsets are used during training to increase the differences between the base models and increase the difficulty for adversarial examples crossing the decision boundaries of all models. Second, the proportion of base models that predict the input sample as normal traffic is used as the confidence score of the learning model; the confidence scores from different binary ensemble learners are then input into the isolated forest model, and anomaly detection is conducted using the isolated forest model to obtain the anomaly score. Finally, a comparison of the obtained anomaly score with the threshold of the anomaly score obtained for a normal example determines whether the example is adversarial. The experimental results show that the proposed method achieves the highest Area Under the Receiver Operating Characteristic Curve (AUC) values of 0.986 9 and 0.989 6 in the feature and restricted spaces, respectively, of the NSL-KDD dataset, and those of 0.999 1 and 0.999 8 in those spaces, respectively, of the CICIDS2017 dataset, which are better than those obtained using the comparative method.

Key words: adversarial example, network intrusion detection, adversarial detection, ensemble learning, anomaly detection

中图分类号:

TP391

董方和, 石琼, 师智斌. 基于集成学习与异常检测的对抗流量检测方法[J]. 计算机工程, 2026, 52(2): 275-286.

DONG Fanghe, SHI Qiong, SHI Zhibin. Adversarial Traffic Detection Method Based on Ensemble Learning and Anomaly Detection[J]. Computer Engineering, 2026, 52(2): 275-286.

https://www.ecice06.com/CN/Y2026/V52/I2/275

参考文献

[1] 蹇诗婕, 刘岳, 姜波, 等. 基于聚类过采样和自动编码器的网络入侵检测方法[J]. 信息安全学报, 2023, 8(6): 121-134. JIAN S J, LIU Y, JIANG B, et al. Network intrusion detection using cluster oversampling and auto-encoder[J]. Journal of Cyber Security, 2023, 8(6): 121-134. (in Chinese)
[2] 陈虹, 王瀚文, 金海波. 融合改进自编码器和残差网络的入侵检测模型[J]. 计算机工程, 2024, 50(2): 188-195. CHEN H, WANG H W, JIN H B. Intrusion detection model combining improved self-encoder and residual network[J]. Computer Engineering, 2024, 50(2): 188-195. (in Chinese)
[3] 郝劭辰, 卫孜钻, 马垚, 等. 基于高效联邦学习算法的网络入侵检测模型[J]. 计算机应用, 2023, 43(4): 1169-1175. HAO S C, WEI Z Z, MA Y, et al. Network intrusion detection model based on efficient federated learning algorithm[J]. Journal of Computer Applications, 2023, 43(4): 1169-1175. (in Chinese)
[4] YANG L, MOUBAYED A, SHAMI A. MTH-IDS: a multitiered hybrid intrusion detection system for Internet of Vehicles[J]. IEEE Internet of Things Journal, 2022, 9(1): 616-632.
[5] SABA T, REHMAN A, SADAD T, et al. Anomaly-based intrusion detection system for IoT networks through deep learning model[J]. Computers and Electrical Engineering, 2022, 99: 107810.
[6] SZEGEDY C, ZAREMBA W, SUTSKEVER I, et al. Intriguing properties of neural networks[EB/OL].[2024-04-13]. https://arxiv.org/abs/1312.6199v4.
[7] GOODFELLOW I J, SHLENS J, SZEGEDY C. Explaining and harnessing adversarial examples[EB/OL].[2024-04-13]. https://arxiv.org/abs/1412.6572v3.
[8] WANG Z. Deep learning based intrusion detection with adversaries[J]. IEEE Access, 2018, 6: 38367-38384.
[9] LIN Z L, SHI Y, XUE Z. IDSGAN: generative adversarial networks for attack generation against intrusion detection[C]//Proceedings of Pacific-Asia Conference on Knowledge Discovery and Data Mining. Berlin, Germany: Springer International Publishing, 2022: 79-91.
[10] SHARON Y, BEREND D, LIU Y, et al. TANTRA: timing-based adversarial network traffic reshaping attack[J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 3225-3237.
[11] HE K, KIM D D, ASGHAR M R. Adversarial machine learning for network intrusion detection systems: a comprehensive survey[J]. IEEE Communications Surveys & Tutorials, 2023, 25(1): 538-566.
[12] PAWLICKI M, CHORA AS＇G M, KOZIK R. Defending network intrusion detection systems against adversarial evasion attacks[J]. Future Generation Computer Systems, 2020, 110: 148-154.
[13] YUAN X W, HAN S, HUANG W, et al. A simple framework to enhance the adversarial robustness of deep learning-based intrusion detection system[J]. Computers & Security, 2024, 137: 103644.
[14] WANG N, CHEN Y M, HU Y, et al. MANDA: on adversarial example detection for network intrusion detection system[C]//Proceedings of the IEEE Conference on Computer Communications. Washington D.C., USA: IEEE Press, 2021: 1-10.
[15] ZHANG R Q, LUO S L, PAN L M, et al. Generating adversarial examples via enhancing latent spatial features of benign traffic and preserving malicious functions[J]. Neurocomputing, 2022, 490: 413-430.
[16] HASHEMI M J, CUSACK G, KELLER E. Towards evaluation of NIDSs in adversarial setting[C]//Proceedings of the 3rd ACM CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence for Data Communication Networks. New York, USA: ACM Press, 2019: 14-21.
[17] HAN D Q, WANG Z L, ZHONG Y, et al. Evaluating and improving adversarial robustness of machine learning-based network intrusion detectors[J]. IEEE Journal on Selected Areas in Communications, 2021, 39(8): 2632-2647.
[18] YANG F, CHEN Z Y, GANGOPADHYAY A. Using randomness to improve robustness of tree-based models against evasion attacks[J]. IEEE Transactions on Knowledge and Data Engineering, 2022, 34(2): 969-982.
[19] DING Y, ZHU G Q, CHEN D J, et al. Adversarial sample attack and defense method for encrypted traffic data[J]. IEEE Transactions on Intelligent Transportation Systems, 2022, 23(10): 18024-18039.
[20] ATHALYE A, CARLINI N, WAGNER D. Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples[C]//Proceedings of International Conference on Machine Learning. New York, USA: ACM Press, 2018: 274-283.
[21] APRUZZESE G, ANDREOLINI M, COLAJANNI M, et al. Hardening random forest cyber detectors against adversarial attacks[J]. IEEE Transactions on Emerging Topics in Computational Intelligence, 2020, 4(4): 427-439.
[22] KURAKIN A, GOODFELLOW I J, BENGIO S. Adversarial examples in the physical world[EB/OL].[2024-04-13]. https://arxiv. org/pdf/1607. 02533.
[23] CARLINI N, WAGNER D. Towards evaluating the robustness of neural networks[C]//Proceedings of the IEEE Symposium on Security and Privacy (SP). Washington D.C., USA: IEEE Press, 2017: 39-57.
[24] FAWZI A, MOOSAVI-DEZFOOLI S M, FROSSARD P, et al. Empirical study of the topology and geometry of deep networks[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. Washington D.C., USA: IEEE Press, 2018: 3762-3770.
[25] LIU F T, TING K M, ZHOU Z H. Isolation-based anomaly detection[J]. ACM Transactions on Knowledge Discovery from Data, 2012, 6(1): 1-39.
[26] TAVALLAEE M, BAGHERI E, LU W, et al. A detailed analysis of the KDD CUP 99 data set[C]//Proceedings of the IEEE Symposium on Computational Intelligence for Security and Defense Applications. Washington D.C., USA: IEEE Press, 2009: 1-6.
[27] SHARAFALDIN I, LASHKARI A H, GHORBANI A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]//Proceedings of the 4th International Conference on Information Systems Security and Privacy. Funchal, Portugal: Science and Technology Publications, 2018: 108-116.

选择文件类型/文献管理软件名称

选择包含的内容