一种针对基于SVM入侵检测系统的毒性攻击方法
|
摘要
在机器学习被广泛应用的背景下,本文提出一种针对基于SVM(Support Vector Machine)入侵检测系统的新颖攻击方法——毒性攻击.该方法通过篡改训练数据,进而误导SVM的机器学习过程,降低入侵检测系统的分类模型对攻击流量的识别率.本文把这种攻击建模为最优化问题,利用数值方法得到攻击样本.通过包含多种攻击类型的NSL-KDD数据集进行实验,从攻击流量的召回率和精度这两个指标对攻击效果进行评估,与已有方法相比,实验结果表明本文方法可更有效地降低入侵检测系统的识别率.本文希望通过该研究进一步认识针对机器学习的新颖攻击,为下一步研究对应的防御机制提供研究基础.
Machine learning is widely applied in various intelligent devices including intrusion detection systems( IDS). We propose a novel approach called poising attack on IDS based on SVM. This attack is to degrade detection rate of IDS by misleading the SVM learning process with poisoned training data set. We model the poisoning attack as an optimization problem and solve it with numerical approach to get poisoned data set. At last,NSL-KDD data including several real attacks is used in our experiments, and two measures of precision and callback are used to evaluate the effectiveness. The result shows the poisoning attack approach can significantly degrade the IDS performance. This study may further understand the possible new attacks on machine learning, and provide the basis for the next study of the corresponding defense methods.
Machine learning is widely applied in various intelligent devices including intrusion detection systems( IDS). We propose a novel approach called poising attack on IDS based on SVM. This attack is to degrade detection rate of IDS by misleading the SVM learning process with poisoned training data set. We model the poisoning attack as an optimization problem and solve it with numerical approach to get poisoned data set. At last,NSL-KDD data including several real attacks is used in our experiments, and two measures of precision and callback are used to evaluate the effectiveness. The result shows the poisoning attack approach can significantly degrade the IDS performance. This study may further understand the possible new attacks on machine learning, and provide the basis for the next study of the corresponding defense methods.
引文
[1]SOMMER R,PAXSON V. Outside the closed world:Onusing machine learning for netw ork intrusion detection[A].IEEE Symposium on Security and Privacy(SP)[C]. USA:IEEE,2010. 305-316.
[2] ZHANG R,ZHU Q. Secure and resilient distributed machine learning under adversarial environments[A]. Proceedings of the 18th International Conference on Information Fusion(Fusion)[C]. USA:IEEE,2015. 644-651.
[3]BARRENO M,NELSON B,SEARS R,et al. Can machine learning be secure?[A]. Proceedings of the ACM Symposium on Information,Computer and Communications Security[C]. USA:ACM,2006. 16-25.
[4]高妮,高岭,贺毅岳,等.基于自编码网络特征降维的轻量级入侵检测模型[J].电子学报,2017,45(3):730-739.GAO Ni,GAO Lin,HE Yi-yue,et al. Light w eight intrusion detection model based on dimension reduction of selfcoding netw ork features[J]. Acta Electronica Sinica,2017,45(3):730-739.(in Chinese)
[5]尚文利,张盛山,万明,等.基于PSO-SVM的Modbus TCP通讯的异常检测方法[J].电子学报,2014,42(11):2314-2320.SHANG Wen-li,ZHANG Sheng-shan,WAN M ing,et al.Abnormal detection method of M odbus TCP communication based on PSO-SVM[J]. Acta Electronica Sinica,2014,42(11):2314-2320.(in Chinese)
[6] XIAO H,BIGGIO B,NELSON B,et al. Support vecto rmachines under adversarial label contamination[J]. Neuro Computing,2015,160(C):53-62.
[7] PAPERNOT N,MC-DANIEL P,GOODFELLOW I,et al.Practical black-box attacks against machine learning[A].Proceedings of the ACM on Asia Conference on Computer and Communications Security[C]. USA:ACM,2017. 506-519.
[8] MC-DANIEL P,PAPERNOT N,CELIK Z B. Machine learning in adversarial settings[J]. IEEE Security&Privacy,2016,14(3):68-72.
[9]RUBINSTEIN B I P,NELSON B,HUANG L,et al. ANTIDOTE:Understanding and defending against poisoning of anomaly detectors[A]. ACM SIGCOM M Conference on Internet M easurement[C]. USA:DBLP,2009. 1-14.
[10]BIGGIO B,NELSON B,LASKOV P. Poisoning attacks against support vector machines[A]. International Coference on International Conference on M achine Learning[C]. USA:Omnipress,2012. 1467-1474.
[11]COLSON B,MARCOTTE P,SAVARD G. An overview of bilevel optimization[J]. Annals of Operations Research,2007,153(1):235-256.
[12]PAPERNOT N,MCDANIEL P,SINHA A,et al. Towards the Science of Security and Privacy in M achine Learning[OL]. http://arxiv. org/abs/1611. 03814v1,2016.
[13] BEHAL S,KUMAR K. Characterization and comparison of DDoS attack tools and traffic generators:A review[J].International Journal of Netw ork Security,2017,19(3):383-393.
[14] WEIGLE M C,ADURTHI P,HERNNDEZ-CAMPOS F,et al. Tmix:A tool for generating realistic TCP application w orkloads in ns-2[J]. ACM SIGCOM M Computer Communication Review,2006,36(3):65-76.
[15] NSL-KDD数据集[OL]. http://nsl. cs. unb. ca/NSLKDD,2017-11-5/2018-5-29.
[16] DHANABAL L,SHANTHARAJAH S P. A study on NSL-KDD dataset for intrusion detection system based on classification algorithms[J]. International Journal of Advanced Research in Computerand Communication Engineering,2015,4(6):446-452.
[2] ZHANG R,ZHU Q. Secure and resilient distributed machine learning under adversarial environments[A]. Proceedings of the 18th International Conference on Information Fusion(Fusion)[C]. USA:IEEE,2015. 644-651.
[3]BARRENO M,NELSON B,SEARS R,et al. Can machine learning be secure?[A]. Proceedings of the ACM Symposium on Information,Computer and Communications Security[C]. USA:ACM,2006. 16-25.
[4]高妮,高岭,贺毅岳,等.基于自编码网络特征降维的轻量级入侵检测模型[J].电子学报,2017,45(3):730-739.GAO Ni,GAO Lin,HE Yi-yue,et al. Light w eight intrusion detection model based on dimension reduction of selfcoding netw ork features[J]. Acta Electronica Sinica,2017,45(3):730-739.(in Chinese)
[5]尚文利,张盛山,万明,等.基于PSO-SVM的Modbus TCP通讯的异常检测方法[J].电子学报,2014,42(11):2314-2320.SHANG Wen-li,ZHANG Sheng-shan,WAN M ing,et al.Abnormal detection method of M odbus TCP communication based on PSO-SVM[J]. Acta Electronica Sinica,2014,42(11):2314-2320.(in Chinese)
[6] XIAO H,BIGGIO B,NELSON B,et al. Support vecto rmachines under adversarial label contamination[J]. Neuro Computing,2015,160(C):53-62.
[7] PAPERNOT N,MC-DANIEL P,GOODFELLOW I,et al.Practical black-box attacks against machine learning[A].Proceedings of the ACM on Asia Conference on Computer and Communications Security[C]. USA:ACM,2017. 506-519.
[8] MC-DANIEL P,PAPERNOT N,CELIK Z B. Machine learning in adversarial settings[J]. IEEE Security&Privacy,2016,14(3):68-72.
[9]RUBINSTEIN B I P,NELSON B,HUANG L,et al. ANTIDOTE:Understanding and defending against poisoning of anomaly detectors[A]. ACM SIGCOM M Conference on Internet M easurement[C]. USA:DBLP,2009. 1-14.
[10]BIGGIO B,NELSON B,LASKOV P. Poisoning attacks against support vector machines[A]. International Coference on International Conference on M achine Learning[C]. USA:Omnipress,2012. 1467-1474.
[11]COLSON B,MARCOTTE P,SAVARD G. An overview of bilevel optimization[J]. Annals of Operations Research,2007,153(1):235-256.
[12]PAPERNOT N,MCDANIEL P,SINHA A,et al. Towards the Science of Security and Privacy in M achine Learning[OL]. http://arxiv. org/abs/1611. 03814v1,2016.
[13] BEHAL S,KUMAR K. Characterization and comparison of DDoS attack tools and traffic generators:A review[J].International Journal of Netw ork Security,2017,19(3):383-393.
[14] WEIGLE M C,ADURTHI P,HERNNDEZ-CAMPOS F,et al. Tmix:A tool for generating realistic TCP application w orkloads in ns-2[J]. ACM SIGCOM M Computer Communication Review,2006,36(3):65-76.
[15] NSL-KDD数据集[OL]. http://nsl. cs. unb. ca/NSLKDD,2017-11-5/2018-5-29.
[16] DHANABAL L,SHANTHARAJAH S P. A study on NSL-KDD dataset for intrusion detection system based on classification algorithms[J]. International Journal of Advanced Research in Computerand Communication Engineering,2015,4(6):446-452.