Exploring the vulnerability in the inference phase of advanced persistent threats

IF 1.9 4区 计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Qi Wu, Qiang Li, Dong Guo, Xiangyu Meng
{"title":"Exploring the vulnerability in the inference phase of advanced persistent threats","authors":"Qi Wu, Qiang Li, Dong Guo, Xiangyu Meng","doi":"10.1177/15501329221080417","DOIUrl":null,"url":null,"abstract":"In recent years, the Internet of Things has been widely used in modern life. Advanced persistent threats are long-term network attacks on specific targets with attackers using advanced attack methods. The Internet of Things targets have also been threatened by advanced persistent threats with the widespread application of Internet of Things. The Internet of Things device such as sensors is weaker than host in security. In the field of advanced persistent threat detection, most works used machine learning methods whether host-based detection or network-based detection. However, models using machine learning methods lack robustness because it can be attacked easily by adversarial examples. In this article, we summarize the characteristics of advanced persistent threats traffic and propose the algorithm to make adversarial examples for the advanced persistent threat detection model. We first train advanced persistent threat detection models using different machine learning methods, among which the highest F1-score is 0.9791. Then, we use the algorithm proposed to grey-box attack one of models and the detection success rate of the model drop from 98.52% to 1.47%. We prove that advanced persistent threats adversarial examples are transitive and we successfully black-box attack other models according to this. The detection success rate of the attacked model with the best attacked effect dropped from 98.66% to 0.13%.","PeriodicalId":50327,"journal":{"name":"International Journal of Distributed Sensor Networks","volume":" ","pages":""},"PeriodicalIF":1.9000,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Distributed Sensor Networks","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1177/15501329221080417","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 2

Abstract

In recent years, the Internet of Things has been widely used in modern life. Advanced persistent threats are long-term network attacks on specific targets with attackers using advanced attack methods. The Internet of Things targets have also been threatened by advanced persistent threats with the widespread application of Internet of Things. The Internet of Things device such as sensors is weaker than host in security. In the field of advanced persistent threat detection, most works used machine learning methods whether host-based detection or network-based detection. However, models using machine learning methods lack robustness because it can be attacked easily by adversarial examples. In this article, we summarize the characteristics of advanced persistent threats traffic and propose the algorithm to make adversarial examples for the advanced persistent threat detection model. We first train advanced persistent threat detection models using different machine learning methods, among which the highest F1-score is 0.9791. Then, we use the algorithm proposed to grey-box attack one of models and the detection success rate of the model drop from 98.52% to 1.47%. We prove that advanced persistent threats adversarial examples are transitive and we successfully black-box attack other models according to this. The detection success rate of the attacked model with the best attacked effect dropped from 98.66% to 0.13%.
探索高级持续威胁推断阶段的漏洞
近年来,物联网在现代生活中得到了广泛应用。高级持续威胁是指攻击者采用高级攻击手段,对特定目标进行的长期网络攻击。随着物联网的广泛应用,物联网目标也受到了高级持续性威胁的威胁。传感器等物联网设备的安全性弱于主机。在高级持续威胁检测领域,无论是基于主机的检测还是基于网络的检测,大多数工作都使用了机器学习方法。然而,使用机器学习方法的模型缺乏鲁棒性,因为它很容易被对抗性示例攻击。在本文中,我们总结了高级持续威胁流量的特点,并提出了为高级持续威胁检测模型制作对抗示例的算法。我们首先使用不同的机器学习方法训练高级持续威胁检测模型,其中f1得分最高为0.9791。然后,我们使用提出的算法对其中一个模型进行灰盒攻击,模型的检测成功率从98.52%下降到1.47%。我们证明了高级持续威胁的对抗例子是可传递的,并在此基础上成功地对其他模型进行了黑盒攻击。攻击效果最好的被攻击模型的检测成功率从98.66%下降到0.13%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
CiteScore
6.50
自引率
4.30%
发文量
94
审稿时长
3.6 months
期刊介绍: International Journal of Distributed Sensor Networks (IJDSN) is a JCR ranked, peer-reviewed, open access journal that focuses on applied research and applications of sensor networks. The goal of this journal is to provide a forum for the publication of important research contributions in developing high performance computing solutions to problems arising from the complexities of these sensor network systems. Articles highlight advances in uses of sensor network systems for solving computational tasks in manufacturing, engineering and environmental systems.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信