针对网络流量分类的针对性和普适性对抗性攻击

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-04-03 DOI:10.1016/j.cose.2025.104470

Ruiyang Ding , Lei Sun , Zhiyi Ding, Weifei Zang, Leyu Dai

{"title":"针对网络流量分类的针对性和普适性对抗性攻击","authors":"Ruiyang Ding , Lei Sun , Zhiyi Ding, Weifei Zang, Leyu Dai","doi":"10.1016/j.cose.2025.104470","DOIUrl":null,"url":null,"abstract":"<div><div>With the continuous advancement of technology, deep learning has become the mainstream method in the field of network traffic classification, demonstrating excellent classification performance. However, due to the inherent vulnerability of deep learning models, they also face the threat of adversarial attacks. Currently, adversarial attack techniques for network traffic classification only remain at the level of untargeted attacks, and most of them are attack methods based on specific perturbation. These methods have high time overhead, high sample dependency, and are unable to perform targeted attacks on target categories, which poses significant limitations in practical applications. To this end, this article proposes a targeted and universal adversarial attack method against network traffic classification. It iteratively trains to minimize the distance between network traffic and the target category feature domain, thereby generating the universal perturbation vector for the target category. This maximizes the prediction probability of the model output target category, allowing the classifier to incorrectly predict any non-target category network traffic as the specified target category. Meanwhile, this article uses dynamic masking and modular operations to generate adversarial network traffic, ensuring the data reversibility and transferability of network traffic packets during adversarial attacks. Finally, this article selected three standard network traffic datasets with different classification tasks, CICIoT2023, ISCX2016, and USTC-TFC2016, as well as four mainstream network traffic classification models such as LeNet5, for experiments, and built the adversarial attack testing platform in the real network environment. The results show that the proposed method effectively implements targeted and universal adversarial attacks against network traffic classification on three datasets and four classification models, with the average attack success rate of over 56 % and the single attack time of 1–3 ms, greatly improving the application scope and practical value of adversarial attack techniques in the field of network traffic classification.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"155 ","pages":"Article 104470"},"PeriodicalIF":4.8000,"publicationDate":"2025-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Towards targeted and universal adversarial attacks against network traffic classification\",\"authors\":\"Ruiyang Ding , Lei Sun , Zhiyi Ding, Weifei Zang, Leyu Dai\",\"doi\":\"10.1016/j.cose.2025.104470\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>With the continuous advancement of technology, deep learning has become the mainstream method in the field of network traffic classification, demonstrating excellent classification performance. However, due to the inherent vulnerability of deep learning models, they also face the threat of adversarial attacks. Currently, adversarial attack techniques for network traffic classification only remain at the level of untargeted attacks, and most of them are attack methods based on specific perturbation. These methods have high time overhead, high sample dependency, and are unable to perform targeted attacks on target categories, which poses significant limitations in practical applications. To this end, this article proposes a targeted and universal adversarial attack method against network traffic classification. It iteratively trains to minimize the distance between network traffic and the target category feature domain, thereby generating the universal perturbation vector for the target category. This maximizes the prediction probability of the model output target category, allowing the classifier to incorrectly predict any non-target category network traffic as the specified target category. Meanwhile, this article uses dynamic masking and modular operations to generate adversarial network traffic, ensuring the data reversibility and transferability of network traffic packets during adversarial attacks. Finally, this article selected three standard network traffic datasets with different classification tasks, CICIoT2023, ISCX2016, and USTC-TFC2016, as well as four mainstream network traffic classification models such as LeNet5, for experiments, and built the adversarial attack testing platform in the real network environment. The results show that the proposed method effectively implements targeted and universal adversarial attacks against network traffic classification on three datasets and four classification models, with the average attack success rate of over 56 % and the single attack time of 1–3 ms, greatly improving the application scope and practical value of adversarial attack techniques in the field of network traffic classification.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"155 \",\"pages\":\"Article 104470\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2025-04-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404825001592\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825001592","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

随着技术的不断进步，深度学习已经成为网络流量分类领域的主流方法，表现出优异的分类性能。然而，由于深度学习模型固有的脆弱性，它们也面临着对抗性攻击的威胁。目前，针对网络流量分类的对抗性攻击技术还停留在非目标攻击的层面，多数是基于特定扰动的攻击方法。这些方法时间开销大，样本依赖性高，不能对目标类别进行针对性攻击，在实际应用中存在很大的局限性。为此，本文提出了一种针对网络流量分类的定向通用对抗性攻击方法。迭代训练使网络流量与目标类别特征域之间的距离最小，从而生成目标类别的通用摄动向量。这最大化了模型输出目标类别的预测概率，允许分类器错误地将任何非目标类别的网络流量预测为指定的目标类别。同时，本文采用动态屏蔽和模块化操作生成对抗网络流量，保证了网络流量数据包在对抗攻击时的数据可逆性和可移植性。最后，本文选取CICIoT2023、ISCX2016、USTC-TFC2016三个具有不同分类任务的标准网络流量数据集，以及LeNet5等四种主流网络流量分类模型进行实验，构建了真实网络环境下的对抗性攻击测试平台。结果表明，所提出的方法在3个数据集和4种分类模型上有效实现了针对网络流量分类的定向通用对抗性攻击，平均攻击成功率超过56%，单次攻击时间为1 ~ 3 ms，大大提高了对抗性攻击技术在网络流量分类领域的应用范围和实用价值。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Towards targeted and universal adversarial attacks against network traffic classification

With the continuous advancement of technology, deep learning has become the mainstream method in the field of network traffic classification, demonstrating excellent classification performance. However, due to the inherent vulnerability of deep learning models, they also face the threat of adversarial attacks. Currently, adversarial attack techniques for network traffic classification only remain at the level of untargeted attacks, and most of them are attack methods based on specific perturbation. These methods have high time overhead, high sample dependency, and are unable to perform targeted attacks on target categories, which poses significant limitations in practical applications. To this end, this article proposes a targeted and universal adversarial attack method against network traffic classification. It iteratively trains to minimize the distance between network traffic and the target category feature domain, thereby generating the universal perturbation vector for the target category. This maximizes the prediction probability of the model output target category, allowing the classifier to incorrectly predict any non-target category network traffic as the specified target category. Meanwhile, this article uses dynamic masking and modular operations to generate adversarial network traffic, ensuring the data reversibility and transferability of network traffic packets during adversarial attacks. Finally, this article selected three standard network traffic datasets with different classification tasks, CICIoT2023, ISCX2016, and USTC-TFC2016, as well as four mainstream network traffic classification models such as LeNet5, for experiments, and built the adversarial attack testing platform in the real network environment. The results show that the proposed method effectively implements targeted and universal adversarial attacks against network traffic classification on three datasets and four classification models, with the average attack success rate of over 56 % and the single attack time of 1–3 ms, greatly improving the application scope and practical value of adversarial attack techniques in the field of network traffic classification.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.