TransfficFormer：一种新的基于transformer的框架，用于生成规避恶意流量

IF 7.2 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Knowledge-Based Systems Pub Date : 2025-04-26 DOI:10.1016/j.knosys.2025.113546

Wenbiao Du , Jingfeng Xue , Xiuqi Yang , Wenjie Guo , Dujuan Gu , Weijie Han

{"title":"TransfficFormer：一种新的基于transformer的框架，用于生成规避恶意流量","authors":"Wenbiao Du , Jingfeng Xue , Xiuqi Yang , Wenjie Guo , Dujuan Gu , Weijie Han","doi":"10.1016/j.knosys.2025.113546","DOIUrl":null,"url":null,"abstract":"<div><div>Machine learning (ML) and deep learning (DL) have significantly improved the detection accuracy of contemporary Network Intrusion Detection Systems (NIDS), yet they remain susceptible to adversarial attacks. Current attacks against ML/DL-based NIDS primarily focus on altering feature vectors, thereby overlooking the discrete and irreversible nature of network traffic packets, which significantly limits its practical applicability. To address these challenges, we propose TransfficFormer to generate adversarial attack traffic that combines heuristic algorithm and transformer. We train a Transformer-based generator by transforming source-space features into discrete sequence autoregressive models. The three-layer particle swarm optimization algorithm with random and perception factor is utilized to optimize the generation of adversarial mutation malicious traffic with reversible metadata feature vectors. Furthermore, the discriminator feedback probability is fine-tuned using reinforcement learning strategies, ensuring the preservation of both malicious intent and normal communication functionality within the generated traffic. Comprehensive experiments demonstrate that Transfficformer can autonomously generate mutant malicious traffic, effectively evading various ML/DL-based NIDS with minimal overhead. The practicality of the generated mutant traffic is validated in the NSFOCUS cyber range.</div></div>","PeriodicalId":49939,"journal":{"name":"Knowledge-Based Systems","volume":"319 ","pages":"Article 113546"},"PeriodicalIF":7.2000,"publicationDate":"2025-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"TransfficFormer: A novel Transformer-based framework to generate evasive malicious traffic\",\"authors\":\"Wenbiao Du , Jingfeng Xue , Xiuqi Yang , Wenjie Guo , Dujuan Gu , Weijie Han\",\"doi\":\"10.1016/j.knosys.2025.113546\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Machine learning (ML) and deep learning (DL) have significantly improved the detection accuracy of contemporary Network Intrusion Detection Systems (NIDS), yet they remain susceptible to adversarial attacks. Current attacks against ML/DL-based NIDS primarily focus on altering feature vectors, thereby overlooking the discrete and irreversible nature of network traffic packets, which significantly limits its practical applicability. To address these challenges, we propose TransfficFormer to generate adversarial attack traffic that combines heuristic algorithm and transformer. We train a Transformer-based generator by transforming source-space features into discrete sequence autoregressive models. The three-layer particle swarm optimization algorithm with random and perception factor is utilized to optimize the generation of adversarial mutation malicious traffic with reversible metadata feature vectors. Furthermore, the discriminator feedback probability is fine-tuned using reinforcement learning strategies, ensuring the preservation of both malicious intent and normal communication functionality within the generated traffic. Comprehensive experiments demonstrate that Transfficformer can autonomously generate mutant malicious traffic, effectively evading various ML/DL-based NIDS with minimal overhead. The practicality of the generated mutant traffic is validated in the NSFOCUS cyber range.</div></div>\",\"PeriodicalId\":49939,\"journal\":{\"name\":\"Knowledge-Based Systems\",\"volume\":\"319 \",\"pages\":\"Article 113546\"},\"PeriodicalIF\":7.2000,\"publicationDate\":\"2025-04-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Knowledge-Based Systems\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0950705125005921\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Knowledge-Based Systems","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0950705125005921","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

摘要

机器学习（ML）和深度学习（DL）显著提高了当代网络入侵检测系统（NIDS）的检测精度，但它们仍然容易受到对抗性攻击。目前针对基于ML/ dl的NIDS的攻击主要集中在改变特征向量上，从而忽略了网络流量数据包的离散性和不可逆性，这极大地限制了其实际适用性。为了解决这些挑战，我们提出了TransfficFormer来生成对抗性攻击流量，该流量结合了启发式算法和变压器。我们通过将源空间特征转换为离散序列自回归模型来训练基于变压器的生成器。采用随机因子和感知因子相结合的三层粒子群优化算法，优化生成具有可逆元数据特征向量的对抗性突变恶意流量。此外，鉴别器反馈概率使用强化学习策略进行微调，确保在生成的流量中保留恶意意图和正常通信功能。综合实验表明，Transfficformer能够自主生成突变型恶意流量，以最小的开销有效规避各种基于ML/ dl的NIDS。在NSFOCUS网络范围内验证了生成的突变流量的实用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

TransfficFormer: A novel Transformer-based framework to generate evasive malicious traffic

Machine learning (ML) and deep learning (DL) have significantly improved the detection accuracy of contemporary Network Intrusion Detection Systems (NIDS), yet they remain susceptible to adversarial attacks. Current attacks against ML/DL-based NIDS primarily focus on altering feature vectors, thereby overlooking the discrete and irreversible nature of network traffic packets, which significantly limits its practical applicability. To address these challenges, we propose TransfficFormer to generate adversarial attack traffic that combines heuristic algorithm and transformer. We train a Transformer-based generator by transforming source-space features into discrete sequence autoregressive models. The three-layer particle swarm optimization algorithm with random and perception factor is utilized to optimize the generation of adversarial mutation malicious traffic with reversible metadata feature vectors. Furthermore, the discriminator feedback probability is fine-tuned using reinforcement learning strategies, ensuring the preservation of both malicious intent and normal communication functionality within the generated traffic. Comprehensive experiments demonstrate that Transfficformer can autonomously generate mutant malicious traffic, effectively evading various ML/DL-based NIDS with minimal overhead. The practicality of the generated mutant traffic is validated in the NSFOCUS cyber range.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Knowledge-Based Systems 工程技术-计算机：人工智能

CiteScore

14.80

自引率

12.50%

发文量

1245

审稿时长

7.8 months

期刊介绍： Knowledge-Based Systems, an international and interdisciplinary journal in artificial intelligence, publishes original, innovative, and creative research results in the field. It focuses on knowledge-based and other artificial intelligence techniques-based systems. The journal aims to support human prediction and decision-making through data science and computation techniques, provide a balanced coverage of theory and practical study, and encourage the development and implementation of knowledge-based intelligence models, methods, systems, and software tools. Applications in business, government, education, engineering, and healthcare are emphasized.