| For the past few years,machine learning is widely applied in the domain of cybersecurity,especially in intrusion detection and malware detection.Researchers paid more attention to the detection performance of machine learning based security detection systems in cybersecurity.The security risks caused by the vulnerability of machine learning algorithms are normally ignored.The emergence of adversarial examples has attracted more and more researchers to pay attention to the security of machine learning algorithms.Adversarial examples generated by adding intentionally crafted perturbations to the original inputs can cause the target classifier to misclassify or even output the labels specified by the adversary.As a security-critical field,the emergence of adversarial examples seriously hinders the further application of machine learning in cybersecurity.At present,the research on the generation of adversarial examples mainly focuses on computer vision and the research on the generation of adversarial examples in cybersecurity is still in its infancy.Besides,currently,the mathematical explanation for the cause of adversarial examples is still not clear,so it is not possible to construct an effective adversarial defense method.On one hand,the research on the generation of adversarial examples in cybersecurity can provide theoretical support for the explanation of the cause of adversarial examples and provide inspiration and ideas for the subsequent construction of effective adversarial defense methods.On the other hand,it can guarantee the security of the machine learning based security detection systems in cybersecurity through "attack substitutes defense".Therefore,the research on the generation of adversarial examples in cybersecurity has both theoretical value and practical significance.In this paper,combined with the characteristics of each scenario in cybersecurity,the problems that need to be solved during the generation of adversarial examples in cybersecurity are sorted out and summarized based on the existing research on the generation of adversarial examples.The corresponding solutions are provided.The main contributions of this paper are as follows:(1)This paper firstly systematically sorts out the types of input data in the various application scenarios of cybersecurity and then extracts the main problems that need to be solved when generating adversarial examples in cybersecurity: 1)The input for machine learning based security detection systems in cybersecurity may be discrete values,continuous values,or a combination of discrete values and continuous values.Therefore,during the generation of adversarial examples,measures should be taken to maintain the discretization of discrete features.2)The produced adversarial perturbations in cybersecurity cannot destroy the original function of the input to guarantee the effectiveness of the generated adversarial examples.Therefore,in the field of cybersecurity,the adversarial attack methods can only perturb the nonfunctional features of the original input.Given these two points,this paper gives the corresponding solutions according to the characteristics of the corresponding scenarios when designing the adversarial generation methods for various application scenarios of cybersecurity.(2)Given the shortcomings of the black-box attack methods based on generative adversarial networks,this paper proposes a new black-box adversarial generation method that is more suitable for evaluating the robustness of Android malware detection systems based on machine learning against adversarial examples.This method generates adversarial examples by exhaustively searching the adversarial features that can cause the target system to misclassify in the restricted feature space.Therefore,it is called the brute-force attack method.Compared with the black-box attack method based on generative adversarial networks,the brute-force attack method is simpler in principle and easier to implement.Besides,it avoids the tedious training process of the attack method based on generative adversarial networks and can generate adversarial examples more efficiently.The brute-force attack method generates adversarial examples in a determinate way,so its attack performance is more stable.This paper verifies the effectiveness of the proposed method based on DREBIN Android malware dataset.The experimental results show that the brute-force attack method has better performance against the mainstream machine learning classifiers than the attack method based on generative adversarial networks.(3)The attack performance of the mainstream white-box attack methods in network intrusion detection is usually not ideal.In this paper,three new adversarial attack amplified methods are proposed to enhance the attack performance of these white-box attack methods in network intrusion detection.The proposed methods adopt a unified underlying architecture,masks the underlying details of the amplified algorithms,and improves the attack performance of different types of white-box attack methods through a unified interface effectively.In this paper,the effectiveness of the proposed method is verified on the NSL-KDD intrusion detection dataset.The experimental results show that the three methods proposed in this paper can effectively improve the attack performance of the common gradient-based white-box adversarial attack methods in network intrusion detection.This paper also evaluates the transferability of the amplified adversarial examples generated by the three amplified methods across different machine learning classifiers.(4)The input for machine learning based host intrusion detection systems is usually a discrete vector.The mainstream white-box adversarial attack methods usually only support the generation of small and continuous perturbations.To better evaluate the robustness of machine learning based host intrusion detection systems against adversarial examples,a new white-box adversarial generation method for generating discrete adversarial perturbations is proposed in this paper.The method maintains the discreteness of the generated adversarial examples by discretizing them during the generation of the adversarial perturbations.This method is known as the iterative step method because when adversarial perturbations are added to the original input,the perturbed features will directly change from one state to another.This paper compares the attack performance of the iterative step method against common machine learning classifiers with the mainstream white-box adversarial attack methods based on the ADFA-LD host intrusion detection dataset.The experimental results show that the attack performance of the iterative step method against common machine learning classifiers is better than the mainstream white-box adversarial attack methods.Besides,the transferability of the adversarial examples generated by the iterative step method and the adversarial examples generated by the mainstream white-box attack methods across different classifiers are compared. |
PDF Full Text Request