Research On Evasion Attack Based On Machine Learning Classifier

Artificial Intelligence(AI)technology is still a current research hotspot,it can adaptively learn the hidden patterns of the data and effectively deal with the problems that are difficult and complicated for people.In the field of network security,the creation of malicious samples can bring economic benefits or other benefits to malicious sample manufacturers.Therefore,it is an inevitable trend for hackers to use artificial intelligence technology to combat existing security measures.In adversarial environment,the attacker wants the classifier to misclassify the malicious sample as a normal sample,which is called the evasion attack.At present,the mimicry attacks,genetic programming and other techniques have been used to generate adversarial examples,but there are problems such as difficulty in expressing high-dimensional feature vectors,slow convergence,and complicated parameter setting.In order to solve these problems better,based on the features of evasion attacks and analyzing the status quo of research,this paper focuses on how to use Wasserstein generative adversarial networks(WGAN)and differential evolution algorithms in evasion attack.Differential evolution algorithms(DE)technology are used to design more effective evasion attacks strategies.First,there is currently no way to implement an evasion attack against network intrusion detection systems(NIDS),which produces adversarial examples misleading NIDS to make the erroneous decisions.Therefore,this paper proposes DoS-WGAN,a model that uses WGAN and gradient penalty techniques to evade NIDS.In order to disguise denial of service(DoS)attacks on network traffic as normal network traffic,DoS-WGAN automatically synthesizes a set of the reference features values of network traffic,which guide attackers to modify their network traffic.The modified network traffic can invalidate existing NIDS based on convolutional neural network(CNN).In order to evaluate and guide the training of GAN,this paper first proposes a method combining the standard Euclidean distance and information entropy to evaluate the training process.The experimental results show that the WGAN technique based on gradient penalty is better and the training is more stable.The evasion rate of 52.4% is achieved on CNN-based NIDS.On the other hand,in the field of malicious file detection,the existing evasion attack algorithm may not find the attack sample points of some malicious samples.For example,when the gradient descent method is performed,the malicious sample points of the attack may be further and further away from the normal sample points.Although we consider using genetic programming techniques to solve this problem,the amount of computation is greatly increased.Therefore,this paper proposes a new evasion attacks algorithm.For the PDF malware classifier PDFrate,our algorithm uses an differential evolution algorithm to search for adversarial examples.The algorithm ensures that each sample can be matched adversarial examples with a small time cost.The experimental results show that our method can automatically find the adversarial examples for all the PDFs with malicious seeds in our research.