Research On Adversarial Examples Technology Against Network Intrusion Detection System

With the continuous expansion of network,network attacks also emerge in endlessly.With the development of machine learning technology,various intelligent network intrusion detection algorithms begin to sprout.However,the vulnerability of machine learning model in the adversarial environment cannot be ignored.In the field of intelligent network intrusion detection,there are few researches on this aspect.In this thesis,we study network intrusion detection from the following aspects:1.A framework is designed to evaluate network intrusion detection system in adversarial environment.We tested the classic target model in NIDS.The advanced adversary models add targeted perturbations to the input samples to generate adversarial samples.In order to comprehensively evaluate the impact of the adversary model on intelligent NIDS,we evaluate and compare in many aspects.The experimental results show that the vulnerability of machine learning based network intrusion systems in the adversarial environment cannot be ignored.2.An algorithm of generating adversarial sample based on generative adversarial network is designed.In contrast to the standard generative adversarial networks,this thesis redefines the generator and discriminator.The main difference between this method and the existing adversarial sample generation algorithm is that the adversarial samples are dynamically generated according to the feedback of the black box IDS,while the existing algorithms mostly use the gradient information to generate the adversarial samples.The results show that the adversarial sample can guarantee good attack performance and bypass the detection of black box NIDS.3.We also study the defense technology against adversarial examples.A defense algorithm based on bidirectional generative adversarial network is designed.The generator can learn the data distribution of normal samples,which can be regarded as an implicit system model reflecting normal data distribution.After the training is completed,the adversarial examples detection module calculates the sample reconstruction error and the feature matching error of discriminator.Then,the adversarial samples are eliminated to improves the robustness and accuracy of NIDS in the adversarial environment.