Research On The Method Of Network Deception Traffic Generation Based On Adversarial Examples

Network traffic identification is one of the common network attack methods.It captures and analyzes user's traffic to obtain user's information(such as application types),which invades user's privacy and interferes with the normal operation of network systems.Using network deception traffic is one of the main defenses against network traffic identification.However,the existing deception traffic generation technology has the following shortcomings: 1)Its concealment is poor,and it is easy to be detected by attackers;2)It is often difficult to resist the traffic identification attack based on deep learning.For this reason,based on the observation that deep learning models are easily deceived by adversarial examples(AEs),a new network deception traffic generation method based on adversarial example technology is proposed in this thesis.The method applies the adversarial example generation algorithm to the preprocessed network traffic,and generates deception traffic that is not easy to be detected and can effectively resist network traffic identification attacks by performing a small perturbation on the traffic.At present,the research on this kind of method in academia has just started.The proposed methods are limited in practice because they don't consider the characteristics of network traffic and the application conditions of traffic deception.On the basis of the existing work,the location and range of the perturbation should be restricted,and the corresponding network deception flow generation method is proposed for a variety of application scenarios.The research contents and main contributions of this thesis are briefly described as follows:(1)An AE based network deception traffic generation method is proposed under whitebox conditions.With the prior knowledge of the network traffic recognition model(through the classical model simulation method),and based on the characteristics of network traffic,a restrictive perturbation method is proposed on the basis of the existing classic adversarial example generation algorithm.And this further reduces the difference between the deception traffic and the original traffic,and increases the concealment of deception traffic.(2)Three AE based network deception traffic generation methods are proposed under black-box conditions,namely,neighboring perturbation algorithm,ZOO perturbation algorithm and integrated adversarial perturbation algorithm.The first two algorithms are suitable for black-box conditions where only traffic identification output can be known.The former focuses on improving the concealment of traffic perturbations and reducing the cost of perturbations,and the latter aims to increase the success rate of perturbations and enhance the capability of defense against traffic identification attack.The last algorithm is suitable for the black-box condition that knows nothing about the traffic recognition model.By confronting the pre-trained traffic recognition integration model during the training process,it can ensure that the generated deception traffic can deceive unseen traffic identification model with a higher probability.This ensures that the generated deception traffic has a high transfer success rate.(3)A large number of experiments are conducted to verify the effectiveness and superiority of the proposed algorithms.The experiments use two classic public data sets in traffic identification research,namely,Moore and USTC-TFC2016,and introduce the selfbuilt data set HUST-RFID collected by the author.Under the white-box condition,the algorithm proposed in this thesis achieves a deception success rate of 99.4% in the three data sets,and its perturbation is reduced by 95%,66.7%,and 66.7%,respectively,compared with the traditional method.Under the black-box condition,the deception success rate of the neighbor perturbation algorithm in the three data sets increases by 31.11%,18.55%,and15.08% respectively;the ZOO perturbation algorithm improves the overall deception rate under the black-box condition,and in the three data sets it achieves a deception success rate of more than 78%;the integrated adversarial perturbation algorithm improves the overall deception rate of the single-model generating adversarial examples,and has increased by22.14%,27.28%,and 22.21% on the three data sets respectively.