ML-NIDS-oriented Adversarial Sample Generation

The development of the Internet has greatly promoted the dissemination of information,but the ensuing cyberspace security problems have become more and more serious.In the face of increasingly frequent security problems,one of the effective protection methods is the network-based intrusion detection system(NIDS).With the development of machine learning(ML)technology,many NIDS have adopted machine learning for malicious traffic detection which are usually called "ML-NIDS".However,while machine learning technology brings great convenience to network protection,the model itself also has huge security risks.In the process of using ML-NIDS,people found that in many cases,only a slight disturbance of the input to the NIDS to the sample can make the judgment result of the model be wrong,and this disturbance will not lose the attack of the sample.Ability,such samples are usually called adversarial samples.Adversarial attacks based on adversarial samples are an effective attack method against machine learning models.In the field of computer vision,the research on adversarial samples has been extensive and in-depth,but there is less research on adversarial samples in the field of traffic.We studied the nature of adversarial examples.At the same time,we proved that the ML-NIDS attack is effective.We propose a general framework to generate adversarial examples.The generative adversarial network is used in the algorithm.We have conducted experiments on both traffic and characteristics.In addition,this paper also proposes a defense method,which can improve the robustness of the network intrusion detection system and the reliability of security equipment.The main contributions of this article are:(1)The current attacks on ML-NIDS are mainly concentrated in the field of white box attacks.The attacker understands the internal structure and parameters of the target classifier.This article studies black box attacks and proposes a generation based on black box conditions.We use generative adversarial networks to achieve it.(2)At this stage,most of the attacks on ML-NIDS stay at the feature level.Based on the feature space attack,this research attempts to upgrade the attack to the traffic level.We process real network data packets,and use the K-nearest neighbor algorithm and generative adversarial networks to generate traffic confrontation samples;(3)This research expands the existing defense measures,and proposes a adversarial training based on a generative adversarial network,which can further improve the stability of the network intrusion detection system.It is better than the data expansion based on other algorithms in the existing research.