Research On Adversarial Sample Attack And Backdoor Attack Based On Encrypted Traffic Classification

In recent years,the emergence of artificial intelligence has brought new challenges to network security.Deep learning has been widely used in network security detection.Network security detection systems based on deep learning classification networks can efficiently identify abnormal data.However,due to the robustness and vulnerability of deep learning,intelligent algorithm models based on deep learning face the threat of adversarial sample attacks and backdoor attacks.Research on adversarial sample attacks and backdoor attacks against deep learning classification networks can reveal the defects of existing intelligent classifiers and provide help for further attack defense.Based on the above reasons,this thesis explores the implementation of deep learning in network security detection.This thesis builds many deep learning models to classify encrypted traffic data,and conducts adversarial sample attacks and corresponding defenses based on encrypted traffic classification,and then further designs a backdoor attack scheme based on encrypted traffic classification.The main contents of this thesis are as follows:(1)In view of the application of deep learning in encrypted traffic classification,a representative encrypted traffic dataset was preprocessed for deep learning classification.Various classic deep learning classification networks are constructed and trained to classify encrypted traffic,which verifies the feasibility of encrypted traffic classification.(2)In this thesis,a scheme including multiple adversarial sample generation methods was designed to attack different encrypted traffic classifiers.Specifically,this thesis adds noise to the original image to generate corresponding adversarial samples from three directions: gradient-based,optimization-based,and adversarial generative network-based,so that the target classifier can classify adversarial samples incorrectly.In order to defend against adversarial sample attacks,an adversarial sample defense scheme combining active and passive is proposed.Passive defense introduces an autoencoder to denoise adversarial samples to restore samples,while active defense uses adversarial training to improve the robustness of the classifier,thereby improving its defense performance against adversarial examples.(3)This thesis proposes a steganographic backdoor attack scheme by combining steganography in the information field.The steganographic backdoor attack scheme uses a steganographic encoder to modify the pixel values of the lower bits of the image,thereby generating poisoned data with covert triggers.The target classification model is then retrained using the poisoned data,enabling it to classify normal data while misclassifying abnormal data with specific triggers.