Attack And Defense Research And Implementation Of Network Traffic Classification And Recognition

Deep learning algorithms are widely used in network traffic classification and have a good classification effect.The application of deep learning methods can not only greatly improve the accuracy of network traffic classification,but also simplify its classification process.However,deep learning-based network traffic classification methods face security threats such as poisoning attacks and adversarial attacks.Therefore,in order to verify the insecurity of using deep learning algorithm for network traffic classification,this thesis studies the attack and defense of adversarial attack and poisoning attack on the network traffic classification method based on deep learning.The threat of poisoning attack and adversarial attack is analyzed,and corresponding defense measures are proposed,which have been verified on the dataset.In order to study the threat of adversarial attacks to the network traffic classification method based on deep learning,this thesis adopts a variety of adversarial attack algorithms for verification.The sample adds a certain disturbance invisible to the naked eye to make the classification model misclassify the sample,so as to blind the classification model.Experiments show that adversarial attacks have powerful potential attacks on deep learning-based network traffic classification and identification methods.At the same time,in order to study the threat of poisoning attacks to network traffic classification methods based on deep learning,this thesis proposes a poisoning attack method based on local pixel modification.After the network is trained,a wrong classification model will be generated,and the wrong classification model will misclassify the correct samples,and even attackers can use the characteristics of the poisoned samples in the training set to use test samples with similar characteristics in the test set to trigger the backdoor.Experiments show that attackers can use backdoors to trigger poisoning attacks in the testing phase by polluting the network traffic training set.For the adversarial attack method,the thesis proposes a defense measure based on mixed adversarial training,which refers to the mixed training of the adversarial traffic samples formed by the adversarial attack and the original traffic samples.This method complements the comprehensiveness of the training samples as much as possible,and also greatly improves the robustness of the classification model.In addition,for the local pixel poisoning attack,this thesis also proposes a defense method using image conversion and retraining.The clean network traffic samples are scrambled and reorganized locally and then the poisoned classification model is retrained.The effectiveness of the two attack methods is and the feasibility of both defenses are validated on the USTC-TK2016 dataset.