面向加密恶意流量检测模型的堆叠集成对抗防御方法  

作　　者：陈瑞龙 胡涛 卜佑军[1] 伊鹏 胡先君 乔伟 CHEN Ruilong;HU Tao;BU Youjun;YI Peng;HU Xianjun;QIAO Wei(Information Technology Research Institute,Information Engineering University,Zhengzhou Henan 450002,China;Purple Mountain Laboratories,Nanjing Jiangsu 211111,China)

机构地区：[1]信息工程大学信息技术研究所,郑州450002 [2]网络通信与安全紫金山实验室,南京211111

出　　处：《计算机应用》2025年第3期864-871,共8页journal of Computer Applications

基　　金：国家自然科学基金资助项目(62176264)。

摘　　要：当前,基于深度学习的流量分类模型已广泛应用于加密恶意流量分类,然而深度学习模型所面临的对抗样本攻击问题严重影响了这些模型的检测精度和可用性。因此,提出一种面向加密恶意流量检测模型的堆叠集成对抗防御方法D-SE(Detector-Stacking Ensemble)。D-SE采用堆叠集成学习框架,分为对抗防御层和决策层。对抗防御层用于检测潜在的对抗攻击流量样本,在该层中包括由残差网络(ResNet)、CNN-LSTM、ViT(Vision Transformer)这3种分类器以及多层感知机组成的对抗攻击检测器,多层感知机根据分类器预测概率的分布检测是否发生对抗攻击。为提高检测器的对抗样本检测效果,对检测器进行对抗训练。在决策层中设计一种基于投票和权重机制的联合决策模块,并通过择多判决机制和高权重者优先机制避免最终预测结果过度依赖部分分类器。在USTC-TFC2016数据集上对D-SE进行测试的结果表明:在非对抗环境下,D-SE的准确率达到96%以上;在白盒攻击环境下,D-SE的准确率达到89%以上。可见,D-SE具有一定的对抗防御能力。Currently,deep learning-based traffic classification models are used widely for encrypted malicious traffic classification.However,adversarial attack samples faced by deep learning models severely impact the detection accuracy and availability of these models.Therefore,an adversarial defense method for encrypted malicious traffic detection models was proposed,namely D-SE(Detector-Stacking Ensemble).D-SE employed a stacking ensemble learning framework,which was divided into an adversarial defense layer and a decision layer.The former was used to detect potential adversarial traffic samples,including three classifiers—Residual Network(ResNet),CNN-LSTM,and Vision Transformer(ViT),and a multilayer perceptron as an adversarial attack detector.Based on the predicted probability distribution of the classifiers,the existence of adversarial attack was detected by the multilayer perceptron.To improve the detection performance of the detector for adversarial samples,the detector was enhanced via adversarial training.In the decision layer,a joint decision module based on voting and weight mechanism was designed,and through a majority rule decision mechanism and a highweight-preference mechanism,excessive dependence on some classifiers was alleviated in the final prediction.The performance of D-SE was tested on USTC-TFC2016 dataset,and the results show that the accuracy of D-SE is over 96%in the non-adversarial environment,and the accuracy of D-SE is more than 89%in the white-box attack environment.It can be seen that D-SE has certain ability of adversarial defense.

关 键 词：恶意流量分类 深度学习 对抗攻击 防御机制 堆叠集成学习框架 

分 类 号：TP393[自动化与计算机技术—计算机应用技术] TP181[自动化与计算机技术—计算机科学与技术]