基于特征差分选择的集成模型流量对抗样本防御架构  

作　　者：何元康 马海龙[1,2] 胡涛 江逸茗 HE Yuankang;MA Hailong;HU Tao;JIANG Yiming(PLA Strategic Support Force Information Engineering University,Zhengzhou 450000,China;Key Laboratory of Cyberspace Security Ministry of Education,Zhengzhou 450000,China)

机构地区：[1]解放军战略支援部队信息工程大学,郑州450000 [2]网络空间安全教育部重点实验室,郑州450000

出　　处：《计算机科学》2025年第4期369-380,共12页Computer Science

基　　金：雄安新区科技创新专项(2022XAGG0111)。

摘　　要：当前,基于深度学习的异常流量检测模型容易遭受流量对抗样本攻击。作为防御对抗攻击的有效方法,对抗训练虽然提升了模型鲁棒性,但也导致了模型检测精度下降。因此,如何有效平衡模型检测性能和鲁棒性是当前学术界研究的热点问题。针对该问题,基于集成学习思想构建多模型对抗防御框架,通过结合主动性特征差分选择和被动性对抗训练,来提升模型的对抗鲁棒性和检测性能。该框架由特征差分选择模块、检测体集成模块和投票裁决模块组成,用于解决单检测模型无法平衡检测性能与鲁棒性、防御滞后的问题。在模型训练方面,设计了基于特征差分选择的训练数据构造方法,通过有差异性地选择和组合流量特征,形成差异化流量样本数据,用于训练多个异构检测模型,以抵御单模型对抗攻击;在模型裁决方面,对多模型检测结果进行裁决输出,基于改进的启发式种群算法优化集成模型裁决策略,在提升检测精度的同时,增大了对抗样本生成的难度。实验效果显示,所提方法的性能相比单个模型对抗训练有较大提升,相较于现有的集成防御方法,其准确率和鲁棒性提升了近10%。Currently,anomaly traffic detection models that leverage deep learning technologies are increasingly vulnerable to adversarial example attacks.Adversarial training has emerged as a potent defense mechanism against these adversarial attacks.By incorporating adversarial examples into the training process,it aims to enhance the model’s robustness,making it more resistant to similar attacks in the future.However,this approach is not without its drawbacks.While it indeed increases the model’s robustness,it also inadvertently leads to a decrease in the model’s detection accuracy.This trade-off between robustness and accuracy has become a pivotal concern in the realm of deep learning-based anomaly detection,sparking intense debate and research within the academic community.Addressing this critical issue,this paper proposes a novel framework that seeks to balance the model’s detection performance with its robustness against adversarial attacks.Drawing inspiration from ensemble learning,we construct a multi-model adversarial defense framework.This framework not only enhances the model’s adversarial robustness but also aims to improve its detection performance.By integrating proactive feature differential selection with passive adversarial training,we develop a comprehensive strategy that fortifies the model against adversarial threats while maintaining high detection accuracy.The model consists of a feature differential selection module,a detection body integration module,and a voting decision module,to address the issue that a single detection model cannot balance detection performance and robustness,and the problem of defense lagging.In the aspect of model training,we introduce a sophisticated method for constructing training data based on feature differential selection.This method involves selectively combining traffic features that exhibit significant differences,thereby creating a set of differentiated traffic example data.These examples are then used to train multiple heterogeneous detection models.This ap

关 键 词：异常流量检测 对抗样本攻击 集成学习 多模裁决 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]