Go to DBLP homepageMPTM: A Multiple Perturbation Training Method to Generate Adversarial Traffic in Byte Space
Abstract: The wide adoption of encryption network traffic protocols, such as TLS/SSL, poses great challenges in the detection and recognition of network traffic. Recently, deep learning techniques have been exploited to detect malicious encrypted traffic. While achieving good performance, deep learning models can be bypassed due to their vulnerabilities to adversarial attacks. There has been some work on generating adversarial traffic to evade deep learning-based systems, however, they fail to generate traffic that complies with network constraints and does not work in practical scenarios. In this paper, we propose a method that can generate legitimate traffic and evade deep models in practical scenarios. The effectiveness of the method comes from two novel designs. First, the perturbations are added to only the payload field to generate legitimate packets. Second, the perturbations are generated in a way that adversarial examples with different multiple of the perturbations can both evade the detection system. Thus, the traffic generated with our method can be restored while all previous works fail to do so. We further designed a joint training method to improve the evasion rate of the generated traffic. Experimental results demonstrated that traffic generated by our method can evade state-of-the-art deep learning detection models with an overall escape success rate of higher than 94 %.
External IDs:dblp:conf/iwqos/XiaoZWL25
Loading