| 一种多强度攻击下的对抗逃避攻击集成学习算法 |
| |
| 引用本文: | 刘晓琴,王婕婷,钱宇华,王笑月.一种多强度攻击下的对抗逃避攻击集成学习算法[J].计算机科学,2018,45(1):34-38, 46. |
| |
| 作者姓名: | 刘晓琴 王婕婷 钱宇华 王笑月 |
| |
| 作者单位: | 山西大学大数据科学与产业研究院 太原030006;计算智能与中文信息处理教育部重点实验室 太原030006;山西大学计算机与信息技术学院 太原030006,山西大学大数据科学与产业研究院 太原030006;计算智能与中文信息处理教育部重点实验室 太原030006;山西大学计算机与信息技术学院 太原030006,山西大学大数据科学与产业研究院 太原030006;计算智能与中文信息处理教育部重点实验室 太原030006;山西大学计算机与信息技术学院 太原030006,山西大学软件学院 太原030006 |
| |
| 基金项目: | 本文受国家自然科学基金(61672332,1,61432011,U1435212),教育部新世纪优秀人才支持计划(NCET-12-1031),山西省教育厅高等学校中青年拔尖创新人才支持计划,山西省“三晋学者”特聘教授资助 |
| |
| 摘 要: | 在对抗性学习中,攻击者在非法目的的驱使下,通过探索分类器的漏洞并利用漏洞,使得恶意样本逃过分类器的检测。目前,对抗性学习已被广泛应用于计算机网络中的入侵检测、垃圾邮件过滤和生物识别等领域。现有研究者仅把现有的集成方法应用在对抗性分类中,并证明了多分类器比单分类器更鲁棒。然而,在对抗性学习中,攻击者的先验信息对分类器的鲁棒性有较大的影响。基于此,通过在学习过程中模拟不同强度的攻击,并增大错分样本的权重,提出的 多强度攻击下的对抗逃避攻击集成学习算法 可以在保持多分类器准确性的同时提高鲁棒性。将其与Bagging集成的多分类器进行比较,结果表明所提算法 具有更强的鲁棒性。最后,分析了算法的收敛性以及参数对算法的影响。
|
| 关 键 词: | 对抗性学习 逃避攻击 多分类器 鲁棒性 |
| 收稿时间: | 2017/3/3 0:00:00 |
| 修稿时间: | 2017/5/19 0:00:00 |
Ensemble Method Against Evasion Attack with Different Strength of Attack |
| |
| LIU Xiao-qin,WANG Jie-ting,QIAN Yu-hua and WANG Xiao-yue.Ensemble Method Against Evasion Attack with Different Strength of Attack[J].Computer Science,2018,45(1):34-38, 46. |
| |
| Authors: | LIU Xiao-qin WANG Jie-ting QIAN Yu-hua and WANG Xiao-yue |
| |
| Affiliation: | Research Institute of Big Data Science and Industry,Shanxi Unviersity,Taiyuan 030006,China;Key Laboratory of Computational Intelligence and Chinese Information Processing of Ministry of Education,Taiyuan 030006,China;School of Computer and Information Technology,Shanxi University,Taiyuan 030006,China,Research Institute of Big Data Science and Industry,Shanxi Unviersity,Taiyuan 030006,China;Key Laboratory of Computational Intelligence and Chinese Information Processing of Ministry of Education,Taiyuan 030006,China;School of Computer and Information Technology,Shanxi University,Taiyuan 030006,China,Research Institute of Big Data Science and Industry,Shanxi Unviersity,Taiyuan 030006,China;Key Laboratory of Computational Intelligence and Chinese Information Processing of Ministry of Education,Taiyuan 030006,China;School of Computer and Information Technology,Shanxi University,Taiyuan 030006,China and School of Software Engineering,Shanxi University,Taiyuan 030006,China |
| |
| Abstract: | Driven by the illegal purpose,attackers often exploit the vulnerability of the classifier to make the malicious samples free of detection in adversarial learning.At present,adversarial learning has been widely used in computer network intrusion detection,spam filtering,biometrics identification and other fields.Many researchers only apply the exi-sting ensemble methods in adversarial learning,and prove that multiple classi-fiers are more robust than single classi-fier.However,priori information about the attacker has a great influence on the robustness of the classifier in adversariallearning.Based on this situation,by simulating different strength of attack in learning process and increasing the weight of the misclassified sample,the robustness of the multiple classifiers can be improved with maintaining the accuracy.The experimental results show that the ensemble algorithm against evasion attack with different strength of attack is more robust than Bagging.Finally,the convergence of the algorithm and the influence of parameter on the algorithm were analyzed. |
| |
| Keywords: | Adversarial learning Evasion attacks Multiple classifier systems Robustness |
|
|
点击此处可从《计算机科学》下载全文 |
|
