We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Adversarial attack defense algorithm based on convolutional neural network.
- Authors
Zhang, Chengyuan; Wang, Ping
- Abstract
To improve the defense of CNN network traffic classifiers against adversarial sample attacks, the author proposes a batch adversarial training method that utilizes the characteristics of backpropagation errors during the training process, and completing both sample gradient and parameter gradient calculations in one backpropagation process can significantly improve training efficiency. Meanwhile, since the adversarial samples used for training are generated on the target model, they can effectively defend against white box attacks. The author proposes an enhanced adversarial training method to further defend against black box attacks and overcome the transferability of adversarial samples. Using multiple models to generate adversarial samples with inconsistent sample gradients increases the diversity of adversarial samples and enhances the ability to defend against black box attacks. Through experiments on the actual traffic dataset USTC-TFC2016, we generate network traffic for adversarial samples to simulate attacks. With classification accuracy rates for FGSM adversarial samples of 49.72% and 54.32%, respectively, the experimental results show that the enhanced adversarial approach proposed by the author has a more vital ability to defend adversarial samples than defense distillation and adversarial sample detection. The classification accuracy of enhanced adversarial training can reach 75.37%, significantly higher than defense distillation and adversarial sample detection. The authors suggested adversarial training strategy can successfully improve CNN traffic classifiers' defense capabilities.
- Subjects
CONVOLUTIONAL neural networks; COMPUTER network traffic
- Publication
Neural Computing & Applications, 2024, Vol 36, Issue 17, p9723
- ISSN
0941-0643
- Publication type
Article
- DOI
10.1007/s00521-023-09045-3