Adversarial Machine Learning for Network Security

With the rapid growth of machine learning applications in communication networks, it is essential to understand the security issues associated with machine learning. In this paper, we choose a flow-based Deep Neural Network (DNN) classifier as a target and study various attacks on this target classifier. The target classifier detects malicious HTTP traffic (i.e., bots, C&C, etc.). We first launch an exploratory attack under a black box assumption against the target DNN classifier. We start from a simple case that the attacker can collect the same set of features used in the target classifier and then consider the case that the attacker can only collect a set of features based on its judgement. We also design the attacks with conditional Generative Adversarial Network (cGAN) to reduce the requirement on the amount of collected data. We show that the attacker can build its own classifier to predict the target classifier's classification results with about 93% accuracy. Once the exploratory attack is successful, we can perform further attacks, e.g., evasion attack and causative attack. We show that these attacks are very effective. Evasion attack can identify samples to double error probability of the target classifier while under causative attack, the new classifier makes classification errors on more than 60% of samples.