Adversarial Network Traffic: Toward Evaluating the Robustness of Deep Learning Based Network Traffic Classification
Network traffic classification is used in various applications such as network traffic management, policy enforcement, and intrusion detection systems. Although most applications encrypt their network traffic and some of them dynamically change their port numbers; Machine Learning (ML) and especially Deep Learning (DL)-based classifiers have shown impressive performance in network traffic classification. In this paper, we evaluate the robustness of DL-based network traffic classifiers against Adversarial Network Traffic (ANT). ANT causes DL-based network traffic classifiers to predict incorrectly using Universal Adversarial Perturbation (UAP) generating methods. We partition the input space of the DL-based network traffic classification into three categories: Packet Classification (PC), Flow Content Classification (FCC), and Flow Time Series Classification (FTSC). To generate ANT, we propose three new attacks injecting UAPs to the network traffic. AdvPad attack injects a UAP into the content of packets to evaluate the robustness of packet classifiers. AdvPay attack injects a UAP into the payload of a dummy packet to evaluate the robustness of flow content classifiers. AdvBurst attack injects a specific number of dummy packets with crafted statistical features based on a UAP into a selected burst of a flow to evaluate the robustness of flow time series classifiers. The results indicate injecting a little UAP to the network traffic, highly decreases the performance of DL-based network traffic classifiers in all categories.
READ FULL TEXT