基于多样化时间关联的流量对抗攻击方法OA

Traditional traffic adversarial example generation methods based on long short-term memory(LSTM)require knowledge of the entire traffic flow for generation,making them unsuitable for real-world end-to-end environments.To address this issue,a diversified time correlation attack(DTCA)method is proposed in this paper.First,the method employs factor principal component analysis to ex-tract time cluster features of malicious traffic before launching an attack.Then,it uses a multi-input LSTM model to learn the temporal correlations of normal network traffic,based on which the malicious traffic duration is predicted and"disguised"for adversarial purposes.Finally,the method reshapes the malicious traffic based on the adversarial generated traffic duration,replays it back into the target net-work,and assesses the attack's effectiveness.Experiments on three classic detection models show that,compared with traditional methods,the DTCA method can reduce the detection effectiveness of the three detectors by an average of over 60%,and can be applied in real network end-to-end environ-ments.