基於生成對抗網路的對抗 DDoS 攻擊防禦策略;Defense Strategy of Adversarial DDoS Attack Based on Generative Adversarial Network

NCU Institutional Repository > 資訊電機學院 > 通訊工程研究所 > 博碩士論文 > Item 987654321/98157

jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://ir.lib.ncu.edu.tw/handle/987654321/98157

题名:	基於生成對抗網路的對抗 DDoS 攻擊防禦策略;Defense Strategy of Adversarial DDoS Attack Based on Generative Adversarial Network
作者:	謝沛寰;Hsieh, Pei-Huan
贡献者:	通訊工程學系
关键词:	分散式阻斷服務攻擊;對抗式攻擊;對抗訓練;WGAN;模型泛化性;Distributed Denial of Service Attack;Adversarial Attack;Adversarial Training;Wasserstein GAN;Model Generalization
日期:	2025-08-27
上传时间:	2025-10-17 12:26:40 (UTC+8)
出版者:	國立中央大學
摘要:	分散式阻斷服務（Distributed Denial of Service, DDoS）攻擊為當前最具威脅性的網路攻擊手法之一，攻擊者常利用多點偕同發送大量惡意流量，或是模仿合法流量行為來達到癱瘓系統的目的。為了提升異常行為的偵測能力，現今多數防禦機制已經從傳統的靜態規則轉向採用資料驅動的 AI 模型作為防禦核心。然而，AI 模型在具備高偵測精度的同時，也暴露於對抗式攻擊的風險之中。其中，又以在部署階段所面臨的規避攻擊最具代表性及實務性。對抗訓練（Adversarial Training）作為一種強化模型防禦的主動式策略，已廣泛應用於惡意流量辨識領域。然而，既有研究多以單一生成策略產生對抗樣本，容易造成樣本變異性不足，使模型過度擬合特定對抗樣本，進而限制其面對未知攻擊的應對能力，即泛化性（Generalization）不足。為解決此問題，本研究提出一套基於 Wasserstein 生成對抗網路（Wasserstein Generative Adversarial Network, WGAN）的對抗樣本生成策略——Evasion and Diversity Guided WGAN（簡稱 EDG-WGAN）。此策略不僅繼承 WGAN 的資料分布擬合能力，並同時引入規避損失（Evasion Loss）與多樣性追尋損失（Diversity-seeking Loss），引導生成器從分布合理性（Distributional Validity）、規避能力（Evasive Capability）與多樣性（Diversity）三個面向學習對抗樣本生成。隨後，所生成之對抗樣本可與原始訓練資料混合，構建對抗訓練資料集。DDoS 防禦模型在利用該資料集進行對抗訓練後，能同時提升在已知與未知對抗攻擊下的穩健性（Robustness），從而達到改善泛化性的目標。本研究在實驗中採用 CICDDoS2019 資料集，以評估所提出策略所訓練出的生成器是否能夠產生同時具備分布合理性、規避能力與多樣性的對抗樣本，並進一步檢驗利用這些對抗樣本進行對抗訓練後的 DDoS 防禦模型之穩健性與泛化性。實驗結果顯示，本策略成功生成具備分布合理性（與真實攻擊樣本的 Wasserstein 距離較小）及高規避能力（96.82% 的對抗樣本能繞過原始防禦模型檢測）的對抗樣本。此外，經由生成的對抗樣本進行訓練後的強化模型，在面對訓練過程未曾出現的 Fast Gradient Sign Method（FGSM）與 Carlini & Wagner（C&W）攻擊時，能將攻擊成功率分別降低至約 3% 與 37%。此結果顯示，在對抗訓練過程中引入 EDG-WGAN，不僅改善了既有方法在泛化性上的限制，也展現進一步強化智慧型防禦模型的潛力。;Distributed Denial of Service (DDoS) attacks represent one of the most significant cybersecurity threats today. Attackers often coordinate multiple sources to generate massive volumes of malicious traffic or mimic legitimate traffic patterns to overwhelm target systems. Modern defense mechanisms have evolved from traditional rule-based systems to data-driven AI models as their core defense strategy. While AI models provide high detection accuracy, they remain vulnerable to the threat of adversarial attacks, particularly evasion attacks. Since evasion attacks occur after model deployment, they represent the most practical and threatening form of adversarial attack. Adversarial training, a proactive defense strategy, has been widely adopted for malicious taffic detection. However, existing studies typically rely on single adversarial sample generation strategy, which leads to limited samples variability. This limitation causes the strengthed model to overfit to specific adversarial patterns, reducing their abililty to handle unseen adversarial attack strategies. To address this challenge, we propose Evasion and Diversity Guided WGAN (EDG-WGAN), an adversarial sample generation strategy based on Wasserstein GAN (WGAN). This strategy not only inherits the distribution-fitting capability of WGAN, but also incorporates evasion loss and diversity-seeking loss, guiding the generator to learn adversarial sample generation from three perspectives: distributional validity, evasive capability, and diversity. The generated samples are further combined with original training data to construct an adversarial training dataset. Using this dataset, the DDoS defense model can be adversarially trained to enhance robustness against both known and unseen adversarial attacks, thereby improving its generalization capability. In the experiments, the CICDDoS2019 dataset was employed to evaluate whether the generator trained under the proposed strategy can produce adversarial samples that simultaneously exhibit distributional validity, evasive capability, and diversity. Furthermore, we examined the robustness and generalization of the DDoS defense model after adversarial training with these generated samples. Results show that the proposed strategy successfully generates adversarial samples with high distributional validity (small Wasserstein distance from real attack samples) and strong evasive capability (96.82\% of generated adversarial samples bypass the original defense model). Moreover, the enhanced model, after adversarial training, reduces the attack success rates of previously unseen Fast Gradient Sign Method (FGSM) and Carlini \& Wagner (C\&W) attacks to about 3\% and 37\%, respectively. These findings demonstrate that incorporating the EDG-WGAN into adversarial training not only mitigates the generalization limitations of conventional approaches but also highlights its potential to further strengthen AI-based defense models against sophisticated adversarial threats.
显示于类别:	[通訊工程研究所] 博碩士論文

文件中的档案:

档案	描述	大小	格式	浏览次数
index.html		0Kb	HTML	5	检视/开启

在NCUIR中所有的数据项都受到原著作权保护.

社群 sharing

数据加载中.....