The recent advancements in machine learning have led to a wave of interest in adopting online learning-based approaches for long-standing attack mitigation issues. In particular, DDoS attacks remain a significant threat to network service availability even after more than two decades. These attacks have been well studied under the assumption that malicious traffic originates from a single attack profile. Based on this premise, malicious traffic characteristics are assumed to be considerably different from legitimate traffic. Consequently, online filtering methods are designed to learn network traffic distributions adaptively and rank requests according to their attack likelihood. During an attack, requests rated as malicious are precipitously dropped by the filters. In this paper, we conduct the first systematic study on the effects of data poisoning attacks on online DDoS filtering; introduce one such attack method, and propose practical protective countermeasures for these attacks. We investigate an adverse scenario where the attacker is "crafty", switching profiles during attacks and generating erratic attack traffic that is ever-shifting. This elusive attacker generates malicious requests by manipulating and shifting traffic distribution to poison the training data and corrupt the filters. To this end, we present a generative model MimicShift, capable of controlling traffic generation while retaining the originating regular traffic's intrinsic properties. Comprehensive experiments show that online learning filters are highly susceptible to poisoning attacks, sometimes performing much worse than a random filtering strategy in this attack scenario. At the same time, our proposed protective countermeasure effectively minimizes the attack impact.
翻译:最近机器学习的进展导致人们对采用在线学习方法解决长期攻击减缓问题的兴趣浪潮。特别是,DDoS攻击在20多年后仍然对网络服务的提供构成重大威胁。这些攻击在恶意交通来源于单一攻击剖面的假设下得到了很好的研究。基于这一假设,恶意交通特征被认为与合法交通大不相同。因此,在线过滤方法的设计是为了根据攻击可能性来学习网络交通分布的适应性和级别要求。在一次攻击中,被评为恶意的要求被过滤器急剧减少。在本文件中,我们对数据中毒袭击对在线DDoS过滤系统的影响进行首次系统研究;采用一种此类袭击方法,并提出针对这些袭击的实用保护性对策。我们调查攻击者“巧妙地”在攻击中变换配置,造成攻击流量变化不定的交通流量变化。这个捉摸摸摸不着的攻击者通过操纵和转移交通分布来提出恶意请求,毒害培训数据,腐蚀过滤器。为此,我们提出了一种针对数据中毒袭击后果的系统研究,我们提出了一种基因模型性Mishft过滤器,能够控制这些攻击的常规性袭击,同时学习高水平的交通生成。