CN111163472A - Signal identification attack defense method based on generative countermeasure network - Google Patents

Signal identification attack defense method based on generative countermeasure network Download PDF

Info

Publication number
CN111163472A
CN111163472A CN201911394307.3A CN201911394307A CN111163472A CN 111163472 A CN111163472 A CN 111163472A CN 201911394307 A CN201911394307 A CN 201911394307A CN 111163472 A CN111163472 A CN 111163472A
Authority
CN
China
Prior art keywords
network
model
training
discrimination
signal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911394307.3A
Other languages
Chinese (zh)
Other versions
CN111163472B (en
Inventor
陈晋音
朱伟鹏
郑海斌
成凯回
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University of Technology ZJUT
Original Assignee
Zhejiang University of Technology ZJUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University of Technology ZJUT filed Critical Zhejiang University of Technology ZJUT
Priority to CN201911394307.3A priority Critical patent/CN111163472B/en
Publication of CN111163472A publication Critical patent/CN111163472A/en
Application granted granted Critical
Publication of CN111163472B publication Critical patent/CN111163472B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Molecular Biology (AREA)
  • Artificial Intelligence (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A defense method against network attacks based on generative mode, comprising: 1) establishing a proper generation type confrontation network structure GAN by utilizing a long-time memory network (LSTM); 2) pre-training a discrimination model in the structure; 3) training a generator G according to a loss function of the generator G by taking the iteration times as a limit and a convergence loss function as a target; 4) training the generator D according to the loss function of the generator D, with the iteration times as the limit and the loss function as the convergence aim; 5) repeating the steps (3) to (4), optimizing the generator and the discriminator in the generative confrontation network in turn, taking the iteration times as the upper limit to obtain a better network structure, and completing the generation of an optimal confrontation sample; 6) observing the indexes of the challenge samples and generating a large number of challenge samples with different types of signals; 7) some screened confrontation samples are added into a model training stage to achieve the defense effect of exploring attacks on signal boundaries.

Description

Signal identification attack defense method based on generative countermeasure network
Technical Field
The invention relates to a defense method for resisting network attack based on a generating mode.
Background
Deep learning can obtain more accurate classification results than general algorithms by learning and calculating potential relations of a large amount of data, and has strong feature learning capability and feature expression capability. Accordingly, the deep learning technique is widely applied to the field of artificial intelligence, including an automatic driving technique, an augmented reality technique, a computer vision, a biomedical diagnosis, a natural language processing technique, and the like. Deep learning utilizes a neural network with huge parameters, such as a typical Convolutional Neural Network (CNN) and a Recurrent Neural Network (RNN), to extract features, and can effectively complete the processing of image data and time sequence data.
At present, the deep learning technology is more and more widely applied in the field of radio data processing, including the realization of signal decoding by using a convolutional neural network to complete the design of a wireless communication system; applying a deep learning technique to the allocation processing task of the wireless resource; the modulation type classification task of the radio signal is realized by using a deep learning technology.
The generative countermeasure network, which is an advanced technique in the field of deep learning in recent years, is naturally also applied in the field of radio signal data processing. At present, a generative countermeasure network is used to translate a radio signal into an RGB three-channel color image to realize secure transmission of the signal, and the generative countermeasure network is used to complete encryption of the radio signal. The present invention is intended to improve the defense ability of a black box model, such as a long-term memory network (LSTM), in signal modulation type classification by using a countermeasure sample generated by a generative countermeasure network. Because the deep learning model has the defect of uniformity in various large fields, the existence of the confrontation sample is still not solved. Even if the deep learning model is perfectly trained, the judgment of classification errors is easy to occur when some special slight disturbances are faced.
The modulation methods of signals can be basically divided into three types: amplitude, frequency and phase modulation, abbreviated in english as ASK, FSK and PSK. Other modulation methods are modifications or combinations of the above, and the modulation types of the signals are different under various modulation methods, such as Quadrature Amplitude Modulation (QAM), binary frequency shift keying (2FSK), and the like. Generative confrontation networks utilize two modules involved: and generating a model and a discrimination model, training and promoting each other, and finally generating a countermeasure sample enough for deceiving the black box model. The function of the generation model is to generate a wireless signal, and by giving certain specific information (such as Gaussian noise), the generation model generates a signal corresponding to the wireless signal as efficiently as possible by using a parameter fitting method; the function of the discrimination model is to perform data judgment (generally, to judge whether the signal is true or false), input the generated signal and the true signal into the discrimination model, and the discrimination model judges whether the signal is true or false. To take a simple example: after parameter fitting training is carried out on the generated model by utilizing a large number of puppy pictures, the generated model can generate new puppy pictures which do not belong to the data set only by different Gaussian noises; the discrimination model can discriminate the generated puppy picture from the original puppy picture. Thus, it is easy to generate false signals using generative countermeasure networks, threatening the identification of the modulation type of the radio signal.
Although studies of scholars show that the task of identifying the modulation type of the radio signal is realized by utilizing a deep learning model, the defect of manually extracting features can be overcome, better identification performance can be kept, and the identification accuracy can be kept in a better range even under the condition of low signal-to-noise ratio. However, as long as the deep learning model does not throw away the vulnerability of the challenge sample, it is necessary to pay attention to the security problem in the field of signal modulation type identification. Even if the deep learning model is well trained, when some special slight disturbances are faced, if the judgment of classification errors occurs, serious interference is easily caused to the identification of the signal modulation type, so that important information in signals is extracted wrongly, real-time communication is delayed, and the hidden danger of signal transmission safety problems is caused. For example: in the text "adaptive attacks on Deep-Learning Based Radio Signal Classification" of cause sadghi, Erik g.larsson, it is mentioned in detail that the Radio Signal modulation type recognition model Based on Deep Learning is susceptible to adversarial attacks against samples, so that the recognition accuracy is greatly reduced, and therefore, the Deep Learning model has a greater potential safety hazard in the field of Radio Signal modulation type recognition.
Because the generative confrontation network can efficiently generate the confrontation signal by virtue of the alternate training of the dual structure of the generative confrontation network, the generative confrontation network has great threat to the safety of the model. Therefore, a defense method based on signal boundary exploration attack is provided, and the defense capability of a long-time memory network (LSTM) black box model to generative counterattack network attack is improved.
In conclusion, how to reproduce the generative confrontation network attack to obtain the confrontation sample with better effect, and the confrontation sample is added into the model for retraining so as to improve the robustness of the model, has extremely important theoretical and practical significance in the aspect of improving the defense capability of a long-time memory network (LSTM) black box model.
Disclosure of Invention
In order to improve the defense capability of a long-time memory network (LSTM) black box model to generative counterattack, the invention provides a defensive method for the generative counterattack based on the generative counterattack, which utilizes a countersample training method to improve the recognition effect of the long-time memory network (LSTM) black box model to a wireless signal countersample, thereby improving the defense effect to the countersample.
The technical scheme adopted by the invention for solving the technical problems is as follows:
a defense method for resisting network attack based on a generating mode comprises the following steps:
1) and (3) building a proper generation type countermeasure network structure GAN by utilizing a long-time memory network (LSTM).
Wherein, the generation type confrontation network structure built by LSTM is called GAN for short. The method comprises a generation model G for outputting a confrontation sample based on an input benign sample and a discrimination model D for discriminating the truth of the input confrontation sample. The network complexity of the generated model and the discrimination model needs to be similar as much as possible, so that the effect of maximum game training can be achieved as much as possible in the process of double-model mutual training.
2) And (3) pre-training a discrimination model in the structure to ensure that the discrimination capability is between 3% and 8%.
Wherein, the specific steps of the step (2) are as follows:
2.1) taking a wireless signal data set as sample data and taking the sample data as input of a discriminant model.
2.2) pre-training the discrimination model by using the training set, and ensuring that the accuracy of the discrimination model to the test set is between 3% and 8%. 312000 training sets and 156000 test sets were used.
And (4) finishing the pre-training work of the discrimination network in the GAN by using the real data set of the signal. The pre-training is to ensure the balance of the game with the generated model as far as possible, and the training discrimination model has certain distinguishing capability for true and false signals, so that the phenomenon of model collapse in alternate training is avoided. Because the training of the generation network only takes the feedback of the discrimination network as a standard, namely the generated confrontation sample is not good and good, only the evaluation of the discrimination network on the confrontation sample is looked at. If the judgment network enters the confidence range of the countermeasure sample for some unknown reasons at the beginning, the two network structures continuously cheat each other in the training process, so that the finally generated sample lacks some information, has incomplete characteristics and cannot be used as a proper countermeasure sample.
3) And training the generator G according to the loss function of the generator G by taking the iteration times as a limit and the loss function as a convergence aim.
Wherein, the specific steps of the step (3) are as follows:
(3-1) generating a signal sample through a generating network in the GAN, and marking the signal sample as G _ signal.
And (3-2) taking the G _ signal as the input of the discrimination network, and obtaining confidence feedback of the discrimination network, wherein the confidence feedback is marked as G _ constraint.
And (3-3) calculating a loss function of the generated model according to the formula (1) by using the obtained confidence feedback of the generated signal, and recording the loss function as G _ loss.
G_loss=||G_convince-G_best||2(1)
Wherein, G _ best represents the condition that we consider to be optimal, which means that the capability of generating the network is strong enough, and the confidence feedback that we should obtain the generated countermeasure sample, that is, all the generated samples are judged to be true signals. This facilitates the continuous optimization of the challenge samples in terms of similarity to the true signal, and also limits the size of the perturbations very well. Because, of course, when the discrimination network has good discrimination capability, the large disturbance must be labeled with the false signal. The aim of training by taking the function of reducing the loss of the generated network as an index to generate the network is to ensure that the generated signal with good antagonism is more real in general.
And (3-4) repeating the steps (3-1) to (3-3) according to the iteration number G _ iter of the generated network training.
And (3-5) comparing the variable quantity of G _ loss in the training process of the generated network with the variable quantity of D _ loss in the training process of the previously judged network, and adjusting the iteration number G _ iter of the next training generated network.
If the amount of change in G _ loss is significantly less than the amount of change in D _ loss, G _ iter should be scaled up by the offset factor ρ, regardless of the deviation in model strength. Otherwise, G _ iter should be scaled down by the offset factor ρ. This is to increase the balance of the two network structures in game, and avoid the model from collapsing.
4) And training the generator D according to the loss function of the generator D by taking the iteration times as the limit and the loss function as the convergence aim.
The specific steps of the step (4) are as follows:
(4-1) generating a signal sample through a generating network in the GAN, and marking the signal sample as G _ signal.
And (4-2) taking the G _ signal as the input of the discrimination network, and obtaining confidence feedback of the discrimination network, wherein the confidence feedback is marked as G _ constraint.
And (4-3) inputting the real data into the discrimination network, and obtaining confidence feedback of the discrimination network, wherein the confidence feedback is recorded as D _ con.
And (4-4) calculating a loss function of the discrimination network according to the following formula by using the obtained confidence feedback of the generated signal and the real signal, and recording the loss function as D _ loss.
Dreal_loss=||D_convince-D_best||2(2)
Dfake_loss=||G_convince-G_worst||2(3)
D_loss=Dreal_loss+Dfake_loss (4)
Wherein, D _ best represents the condition that we consider to be optimal, and here means that the capability of distinguishing the network is strong enough, and the confidence feedback that the real signal sample should obtain, that is, all real signals are distinguished as real signals. And G _ worst represents the situation that we consider optimal, which means that the capability of discriminating the network is strong enough, and the confidence feedback that should be obtained by the generated samples, namely all the generated signals are discriminated as false signals. This facilitates a more efficient discrimination ability of the discrimination network, and is added to game play, generally to make the generated signal with good antagonism more realistic.
And (4-4) repeating the steps (4-1) to (4-4) according to the iteration number D _ iter of the discriminant network training.
And (4-5) adjusting the iteration number D _ iter of the next discrimination network according to the comparison between the variation of the D _ loss in the discrimination network training process and the variation of the G _ loss in the previous generation network training process.
If the amount of change in D _ loss is significantly less than the amount of change in G _ loss, D _ iter should be scaled up by the offset factor ρ, regardless of the deviation in model strength. Otherwise, G _ iter should be scaled down by the offset factor ρ. This is to increase the balance of the two network structures in game, and avoid the model from collapsing.
5) And (5) repeating the steps (3) to (4), optimizing the generator and the discriminator in the generating type countermeasure network in turn, taking the iteration times as the upper limit, obtaining a better network structure, and completing the generation of the optimal countermeasure sample.
In the step (5), for the iteration of the steps (3) to (4), the optimal disturbance and countermeasure sample is continuously searched for in an iteration mode by taking the iteration times or the sample effect as requirements, a training sample is provided for the countermeasure sample detector, and the detection precision of the countermeasure sample detector is improved.
6) An indicator of challenge samples is observed and a plurality of challenge samples of different types of signals are generated. And taking the confrontation sample as the input of a general classification model to obtain the feedback of the classification model, observing indexes of the confrontation sample, including class marks, confidence degrees and disturbance sizes, and judging whether the confrontation sample is high in quality.
7) Some screened confrontation samples are added into a model training stage to achieve the defense effect of exploring attacks on signal boundaries.
Preferably, the structure complexity of the generated model in the step 1) is similar to that of the discriminant model, and the model is built by adopting an LSTM network structure.
Preferably, in the step (2), the pre-training of the discrimination network in the GAN is completed by using the real data set of the signal, and the discrimination capability of the discrimination network is ensured to be 5%; the pre-training discrimination model has the capability of distinguishing true signals from false signals, and the phenomenon of model collapse in alternate training is avoided.
Preferably, the screened countermeasure sample is added to the model training stage in the step 7), so that the defense effect on the generative countermeasure network and the attacks and part of unknown attacks thereof can be realized on the basis of defending the existing attacks; and correspondingly adjusting the GAN structure according to the quality of the defense effect.
The technical conception of the invention is as follows: in the invention, firstly, a generation type confrontation network structure, namely GAN for short is determined, and two models in the GAN structure are ensured as much as possible: the network complexity of the generated model is similar to that of the discrimination model, so that the effect of maximum game training can be achieved as far as possible in the process of double-model mutual training. And then, pre-training the discrimination model in the GAN is completed, and the balance of the game with the generated model is ensured as much as possible on the basis of ensuring that the discrimination model has certain discrimination capability. Next, the bi-model in the GAN is trained for the purpose of reducing the loss function. And with the iteration times or the sample effect as requirements, continuously iterating and searching for the optimal disturbance and countermeasure sample, aiming at providing a more comprehensive countermeasure sample for the countermeasure sample training stage, perfecting and improving the defense capability of the model to the generative countermeasure network and the attacks. And finally, detecting a wireless signal before inputting the picture to be detected into a long-time memory network (LSTM) black box model classifier, adding the confrontation sample into a model training stage, and realizing the defense effect on part of unknown attacks on the basis of realizing the defense on the existing attacks.
The invention has the following beneficial effects: the generated countermeasure network can be matched with the game thought, the characteristic of generating false signals strongly and effectively is utilized for fitting parameters of the generated network, corresponding defense measures are taken, and even under the condition of lacking of countermeasure sample training, a large number of comprehensive countermeasure samples can be generated by utilizing model feedback information. Before the detection signal is input into the image classifier model of the black box, the detector is trained by using a countercheck sample obtained by a generative countercheck network attack, so that the defense for the known attack and part of the unknown attack is realized on the basis of not changing the internal structure of the model.
Drawings
FIG. 1 is a schematic flow chart of obtaining an optimal challenge sample according to the present invention;
FIG. 2 is a schematic diagram of a process for defending against a resistant attack using the image classifier model provided by the present invention;
FIG. 3 is a waveform diagram of various types of data in a training long term memory network (LSTM) model dataset, i.e., a waveform diagram of real data.
Fig. 4 shows a generated signal obtained by using the generative equation to combat a network attack.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
Referring to fig. 1 to 4, a defense method for countering network attacks based on a generative method includes the following steps:
1) and (3) building a proper generation type countermeasure network structure GAN by utilizing a long-time memory network (LSTM).
Wherein, the generation type confrontation network structure built by LSTM is called GAN for short. The method comprises a generation model G for outputting a confrontation sample based on an input benign sample and a discrimination model D for discriminating the truth of the input confrontation sample. The network complexity of the generated model and the discrimination model needs to be similar as much as possible, so that the effect of maximum game training can be achieved as much as possible in the process of double-model mutual training.
Because the generative confrontation network adopts the thought of zero-sum game in game theory, the generative network tends to be perfect in the continuous game process of the sum judgment network. Therefore, under the limitation of the structural complexity of the deep learning network, the structural complexity of the generated network and the structure complexity of the judgment network are similar to each other to achieve a possibly good training effect. This not only ensures the dynamic balance of the two during training, but also enables the overall structure to move faster towards the final nash equilibrium point.
2) And (3) pre-training a discrimination model in the structure to ensure that the discrimination capability is between 3% and 8%.
Wherein, the specific steps of the step (2) are as follows:
2.1) taking a wireless signal data set as sample data and taking the sample data as input of a discriminant model.
2.2) pre-training the discrimination model by using the training set, and ensuring that the accuracy of the discrimination model to the test set is between 3% and 8%. 312000 training sets and 156000 test sets were used.
And pre-training the discrimination model in the GAN is completed, and the balance of the game with the generated model is ensured as much as possible on the basis of ensuring that the discrimination model has certain discrimination capability.
And (4) finishing the pre-training work of the discrimination network in the GAN by using the real data set of the signal. The pre-training is to ensure the balance of the game with the generated model as far as possible, and the training discrimination model has certain distinguishing capability for true and false signals, so that the phenomenon of model collapse in alternate training is avoided. Because the training of the generation network only takes the feedback of the discrimination network as a standard, namely the generated confrontation sample is not good and good, only the evaluation of the discrimination network on the confrontation sample is looked at. If the judgment network enters the confidence range of the countermeasure sample for some unknown reasons at the beginning, the two network structures continuously cheat each other in the training process, so that the finally generated sample lacks some information, has incomplete characteristics and cannot be used as a proper countermeasure sample.
3) G is trained using the loss function of the converged G.
Wherein, the specific steps of the step (3) are as follows:
(3-1) generating a signal sample through a generating network in the GAN, and marking the signal sample as G _ signal.
And (3-2) taking the G _ signal as the input of the discrimination network, and obtaining confidence feedback of the discrimination network, wherein the confidence feedback is marked as G _ constraint.
And (3-3) calculating a loss function of the generated model according to the formula (1) by using the obtained confidence feedback of the generated signal, and recording the loss function as G _ loss.
G_loss=||G_convince-G_best||2(1)
Wherein, G _ best represents the condition that we consider to be optimal, which means that the capability of generating the network is strong enough, and the confidence feedback that we should obtain the generated countermeasure sample, that is, all the generated samples are judged to be true signals. This facilitates the continuous optimization of the challenge samples in terms of similarity to the true signal, and also limits the size of the perturbations very well. Because, of course, when the discrimination network has good discrimination capability, the large disturbance must be labeled with the false signal. The aim of training by taking the function of reducing the loss of the generated network as an index to generate the network is to ensure that the generated signal with good antagonism is more real in general.
And (3-4) repeating the steps (3-1) to (3-3) according to the iteration number G _ iter of the generated network training.
And (3-5) comparing the variable quantity of G _ loss in the training process of the generated network with the variable quantity of D _ loss in the training process of the previously judged network, and adjusting the iteration number G _ iter of the next training generated network.
If the amount of change in G _ loss is significantly less than the amount of change in D _ loss, G _ iter should be scaled up by the offset factor ρ, regardless of the deviation in model strength. Otherwise, G _ iter should be scaled down by the offset factor ρ. This is to increase the balance of the two network structures in game, and avoid the model from collapsing.
4) D is trained using the loss function of convergence D.
The specific steps of the step (4) are as follows:
(4-1) generating a signal sample through a generating network in the GAN, and marking the signal sample as G _ signal.
And (4-2) taking the G _ signal as the input of the discrimination network, and obtaining confidence feedback of the discrimination network, wherein the confidence feedback is marked as G _ constraint.
And (4-3) inputting the real data into the discrimination network, and obtaining confidence feedback of the discrimination network, wherein the confidence feedback is recorded as D _ con.
And (4-4) calculating a loss function of the discrimination network according to the following formula by using the obtained confidence feedback of the generated signal and the real signal, and recording the loss function as D _ loss.
Dreal_loss=||D_convince-D_best||2(2)
Dfake_loss=||G_convince-G_worst||2(3)
D_loss=Dreal_loss+Dfake_loss (4)
Wherein, D _ best represents the condition that we consider to be optimal, and here means that the capability of distinguishing the network is strong enough, and the confidence feedback that the real signal sample should obtain, that is, all real signals are distinguished as real signals. And G _ worst represents the situation that we consider optimal, which means that the capability of discriminating the network is strong enough, and the confidence feedback that should be obtained by the generated samples, namely all the generated signals are discriminated as false signals. This facilitates a more efficient discrimination ability of the discrimination network, and is added to game play, generally to make the generated signal with good antagonism more realistic.
And (4-4) repeating the steps (4-1) to (4-4) according to the iteration number D _ iter of the discriminant network training.
And (4-5) adjusting the iteration number D _ iter of the next discrimination network according to the comparison between the variation of the D _ loss in the discrimination network training process and the variation of the G _ loss in the previous generation network training process.
If the amount of change in D _ loss is significantly less than the amount of change in G _ loss, D _ iter should be scaled up by the offset factor ρ, regardless of the deviation in model strength. Otherwise, G _ iter should be scaled down by the offset factor ρ. This is to increase the balance of the two network structures in game, and avoid the model from collapsing.
5) And (5) repeating the steps (3) to (4) until an iteration upper limit is reached or a better network structure is obtained.
In the step (5), for the iteration of the steps (3) to (4), the optimal disturbance and countermeasure sample is continuously searched for in an iteration mode by taking the iteration times or the sample effect as requirements, a training sample is provided for the countermeasure sample detector, and the detection precision of the countermeasure sample detector is improved.
6) An indicator of challenge samples is observed and a plurality of challenge samples of different types of signals are generated. And taking the confrontation sample as the input of a general classification model to obtain the feedback of the classification model, observing indexes of the confrontation sample, including class marks, confidence degrees and disturbance sizes, and judging whether the confrontation sample is high in quality.
7) Some screened confrontation samples are added into a model training stage to achieve the defense effect of exploring attacks on signal boundaries.
And (6) to (7) firstly, observing the effect indexes of the countermeasure samples, adjusting parameters, generating a large number of countermeasure samples with comprehensive countermeasures and different types of signals, and performing proper screening to ensure the high quality of the countermeasure samples. By adding the screened countermeasure sample into the model training stage, the defense effect on the generative countermeasure network and the attacks and part of unknown attacks can be realized on the basis of defending the existing attacks.
In this embodiment, experimental results prove that the defense capability of the model against such challenge samples can be improved by adding the challenge samples generated by exploring the signal boundaries into the model training, as shown in fig. 3 and 4.
The above-mentioned embodiments are intended to illustrate the technical solutions and advantages of the present invention, and it should be understood that the above-mentioned embodiments are only the most preferred embodiments of the present invention, and are not intended to limit the present invention, and any modifications, additions, equivalents, etc. made within the scope of the principles of the present invention should be included in the scope of the present invention.

Claims (4)

1. A defense method for resisting network attack based on a generating mode comprises the following steps:
1) establishing a proper generation type confrontation network structure GAN by utilizing a long-time memory network (LSTM);
the generation countermeasure network comprises a generation model G for outputting countermeasure samples based on the input benign samples and a discrimination model D for discriminating the authenticity of the input countermeasure samples; inputting a noise vector with the size of [28, 28, 1] into a network structure of a generation model G, sampling, pooling and feeding back a noise signal through an LSTM network, and finally generating a forged image of [28, 28, 1 ]; in order to better identify the image forged by the generator G, the discrimination model D adopts an LSTM network structure with the symmetrical complexity similar to that of the generator G;
2) pre-training a discrimination model in a structure to ensure that the discrimination capability is between 3% and 8%;
2.1) taking a wireless signal data set as sample data and taking the sample data as the input of a discriminant model;
2.2) pre-training the discrimination model by using the training set to ensure that the accuracy of the discrimination model to the test set is between 3% and 8%; wherein 312000 training sets and 156000 testing sets are provided;
3) training a generator G according to a loss function of the generator G by taking the iteration times as a limit and a convergence loss function as a target;
the loss function G _ loss of the generative model G is:
G_loss=||G_convince-G_best||2(1)
g _ constraint is confidence feedback of the discrimination network to the generated signal; g _ best is feedback of the network under an ideal condition;
4) training the generator D according to the loss function of the generator D, with the iteration times as the limit and the loss function as the convergence aim;
Dreal_loss=||D_convince-D_best||2(2)
Dfake_loss=||G_convince-G_worst||2(3)
D_loss=Dreal_loss+Dfake_loss (4)
d _ constraint is the confidence feedback of the discrimination network to the benign signal; d _ best is feedback of the network under an ideal condition; g _ worst is feedback of the judgment network under the worst condition;
5) repeating the steps (3) to (4), optimizing the generator and the discriminator in the generative confrontation network in turn, taking the iteration times as the upper limit to obtain a better network structure, and completing the generation of an optimal confrontation sample;
6) observing the indexes of the challenge samples and generating a large number of challenge samples with different types of signals; taking the confrontation sample as the input of a general classification model to obtain the feedback of the classification model, observing indexes of the confrontation sample, including class marks, confidence degrees and disturbance sizes, and judging whether the confrontation sample is high in quality;
7) the screened confrontation sample is added into a model training stage, so that the defense effect of exploring attacks on signal boundaries is achieved.
2. The model for a generative-based defense method against cyber attacks according to claim 1, wherein: the structure complexity of the generated model in the step 1) is similar to that of the discrimination model, and an LSTM network structure is adopted for construction.
3. The method of defending against a signal-based sampling gradient attack of claim 1, wherein: in the step (2), the real data set of the signal is utilized to complete the pre-training of the discrimination network in the GAN, and the discrimination capability of the discrimination network is ensured to be 5%; the pre-training discrimination model has the capability of distinguishing true signals from false signals, and the phenomenon of model collapse in alternate training is avoided.
4. The method of defending against a signal-based sampling gradient attack of claim 1, wherein: step 7), adding the screened countermeasure sample into a model training stage, so that the defense effect on the conventional attack can be realized, and the defense effect on the generative countermeasure network and the attacks and part of unknown attacks can also be realized; and correspondingly adjusting the GAN structure according to the quality of the defense effect.
CN201911394307.3A 2019-12-30 2019-12-30 Signal identification attack defense method based on generative countermeasure network Active CN111163472B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911394307.3A CN111163472B (en) 2019-12-30 2019-12-30 Signal identification attack defense method based on generative countermeasure network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911394307.3A CN111163472B (en) 2019-12-30 2019-12-30 Signal identification attack defense method based on generative countermeasure network

Publications (2)

Publication Number Publication Date
CN111163472A true CN111163472A (en) 2020-05-15
CN111163472B CN111163472B (en) 2022-10-04

Family

ID=70559073

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911394307.3A Active CN111163472B (en) 2019-12-30 2019-12-30 Signal identification attack defense method based on generative countermeasure network

Country Status (1)

Country Link
CN (1) CN111163472B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111461261A (en) * 2020-05-18 2020-07-28 南京大学 Method and device for confrontation sample generation in neural network classification recognition
CN111709496A (en) * 2020-08-18 2020-09-25 北京邮电大学 Modulation mode recognition and model training method and device based on neural network
CN111881027A (en) * 2020-07-23 2020-11-03 深圳慕智科技有限公司 Deep learning model optimization method based on data defense
CN112257741A (en) * 2020-09-07 2021-01-22 北京航空航天大学杭州创新研究院 Method for detecting generative anti-false picture based on complex neural network
CN112418347A (en) * 2020-12-09 2021-02-26 浙江工业大学 Countermeasure enhancement method based on radio signal classification
CN112598029A (en) * 2020-12-07 2021-04-02 中国建设银行股份有限公司 OCR recognition method and device for resisting sample attack
CN112667496A (en) * 2020-12-14 2021-04-16 清华大学 Black box countermeasure test sample generation method and device based on multiple prior
CN113378644A (en) * 2021-05-14 2021-09-10 浙江工业大学 Signal modulation type recognition attack defense method based on generative countermeasure network
CN114726636A (en) * 2022-04-19 2022-07-08 电子科技大学 Attack dynamic detection and identification method for heterogeneous cross-domain system
CN114745157A (en) * 2022-03-15 2022-07-12 尚蝉(浙江)科技有限公司 Method, system, terminal and storage medium for defending network flow reconnaissance based on generation of confrontation network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190075123A1 (en) * 2017-09-06 2019-03-07 Rank Software Inc. Systems and methods for cyber intrusion detection and prevention
CN109617909A (en) * 2019-01-07 2019-04-12 福州大学 A kind of malice domain name detection method based on SMOTE and BI-LSTM network
CN109714322A (en) * 2018-12-14 2019-05-03 中国科学院声学研究所 A kind of method and its system detecting exception flow of network
CN110334806A (en) * 2019-05-29 2019-10-15 广东技术师范大学 A kind of confrontation sample generating method based on production confrontation network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190075123A1 (en) * 2017-09-06 2019-03-07 Rank Software Inc. Systems and methods for cyber intrusion detection and prevention
CN109714322A (en) * 2018-12-14 2019-05-03 中国科学院声学研究所 A kind of method and its system detecting exception flow of network
CN109617909A (en) * 2019-01-07 2019-04-12 福州大学 A kind of malice domain name detection method based on SMOTE and BI-LSTM network
CN110334806A (en) * 2019-05-29 2019-10-15 广东技术师范大学 A kind of confrontation sample generating method based on production confrontation network

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
YI SHI ETAL: "《Generative Adversarial Networks for Black-Box API Attacks with Limited Training Data》", 《IEEE》 *
傅建明 等: "《基于 GAN的网络攻击检测研究综述》", 《等级保护》 *
王树伟等: "基于生成对抗网络的恶意软件对抗样本生成综述", 《信息工程大学学报》 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111461261B (en) * 2020-05-18 2024-02-13 南京大学 Method and apparatus for challenge sample generation in neural network classification recognition
CN111461261A (en) * 2020-05-18 2020-07-28 南京大学 Method and device for confrontation sample generation in neural network classification recognition
CN111881027A (en) * 2020-07-23 2020-11-03 深圳慕智科技有限公司 Deep learning model optimization method based on data defense
CN111709496A (en) * 2020-08-18 2020-09-25 北京邮电大学 Modulation mode recognition and model training method and device based on neural network
CN112257741A (en) * 2020-09-07 2021-01-22 北京航空航天大学杭州创新研究院 Method for detecting generative anti-false picture based on complex neural network
CN112598029A (en) * 2020-12-07 2021-04-02 中国建设银行股份有限公司 OCR recognition method and device for resisting sample attack
CN112418347A (en) * 2020-12-09 2021-02-26 浙江工业大学 Countermeasure enhancement method based on radio signal classification
CN112667496A (en) * 2020-12-14 2021-04-16 清华大学 Black box countermeasure test sample generation method and device based on multiple prior
CN112667496B (en) * 2020-12-14 2022-11-18 清华大学 Black box countermeasure test sample generation method and device based on multiple prior
CN113378644A (en) * 2021-05-14 2021-09-10 浙江工业大学 Signal modulation type recognition attack defense method based on generative countermeasure network
CN113378644B (en) * 2021-05-14 2024-03-22 浙江工业大学 Method for defending signal modulation type recognition attack based on generation type countermeasure network
CN114745157A (en) * 2022-03-15 2022-07-12 尚蝉(浙江)科技有限公司 Method, system, terminal and storage medium for defending network flow reconnaissance based on generation of confrontation network
CN114745157B (en) * 2022-03-15 2024-02-13 尚蝉(浙江)科技有限公司 Method, system, terminal and storage medium for defending network traffic reconnaissance based on generation of fight network
CN114726636A (en) * 2022-04-19 2022-07-08 电子科技大学 Attack dynamic detection and identification method for heterogeneous cross-domain system

Also Published As

Publication number Publication date
CN111163472B (en) 2022-10-04

Similar Documents

Publication Publication Date Title
CN111163472B (en) Signal identification attack defense method based on generative countermeasure network
Bao et al. Threat of adversarial attacks on DL-based IoT device identification
CN111163460B (en) Radio frequency fingerprint extraction method based on multiple interval difference constellation trajectory diagram
CN111428817A (en) Defense method for resisting attack by radio signal identification
CN109039503A (en) A kind of frequency spectrum sensing method, device, equipment and computer readable storage medium
CN112560596B (en) Radar interference category identification method and system
CN110969242A (en) Defense method for generating general inverse disturbance based on generative confrontation
CN111047006A (en) Anti-attack defense model based on dual-generation network and application
Li et al. A deep convolutional network for multitype signal detection and classification in spectrogram
CN110751049B (en) Defense method facing signal sampling gradient attack
CN114095216A (en) Malicious domain name detection method based on contrast learning under limited training sample
WO2021012859A1 (en) Spectrum sensing method based on symmetric peaks of cyclic autocorrelation function of modulation signal
CN110969186B (en) Channel detection-based attack-resisting defense method and device facing wireless signal identification
CN117978595B (en) Automatic modulation classification method and device, equipment and computer readable storage medium
CN108809874B (en) Radar and communication multi-signal classification method based on circulation support vector machine
Feng et al. FCGCN: Feature Correlation Graph Convolution Network for Few-Shot Individual Identification
Cai et al. The performance evaluation of big data-driven modulation classification in complex environment
CN113887357B (en) Face representation attack detection method, system, device and medium
Shi et al. STTMC: A Few-shot Spatial Temporal Transductive Modulation Classifier
Li et al. Mobile Device Identification Based on Two-dimensional Representation of RF Fingerprint with Deep Learning
Wan et al. Automatic Modulation Recognition Based on Features Fusion of IQH and AAH
Zhang et al. Spatial Distribution Feature Extraction Network for Open Set Recognition of Electromagnetic Signal.
Hu et al. Transferable adversarial attacks against automatic modulation classifier in wireless communications
CN116089861A (en) Small sample radiation source identification method based on twin network
Bai et al. Oversampling Based Imbalanced Signal Modulation Classification via Cosine-Distance and Distribution

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant