ECEM - Generating Adversarial Logs under Black-box Setting in Web Security

摘要

Researchers are making efforts on detection and prevention in web security by deploying machine learning models, but such models are vulnerable to adversarial examples. We introduce Exploratory Character Edit Method (ECEM), requiring only detection labels to generate adversarial logs in web security. It is applicable to real-world black-box detection models, such as an IDS (Intrusion Detection System). Experiments on an open data set show that our adversarial attack outperforms two textual adversarial attacks in following points: (1) The success rate of attack is higher; (2) The quality of adversarial examples are higher (larger similarity and smaller distance); (3) The generation process requires fewer iterations; We further show the consequences of causative attacks by injecting adversarial logs into the training data set and a possible defensive mechanism with adversarial training.