信息网络安全 ›› 2023, Vol. 23 ›› Issue (10): 21-30.doi: 10.3969/j.issn.1671-1122.2023.10.004

• 入选论文 • 上一篇    下一篇

融合对抗增强和多任务优化的恶意短信检测方法

仝鑫1, 金波1,2(), 王斌君1, 翟晗名1   

  1. 1.中国人民公安大学信息网络安全学院,北京 100038
    2.公安部第三研究所,上海 200031
  • 收稿日期:2023-05-06 出版日期:2023-10-10 发布日期:2023-10-11
  • 通讯作者: 金波 E-mail:jinbo@gass.cn
  • 作者简介:仝鑫(1995—),男,河南,博士研究生,CCF会员,主要研究方向为网络空间安全和自然语言处理|金波(1972—),男,上海,研究员,博士,CCF会员,主要研究方向为网络空间安全|王斌君(1962—),男,北京,教授,博士,CCF会员,主要研究方向为人工智能安全|翟晗名(1997—),女,河北,硕士研究生,主要研究方向为自然语言处理

A Malicious SMS Detection Method Blending Adversarial Enhancement and Multi-Task Optimization

TONG Xin1, JIN Bo1,2(), WANG Binjun1, ZHAI Hanming1   

  1. 1. School of Information Network Security, Beijing 100038, China
    2. The Third Research Institute of Ministry of Public Security, Shanghai 200031, China
  • Received:2023-05-06 Online:2023-10-10 Published:2023-10-11

摘要:

现有恶意短信检测方法往往聚焦于提升检测准确率或速度,而忽略了模型自身的安全问题,因此,在真实场景中可能会遭受对抗样本攻击。为了解决上述问题,文章提出了一种融合对抗增强和多任务优化的恶意短信检测模型。在输入阶段,利用随机匹配池生成“原始文本-对抗样本”对作为输入,并且引入语义类型编码技术帮助模型区分数据边界。然后,使用基于ChineseBERT的单塔神经网络作为主干模型对短信的语义、拼音和字形特征进行挖掘。在输出阶段,使用监督的分类交叉熵损失和无监督的输入一致性损失作为多任务优化目标,以帮助模型学习文本对内在的关联特征并完成分类。基于公开数据集的实验结果表明,该方法的准确率和鲁棒性优于多种机器学习和深度学习检测方法。

关键词: 恶意短信, 鲁棒性, 对抗样本, 多任务学习

Abstract:

Existing malicious SMS detection methods often focus on improving the detection accuracy or speed, ignoring the security problems of the model itself, thus likely to suffer from adversarial examples attack in real-world scenarios. To alleviate this pain point, this paper proposed a malicious SMS detection model that blended adversarial enhancement and multi-task optimization. During the input stage, a random matching pool was used to generate “original text-adversarial example” pairs as input, and the semantic type encoding technique was adopted to help the model distinguish the data boundaries. Then, a single-tower neural network based on ChineseBERT was used as the backbone model to excavate the semantic, pinyin, and glyph features of the SMS. In the output stage, the supervised classification cross-entropy loss and the unsupervised input consistency loss were used as multi-task optimization objectives to help the model learn the correlated features of text pairs and complete the classification. Experimental results based on the public datasets show that the proposed method outperforms a variety of machine learning and deep learning detection methods in terms of accuracy and robustness.

Key words: malicious SMS, robustness, adversarial examples, multi-task learning

中图分类号: