信息网络安全 ›› 2021, Vol. 21 ›› Issue (7): 27-34.doi: 10.3969/j.issn.1671-1122.2021.07.004

• 技术研究 • 上一篇    下一篇

融合区块链与联邦学习的网络入侵检测算法

任涛1, 金若辰1(), 罗咏梅2   

  1. 1.东北大学软件学院,沈阳 110169
    2.天津大学智能与计算学部,天津 300072
  • 收稿日期:2021-04-15 出版日期:2021-07-10 发布日期:2021-07-23
  • 通讯作者: 金若辰 E-mail:20182747@stu.neu.edu.cn
  • 作者简介:任涛(1980—),男,辽宁,教授,博士,主要研究方向为大数据分析及应用研究|金若辰(2001—),男,上海,本科,主要研究方向为网络安全和区块链|罗咏梅(1974—),女,重庆,工程师,硕士,主要研究方向为网络安全和区块链
  • 基金资助:
    国家自然科学基金(61571318);天津市自然科学基金(19YCYBJC15700)

Network Intrusion Detection Algorithm Integrating Blockchain and Federated Learning

REN Tao1, JIN Ruochen1(), LUO Yongmei2   

  1. 1. Software College, Northeastern University, Shenyang 110169, China
    2. College of Inteligence and Computing, Tianjin University, Tianjin 300072, China
  • Received:2021-04-15 Online:2021-07-10 Published:2021-07-23
  • Contact: JIN Ruochen E-mail:20182747@stu.neu.edu.cn

摘要:

为了保护网络用户的数据隐私,并提升入侵检测在多变小样本数据环境下的分类效果,文章采用联邦学习机制来解决网络数据存放在各独立设备并且互不共享的问题。文章提出一种融合区块链的联邦学习机制(BFL),采用区块链网络替代中央服务器构建新型联邦学习模式。结合BFL机制,设计面向轻量级网络设备的入侵检测算法(BFL-IDS),克服联邦学习过于依赖单一服务器的缺点,避免联邦学习的服务器单点故障问题。实验表明,该算法的分类正确率可以达到98.8%。进一步,在网络入侵数据检测分析框架中引入了麻雀搜索算法优化的支持向量机,改进后的入侵检测分析方法结果相比传统搜索算法检测准确率提高5.01%,误报率降低6.24%。

关键词: 入侵检测系统, 区块链, 联邦学习, 支持向量机, 自动编码器

Abstract:

In order to improve the classification effect of the varied and small sample data faced by the intrusion detection field, this paper adopts the federated learning mechanism, which is widely used in distributed training recently, to solve the problem that network data is stored in independent devices and not shared with each other. This paper proposes a federated learning mechanism that integrates blockchain, which replace the central server to optimize federated learning, and designs a network intrusion detection algorithm for lightweight devices with this learning mechanism. By integrating the blockchain mechanism into federated learning, it overcomes the shortcoming of federated learning that is too dependent on a single server so as to solve the single point failure of the federated learning servers. Tested on representative data sets, the accuracy rate can reach 98.8%; In the network intrusion detection framework, the support vector machine optimized by the sparrow search algorithm is introduced. Compared with the traditional support vector machine algorithm, the accuracy rate is increased by 5.01% on average, and the false positive rate is reduced by 6.24% on average.

Key words: intrusion detection system, blockchain, federated learning, support vector machine, auto encoder

中图分类号: