融合区块链与联邦学习的网络入侵检测算法

doi:10.3969/j.issn.1671-1122.2021.07.004

摘要/Abstract

摘要：

为了保护网络用户的数据隐私,并提升入侵检测在多变小样本数据环境下的分类效果,文章采用联邦学习机制来解决网络数据存放在各独立设备并且互不共享的问题。文章提出一种融合区块链的联邦学习机制（BFL）,采用区块链网络替代中央服务器构建新型联邦学习模式。结合BFL机制,设计面向轻量级网络设备的入侵检测算法（BFL-IDS）,克服联邦学习过于依赖单一服务器的缺点,避免联邦学习的服务器单点故障问题。实验表明,该算法的分类正确率可以达到98.8%。进一步,在网络入侵数据检测分析框架中引入了麻雀搜索算法优化的支持向量机,改进后的入侵检测分析方法结果相比传统搜索算法检测准确率提高5.01%,误报率降低6.24%。

关键词: 入侵检测系统, 区块链, 联邦学习, 支持向量机, 自动编码器

Abstract:

In order to improve the classification effect of the varied and small sample data faced by the intrusion detection field, this paper adopts the federated learning mechanism, which is widely used in distributed training recently, to solve the problem that network data is stored in independent devices and not shared with each other. This paper proposes a federated learning mechanism that integrates blockchain, which replace the central server to optimize federated learning, and designs a network intrusion detection algorithm for lightweight devices with this learning mechanism. By integrating the blockchain mechanism into federated learning, it overcomes the shortcoming of federated learning that is too dependent on a single server so as to solve the single point failure of the federated learning servers. Tested on representative data sets, the accuracy rate can reach 98.8%; In the network intrusion detection framework, the support vector machine optimized by the sparrow search algorithm is introduced. Compared with the traditional support vector machine algorithm, the accuracy rate is increased by 5.01% on average, and the false positive rate is reduced by 6.24% on average.

Key words: intrusion detection system, blockchain, federated learning, support vector machine, auto encoder

中图分类号:

TP309

任涛, 金若辰, 罗咏梅. 融合区块链与联邦学习的网络入侵检测算法[J]. 信息网络安全, 2021, 21(7): 27-34.

REN Tao, JIN Ruochen, LUO Yongmei. Network Intrusion Detection Algorithm Integrating Blockchain and Federated Learning[J]. Netinfo Security, 2021, 21(7): 27-34.

图/表 12

图1

表1

图2

图3

图4

表2

表3

表4

表5

表6

图5

表7

参考文献 20

[1]	LI Hui, GUAN Xiaohong, ZAN Xin, et al. Network Intrusion Detection Based on Support Vector Machine[J]. Journal of Computer Research and Development, 2003, 40(6):799-807.
	李辉, 管晓宏, 昝鑫, 等. 基于支持向量机的网络入侵检测[J]. 计算机研究与发展, 2003, 40(6):799-807.
[2]	IEEE 3652. 1-2020, IEEE Guide for Architectural Framework and Application of Federated Machine Learning[S]. USA: IEEE, 2021
[3]	SHAO Qifeng, JIN Cheqing, ZHANG Zhao, et al. Blockchain: Architecture and Research Process[J]. Chinese Journal of Computer, 2018, 41(5):969-988.
	邵奇峰, 金澈清, 张召, 等. 区块链技术:架构及进展[J]. 计算机学报, 2018, 41(5):969-988.
[4]	SONG Yong, HOU Bingnan, CAI Zhiping. Network Intrusion Detection Method Based on Deep Learning Feature Extraction[J]. Journal of Huazhong University of Science and Technology(Natural Science Edition), 2021, 49(2):115-120.
	宋勇, 侯冰楠, 蔡志平. 基于深度学习特征提取的网络入侵检测方法[J]. 华中科技大学学报(自然科学版), 2021, 49(2):115-120.
[5]	DEBARH, DACIERM. Andreas Wespi towards a Taxonomy of Intrusion-detection Systems[J]. Computer Networks, 1999, 31(8):805-822. doi: 10.1016/S1389-1286(98)00017-6 URL
[6]	SMAHA S. E. Haystack: an Intrusion Detection System[C]// IEEE. Proceeding of the 4th Aerospace Computer Security Applications Conference, September 12-16, 1988,Orlando, FL, USA. New York: IEEE Computer Society Press, 1988: 37-44.
[7]	LUNT TF, JAGANNATHAN R, EDWARDS DL, et al. IDES:The Enhanced Prototype a Real Time Intrusion-detection Expert System[C]// IEEE. Proceeding of the 4th Aerospace Computer Security Applications Conference, September 12-16, 1988, Orlando, FL, USA. New York: IEEE Computer Society Press, 1988: 59-66.
[8]	The Center of UC Santa Barbara Engineering. NetSTAT: A Network-based Intrusion Detection Approach[EB/OL]. https://sites.cs.ucsb.edu/~vigna/publications/1998_vigna_kemmerer_acsac98.pdf, 2021-04-14.
[9]	SHENG Xiaoyan. Research on Intrusion Detection System Based on Immune Mechanism[D]. Nanjing: Nanjing University of Aeronautics and Astronautics, 2008.
	盛晓艳. 基于免疫机制的入侵检测系统的研究[D]. 南京:南京航空航天大学, 2008.
[10]	The Center for Education and Research in Information Assurance and Security (CERIAS). Autonomous Agents for Intrusion Detection[EB/OL]. https://www.cerias.purdue.edu/site/about/history/coast/projects/aafid.php, 2021-04-14.
[11]	JIA Fan, KONG Lingzhi. Intrusion Detection Algorithm Based on Convolutional Neural Network[J]. Transactions of Beijing Institute of Technology, 2017, 37(12):1271-1275.
	贾凡, 孔令智. 基于卷积神经网络的入侵检测算法[J]. 北京理工大学学报, 2017, 37(12):1271-1275.
[12]	YIN Chuanlong, ZHU Yuefei, FEI Jinlong, et al. A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks[J]. IEEE Access, 2017, 5(1):21954-21961. doi: 10.1109/ACCESS.2017.2762418 URL
[13]	SHONE N, NGOC T N, PHAI V D, et al. A Deep Learning Approach to Network Intrusion Detection[J]. IEEE Trans Emerg Top Computlntell, 2018, 2(2):41-50.
[14]	WANG Rong, MA Chunguang, WU Peng. An Intrusion Detection Method Based on Federated Learning and Convolutional Neural Network[J]. Netinfo Security, 2020, 20(4):47-54.
	王蓉, 马春光, 武朋. 基于联邦学习和卷积神经网络的入侵检测方法[J]. 信息网络安全, 2020, 20(4):47-54.
[15]	SATOSHI Nakamoto. Consensus mechanism[EB/OL]. https://docs.ont.io/ontology-elements/consensus-mechanism, 2020-06-14.
[16]	DING Hongwei, WAN Liang, LONG Tingyan. Research on the Application of Deep Auto-encoder Network in Intrusion Detection[J]. Journal of Harbin Institute of Technology, 2019, 51(5):185-194.
	丁红卫, 万良, 龙廷艳. 深度自编码网络在入侵检测中的应用研究[J]. 哈尔滨工业大学学报, 2019, 51(5):185-194.
[17]	LI Xuegui, GUO Yuantao, LI Panchi, et al. Classification Model of Support Vector Machine Based on Modified Vortex Search Algorithm[J]. Journal of Jilin University(Information Science Edition), 2020, 38(3):312-318.
	李学贵, 郭远涛, 李盼池, 等. 基于改进涡流搜索算法的支持向量机分类模型[J]. 吉林大学学报(信息科学版), 2020, 38(3):312-318.
[18]	WANG Shengsheng, CHEN Jingyu, LU Yi'nan. COVID-19 Chest CT Image Segmentation Based on Federated Learning and Blockchain[EB/OL]. https://doi.org/10.13229/j.cnki.jdxbgxb20200674, 2021-03-05.
	王生生, 陈境宇, 卢奕南. 基于联邦学习和区块链的COVID-19胸部CT图像分割[EB/OL]. https://doi.org/10.13229/j.cnki.jdxbgxb20200674, 2021-03-05.
[19]	TAVALLAEE ME, BAGHERI W, Lu , et al. A Detailed Analysis of the KDD CUP 99 Data Set[C]// IEEE. Second IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), July 8-10, 2009, Ottawa, ON, Canada. New York: IEEE, 2009: 1-6.
[20]	WEI Yuxin. Research on Key Technologies of Network Intrusion Detection System[D]. Beijing: Beijing University of Posts and Telecommunications, 2008.
	魏宇欣. 网络入侵检测系统关键技术研究[D]. 北京:北京邮电大学, 2008.

数据预处理	对入侵检测数据集中的符号函数的属性进行数值处理,对所有数据进行归一化,获得标准化的原始数据
特征提取	预处理的多元和非线性数据由基于改进的自编码的特征提取模型处理,以降低维数并获得原始数据的最佳低维表示
分类器	原始数据的最佳低维表示用作分类器的输入,分别标识正常网络数据和不同类型的网络攻击数据

模块	参数
处理器	Intel（R）Core(TM)i5-8300H
主频	2.30 GHz
RAM	16 GB
操作系统	Windows 10
实验工具	Python和TensorFlow

DoS	拒绝服务攻击,该攻击能让目的主机无法回应外界请求而造成资源浪费
U2R	用户未经系统的授权而企图获得 root 权限访问
U2L	在未被系统授权的主机登录访问攻击
Probe	端口监视或者端口扫描

真实类别	预测类别
真实类别	正例	负例
正例	TP	FN
负例	FP	TN

数据类型		样本大小
数据类型		训练数据集	测试数据集
正常		22448	2298
异常	DoS	15309	2073
	Probe	3901	1367
	R2L	332	1558
	U2R	42	122
总计		42032	7418