基于联邦学习的入侵检测机制研究

doi:10.3969/j.issn.1671-1122.2022.01.006

信息网络安全 ›› 2022, Vol. 22 ›› Issue (1): 46-54.doi: 10.3969/j.issn.1671-1122.2022.01.006

基于联邦学习的入侵检测机制研究

白宏鹏¹, 邓东旭², 许光全¹(), 周德祥³

1.天津大学智能与计算学部,天津 300350
2.中国电子系统技术有限公司,北京 100070
3.长城汽车股份有限公司,保定 071000

收稿日期:2021-09-16 出版日期:2022-01-10 发布日期:2022-02-16
通讯作者: 许光全 E-mail:losin@tju.edu.cn
作者简介:白宏鹏（1993—）,男,辽宁,博士研究生,主要研究方向为网络信息安全|邓东旭（1986—）,男,天津,高级工程师,博士,主要研究方向为密码学及应用|许光全（1979—）,男,湖南,教授,博士,主要研究方向为网络信息安全|周德祥（1992—）,男,天津,工程师,主要研究方向为整车控制器相关控制策略
基金资助:
国家自然科学基金(62172297);国家自然科学基金(61902276);国家重点研发计划(2019YFB2101700);四川省重点研发计划(2021YFSY0012)

Research on Intrusion Detection Mechanism Based on Federated Learning

BAI Hongpeng¹, DENG Dongxu², XU Guangquan¹(), ZHOU Dexiang³

1. College of Intelligence and Computing, Tianjin University, Tianjin 300350, China
2. China Electronic System Technology Co.,Ltd., Beijing 100070, China
3. Great Wall Motor Company Limited, Baoding 071000, China

Received:2021-09-16 Online:2022-01-10 Published:2022-02-16
Contact: XU Guangquan E-mail:losin@tju.edu.cn

摘要/Abstract

摘要：

大数据时代的到来使得数据成为社会发展的重要战略资源。然而随着网络环境日趋复杂化,隐私泄露和恶意攻击事件层出不穷。联邦学习作为一种新型数据共享模型,能够在保护数据隐私的前提下进行数据共享,有效解决了传统入侵检测模型的弊端。文章首先介绍了联邦学习及入侵检测模型的构成及特点,提出了基于联邦学习的入侵检测机制,并深入分析了该检测机制在检测准确率及效率上有效提升的可行性。通过对模型进行需求分析和设计,并以函数编程进行模拟仿真实验,实现原型系统开发。实验表明联邦学习机制能够在保证参与客户端数据隐私安全的前提下实现多方攻击行为日志的共享。多组控制变量的对照实验表明,基于联邦学习的入侵检测机制在检测准确率及效率上得到明显改善。

关键词: 联邦学习, 恶意攻击, 入侵检测, 网络安全

Abstract:

With the advent of the era of big data, data has become an important strategic resource for social development. However, with the increasing complexity of the network environment, privacy leakage and malicious attacks emerge in an endless stream. As a new data sharing model, federated learning can share data on the premise of protecting data privacy. In particular, it can effectively solve the shortcomings of traditional intrusion detection model. Therefore, this paper proposed an intrusion detection mechanism based on federated learning. This paper first introduced the structure and characteristics of federated learning and intrusion detection model, And deeply analyzed the feasibility of intrusion detection mechanism based on federated learning to effectively improve the detection accuracy and efficiency. The prototype system was developed through the requirement analysis and design of the model, and the simulation experimented with function programming. It is found that the federated learning mechanism can realize the sharing of multi-party attack logs on the premise of ensuring the data privacy security of participating clients. At the same time, through the control experiments of multiple groups of control variables, it is proved that the intrusion detection mechanism based on federated learning has significantly improved the detection accuracy and efficiency.

Key words: federated learning, malicious attacks, intrusion detection, network security

中图分类号:

TP309

白宏鹏, 邓东旭, 许光全, 周德祥. 基于联邦学习的入侵检测机制研究[J]. 信息网络安全, 2022, 22(1): 46-54.

BAI Hongpeng, DENG Dongxu, XU Guangquan, ZHOU Dexiang. Research on Intrusion Detection Mechanism Based on Federated Learning[J]. Netinfo Security, 2022, 22(1): 46-54.

图/表 14

图1

图2

图3

图4

图5

图6

表1

图7

表2

图8

表3

图9

表4

图10

参考文献 16

[1]	MA Aiping. AI Training Meets Privacy Problem Federal Learning Opens up Data Island in This Way[N]. Science and Technology Daily, 2019-11-19(5).
	马爱平. AI训练遇隐私难题联邦学习这样打通数据孤岛[N]. 科技日报, 2019-11-19(5).
[2]	WANG Yakun. Survey of Federated Learning Technology for Data Sharing and Exchange[J]. Unmanned Systems Technology, 2019, 2(6):58-62.
	王亚珅. 面向数据共享交换的联邦学习技术发展综述[J]. 无人系统技术, 2019, 2(6):58-62.
[3]	WANG Rong, MA Chunguang, WU Peng. Intrusion Detection Method Based on Federal Learning and Convolutional Neural Network[J]. Netinfo Security, 2020, 20(4):47-54.
	王蓉, 马春光, 武朋. 基于联邦学习和卷积神经网络的入侵检测方法[J]. 信息网络安全, 2020, 20(4):47-54.
[4]	YANG Qiang. Federal Learning: the Last Mile of AI[EB/OL]. http://kns.cnki.net/kcms/detail/23.1538.tp.20200317.1133.002.html, 2020-05-20.
	杨强. 联邦学习:人工智能的最后一公里[EB/OL]. http://kns.cnki.net/kcms/detail/23.1538.tp.20200317.1133.002.html, 2020-05-20.
[5]	PAN Biying, QIU Haihua, ZHANG Jialun. Research on Federated Machine Learning with Different Data Distribution[C]// TD Industry Association. Proceedings of 5G Network Innovation Seminar (2019), August 15, 2019, Beijing, China. Beijing: Mobile Communications, 2019: 271-276.
[6]	PAN Rusheng, HAN Dongming, PAN Jiacheng, et al. Visualization of Federated Learning: Challenges and Framework[J]. Journal of Computer-aided Design & Computer Graphics, 2020, 32(4):513-519.
	潘如晟, 韩东明, 潘嘉铖, 等. 联邦学习可视化:挑战与框架[J]. 计算机辅助设计与图形学学报, 2020, 32(4):513-519.
[7]	HUANG Zhenhao. Design and Implementation of Network Intrusion Detection[J]. Bulletin of Science and Technology, 2019, 35(12):82-86.
	黄振昊. 网络入侵检测的设计和实现方案[J]. 科技通报, 2019, 35(12):82-86.
[8]	WANG Yan. Design of Network Intrusion Data Detection System Based on Big Data Analysis[J]. Computer Knowledge and Technology, 2019, 15(19):56-58.
	王岩. 基于大数据分析的网络入侵数据检测系统设计[J]. 电脑知识与技术, 2019, 15(19):56-58.
[9]	ZHANG Weihua. Design and Development of Network Intrusion Testing System[J]. Network Security Technology & Application, 2020, 20(1):11-14.
	张卫华. 网络入侵测试系统的设计与开发[J]. 网络安全技术与应用, 2020, 20(1):11-14.
[10]	HU Jian, SU Yongdong, LI Chao, et al. Research on Intrusion Detection System Based on Machine Learning[J]. Information & communication, 2019, 26(11):163-164.
	胡健, 苏永东, 李超, 等. 基于机器学习的入侵检测系统探究[J]. 信息通信, 2019, 26(11):163-164.
[11]	YANG Qiang, LIU Yang, CHEN Tianjian, et al. Federated Machine Learning: Concept and Applications[J]. ACM Transactions on Intelligent Systems and Technology (TIST), 2019, 10(2):1-19.
[12]	CHAUHAN H, KUMAR V, PUNDIR S, et al. A Comparative Study of Classification Techniques for Intrusion Detection[C]// IEEE. 2013 International Symposium on Computational and Business Intelligence,August 24-26,2013,New Delhi, India. New York: IEEE, 2013: 40-43.
[13]	MULAY S A, DEVALE P R, GARJE G V. Intrusion Detection System Using Support Vector Machine and Decision Tree[J]. International Journal of Computer Applications, 2010, 3(3):40-43. doi: 10.5120/ijca URL
[14]	MCMAHAN H B, MOORE E, RAMAGE D, et al. Federated Learning of Deep Networks Using Model Averaging[EB/OL]. https://arxiv.org/pdf/1602.05629v1.pdf, 2016-02-17.
[15]	GUO Chuxu, SHI Yong, XUE Zhi. Port Scan Intrusion Detection Based on Machine Learning[J]. Communications Technology, 2020, 53(2):421-426.
	郭楚栩, 施勇, 薛质. 基于机器学习的端口扫描入侵检测[J]. 通信技术, 2020, 53(2):421-426.
[16]	YANG Dongxiao, XIONG Ying, CHE Bichen. Network Intrusion Detection and Prevention[M]. Beijing: Tsinghua University Press, 2020.
	杨东晓, 熊瑛, 车碧琛. 入侵检测与入侵防御[M]. 北京: 清华大学出版社, 2020.

	攻击次数/次	攻击类型/种
基于传统的IDS	100	100→1000
基于联邦学习的IDS	100	100→1000

	攻击次数/次	攻击类型/种
基于传统的IDS	100→1000	100
基于联邦学习的IDS	100→1000	100

	攻击次数/次	攻击类型/种
基于传统的IDS	500→5000	100
基于联邦学习的IDS	500→5000	100

基于联邦学习的入侵检测机制研究

Research on Intrusion Detection Mechanism Based on Federated Learning

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 14

参考文献 16

相关文章 15

编辑推荐

Metrics

本文评价

[1]	刘忻, 王家寅, 杨浩睿, 张瑞生. 一种基于区块链和secGear框架的车联网认证协议[J]. 信息网络安全, 2022, 22(1): 27-36.
[2]	徐硕, 张睿, 夏辉. 基于数据属性修改的联邦学习隐私保护策略[J]. 信息网络安全, 2022, 22(1): 55-63.
[3]	何红艳, 黄国言, 张炳, 贾大苗. 基于极限树特征递归消除和LightGBM的异常检测模型[J]. 信息网络安全, 2022, 22(1): 64-71.
[4]	刘烁, 张兴兰. 基于双重注意力的入侵检测系统[J]. 信息网络安全, 2022, 22(1): 80-86.
[5]	顾兆军, 姚峰, 丁磊, 隋翯. 基于半实物的机场供油自控系统网络安全测试[J]. 信息网络安全, 2021, 21(9): 16-24.
[6]	路宏琳, 王利明, 杨婧. 一种新的参数掩盖联邦学习隐私保护方案[J]. 信息网络安全, 2021, 21(8): 26-34.
[7]	李群, 董佳涵, 关志涛, 王超. 一种基于聚类分类的物联网恶意攻击检测方法[J]. 信息网络安全, 2021, 21(8): 82-90.
[8]	任涛, 金若辰, 罗咏梅. 融合区块链与联邦学习的网络入侵检测算法[J]. 信息网络安全, 2021, 21(7): 27-34.
[9]	蔡满春, 王腾飞, 岳婷, 芦天亮. 基于ARF的Tor网站指纹识别技术[J]. 信息网络安全, 2021, 21(4): 39-48.
[10]	路宏琳, 王利明. 面向用户的支持用户掉线的联邦学习数据隐私保护方法[J]. 信息网络安全, 2021, 21(3): 64-71.
[11]	杜晔, 王子萌, 黎妹红. 基于优化核极限学习机的工控入侵检测方法[J]. 信息网络安全, 2021, 21(2): 1-9.
[12]	王华忠, 程奇. 基于改进鲸鱼算法的工控系统入侵检测研究[J]. 信息网络安全, 2021, 21(2): 53-60.
[13]	赵小林, 赵斌, 赵晶晶, 薛静锋. 基于攻击识别的网络安全度量方法研究[J]. 信息网络安全, 2021, 21(11): 17-27.
[14]	吴佳明, 熊焰, 黄文超, 武建双. 一种基于距离导向的模糊测试变异方法[J]. 信息网络安全, 2021, 21(10): 63-68.
[15]	金志刚, 王新建, 李根, 岳顺民. 融合攻击图和博弈模型的网络防御策略生成方法[J]. 信息网络安全, 2021, 21(1): 1-9.