An Adaptive Network Attack Analysis Method Based on Federated Learning

Abstract

Abstract: To analyze network attack behavior issues efficiently and securely, an adaptive network attack analysis method based on federated learning (NAAFL) is proposed. This approach can fully leverage data for network attack analysis while ensuring privacy protection.. Firstly, a costeffective defense mechanism based on DQN (dynamic participant selection mechanism) is proposed to act in the process of federated learning model parameter sharing and model aggregation. It dynamically selects the best participants for each round of model updates, reducing the impact of poorly performing local models on the global model during training. It also reduces communication overhead time and improving the efficiency of federated learning. Secondly, an adaptive feature learning network intrusion detection model is designed, which is able to intelligently learn and analyze according to changing attack features to cope with complex network environments. It effectively reduces the time and space overhead of feature selection. Finally, comparative experiment is performed on a public data set (NSL KDD). The NAAFL method detects attacks with an accuracy of 98.9%. Dynamically selecting participants increases server accuracy by 4.48%. The experimental results show that the method has excellent robustness and efficiency.

Key words: network security, attack analysis, federated learning, RL, IDS

摘要： 为了高效安全地分析网络攻击行为问题，提出基于联邦学习的自适应网络攻击分析方法(adaptive network attack analysis method based on federated learning, NAAFL)，该方法可以在实现隐私保护的同时充分利用数据进行网络攻击分析.首先，提出一种基于DQN的低成本防御机制(动态选择参与方机制)，作用在联邦学习模型参数共享、模型聚合过程中，为每一轮模型更新动态选择最佳参与方，减少局部模型在训练过程中表现不佳对全局模型的影响，同时降低通信开销时间，提高联邦学习效率.其次，设计一种自适应特征学习的网络入侵检测模型，能够根据不断变化的攻击特征进行智能学习和分析，以应对复杂的网络环境，有效降低特征选择的时空开销.最后，在公开数据集(NSL KDD)上进行对比实验，NAAFL方法对攻击的检测准确率为98.9%，动态选择参与方机制提高服务器准确率4.48%，实验结果表明：该方法具有优良的鲁棒性和高效性.

关键词: 网络安全, 攻击分析, 联邦学习, 强化学习, 入侵检测系统

CLC Number:

TP393

康海燕, 张聪明, . 基于联邦学习的自适应网络攻击分析方法研究[J]. 信息安全研究, 2024, 10(12): 1091-.

References

［1］中国互联网络信息中心. 中国互联网络信息中心发布第52次《中国互联网络发展状况统计报告》［J］. 国家图书馆学刊, 2023, 32(5): 1313［2］央视新闻. 西北工业大学遭美国NSA网络攻击事件调查报告(之一)［EBOL］. (20220905) ［20230322］. https:www.weibo.comttarticlepshow?id=2309404810285897875629［3］Li Y, Ma R, Jiao R. A hybrid malicious code detection method based on deep learning［J］. International Journal of Security and Its Applications, 2015, 9(5): 205216［4］Kiran A, Prakash S W, Kumar B A, et al. Intrusion detection system using machine learning［C］ Proc of 2023 Int Conf on Computer Communication and Informatics (ICCCI). Piscataway, NJ: IEEE, 2023: 14［5］康海燕, 冀源蕊. 基于本地化差分隐私的联邦学习方法研究［J］. 通信学报, 2022, 43(10): 9410［6］马钰锡, 张全新, 谭毓安, 等. 面向智能攻击的行为预测研究［J］. 软件学报, 2021, 32(5): 15261546［7］高莹, 陈晓峰, 张一余, 等. 联邦学习系统攻击与防御技术研究综述［J］. 计算机学报, 2023, 46(9): 17811805［8］Zhang H, Zeng K, Lin S. Federated graph neural network for fast anomaly detection in controller area networks［J］. IEEE Trans on Information Forensics and Security, 2023, 18: 15661579［9］Huang X, Liu J, Lai Y, et al. EEFED: Personalized federated learning of execution & evaluation dual network for CPS intrusion detection［J］. IEEE Trans on Information Forensics and Security, 2022, 18: 4156［10］程显淘. 针对联邦学习的恶意客户端检测及防御方法［J］.信息安全研究, 2024, 10(2): 163169［11］Aldweesh A, Derhab A, Emam A Z. Deep learning approaches for anomalybased intrusion detection systems: A survey, taxonomy, and open issues［J］. KnowledgeBased Systems, 2020, 189: 105124105142［12］Agrawal S, Sarkar S, Aouedi O, et al. Federated learning for intrusion detection system: Concepts, challenges and future directions［J］. Computer Communications, 2022, 195: 346361［13］Jin D, Chen S, He H, et al. Federated incremental learning based evolvable intrusion detection system for zeroday attacks［J］. IEEE Network, 2023, 37(1): 125132［14］Zhang Z, Zhang Y, Guo D, et al. SecFedNIDS: Robust defense for poisoning attack against federated learningbased network intrusion detection system［J］. Future Generation Computer Systems, 2022, 134: 154169［15］Liao H J, Lin C H R, Lin Y C, et al. Intrusion detection system: A comprehensive review［J］. Journal of Network and Computer Applications, 2013, 36(1): 1624［16］Fan J, Wang Z, Xie Y, et al. A theoretical analysis of deep Qlearning［C］ Proc of the 2nd Conf on Learning for Dynamics and Control. New York: PMLR, 2020: 486489

[1]	. Encrypted Traffic Detection Technology for Multisession Coordinated #br# Attack Based on Deep Learning#br# [J]. Journal of Information Security Reserach, 2025, 11(1): 66-.
[2]	. A Poisoningresistant Verifiable Secure Federated Learning Scheme #br# in IoT Perception Environments#br# [J]. Journal of Information Security Reserach, 2024, 10(9): 804-.
[3]	. Network Traffic Measurement Based on Multilayer Sketch in SDN [J]. Journal of Information Security Reserach, 2024, 10(9): 840-.
[4]	. Research on Risk Analysis of Opensource Software Supply Chain Security [J]. Journal of Information Security Reserach, 2024, 10(9): 862-.
[5]	. A Cloud Edge Coordinated Federated Computing Method for Fault Detection in the Railway Signal System [J]. Journal of Information Security Reserach, 2024, 10(8): 753-.
[6]	. Federated Foundation Model Finetuning Based on Differential Privacy#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(7): 616-.
[7]	. Model of Intrusion Detection Based on Federated Learning and Convolutional Neural Network [J]. Journal of Information Security Reserach, 2024, 10(7): 642-.
[8]	. Research Advance and Challenges of Fuzzing Techniques [J]. Journal of Information Security Reserach, 2024, 10(7): 668-.
[9]	. Intelligent Fuzzy Testing Method Based on Sequence Generative Adversarial Networks [J]. Journal of Information Security Reserach, 2024, 10(6): 490-.
[10]	. A Secure and Efficient Method of Fully Anonymous Vertical Federated Learning [J]. Journal of Information Security Reserach, 2024, 10(6): 506-.
[11]	. Policy Environment and Key Elements of Realworld Data Trading in China: A Literature Review [J]. Journal of Information Security Reserach, 2024, 10(6): 548-.
[12]	. Design of Vulnerability Tracking and Disposal Platform Based on Fine Management of Massive Assets [J]. Journal of Information Security Reserach, 2024, 10(6): 568-.
[13]	. Research on Data Reuse Model of Classified Protection of Cybersecurity Based on Data Mining [J]. Journal of Information Security Reserach, 2024, 10(4): 353-.
[14]	. Research on Banking DAO Digital Security Operation System [J]. Journal of Information Security Reserach, 2024, 10(4): 360-.
[15]	. Analysis of Security Blind Area of Large LAN#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(4): 335-.