A Poisoningresistant Verifiable Secure Federated Learning Scheme #br#
in IoT Perception Environments#br#

Journal of Information Security Reserach ›› 2024, Vol. 10 ›› Issue (9): 804-.

Previous Articles Next Articles

A Poisoningresistant Verifiable Secure Federated Learning Scheme #br# in IoT Perception Environments#br#

Han Gang1,2, Ma Weiran1,2, Zhang Yinghui1, Liu Wei1, and Sheng Liling1

1(School of Cyberspace Security, Xi ’an University of Posts and Telecommunications, Xi ’an 710121 )
2(State Key Laboratory of Integrated Services Networks (Xidian University), Xi’an 710126 )

Online:2024-09-25 Published:2024-09-29

物联网感知环境中抗投毒可验证安全联邦学习方案

韩刚1,2马炜燃1,2张应辉1 刘伟1盛丽玲1

1(西安邮电大学网络空间安全学院西安710121)
2(空天地一体化综合业务网全国重点实验室(西安电子科技大学)西安710126)

通讯作者: 马炜燃硕士研究生.主要研究方向为安全联邦学习. maweiran99@163.com
作者简介:韩刚博士，副教授.主要研究方向为区块链技术、数据安全共享、访问控制. hangang668866@163.com 马炜燃硕士研究生.主要研究方向为安全联邦学习. maweiran99@163.com 张应辉博士，教授.主要研究方向为区块链和机器学习中的安全与隐私保护. yhzhaang@163.com 刘伟博士研究生.主要研究方向为安全联邦学习. weiliuxupt@163.com 盛丽玲主要研究方向为隐私保护. 13299066231@163.com

Abstract

Abstract: To address the issue of model poisoning during predictive model training in the IoT intelligent sensing phase, this study proposes an antipoisoning attack scheme with verification capabilities. The scheme employs a cosine similarity clustering mechanism and a filtering strategy as a trusted thirdparty detection algorithm, integrating homomorphic encryption for authentication. Additionally, lightweight data encryption is used to protect the privacy of local model data. The Shamir Secret Sharing algorithm ensures robustness in model training against users dropout. By introducing a trusted third party, the scheme effectively detects and prevents dishonest users or attackers from compromising the accuracy of federated learning models. Simulation results demonstrate that the scheme can accurately detect model data involved in training while ensuring the security of users’ local model data and handling large volumes of heterogeneous data in IoT intelligent sensing environments.

Key words: federated learning, poisoning attack, IoT intelligent perception, privacy protection, homomorphic encryption

摘要： 针对物联网智能感知阶段中预测模型训练的模型投毒问题，提出了一种具备验证功能的抗投毒攻击方案.该方案采用余弦相似度聚类机制和过滤策略作为可信第三方检测算法，并融合同态加密技术实现认证，同时通过轻量级数据加密以保护本地模型数据的隐私.此外，采用Shamir秘密共享算法保障了针对用户退出问题的模型训练的鲁棒性.通过引入可信第三方，该方案能够有效检测并防止不诚实用户或攻击者对联邦学习模型精度的影响.仿真实验结果表明，该方案能够在保障用户本地模型数据安全的前提下，对参与训练的模型数据进行高精度的检测，并能够处理物联网智能感知环境下的大量异构数据.

关键词: 联邦学习, 投毒攻击, 物联网智能感知, 隐私保护, 同态加密

CLC Number:

TP183

韩刚, 马炜燃, 张应辉, 刘伟, 盛丽玲, . 物联网感知环境中抗投毒可验证安全联邦学习方案[J]. 信息安全研究, 2024, 10(9): 804-.

References

［1］Bonawitz K, Ivanov V, Kreuter B, et al. Practical secure aggregation for privacypreserving machine learning［C］ Proc of the 2017 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2017: 11751191［2］Xu Guowen, Li Hongwei, Liu Sen, et al. VerifyNet: Secure and verifiable federated learning［J］. IEEE Trans on Information Forensics and Security, 2020, 15(3): 911926［3］Nguyen T D, Rieger P, Miettinen M, et al. Poisoning attacks on federated learningbased IoT intrusion detection system［C］ Proc of the Workshop on Decentralized IoT Systems and Security (DISS). San Diego, CA: Internet Society, 2020: 79［4］Xiao Xiong, Tang Zhuo, Li Chuanying, et al. SCA: Sybilbased collusion attacks of IIoT data poisoning in federated learning［J］. IEEE Trans on Industrial Informatics, 2023, 19(3): 26082618［5］Shejwalkar V, Houmansadr A. Manipulating the Byzantine: Optimizing model poisoning attacks and defenses for federated learning［C］ Proc of the Network and Distributed System Security Symp (NDSS). San Diego, CA: NDSS, 2021［6］Cao Xiaoyu, Fang Minghong, Liu Jia, et al. FLTrust: Byzantinerobust federated learning via trust bootstrapping［J］. arXiv preprint, arXiv:2012.13995, 2020［7］Cao Xiaoyu, Zhang Zaixi, Jia Jinyuan, et al. FLCert: Provably secure federated learning against poisoning attacks［J］. IEEE Trans on Information Forensics and Security, 2022, 17: 36913705［8］Gupta H, Pareek P, Arora A, et al. FedTrace: An efficient model for tracing back data poisoning attacks in federated learning［C］ Proc of the 2023 IEEE Int Carnahan Conf on Security Technology (ICCST). Piscataway, NJ: IEEE, 2023: 16［9］Sharma A, Chen W, Zhao J, et al. FLAIR: Defense against model poisoning attack in federated learning［C］ Proc of the 2023 ACM Asia Conf on Computer and Communications Security. New York: ACM, 2023: 553566［10］Zhou Jun, Wu Nan, Wang Yisong, et al. A differentially private federated learning model against poisoning attacks in edge computing［J］. IEEE Trans on Dependable and Secure Computing, 2022, 20(3): 19411958［11］Shi Siping, Hu Chuang, Wang Dan, et al. Federated anomaly analytics for local model poisoning attack［J］. IEEE Journal on Selected Areas in Communications, 2022, 40(2): 596610［12］刘晓迁, 许飞, 马卓, 等. 联邦学习中的隐私保护技术研究［J］. 信息安全研究, 2024, 10(3): 194201［13］程显淘. 针对联邦学习的恶意客户端检测及防御方法［J］. 信息安全研究, 2024, 10(2): 163169

[1]	. An Efficient Encrypted Database System Solution Based on Fully Homomorphic Encryption [J]. Journal of Information Security Reserach, 2024, 10(9): 811-.
[2]	. A Differential Privacy Text Desensitization Method for Enhancing Semantic Consistency [J]. Journal of Information Security Reserach, 2024, 10(8): 706-.
[3]	. A Cloud Edge Coordinated Federated Computing Method for Fault Detection in the Railway Signal System [J]. Journal of Information Security Reserach, 2024, 10(8): 753-.
[4]	. A Review of GPU Acceleration Technology for Deep Learning in Plaintext and Private Computing Environments [J]. Journal of Information Security Reserach, 2024, 10(7): 586-.
[5]	. Federated Foundation Model Finetuning Based on Differential Privacy#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(7): 616-.
[6]	. Multiuser Searchable Symmetric Encryption Scheme Based on Elliptic Curve Encryption [J]. Journal of Information Security Reserach, 2024, 10(7): 624-.
[7]	. Model of Intrusion Detection Based on Federated Learning and Convolutional Neural Network [J]. Journal of Information Security Reserach, 2024, 10(7): 642-.
[8]	. A Secure and Efficient Method of Fully Anonymous Vertical Federated Learning [J]. Journal of Information Security Reserach, 2024, 10(6): 506-.
[9]	. Homomorphic Encryption Scheme Based on Commercial Cryptography SM9#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(6): 513-.
[10]	. Multi-party Shuffling Protocol Based on Elastic Secret Sharing [J]. Journal of Information Security Reserach, 2024, 10(4): 347-.
[11]	. Research on Privacy Protection Technology in Federated Learning [J]. Journal of Information Security Reserach, 2024, 10(3): 194-.
[12]	. Malicious Client Detection and Defense Method for Federated Learning [J]. Journal of Information Security Reserach, 2024, 10(2): 163-.
[13]	. Practical Dilemmas and Response Paths for Personal Information Protection Policy of APPs [J]. Journal of Information Security Reserach, 2024, 10(2): 177-.
[14]	. Design of SDP Trust Evaluation Model Based on Federated Learning [J]. Journal of Information Security Reserach, 2024, 10(10): 903-.
[15]	. A Paillier Optimization Algorithm Combining Multiple Prime Numbers and Public Modules#br# [J]. Journal of Information Security Reserach, 2024, 10(10): 952-.

A Poisoningresistant Verifiable Secure Federated Learning Scheme #br# in IoT Perception Environments#br#

物联网感知环境中抗投毒可验证安全联邦学习方案

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics