| 引用本文: | 金志刚,丁禹,武晓栋,陈旭阳.隐私增强的安全联邦入侵检测方法[J].哈尔滨工业大学学报,2026,58(5):25.DOI:10.11918/202504085 |
| JIN Zhigang,DING Yu,WU Xiaodong,CHEN Xuyang.A privacy-enhanced secure federated intrusion detection method[J].Journal of Harbin Institute of Technology,2026,58(5):25.DOI:10.11918/202504085 |
|
| 摘要: |
| 入侵检测系统(intrusion detection system,IDS)面临着生成式模型逆向攻击的安全考验,而对于联邦式IDS,联邦GAN(generated adversarial network)攻击是其极为典型的数据安全威胁。为提升联邦式IDS的数据隐私安全,本研究提出通用的隐私增强的安全联邦入侵检测方法(privacy-enhanced federated intrusion detection,PEFID),并在多样化的攻防对抗仿真中验证其性能。PEFID从特征层面和模型层面共同增强数据隐私。在特征层面,提出改进的自适应隐私增强模块调整表征学习的泛化程度,权衡隐私保护与任务学习。此外,向中间层隐变量注入可控扰动,进一步弱化梯度的可追踪性。在模型层面,提出结合预测置信度的标签平滑策略以应对标签反转。各节点可根据预测置信度个性化调整软标签值,赋予受害者数据更加宽容的软标签值以阻止攻击深入。CICIDS2018和UNSW-NB15数据集上的验证实验表明:在多种网络场景中,PEFID均可有效防御联邦GAN攻击;与其他防御方案相比,PEFID能够在可控的时间复杂度下实现隐私与性能间的平衡;即使在单点防御失效时,PEFID仍能够保持优秀的防御效用。本文所提方法兼具通用性与轻量化,可适配于现有的联邦式入侵检测系统,以极小的性能代价显著增强数据隐私。 |
| 关键词: 入侵检测系统 联邦学习 深度学习 模型逆向攻击 隐私保护 |
| DOI:10.11918/202504085 |
| 分类号:TP393.08 |
| 文献标识码:A |
| 基金项目:国家自然科学基金(52471364) |
|
| A privacy-enhanced secure federated intrusion detection method |
|
JIN Zhigang1,DING Yu1,WU Xiaodong2,3,CHEN Xuyang1
|
|
(1.School of Electrical and Information Engineering, Tianjin University, Tianjin 300072, China; 2.School of Renewable Energy, Inner Mongolia University of Technology, Ordos 017010, China; 3.Inner Mongolia Key Laboratory of New Energy and Energy Storage Technology, Hohhot 010051, China)
|
| Abstract: |
| Intrusion detection systems (IDS) face security challenges of generative model inversion attacks. And Federated GAN Attacks are the particularly characteristic data security threat to federated IDS. To improve data privacy in federated IDS, a universal privacy-enhanced federated intrusion detection (PEFID) method is proposed and is validated in diverse attack-defense simulation scenarios. PEFID jointly enhances data privacy at both the feature level and the model level. From the feature level, an improved adaptive privacy enhancing module is proposed to adaptively adjust the regularization degree of representation learning to balance privacy protection and task learning. Besides, controllable perturbations are injected into the hidden variables to further degrade the traceability of the gradient. From the model level, a label smoothing strategy combined with prediction confidence is proposed to deal with label inversion. Each client can individually adjust the soft label value according to the prediction confidence, assigning victim data a more lenient soft label value to mitigate the consistent attack. Experimental results on the CICIDS2018 and UNSW-NB15 datasets show that PEFID can effectively resist federated GAN attacks in various network scenarios. Compared with other methods, PEFID can better balance privacy and performance with controllable time complexity. It can still maintain superior defensive efficacy even in the case of single point penetration. The proposed method is both universal and lightweight, which can be adapted to existing federated IDS to significantly enhance data privacy with minimal performance cost. |
| Key words: intrusion detection system federated learning deep learning model inversion attack privacy protection |
