基于联邦学习的自适应网络攻击分析方法研究  被引量：1

作　　者：康海燕[1] 张聪明 Kang Haiyan;Zhang Congming(School of Information Management,Beijing Information Science and Technology University,Beijing 100192)

机构地区：[1]北京信息科技大学信息管理学院,北京100192

出　　处：《信息安全研究》2024年第12期1091-1099,共9页Journal of Information Security Research

基　　金：国家社会科学基金项目(21BTQ079);未来区块链与隐私计算高精尖中心基金项目(GJJ-23)。

摘　　要：为了高效安全地分析网络攻击行为问题,提出基于联邦学习的自适应网络攻击分析方法(adaptive network attack analysis method based on federated learning, NAA-FL),该方法可以在实现隐私保护的同时充分利用数据进行网络攻击分析.首先,提出一种基于DQN的低成本防御机制(动态选择参与方机制),作用在联邦学习模型参数共享、模型聚合过程中,为每一轮模型更新动态选择最佳参与方,减少局部模型在训练过程中表现不佳对全局模型的影响,同时降低通信开销时间,提高联邦学习效率.其次,设计一种自适应特征学习的网络入侵检测模型,能够根据不断变化的攻击特征进行智能学习和分析,以应对复杂的网络环境,有效降低特征选择的时空开销.最后,在公开数据集(NSL KDD)上进行对比实验,NAA-FL方法对攻击的检测准确率为98.9%,动态选择参与方机制提高服务器准确率4.48%,实验结果表明:该方法具有优良的鲁棒性和高效性.To analyze network attack behavior issues efficiently and securely,an adaptive network attack analysis method based on federated learning(NAAFL)is proposed.This approach can fully leverage data for network attack analysis while ensuring privacy protection..Firstly,a costeffective defense mechanism based on DQN(dynamic participant selection mechanism)is proposed to act in the process of federated learning model parameter sharing and model aggregation.It dynamically selects the best participants for each round of model updates,reducing the impact of poorly performing local models on the global model during training.It also reduces communication overhead time and improving the efficiency of federated learning.Secondly,an adaptive feature learning network intrusion detection model is designed,which is able to intelligently learn and analyze according to changing attack features to cope with complex network environments.It effectively reduces the time and space overhead of feature selection.Finally,comparative experiment is performed on a public data set(NSL KDD).The NAAFL method detects attacks with an accuracy of 98.9%.Dynamically selecting participants increases server accuracy by 4.48%.The experimental results show that the method has excellent robustness and efficiency.

关 键 词：网络安全 攻击分析 联邦学习 强化学习 入侵检测系统 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]