行业研究公司研究宏观策略财报招股书会议纪要稀土低空经济 DeepSeek AIGC 智能驾驶大模型

网络安全中的联邦学习：性能、鲁棒性与对抗性威胁

2025-06-01-美国国家公园管理局徐***

AI智能总结

本研报探讨了联邦学习（FL）在网络流量分类任务中的性能、鲁棒性和对抗威胁。研究发现，FL在二分类任务中与集中式学习方法性能相当，但在多分类任务中，尤其是在类别不平衡的情况下，表现较差。标签翻转攻击会保留整体准确率，但会降低少数类性能。研究人员提出了一种新的后门方法，在不改变标签的情况下嵌入特征级触发器，将宏观和加权F1分数降低了高达10%。该研究贡献了一个联邦模拟框架、模型比较和威胁评估，揭示了对改进指标、类别平衡和集成防御机制的需求，以增强FL的弹性。这些见解为FL在军事和联盟领域的未来部署提供了信息，在这些领域，数据敏感性、资源限制和操作安全仍然至关重要。研究使用了监督模型（随机森林、极端梯度提升和卷积神经网络（CNN））比较FL与使用IoT-23和NPS企业研究网络（ERN）数据集的集中式学习。结果表明，FL在二分类中与集中式学习性能相当，但在多分类任务中，尤其是在类别不平衡的情况下，表现较差。标签翻转攻击会保留整体准确率，但会降低少数类性能。研究人员提出了一种新的后门方法，在不改变标签的情况下嵌入特征级触发器，将宏观和加权F1分数降低了高达10%。该研究贡献了一个联邦模拟框架、模型比较和威胁评估，揭示了对改进指标、类别平衡和集成防御机制的需求，以增强FL的弹性。这些见解为FL在军事和联盟领域的未来部署提供了信息，在这些领域，数据敏感性、资源限制和操作安全仍然至关重要。研究评估了FL模型在数据投毒攻击下的鲁棒性，特别是标签翻转和后门注入，以评估它们对性能的影响。结果表明，标签翻转攻击会显著降低少数类的检测能力，而后门攻击会引入隐蔽的故障，不会显著影响整体准确率。研究结果表明，FL在二分类任务中可以实现与集中式学习方法相当的性能，但在多分类任务中，尤其是在类别不平衡的情况下，表现较差。标签翻转攻击会保留整体准确率，但会降低少数类性能。研究人员提出了一种新的后门方法，在不改变标签的情况下嵌入特征级触发器，将宏观和加权F1分数降低了高达10%。该研究贡献了一个联邦模拟框架、模型比较和威胁评估，揭示了对改进指标、类别平衡和集成防御机制的需求，以增强FL的弹性。这些见解为FL在军事和联盟领域的未来部署提供了信息，在这些领域，数据敏感性、资源限制和操作安全仍然至关重要。

Nkuako,KojoA. Monterey,CA;NavalPostgraduateSchool https://hdl.handle.net/10945/74155 ThispublicationisaworkoftheU.S.GovernmentasdefinedinTitle17,UnitedStatesCode,Section101.CopyrightprotectionisnotavailableforthisworkintheUnitedStates. DownloadedfromNPSArchive:Calhoun NAVALPOSTGRADUATESCHOOL MONTEREY,CALIFORNIA THESIS THISPAGEINTENTIONALLYLEFTBLANK THISPAGEINTENTIONALLYLEFTBLANK DistributionStatementA.Approvedforpublicrelease:Distributionisunlimited. FEDERATEDLEARNINGINCYBERSECURITY:PERFORMANCE,ROBUSTNESS,ANDADVERSARIALTHREATS KojoA.NkuakoLieutenant,UnitedStatesNavyBS,KwameNkrumahUniversityofScienceandTechnology,2009MS,SouthernIllinoisUniversity,Carbondale,2013 Submittedinpartialfulfillmentoftherequirementsforthedegreeof MASTEROFSCIENCEINCOMPUTERSCIENCE fromthe NAVALPOSTGRADUATESCHOOLJune2025 Approvedby:ArmonC.BartonAdvisor MarkoOrescaninSecondReader GeoffreyG.XieChair,DepartmentofComputerScience THISPAGEINTENTIONALLYLEFTBLANK ABSTRACT Modernmilitaryoperationsrequireresilient,privacy-preservingdataprocessingacrossdistributedsystems,wherecentralizedlearningoftenfailstomeetsecurityandoperationaldemands.Federated learning(FL)provides a decentralized solution byenablingmodel training without transferring raw data.This thesis evaluates FL’sperformance,robustness,and vulnerability to adversarial attacks in network trafficclassificationatthetacticaledge.Usingsupervisedmodels—randomforest,ExtremeGradientBoosting,andconvolutionalneuralnetworks(CNNs)—thisstudycomparesFLtocentralizedlearningusingInternetofThings(IoT)-23andNavalPostgraduateSchool(NPS)Enterprise Research Network(ERN)datasets.Results show FL matchescentralizedperformance in binary classification but struggles with multiclass tasks,particularlyunderclassimbalance.Labelflippingattackspreserveoverallaccuracywhiledegradingminority-class performance.A novel backdoor method is introduced,embeddingfeature-leveltriggerswithoutchanginglabels,reducingmacroandweightedF1scoresbyupto10%.Thisworkcontributesafederatedsimulationframework,modelcomparison,andthreatevaluation.Findingsrevealtheneedforimprovedmetrics,classbalancing,andintegrateddefensemechanismstoenhanceFLresilience.TheseinsightsinformfuturedeploymentofFLinmilitaryandcoalitiondomainswheredatasensitivity,resourceconstraints,andoperationalsecurityremainparamount. THISPAGEINTENTIONALLYLEFTBLANK TableofContents 1Introduction 123341.1Motivation...........................1.2ResearchQuestions.......................1.3Scope.............................1.4Contributions..........................1.5Organization.......................... 2Background5 572.1TrafficClassification.......................2.2FeatureSelection........................2.3SupervisedMachineLearningModels................2.4FederatedLearningArchitectures..................2.5FederatedLearningAggregatingAlgorithms.............2.6PublicandEnterpriseTrafficAnalysis................2.7AdversarialAttacksinFederatedLearning..............811141720 3Methodology25 25284042463.1EvaluationMetrics........................3.2DatasetandPreprocessing.....................3.3SystemArchitectureandExperimentalSetup.............3.4ModelImplementationandTrainingStrategy.............3.5PoisoningAttack........................ 4Results 5156874.1BinaryClassificationPerformance.................4.2MulticlassClassificationPerformance................4.3DataPoisoning......................... 5Discussion 97 vii 5.1KeyFindings..........................5.2InterpretationofResults.....................5.3ComparisonwithPriorWork....................5.4ImplicationsforFederatedLearninginCybersecurity..........9798101103 1071081106.1SummaryofFindings......................6.2Limitations...........................6.3FutureWork.......................... 121InitialDistributionList ListofFigures Figure2.1Figure2.2Figure2.3Trafficclassificationdecisiontree..................Centralizedlearningarchitecture..................Federatedlearningarchitecture...................91212Figure3.1Figure3.2Figure3.3Figure3.4Figure3.5Figure3.6Figure3.7Figure3.8Figure3.9Figure3.10Figure3.11Figure3.12Figure3.13Figure3.14Figure3.15Figure3.16Figure3.17Figure3.18Networkarchitecturewithdatacollectionpoints..........Flowsegmentationlogic......................Packet-levelfeaturebreakdown...................Burst-levelfeaturebreakdown....................Flowlabelhistogram(logscale)..................Flowlabeldistributionbyclient..................Scatterplotofunshuffledlabels...................Scatterplotofshuffledlabels....................Correlationmatrixofflowfeatures.................Featuredistribution:Benignversusmaliciousflows........Scattermatrixforflowfeatures...................Featureimportancedistribution(logscale).............Top20mostimportantfeatures...................Explainedvariancecurve......................F1-scoreheatmapforbinaryclassification.............F1-scoreheatmapformulticlassclassification...........Federatedlearningsetupwithoutpoisoning............Federatedlearn

点击免费查看完整报告