CN112770291A - Distributed intrusion detection method and system based on federal learning and trust evaluation - Google Patents
Distributed intrusion detection method and system based on federal learning and trust evaluation Download PDFInfo
- Publication number
- CN112770291A CN112770291A CN202110046755.5A CN202110046755A CN112770291A CN 112770291 A CN112770291 A CN 112770291A CN 202110046755 A CN202110046755 A CN 202110046755A CN 112770291 A CN112770291 A CN 112770291A
- Authority
- CN
- China
- Prior art keywords
- model
- edge
- vehicle
- rsu
- intrusion detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/44—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02T—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
- Y02T10/00—Road transport of goods or passengers
- Y02T10/10—Internal combustion engine [ICE] based vehicles
- Y02T10/40—Engine management systems
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Evolutionary Computation (AREA)
- Data Mining & Analysis (AREA)
- Medical Informatics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Artificial Intelligence (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Traffic Control Systems (AREA)
Abstract
The invention provides a distributed vehicle-mounted intrusion detection system and a method based on federal learning and trust evaluation, which comprises the following steps: designing a distributed intrusion detection system model based on federal learning; building and pre-training an intrusion detection model based on federal learning, and broadcasting and distributing a global model by a distributed aggregator; the edge vehicle trains an edge model based on the intrusion detection data of the edge vehicle; selecting edge representative nodes as cluster heads to complete the aggregation task of the edge model based on behavior evaluation; adding a mask to the model parameters and uploading the model parameters to an RSU; and performing trust evaluation on the RSU through the quality of the model aggregated by the RSU according to the model parameters uploaded by the RSU aggregation cluster head, so that a distributed aggregation node is stimulated to compete and aggregate a model with higher accuracy, and finally, the training model is stored based on the block chain principle to finish model sharing. The invention further creates a defense detection system suitable for automatically driving to resist network intrusion by adopting a safety evaluation mode of information safety.
Description
Technical Field
The invention relates to the safety field of an automatic driving technology and an advanced auxiliary driving technology, in particular to a distributed vehicle-mounted intrusion detection method and system based on federal learning and trust evaluation.
Background
In recent years, the market size of autonomous cars has gradually increased. Edge computing enables efficient multi-party interconnection. V2X also lays a foundation for constructing intelligent cities and intelligent traffic with automatic driving assistance function. The development of 5G can greatly improve the efficiency of edge calculation and accelerate the training of the edge intelligent machine learning model. The V2X communication needs to be established on the safe channel between different devices, and besides, the cooperative relationship and information sharing among a plurality of vehicles must be established in a safe environment. At present, with the development of automatic driving, privacy protection plays an increasingly important role in the field of intelligent transportation. A network of vehicles built from interconnected vehicles and traffic infrastructure is subject to a variety of intrusion attacks. In order to improve the defense capability of vehicle entities, vehicle-mounted intrusion detection has been increasingly focused in the field of automatic driving security.
With the rapid development of deep learning, the detection accuracy of various intrusion detection systems is gradually improved. Traditional machine learning algorithms (e.g., SVM, decision tree, random forest) and various deep neural networks (e.g., CNN, RNN, GAN) based on deep learning have been widely used in the field of intrusion detection and achieve good performance. Among various machine learning algorithms, deep neural networks are attractive. However, intrusion detection systems based on deep learning require the device to have powerful computing power and when the model on the device is more complex, the training process can be time consuming. This centralized training task concentrates the computational burden on the central device and is also more vulnerable to cyber attacks.
The intrusion detection scheme based on the federal learning provided by the invention solves the centralization problem of the model aggregator under the traditional federal learning by using the distributed federal learning. Federal learning is used as a cooperative distributed machine learning method, and the privacy protection problem of training data can be effectively solved. The federal study is provided to share the model training pressure of a single central server, directly send the model training process of the AI algorithm to a plurality of dispersed user equipment for carrying out, and finally carry out the aggregation and dispersion pre-training model on the central server. Multiple users can learn a shared pre-trained predictive model in a collaborative manner, solving data privacy problems to some extent, protecting the user's raw data on their own device, since the user's data never leaves the user's device.
Disclosure of Invention
Based on the above, the invention provides a distributed vehicle-mounted intrusion detection system and method based on federal learning and trust evaluation, and a collaborative distributed intrusion detection model is established by combining decentralized storage and decentralized trust of a block chain. Traditional federally learned model aggregation tasks are completed by a central cloud server. The central server first collects the edge model updates (e.g., weights, gradients) and then uses them to implement global model aggregation. In contrast to the traditional aggregation approach, in distributed federal learning, the roadside units RSUs play the role of model aggregation servers in the vehicle network. After model aggregation, the key issue is how to perform model storage and secure sharing. In order to prevent the model trained by the single roadside unit RSU from being attacked and maliciously tampered, a blockchain can be used to solve the centralized storage and sharing problem.
First, a single roadside unit RSU is vulnerable to external network attacks. In order to improve the expandability of the roadside units RSU, a plurality of roadside units RSU can commonly maintain an intrusion detection model block chain so as to achieve the tamper resistance of the aggregation model and fulfill the aims of safe storage and sharing of the model. And the RSUs perform consistent writing and storage of the block chain blocks based on a consensus mechanism of a trust drive. The RSU with the high aggregation model accuracy serves as a miner and is responsible for writing the aggregation model information of the miner into a new block of the block chain, meanwhile, the trust value of the corresponding miner is increased, and the RSU is promoted to compete and train a machine learning model with higher accuracy through the trust incentive mechanism. Due to the characteristics of disclosure and tamper resistance of the block chains, a plurality of RSUs can jointly maintain and access the same block chain, and the trust value of the RSUs is reduced due to the action of tampering the block chain at will, so that the safe sharing of the model is realized.
The system comprises an upper aggregation server, namely a roadside unit RSU, a lower common edge vehicle and a cluster head representative vehicle. The system of the invention is based on a two-stage architecture, in the first stage, as shown by the downloaded model in fig. 2, a vehicle driving to the roadside unit RSU area within a certain period of time can obtain a pre-trained intrusion detection network model from the roadside unit RSU, and use the new network data for further training and updating based on the existing model. In the second phase, each vehicle uploads the preliminary trained edge models to the roadside units RSU, as shown in the upload model of fig. 2. The roadside unit RSU may aggregate network models of multiple vehicles for aggregate training and obtain a final global network model. The multiple roadside units RSU execute the operation at the same time, an IDS model block chain is maintained together, and a new aggregation machine learning model is stored in the block chain in each round, so that the machine learning model is updated regularly and prevented from being tampered, and the timeliness, the safety and the traceability of the model are ensured.
Based on the system, the invention also provides a distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation, which comprises the following steps:
step 1: analyzing a traditional intrusion detection system, and designing a distributed vehicle-mounted intrusion detection system model based on federal learning;
step 2: building and pre-training an intrusion detection model based on federal learning, and broadcasting and distributing a global model by using a roadside unit RSU as a distributed aggregation server;
and step 3: the edge vehicle trains an edge model based on the received global model and self intrusion detection data;
and 4, step 4: selecting edge representative nodes as cluster heads to complete the aggregation task of the edge model based on behavior evaluation, and comprising the following substeps:
step 4.1: in order to complete the aggregation of the edge models, each cluster needs to select a cluster head as a cluster head to aggregate the edge models of the cluster members, so that the uploading times to roadside units (RSUs) are reduced, and the communication efficiency is improved;
step 4.2: computing a performance assessment value c by performing behavior and performance assessment on a marginal vehiclekThe vehicle with the high evaluation value is selected as a cluster head to take charge of the aggregation and uploading tasks of the edge model;
step 4.3: the standard of performance evaluation is mainly determined by the accuracy of the training model of the edge carTime delay t of communication with upper-layer roadside unit RSUviSelf energy lossThe three aspects are formed;
and 5: adding a mask to the model parameters and uploading the model parameters to a roadside unit (RSU), wherein the method comprises the following substeps;
step 5.1: each cluster head continuously trains on the own data set according to the aggregated edge model by using a gradient descent algorithm until a loss function is converged;
step 5.2: the participant then weights its new model wiPlus the received sub-secret siAs a mask to the roadside units RSU;
Step 6: and carrying out trust evaluation on the roadside unit RSU according to the quality of the model aggregated by the roadside unit RSU by the model parameters uploaded by the roadside unit RSU aggregation cluster head, so that a distributed aggregation node is stimulated to compete and aggregate a model with higher accuracy, and finally, a training model is stored based on a block chain principle to finish model sharing.
In the step 1: the distributed vehicle-mounted intrusion detection system based on the federal learning comprises an upper aggregation server (namely a roadside unit (RSU)), a lower common edge vehicle and a cluster head representative vehicle. The system is mainly a two-stage intrusion detection architecture, a lower layer edge vehicle completes model training and aggregation tasks of an edge layer, then a cluster head represents that an edge aggregation model is added into a mask and then uploaded to an upper layer distributed aggregation server RSU, and then final model aggregation training is completed.
In the step 2: the mask noise adopts a Shamir secret sharing scheme, a plurality of vehicles send global models and sub-secret requests to the road side unit RSU, and the road side unit RSU dynamically adjusts the secret sharing threshold t according to the difference of the number of the vehicle requests received in different time periods. The threshold coefficient is used for controlling the adjustment of the t quantity, and the formula is as follows: where t denotes a threshold value, C is the total number of vehicle requests received by the roadside unit RSU, and α denotes a threshold coefficient. The roadside unit RSU distributes the global model weight parameters and the sub-secrets to the surrounding vehicles.
In the step 3: the edge vehicles train the edge model based on the intrusion detection data of the edge vehicles, and the edge vehicles receiving the global shared model can train the model based on the edge data of the edge vehicles.
In the step 4: in order to complete the cluster head selection work, the vehicles participating in the edge training need to be subjected to performance and behavior evaluation, and the evaluation is based on the minimum sum of energy consumption of each edge vehicle to the roadside units RSU.
In the step 4:
calculating the time consumption:is expressed asWherein, tviConsidered as the time delay from sending the model to the edge vehicle, bviIs considered network bandwidth and the ratio of the two is considered time consumption.
Calculating the accuracy ratio of the global model to the model trained by the global model:is expressed asWherein the content of the first and second substances,considered as the accuracy of the global model distributed by the roadside units RSU,is considered to be the accuracy of the model of the edge vehicle itself, and the ratio of the two is considered to be the degree of accuracy of the global model relative to the edge vehicle model.
Calculating the energy consumption of the vehicle:is expressed asWherein the content of the first and second substances,is considered to be the remaining energy of the vehicle,is considered as the initial energy of the vehicle, and the ratio of the two is the energy consumption of the vehicle.
In the step 4:
calculate the total consumption of edge cars: c. Ck. Most preferablyThe evaluation basis of the final energy consumption is as follows: wherein phi isiConsidered as a weight for a certain consumption,is the ratio of the accuracy of the global model to the accuracy of the self-training model,in order to be time-consuming,for the energy consumption of the vehicle, e is an exponential function, the sum of the three quantities being 1, i.e. + -1+φ2+φ31. Different metrics may be assigned different weights depending on their importance. For example, if the quality of the edge pre-training model is considered more important, the weight φ is increased1Wherein the parameter μ controls the degree of variation of the performance assessment.
In the step 5: after the cluster head is selected, the cluster head represents to prevent privacy disclosure of model parameters, a mask is added to the model parameters and then the model parameters are uploaded to a roadside unit (RSU), namely model parameter information wiJoining a sub-secret s received from a roadside unit RSUiAnd then uploaded to the roadside units RSU.
In the step 6: after each upper distributed aggregation server, namely a roadside unit RSU receives a plurality of edge models added with sub-secret masks, mask denoising is carried out in a sub-secret recombination mode to obtain mean value information of the modelsWherein, wiAs model parameter information, siFor the sub-secrets s is the secret value generated by the RSU initial construction, and is also the target value for the reconstruction of multiple sub-secrets, when newAt intermediate points, each roadside unit RSU can aggregate and train the global model thereof, so that the roadside units RSU compete with other roadside units RSUs with higher accuracy to complete consensus of the block chain, and the accuracy of the roadside unit RSU aggregate model is used as a measuring standard to evaluate the trust value of the block chain. The roadside unit RSU with higher accuracy obtains the accounting right of the block chain, so that the new model is stored in the block chain, and the block chain is subjected to tamper-proof and transparent storage so as to realize model sharing more safely.
The invention has the beneficial effects that: from the perspective of information security, the invention further creates a defense detection system suitable for automatic driving to resist network intrusion by adopting a security evaluation mode of information security. Constructing a two-stage intrusion detection system: training and aggregating edge layers of the vehicles at the edge of the edge layers based on the intrusion detection data of the vehicles; competitive training is carried out between the upper-layer roadside units RSU and the distributed roadside units RSU, and finally a high-accuracy model is shared, so that the intrusion prevention efficiency and the intrusion prevention capability of the roadside units RSU are improved to a certain extent. The invention combines distributed training of federal learning and distributed storage of a block chain, and provides a solution for improving the accuracy of an intrusion detection model and the security of an aggregation server based on a solution of trust evaluation, thereby improving the robustness and the accuracy of a vehicle-mounted intrusion detection system in an automatic driving system.
Compared with a centralized training mode, the distributed federated learning training architecture is mainly constructed, the problem of termination of the whole federated learning training caused by single-point failure of a central training node can be effectively solved, and distributed RSUs commonly maintain a block chain for storing a machine learning model, so that insecurity of illegal tampering caused by centralized storage of the model is avoided.
The invention completes model training by combining intrusion detection data in a deep learning training mode and completes safe storage of a training model by combining a block chain technology. The innovation technical improvement of the invention is mainly embodied in that a cooperative distributed federal learning framework is constructed, the problems of overweight centralized training load and unsafe centralized storage of a cloud server under the traditional federal learning are solved, the collected aggregation tasks of the edge model are replaced by a plurality of distributed RSUs on the edge level by the cloud server, and the problems of centralized training and storage of a machine learning model are solved.
Drawings
FIG. 1 is a flow chart of an intrusion detection model implementation of the present invention.
Fig. 2 is a specific architecture diagram of the intrusion detection model of the present invention.
Detailed Description
As shown in fig. 1, a distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation is divided into 6 steps,
step 1: analyzing a traditional intrusion detection system, and designing a distributed vehicle-mounted intrusion detection system model based on federal learning;
step 2: building and pre-training an intrusion detection model based on federal learning, and broadcasting and distributing a global model by using a roadside unit RSU as a distributed aggregation server;
and step 3: the edge vehicle trains an edge model based on the received global model and self intrusion detection data;
and 4, step 4: and selecting the edge representative nodes as cluster heads to complete the aggregation task of the edge model based on the behavior evaluation.
Step 4.1: in order to complete the aggregation of the edge models, each cluster needs to select a cluster head as a cluster head to aggregate the edge models of the cluster members, so that the uploading times to the roadside units RSU are reduced, and the communication efficiency is improved.
Step 4.2: computing a performance assessment value c by performing behavior and performance assessment on a marginal vehiclekAnd selecting the vehicle with high evaluation value as a cluster head to take charge of the aggregation and uploading task of the edge model.
Step 4.3: the standard of performance evaluation mainly comprises the accuracy of a training model of the edge car, the time delay of communication with an upper-layer roadside unit RSU and the energy loss of the edge car.
And 5: and adding a mask to the model parameters and uploading the model parameters to a roadside unit RSU.
Step 5.1: each cluster head continues to train on its own data set according to the aggregated edge model using a gradient descent algorithm until the loss function converges.
Step 5.2: the participant then weights its new model wiPlus the received sub-secret siAs a mask to the roadside units RSU.
Step 6: and carrying out trust evaluation on the roadside unit RSU according to the quality of the model aggregated by the roadside unit RSU by the model parameters uploaded by the roadside unit RSU aggregation cluster head, so that a distributed aggregation node is stimulated to compete and aggregate a model with higher accuracy, and finally, a training model is stored based on a block chain principle to finish model sharing.
As shown in fig. 2, in step 1, the present invention: the distributed vehicle-mounted intrusion detection system comprises an upper layer aggregation server, namely a roadside unit RSU, and a lower layer common edge vehicle and a cluster head represent vehicles. The system is mainly a two-stage intrusion detection architecture, a lower layer edge vehicle completes model training and aggregation tasks of an edge layer, then a cluster head represents that an edge aggregation model is added into a mask and then uploaded to an upper layer distributed aggregation server, and finally aggregation training of the model is completed.
Shown in fig. 2, step 2: the mask noise adopts a Shamir secret sharing scheme, a plurality of vehicles send global models and sub-secret requests to the road side unit RSU, and the road side unit RSU dynamically adjusts the secret sharing threshold t according to the difference of the number of the vehicle requests received in different time periods. The threshold coefficient is used to control the number of adjustments t, and the formula is: where t denotes a threshold value, C is the total number of vehicle requests received by the roadside units RSU, and α denotes a threshold coefficient. The roadside unit RSU distributes the global model weight parameters and the sub-secrets to the surrounding vehicles.
Shown in fig. 2, in step 3: the edge vehicles train the edge model based on the intrusion detection data of the edge vehicles, and the edge vehicles receiving the global shared model can train the model based on the edge data of the edge vehicles.
Shown in fig. 2, step 4: in order to complete the cluster head selection work, the vehicles participating in the edge training need to be subjected to performance and behavior evaluation, and the evaluation is based on the minimum sum of energy consumption of each edge vehicle to the roadside units RSU.
Calculating the time consumption:is expressed asWherein, tviConsidered as the time delay from sending the model to the edge vehicle, bviIs considered network bandwidth and the ratio of the two is considered time consumption.
Calculating the accuracy ratio of the global model to the model trained by the global model:is expressed asWherein the content of the first and second substances,considered as the accuracy of the global model distributed by the roadside units RSU,is considered to be the accuracy of the model of the edge vehicle itself, and the ratio of the two is considered to be the degree of accuracy of the global model relative to the edge vehicle model.
Calculating the energy consumption of the vehicle:is expressed asWherein the content of the first and second substances,is considered to be the remaining energy of the vehicle,is considered the initial energy of the vehicle, the ratio of which to the energy consumption of the vehicle.
Calculate the total consumption of edge cars: c. Ck. The evaluation basis of the final energy consumption is as follows: wherein phi isiConsidering a weight for a certain consumption, the sum of the three quantities is 1, i.e. + -1+φ2+φ31. Different metrics may be assigned different weights depending on their importance. For example, if the quality of the edge pre-training model is considered more important, the weight φ is increased1Wherein the parameter μ controls the degree of variation of the performance assessment.
Shown in fig. 2, step 5: after the cluster head is selected, the cluster head represents to prevent privacy disclosure of model parameters, and after a mask is added to the model parameters, the model parameters are uploaded to a roadside unit RSU to obtain model parameter information wiJoining a sub-secret s received from an RSUiAnd then uploaded to the roadside units RSU.
Shown in fig. 2, in step 6: after each upper distributed aggregation server, namely a roadside unit RSU receives a plurality of edge models added with sub-secret masks, mask denoising is carried out in a sub-secret recombination mode to obtain mean value information of the modelsWherein, wiAs model parameter information, siFor the sub-secret, s is a secret value generated by the initial construction of the RSU, and is also a target value for reconstruction of a plurality of sub-secrets, at a new time point, each roadside unit RSU can aggregate and train its global model, thereby competing with other RSUs with higher accuracy to complete consensus of the block chain, and will use the roadside units to complete consensus of the block chainThe accuracy of the RSU aggregation model is used as a measure for evaluating the trust value of the RSU aggregation model. The roadside unit RSU with higher accuracy obtains the accounting right of the block chain, so that the new model is stored in the block chain, and the block chain is subjected to tamper-proof and transparent storage so as to realize model sharing more safely.
Claims (10)
1. A distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation is characterized by comprising the following steps:
step 1: analyzing a traditional intrusion detection system, and designing a distributed intrusion detection system model based on federal learning;
step 2: building and pre-training an intrusion detection model based on federal learning, and broadcasting and distributing a global model by using a roadside unit RSU as a distributed aggregator;
and step 3: the edge vehicle trains an edge model based on the received global model and self intrusion detection data;
and 4, step 4: selecting edge representative nodes as cluster heads to complete the aggregation task of the edge model based on behavior evaluation, and comprising the following substeps:
step 4.1: in order to complete aggregation and uploading of the edge models, each cluster selects a cluster head as a cluster head to aggregate the edge models of the cluster members, so that the uploading times to roadside units (RSUs) are reduced;
step 4.2: computing a performance assessment value c by performing behavior and performance assessment on a marginal vehiclekThe vehicle with the high evaluation value is selected as a cluster head to take charge of the aggregation and uploading tasks of the edge model;
step 4.3: criteria for performance evaluation are based on the accuracy of the edge car self-training modelTime delay t of communication with upper-layer roadside unit RSUviSelf energy lossThe three aspects are formed;
and 5: adding a mask to the model parameters and uploading the model parameters to a roadside unit (RSU), wherein the method comprises the following substeps:
step 5.1: each cluster head continuously trains on the own data set according to the aggregated edge model by using a gradient descent algorithm until a loss function is converged;
step 5.2: the participant weights w its new modeliPlus the received sub-secret siAs a mask to the roadside units RSU;
step 6: and carrying out trust evaluation on the roadside unit RSU according to the quality of the model aggregated by the roadside unit RSU by the model parameters uploaded by the roadside unit RSU aggregation cluster head, so that a distributed aggregation node is stimulated to compete and aggregate a model with higher accuracy, and finally, a training model is stored based on a block chain principle to finish model sharing.
2. The distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation according to claim 1, wherein in the step 1, the distributed vehicle-mounted intrusion detection system based on federal learning comprises an upper aggregation server (roadside unit (RSU)), a lower common edge vehicle and a cluster head representative vehicle; the system comprises a two-stage intrusion detection architecture, a lower layer edge vehicle completes model training and aggregation tasks of an edge layer, then a cluster head represents that an edge aggregation model is added into a mask and then uploaded to an upper layer distributed aggregation server, namely a roadside unit RSU, and then final model aggregation training is completed.
3. The distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation according to claim 1, wherein in the step 2, the mask noise adopts a Shamir secret sharing scheme, a plurality of vehicles send global model and sub-secret requests to a roadside unit (RSU), and the RSU dynamically adjusts the secret sharing threshold t according to the difference of the number of the vehicle requests received in different time periods; the threshold coefficient is used for controlling the adjustment of the t quantity, and the formula is as follows: where t denotes a threshold value, C is the total number of vehicle requests received by the roadside unit RSU, and α denotes a threshold coefficient, and the roadside unit RSU distributes the global model weight parameters and the sub-secret to surrounding vehicles.
4. The distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation according to claim 1, wherein in step 3, the edge vehicles perform edge model training based on their intrusion detection data, and for the edge vehicles that receive the global shared model, they can perform model training based on their edge data.
5. The distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation as claimed in claim 1, wherein in step 4, in order to complete the cluster head selection, the performance and behavior evaluation of the vehicles participating in the edge training is required, and the evaluation is based on the minimum sum of energy consumption of each edge vehicle to the roadside unit (RSU).
6. The distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation according to claim 1, wherein in the step 4, the time consumption is calculated as follows:is expressed asWherein, tviConsidered as the time delay from sending the model to the edge vehicle, bviIs considered network bandwidth and the ratio of the two is considered time consumption.
7. The distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation according to claim 1, wherein in the step 4, the model accuracy ratio of the global model to the self-training model is calculated:is expressed asWherein the content of the first and second substances,considered as the accuracy of the global model distributed by the roadside units RSU,is considered to be the accuracy of the model of the edge vehicle itself, and the ratio of the two is considered to be the degree of accuracy of the global model relative to the edge vehicle model.
8. The distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation according to claim 1, wherein in the step 4, the energy consumption of the vehicle is calculated as follows:is expressed as Wherein the content of the first and second substances,is considered to be the remaining energy of the vehicle,the ratio of the initial energy of the vehicle to the energy consumption of the vehicle is considered; and/or the presence of a gas in the gas,
in step 4, the total consumption of the edge car is calculated: c. CkIs based on Wherein phi isiIs a weight for a certain consumption,is the ratio of the accuracy of the global model to the accuracy of the self-training model,in order to be time-consuming,for the energy consumption of the vehicle, e is an exponential function, the sum of the three quantities being 1, i.e. + -1+φ2+φ31 is ═ 1; according to the importance of different measurement indexes, different weights are distributed to the measurement indexes, wherein the parameter mu controls the variation degree of performance evaluation; and/or the presence of a gas in the gas,
in the step 5: after the cluster head is selected, the cluster head represents to prevent privacy disclosure of model parameters, and after a mask is added to the model parameters, the model parameters are uploaded to a roadside unit RSU to obtain model parameter information wiJoining a sub-secret s received from a roadside unit RSUiAnd then uploaded to the roadside units RSU.
9. The distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation according to claim 1, wherein in the step 6: after each upper distributed aggregation server, namely a roadside unit RSU receives a plurality of edge models added with sub-secret masks, mask denoising is carried out in a sub-secret recombination mode to obtain mean value information of the models:wherein, wiAs model parameter information, siFor a sub-secret, s is the secret value that the RSU originally constructed generated, and is also a plurality of sub-secretsA reconstructed target value; at a new time point, each roadside unit RSU can aggregate and train a global model thereof, so that the roadside units RSU compete with other roadside units RSUs with higher accuracy to complete consensus of the block chain, and the accuracy of the roadside unit RSU aggregate model is used as a measurement standard to evaluate a trust value of the roadside unit RSU aggregate model; the roadside unit RSU with higher accuracy obtains the accounting right of the block chain so as to store the new model into the block chain, and the anti-tampering and transparent storage of the block chain are completed so as to realize the model sharing more safely.
10. A distributed vehicle-mounted intrusion detection system based on federal learning and trust evaluation, which is characterized in that the distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation as claimed in any one of claims 1-9 is adopted, and the system comprises a two-stage framework:
in a first phase, a vehicle driving to the roadside unit RSU area may obtain a pre-trained intrusion detection network model from the roadside unit RSU and use the new network data for further training and updating based on the existing model;
in the second stage, each vehicle uploads the preliminarily trained edge model to a roadside unit RSU, and the roadside unit RSU can aggregate network models of a plurality of vehicles to perform aggregate training and obtain a final global network model; a plurality of roadside units (RSUs) simultaneously execute the operation, an IDS model block chain is jointly maintained, and a new aggregation machine learning model is stored in the block chain in each round.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110046755.5A CN112770291B (en) | 2021-01-14 | 2021-01-14 | Distributed intrusion detection method and system based on federal learning and trust evaluation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110046755.5A CN112770291B (en) | 2021-01-14 | 2021-01-14 | Distributed intrusion detection method and system based on federal learning and trust evaluation |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112770291A true CN112770291A (en) | 2021-05-07 |
CN112770291B CN112770291B (en) | 2022-05-31 |
Family
ID=75700371
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110046755.5A Active CN112770291B (en) | 2021-01-14 | 2021-01-14 | Distributed intrusion detection method and system based on federal learning and trust evaluation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112770291B (en) |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112948101A (en) * | 2021-05-17 | 2021-06-11 | 南京邮电大学 | 5G edge equipment scheduling method for rapid federal learning |
CN113255210A (en) * | 2021-05-13 | 2021-08-13 | 燕山大学 | Method and system for diagnosing federal fault of wind turbine generator |
CN113283177A (en) * | 2021-06-16 | 2021-08-20 | 江南大学 | Mobile perception caching method based on asynchronous federated learning |
CN113313264A (en) * | 2021-06-02 | 2021-08-27 | 河南大学 | Efficient federal learning method in Internet of vehicles scene |
CN113612598A (en) * | 2021-08-02 | 2021-11-05 | 北京邮电大学 | Internet of vehicles data sharing system and method based on secret sharing and federal learning |
CN113794675A (en) * | 2021-07-14 | 2021-12-14 | 中国人民解放军战略支援部队信息工程大学 | Distributed Internet of things intrusion detection method and system based on block chain and federal learning |
CN114124522A (en) * | 2021-11-22 | 2022-03-01 | 北京天融信网络安全技术有限公司 | Model training method, device, equipment and storage medium for multi-stage system |
CN114254398A (en) * | 2021-12-16 | 2022-03-29 | 重庆大学 | Block chain-based federated learning system and parameter aggregation method |
CN114944914A (en) * | 2022-06-01 | 2022-08-26 | 电子科技大学 | Internet of vehicles data security sharing and privacy protection method based on secret sharing |
CN116032659A (en) * | 2023-02-20 | 2023-04-28 | 中国铁道科学研究院集团有限公司通信信号研究所 | Block chain-based railway signal intrusion detection system |
CN116055150A (en) * | 2022-12-22 | 2023-05-02 | 深圳信息职业技术学院 | Internet of vehicles intrusion detection platform, method and related equipment |
WO2023197259A1 (en) * | 2022-04-14 | 2023-10-19 | Huawei Technologies Co., Ltd. | Devices and methods for providing a federated learning model |
CN117812564A (en) * | 2024-02-29 | 2024-04-02 | 湘江实验室 | Federal learning method, device, equipment and medium applied to Internet of vehicles |
CN117834297A (en) * | 2024-02-29 | 2024-04-05 | 浪潮电子信息产业股份有限公司 | Attack detection method, device, system, electronic equipment and readable storage medium |
CN117812564B (en) * | 2024-02-29 | 2024-05-31 | 湘江实验室 | Federal learning method, device, equipment and medium applied to Internet of vehicles |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102046789B1 (en) * | 2019-04-05 | 2019-11-20 | 호서대학교 산학협력단 | Deep-learning-based intrusion detection method, system and computer program for web applications |
CN111600707A (en) * | 2020-05-15 | 2020-08-28 | 华南师范大学 | Decentralized federal machine learning method under privacy protection |
CN111598143A (en) * | 2020-04-27 | 2020-08-28 | 浙江工业大学 | Credit evaluation-based defense method for federal learning poisoning attack |
CN111611610A (en) * | 2020-04-12 | 2020-09-01 | 西安电子科技大学 | Federal learning information processing method, system, storage medium, program, and terminal |
CN111931242A (en) * | 2020-09-30 | 2020-11-13 | 国网浙江省电力有限公司电力科学研究院 | Data sharing method, computer equipment applying same and readable storage medium |
CN112181666A (en) * | 2020-10-26 | 2021-01-05 | 华侨大学 | Method, system, equipment and readable storage medium for equipment evaluation and federal learning importance aggregation based on edge intelligence |
CN112217626A (en) * | 2020-08-24 | 2021-01-12 | 中国人民解放军战略支援部队信息工程大学 | Network threat cooperative defense system and method based on intelligence sharing |
-
2021
- 2021-01-14 CN CN202110046755.5A patent/CN112770291B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102046789B1 (en) * | 2019-04-05 | 2019-11-20 | 호서대학교 산학협력단 | Deep-learning-based intrusion detection method, system and computer program for web applications |
CN111611610A (en) * | 2020-04-12 | 2020-09-01 | 西安电子科技大学 | Federal learning information processing method, system, storage medium, program, and terminal |
CN111598143A (en) * | 2020-04-27 | 2020-08-28 | 浙江工业大学 | Credit evaluation-based defense method for federal learning poisoning attack |
CN111600707A (en) * | 2020-05-15 | 2020-08-28 | 华南师范大学 | Decentralized federal machine learning method under privacy protection |
CN112217626A (en) * | 2020-08-24 | 2021-01-12 | 中国人民解放军战略支援部队信息工程大学 | Network threat cooperative defense system and method based on intelligence sharing |
CN111931242A (en) * | 2020-09-30 | 2020-11-13 | 国网浙江省电力有限公司电力科学研究院 | Data sharing method, computer equipment applying same and readable storage medium |
CN112181666A (en) * | 2020-10-26 | 2021-01-05 | 华侨大学 | Method, system, equipment and readable storage medium for equipment evaluation and federal learning importance aggregation based on edge intelligence |
Non-Patent Citations (2)
Title |
---|
周俊等: "联邦学习安全与隐私保护研究综述", 《西华大学学报(自然科学版)》 * |
王蓉等: "基于联邦学习和卷积神经网络的入侵检测方法", 《信息网络安全》 * |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113255210A (en) * | 2021-05-13 | 2021-08-13 | 燕山大学 | Method and system for diagnosing federal fault of wind turbine generator |
CN112948101B (en) * | 2021-05-17 | 2021-10-26 | 南京邮电大学 | 5G edge equipment scheduling method for rapid federal learning |
CN112948101A (en) * | 2021-05-17 | 2021-06-11 | 南京邮电大学 | 5G edge equipment scheduling method for rapid federal learning |
CN113313264A (en) * | 2021-06-02 | 2021-08-27 | 河南大学 | Efficient federal learning method in Internet of vehicles scene |
CN113313264B (en) * | 2021-06-02 | 2022-08-12 | 河南大学 | Efficient federal learning method in Internet of vehicles scene |
CN113283177B (en) * | 2021-06-16 | 2022-05-24 | 江南大学 | Mobile perception caching method based on asynchronous federated learning |
CN113283177A (en) * | 2021-06-16 | 2021-08-20 | 江南大学 | Mobile perception caching method based on asynchronous federated learning |
CN113794675A (en) * | 2021-07-14 | 2021-12-14 | 中国人民解放军战略支援部队信息工程大学 | Distributed Internet of things intrusion detection method and system based on block chain and federal learning |
CN113612598A (en) * | 2021-08-02 | 2021-11-05 | 北京邮电大学 | Internet of vehicles data sharing system and method based on secret sharing and federal learning |
CN113612598B (en) * | 2021-08-02 | 2024-02-23 | 北京邮电大学 | Internet of vehicles data sharing system and method based on secret sharing and federal learning |
CN114124522A (en) * | 2021-11-22 | 2022-03-01 | 北京天融信网络安全技术有限公司 | Model training method, device, equipment and storage medium for multi-stage system |
CN114254398A (en) * | 2021-12-16 | 2022-03-29 | 重庆大学 | Block chain-based federated learning system and parameter aggregation method |
WO2023197259A1 (en) * | 2022-04-14 | 2023-10-19 | Huawei Technologies Co., Ltd. | Devices and methods for providing a federated learning model |
CN114944914A (en) * | 2022-06-01 | 2022-08-26 | 电子科技大学 | Internet of vehicles data security sharing and privacy protection method based on secret sharing |
CN114944914B (en) * | 2022-06-01 | 2023-06-02 | 电子科技大学 | Internet of vehicles data security sharing and privacy protection method based on secret sharing |
CN116055150B (en) * | 2022-12-22 | 2023-10-27 | 深圳信息职业技术学院 | Internet of vehicles intrusion detection platform, method and related equipment |
CN116055150A (en) * | 2022-12-22 | 2023-05-02 | 深圳信息职业技术学院 | Internet of vehicles intrusion detection platform, method and related equipment |
CN116032659A (en) * | 2023-02-20 | 2023-04-28 | 中国铁道科学研究院集团有限公司通信信号研究所 | Block chain-based railway signal intrusion detection system |
CN116032659B (en) * | 2023-02-20 | 2023-07-14 | 中国铁道科学研究院集团有限公司通信信号研究所 | Block chain-based railway signal intrusion detection system |
CN117812564A (en) * | 2024-02-29 | 2024-04-02 | 湘江实验室 | Federal learning method, device, equipment and medium applied to Internet of vehicles |
CN117834297A (en) * | 2024-02-29 | 2024-04-05 | 浪潮电子信息产业股份有限公司 | Attack detection method, device, system, electronic equipment and readable storage medium |
CN117834297B (en) * | 2024-02-29 | 2024-05-28 | 浪潮电子信息产业股份有限公司 | Attack detection method, device, system, electronic equipment and readable storage medium |
CN117812564B (en) * | 2024-02-29 | 2024-05-31 | 湘江实验室 | Federal learning method, device, equipment and medium applied to Internet of vehicles |
Also Published As
Publication number | Publication date |
---|---|
CN112770291B (en) | 2022-05-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112770291B (en) | Distributed intrusion detection method and system based on federal learning and trust evaluation | |
Shu et al. | Collaborative intrusion detection for VANETs: A deep learning-based distributed SDN approach | |
Zhu et al. | Traffic volume forecasting based on radial basis function neural network with the consideration of traffic flows at the adjacent intersections | |
CN115510494B (en) | Multiparty safety data sharing method based on block chain and federal learning | |
Wang et al. | A secure and intelligent data sharing scheme for UAV-assisted disaster rescue | |
CN114827198B (en) | Multi-layer center asynchronous federal learning method applied to Internet of vehicles | |
CN113313264B (en) | Efficient federal learning method in Internet of vehicles scene | |
Fu et al. | An incentive mechanism of incorporating supervision game for federated learning in autonomous driving | |
CN106789214A (en) | It is a kind of based on the just remaining pair network situation awareness method and device of string algorithm | |
Moudoud et al. | Towards a secure and reliable federated learning using blockchain | |
Zhu et al. | A case study of evaluating traffic signal control systems using computational experiments | |
CN114418109A (en) | Node selection and aggregation optimization system and method for federal learning under micro-service architecture | |
Li et al. | Feel: Federated end-to-end learning with non-iid data for vehicular ad hoc networks | |
CN116471286A (en) | Internet of things data sharing method based on block chain and federal learning | |
CN108320504B (en) | Dynamic OD matrix estimation method based on monitoring data | |
da Silva et al. | Towards federated learning in edge computing for real-time traffic estimation in smart cities | |
Zhang et al. | cst-ml: Continuous spatial-temporal meta-learning for traffic dynamics prediction | |
CN102006305B (en) | Method for suppressing malicious behavior based on distributed recommendable reputation in peer-to-peer (P2P) network | |
CN114491616A (en) | Block chain and homomorphic encryption-based federated learning method and application | |
CN113157434B (en) | Method and system for exciting user nodes of transverse federal learning system | |
Zhao et al. | Real-time traffic light scheduling algorithm based on genetic algorithm and machine learning | |
Zhao et al. | Enhancing traffic signal control with composite deep intelligence | |
Yang et al. | Managing trust for intelligence vehicles: a cluster consensus approach | |
CN116502733A (en) | Model training method and device based on federal learning | |
CN114022731A (en) | Federal learning node selection method based on DRL |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |