CN112770291B - Distributed intrusion detection method and system based on federal learning and trust evaluation - Google Patents

Distributed intrusion detection method and system based on federal learning and trust evaluation Download PDF

Info

Publication number
CN112770291B
CN112770291B CN202110046755.5A CN202110046755A CN112770291B CN 112770291 B CN112770291 B CN 112770291B CN 202110046755 A CN202110046755 A CN 202110046755A CN 112770291 B CN112770291 B CN 112770291B
Authority
CN
China
Prior art keywords
model
edge
vehicle
rsu
roadside unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110046755.5A
Other languages
Chinese (zh)
Other versions
CN112770291A (en
Inventor
刘虹
张鹏飞
倪华
徐耀宗
邵学彬
侯昕田
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cnr Software Evaluation Tianjin Co ltd
Shanghai Industrial Control Safety Innovation Technology Co ltd
East China Normal University
Original Assignee
Cnr Software Evaluation Tianjin Co ltd
Shanghai Industrial Control Safety Innovation Technology Co ltd
East China Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cnr Software Evaluation Tianjin Co ltd, Shanghai Industrial Control Safety Innovation Technology Co ltd, East China Normal University filed Critical Cnr Software Evaluation Tianjin Co ltd
Priority to CN202110046755.5A priority Critical patent/CN112770291B/en
Publication of CN112770291A publication Critical patent/CN112770291A/en
Application granted granted Critical
Publication of CN112770291B publication Critical patent/CN112770291B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02TCLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
    • Y02T10/00Road transport of goods or passengers
    • Y02T10/10Internal combustion engine [ICE] based vehicles
    • Y02T10/40Engine management systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Evolutionary Computation (AREA)
  • Data Mining & Analysis (AREA)
  • Medical Informatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Artificial Intelligence (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Traffic Control Systems (AREA)

Abstract

The invention provides a distributed vehicle-mounted intrusion detection system and a method based on federal learning and trust evaluation, which comprises the following steps: designing a distributed intrusion detection system model based on federal learning; building and pre-training an intrusion detection model based on federal learning, and broadcasting and distributing a global model by a distributed aggregator; the edge vehicle trains an edge model based on the intrusion detection data of the edge vehicle; selecting edge representative nodes as cluster heads to complete the aggregation task of the edge model based on behavior evaluation; adding a mask to the model parameters and uploading the model parameters to an RSU; and performing trust evaluation on the RSU through the quality of the model aggregated by the RSU according to the model parameters uploaded by the RSU aggregation cluster head, so that a distributed aggregation node is stimulated to compete and aggregate a model with higher accuracy, and finally, the training model is stored based on the block chain principle to finish model sharing. The invention further creates a defense detection system suitable for automatically driving to resist network intrusion by adopting a safety evaluation mode of information safety.

Description

Distributed intrusion detection method and system based on federal learning and trust evaluation
Technical Field
The invention relates to the safety field of an automatic driving technology and an advanced auxiliary driving technology, in particular to a distributed vehicle-mounted intrusion detection method and system based on federal learning and trust evaluation.
Background
In recent years, the market size of autonomous cars has gradually increased. Edge computing enables efficient multi-party interconnection. V2X also lays a foundation for constructing the intelligent city and the intelligent traffic with the automatic driving assistance function. The development of 5G can greatly improve the efficiency of edge calculation and accelerate the training of the edge intelligent machine learning model. The V2X communication needs to be established on the safe channel between different devices, and besides, the cooperative relationship and information sharing among a plurality of vehicles must be established in a safe environment. At present, with the development of automatic driving, privacy protection plays an increasingly important role in the field of intelligent transportation. A network of vehicles built from interconnected vehicles and traffic infrastructure is subject to a variety of intrusion attacks. In order to improve the defense capability of vehicle entities, vehicle-mounted intrusion detection has been increasingly focused in the field of automatic driving security.
With the rapid development of deep learning, the detection accuracy of various intrusion detection systems is gradually improved. Traditional machine learning algorithms (e.g., SVM, decision tree, random forest) and various deep neural networks (e.g., CNN, RNN, GAN) based on deep learning have been widely used in the field of intrusion detection and achieve good performance. Among various machine learning algorithms, deep neural networks are attractive. However, intrusion detection systems based on deep learning require the device to have powerful computational power and when the model on the device is more complex, the training process can be time consuming. This centralized training task concentrates the computational burden on the central device and is also more vulnerable to cyber attacks.
The intrusion detection scheme based on the federal learning provided by the invention solves the centralization problem of the model aggregator under the traditional federal learning by using the distributed federal learning. Federal learning is used as a cooperative distributed machine learning method, and the privacy protection problem of training data can be effectively solved. The federal study is provided to share the model training pressure of a single central server, directly send the model training process of the AI algorithm to a plurality of dispersed user equipment for carrying out, and finally carry out the aggregation and dispersion pre-training model on the central server. Multiple users can learn a shared pre-trained predictive model in a collaborative manner, solving data privacy problems to some extent, protecting the user's raw data on their own device, since the user's data never leaves the user's device.
Disclosure of Invention
Based on the above, the invention provides a distributed vehicle-mounted intrusion detection system and method based on federal learning and trust evaluation, and a collaborative distributed intrusion detection model is established by combining decentralized storage and decentralized trust of a block chain. Traditional federally learned model aggregation tasks are completed by a central cloud server. The central server first collects the edge model updates (e.g., weights, gradients) and then uses them to implement global model aggregation. In contrast to the traditional aggregation approach, in distributed federal learning, the roadside units RSUs play the role of model aggregation servers in the vehicle network. After model aggregation, the key issue is how to perform model storage and secure sharing. In order to prevent the model trained by the single roadside unit RSU from being attacked and maliciously tampered, a blockchain can be used to solve the centralized storage and sharing problem.
First, a single roadside unit RSU is vulnerable to external network attacks. In order to improve the expandability of the roadside units RSU, a plurality of roadside units RSU can commonly maintain an intrusion detection model block chain so as to achieve the tamper resistance of the aggregation model and fulfill the aims of safe storage and sharing of the model. And the RSUs perform consistent writing and storage of the block chain blocks based on a consensus mechanism of the trust drive. The RSU with the high aggregation model accuracy serves as a miner and is responsible for writing own aggregation model information into a new block of the block chain, and meanwhile, the trust value of the corresponding miner is increased, so that the RSU is prompted to compete and train a machine learning model with higher accuracy through the trust incentive mechanism. Due to the characteristics of disclosure and tamper resistance of the block chains, a plurality of RSUs can jointly maintain and access the same block chain, and the trust value of the RSUs is reduced due to the action of tampering the block chain at will, so that the safe sharing of the model is realized.
The system comprises an upper aggregation server, namely a roadside unit RSU, a lower common edge vehicle and a cluster head representative vehicle. The system of the invention is based on a two-stage architecture, in the first stage, as shown by the downloaded model in fig. 2, a vehicle driving to the roadside unit RSU area within a certain period of time can obtain a pre-trained intrusion detection network model from the roadside unit RSU, and use the new network data for further training and updating based on the existing model. In the second phase, each vehicle uploads the preliminary trained edge models to the roadside units RSU, as shown in the upload model of fig. 2. The roadside units RSU may aggregate the network models of multiple vehicles for aggregate training and obtain a final global network model. The multiple roadside units RSU execute the operation at the same time, an IDS model block chain is maintained together, and a new aggregation machine learning model is stored in the block chain in each round, so that the machine learning model is updated regularly and prevented from being tampered, and the timeliness, the safety and the traceability of the model are ensured.
Based on the system, the invention also provides a distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation, which comprises the following steps:
step 1: analyzing a traditional intrusion detection system, and designing a distributed vehicle-mounted intrusion detection system model based on federal learning;
step 2: building and pre-training an intrusion detection model based on federal learning, and broadcasting and distributing a global model by using a roadside unit RSU as a distributed aggregation server;
and step 3: the edge vehicle trains an edge model based on the received global model and self intrusion detection data;
and 4, step 4: selecting edge representative nodes as cluster heads to complete the aggregation task of the edge model based on behavior evaluation, and comprising the following substeps:
step 4.1: in order to complete the aggregation of the edge models, each cluster needs to select a cluster head as a cluster head to aggregate the edge models of the cluster members, so that the uploading times to roadside units (RSUs) are reduced, and the communication efficiency is improved;
step 4.2: computing a performance assessment value c by performing behavior and performance assessment on a marginal vehiclekThe vehicle with the high evaluation value is selected as a cluster head to take charge of the aggregation and uploading tasks of the edge model;
step 4.3: the standard of performance evaluation is mainly determined by the accuracy of the training model of the edge car
Figure BDA0002897568830000031
Time delay t of communication with upper-layer roadside unit RSUviSelf energy loss
Figure BDA0002897568830000032
The three aspects are formed;
and 5: adding a mask to the model parameters and uploading the model parameters to a roadside unit (RSU), wherein the method comprises the following substeps;
step 5.1: each cluster head continuously trains on the own data set according to the aggregated edge model by using a gradient descent algorithm until a loss function is converged;
step 5.2: the participant then weights its new model wiPlus the received sub-secret siAs a mask to the roadside units RSU;
step 6: and carrying out trust evaluation on the roadside unit RSU according to the quality of the model aggregated by the roadside unit RSU by the model parameters uploaded by the roadside unit RSU aggregation cluster head, so that a distributed aggregation node is stimulated to compete and aggregate a model with higher accuracy, and finally, a training model is stored based on a block chain principle to finish model sharing.
In the step 1: the distributed vehicle-mounted intrusion detection system based on the federal learning comprises an upper aggregation server (namely, a roadside unit (RSU), a lower common edge vehicle and a cluster head representative vehicle. The system is mainly a two-stage intrusion detection architecture, a lower layer edge vehicle completes model training and aggregation tasks of an edge layer, then a cluster head represents that an edge aggregation model is added into a mask and then uploaded to an upper layer distributed aggregation server RSU, and then final model aggregation training is completed.
In the step 2: the mask noise adopts a Shamir secret sharing scheme, a plurality of vehicles send global models and sub-secret requests to the road side unit RSU, and the road side unit RSU dynamically adjusts the secret sharing threshold t according to the difference of the number of the vehicle requests received in different time periods. The threshold coefficient is used for controlling the adjustment of the t quantity, and the formula is as follows: where t denotes a threshold value, C is the total number of vehicle requests received by the roadside unit RSU, and α denotes a threshold coefficient. The roadside unit RSU distributes the global model weight parameters and the sub-secrets to the surrounding vehicles.
In the step 3: the edge vehicles train the edge model based on the intrusion detection data of the edge vehicles, and the edge vehicles receiving the global shared model can train the model based on the edge data of the edge vehicles.
In the step 4: in order to complete the cluster head selection work, the vehicles participating in the edge training need to be subjected to performance and behavior evaluation, and the evaluation is based on the minimum sum of energy consumption of each edge vehicle to the roadside units RSU.
In the step 4:
calculating the time consumption:
Figure BDA0002897568830000041
is expressed as
Figure BDA0002897568830000042
Wherein, tviConsidered as the time delay from sending the model to the edge vehicle, bviIs considered network bandwidth and the ratio of the two is considered time consumption.
Calculating the accuracy ratio of the global model to the model trained by the global model:
Figure BDA0002897568830000043
is expressed as
Figure BDA0002897568830000044
Wherein the content of the first and second substances,
Figure BDA0002897568830000045
considered as the accuracy of the global model distributed by the roadside units RSU,
Figure BDA0002897568830000046
is considered to be the accuracy of the model of the edge vehicle itself, and the ratio of the two is considered to be the degree of accuracy of the global model relative to the edge vehicle model.
Calculating the energy consumption of the vehicle:
Figure BDA0002897568830000047
is expressed as
Figure BDA0002897568830000048
Wherein the content of the first and second substances,
Figure BDA0002897568830000049
is considered to be the remaining energy of the vehicle,
Figure BDA00028975688300000410
is considered as the initial energy of the vehicle, and the ratio of the two is the energy consumption of the vehicle.
In the step 4:
calculate the total consumption of edge cars: c. Ck. The evaluation basis of the final energy consumption is as follows:
Figure BDA00028975688300000411
Figure BDA00028975688300000412
wherein phiiConsidered as a weight for a certain consumption,
Figure BDA00028975688300000413
is the ratio of the accuracy of the global model to the accuracy of the self-training model,
Figure BDA00028975688300000414
in order to be time-consuming,
Figure BDA00028975688300000415
for the energy consumption of the vehicle, e is an exponential function, the sum of the three quantities being 1, i.e. + -1231. Different metrics may be assigned different weights depending on their importance. For example, if the quality of the edge pre-training model is considered more important, the weight φ is increased1Wherein the parameter μ controls the degree of variation of the performance assessment.
In the step 5: after the cluster head is selected, the cluster head represents to prevent privacy disclosure of model parameters, mask is added to the model parameters and then the model parameters are uploaded to a roadside unit RSU, namely model parameter information w is obtainediJoining a sub-secret s received from a roadside unit RSUiAnd then uploaded to the roadside units RSU.
In the step 6: after each upper distributed aggregation server, namely a roadside unit RSU receives a plurality of edge models added with sub-secret masks, mask denoising is carried out in a sub-secret recombination mode to obtain mean value information of the models
Figure BDA0002897568830000051
Wherein, wiAs model parameter information, siFor the sub-secrets, s is a secret value initially constructed and generated by the RSU, and is also a target value for reconstructing a plurality of sub-secrets, at a new time point, each roadside unit RSU can aggregate and train its own global model, so as to compete with other roadside units RSUs with higher accuracy and complete consensus of the block chain, and the accuracy of the roadside unit RSU aggregation model is used as its measurement standard to evaluate its trust value. The roadside unit RSU with higher accuracy obtains the accounting right of the block chain, so that the new model is stored in the block chain, and the block chain is subjected to tamper-proof and transparent storage so as to realize model sharing more safely.
The invention has the beneficial effects that: from the perspective of information security, the invention further creates a defense detection system suitable for automatic driving to resist network intrusion by adopting a security evaluation mode of information security. Constructing a two-stage intrusion detection system: training and aggregating edge layers of the vehicles at the edge of the edge layers based on the intrusion detection data of the vehicles; competitive training is carried out between the upper-layer roadside units RSU and the distributed roadside units RSU, and finally a high-accuracy model is shared, so that the intrusion prevention efficiency and the intrusion prevention capability of the roadside units RSU are improved to a certain extent. The invention combines distributed training of federal learning and distributed storage of a block chain, and provides a solution for improving the accuracy of an intrusion detection model and the security of an aggregation server based on a solution of trust evaluation, thereby improving the robustness and the accuracy of a vehicle-mounted intrusion detection system in an automatic driving system.
Compared with a centralized training mode, the distributed federated learning training architecture is mainly constructed, the problem of termination of the whole federated learning training caused by single-point failure of a central training node can be effectively solved, and distributed RSUs commonly maintain a block chain for storing a machine learning model, so that insecurity of illegal tampering caused by centralized storage of the model is avoided.
The invention completes model training by combining intrusion detection data in a deep learning training mode and completes safe storage of a training model by combining a block chain technology. The innovation technical improvement of the invention is mainly embodied in that a cooperative distributed federal learning framework is constructed, the problems of overweight centralized training load and unsafe centralized storage of a cloud server under the traditional federal learning are solved, the collected aggregation tasks of the edge model are replaced by a plurality of distributed RSUs on the edge level by the cloud server, and the problems of centralized training and storage of a machine learning model are solved.
Drawings
FIG. 1 is a flow chart of an intrusion detection model implementation of the present invention.
Fig. 2 is a specific architecture diagram of the intrusion detection model of the present invention.
Detailed Description
As shown in fig. 1, a distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation is divided into 6 steps,
step 1: analyzing a traditional intrusion detection system, and designing a distributed vehicle-mounted intrusion detection system model based on federal learning;
step 2: building and pre-training an intrusion detection model based on federal learning, and broadcasting and distributing a global model by using a roadside unit RSU as a distributed aggregation server;
and step 3: the edge vehicle trains an edge model based on the received global model and self intrusion detection data;
and 4, step 4: and selecting the edge representative nodes as cluster heads to complete the aggregation task of the edge model based on the behavior evaluation.
Step 4.1: in order to complete the aggregation of the edge models, each cluster needs to select a cluster head as a cluster head to aggregate the edge models of the cluster members, so that the uploading times to the roadside units RSU are reduced, and the communication efficiency is improved.
Step 4.2: computing a performance assessment value c by performing behavior and performance assessment on edge vehicleskAnd selecting the vehicle with high evaluation value as a cluster head to take charge of the aggregation and uploading task of the edge model.
Step 4.3: the standard of performance evaluation mainly comprises the accuracy of a training model of the edge car, the time delay of communication with an upper-layer roadside unit RSU and the energy loss of the edge car.
And 5: and adding a mask to the model parameters and uploading the model parameters to a roadside unit RSU.
Step 5.1: each cluster head continues to train on its own data set according to the aggregated edge model using a gradient descent algorithm until the loss function converges.
Step 5.2: the participant then weights its new model wiPlus the received sub-secret siAs a mask to the roadside units RSU.
Step 6: and carrying out trust evaluation on the roadside unit RSU according to the quality of the model aggregated by the roadside unit RSU by the model parameters uploaded by the roadside unit RSU aggregation cluster head, so that a distributed aggregation node is stimulated to compete and aggregate a model with higher accuracy, and finally, a training model is stored based on a block chain principle to finish model sharing.
As shown in fig. 2, in step 1, the present invention: the distributed vehicle-mounted intrusion detection system comprises an upper layer aggregation server, namely a roadside unit RSU, and a lower layer common edge vehicle and a cluster head represent vehicles. The system is mainly a two-stage intrusion detection architecture, a lower layer edge vehicle completes model training and aggregation tasks of an edge layer, then a cluster head represents that an edge aggregation model is added into a mask and then uploaded to an upper layer distributed aggregation server, and finally aggregation training of the model is completed.
Shown in fig. 2, step 2: the mask noise adopts a Shamir secret sharing scheme, a plurality of vehicles send global models and sub-secret requests to the road side unit RSU, and the road side unit RSU dynamically adjusts the secret sharing threshold t according to the difference of the number of the vehicle requests received in different time periods. The threshold coefficient is used to control the number of adjustments t, and the formula is: where t denotes a threshold value, C is the total number of vehicle requests received by the roadside units RSU, and α denotes a threshold coefficient. The roadside unit RSU distributes the global model weight parameters and the sub-secrets to the surrounding vehicles.
Shown in fig. 2, in step 3: the edge vehicles train the edge model based on the intrusion detection data of the edge vehicles, and the edge vehicles receiving the global shared model can train the model based on the edge data of the edge vehicles.
Shown in fig. 2, step 4: in order to complete the cluster head selection work, the vehicles participating in the edge training need to be subjected to performance and behavior evaluation, and the evaluation is based on the minimum sum of energy consumption of each edge vehicle to the roadside units RSU.
Calculating the time consumption:
Figure BDA0002897568830000071
is expressed as
Figure BDA0002897568830000072
Wherein, tviConsidered as the time delay from sending the model to the edge vehicle, bviIs considered network bandwidth and the ratio of the two is considered time consumption.
Calculating model accuracy of global model and self-trainingThe ratio is:
Figure BDA0002897568830000073
is expressed as
Figure BDA0002897568830000074
Wherein the content of the first and second substances,
Figure BDA0002897568830000075
considered as the accuracy of the global model distributed by the roadside units RSU,
Figure BDA0002897568830000076
is considered to be the accuracy of the model of the edge vehicle itself, and the ratio of the two is considered to be the degree of accuracy of the global model relative to the edge vehicle model.
Calculating the energy consumption of the vehicle:
Figure BDA0002897568830000077
is expressed as
Figure BDA0002897568830000078
Wherein the content of the first and second substances,
Figure BDA0002897568830000079
is considered to be the remaining energy of the vehicle,
Figure BDA00028975688300000710
is considered the initial energy of the vehicle, the ratio of which to the energy consumption of the vehicle.
Calculate the total consumption of edge cars: c. Ck. The evaluation basis of the final energy consumption is as follows:
Figure BDA00028975688300000711
Figure BDA00028975688300000712
wherein phi isiConsidering a weight for a certain consumption, the sum of the three quantities is 1, i.e. + -1231. According to the importance of different metricsThey may be assigned different weights. For example, if the quality of the edge pre-training model is considered more important, the weight φ is increased1Wherein the parameter μ controls the degree of variation of the performance assessment.
Shown in fig. 2, step 5: after the cluster head is selected, the cluster head represents to prevent privacy disclosure of model parameters, and after a mask is added to the model parameters, the model parameters are uploaded to a roadside unit RSU to obtain model parameter information wiJoining a sub-secret s received from an RSUiAnd then uploaded to the roadside units RSU.
Shown in fig. 2, in step 6: after each upper distributed aggregation server, namely a roadside unit RSU receives a plurality of edge models added with sub-secret masks, mask denoising is carried out in a sub-secret recombination mode to obtain mean value information of the models
Figure BDA0002897568830000081
Wherein wiAs model parameter information, siFor the sub-secrets, s is a secret value initially constructed and generated by the RSU, and is also a target value for reconstructing a plurality of sub-secrets, at a new time point, each roadside unit RSU can aggregate and train its global model, thereby competing with other RSUs with higher accuracy to complete consensus of the block chain, and evaluating its trust value by using the accuracy of the roadside unit RSU aggregation model as its measurement standard. The roadside unit RSU with higher accuracy obtains the accounting right of the block chain, so that the new model is stored in the block chain, and the block chain is subjected to tamper-proof and transparent storage so as to realize model sharing more safely.

Claims (3)

1. A distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation is characterized by comprising the following steps:
step 1: analyzing a traditional intrusion detection system, and designing a distributed intrusion detection system model based on federal learning; the distributed vehicle-mounted intrusion detection system based on the federal learning comprises an upper aggregation server (namely a roadside unit (RSU)), a lower common edge vehicle and a cluster head representative vehicle; the system comprises a two-stage intrusion detection architecture, a lower layer edge vehicle completes model training and aggregation tasks of an edge layer, then a cluster head represents that an edge aggregation model is added into a mask and then uploaded to an upper layer distributed aggregation server, namely a roadside unit (RSU), and then final model aggregation training is completed;
step 2: building and pre-training an intrusion detection model based on federal learning, and broadcasting and distributing a global model by using a roadside unit RSU as a distributed aggregator; in the step 2, a Shamir secret sharing scheme is adopted for the mask noise, a plurality of vehicles send global models and sub-secret requests to the roadside units RSU, and the roadside units RSU dynamically adjust the secret sharing threshold t according to the difference of the number of the received vehicle requests in different time periods; the threshold coefficient is used for controlling the adjustment of t quantity, and the formula is as follows: c × α, where t denotes a threshold value, C is a total number of vehicle requests received by the roadside unit RSU, and α denotes a threshold coefficient, and the roadside unit RSU distributes the global model weight parameter and the sub-secret to surrounding vehicles;
and step 3: the edge vehicle trains an edge model based on the received global model and self intrusion detection data;
and 4, step 4: selecting edge representative nodes as cluster heads to complete the aggregation task of the edge model based on behavior evaluation, and comprising the following substeps:
step 4.1: in order to complete aggregation and uploading of the edge models, each cluster selects a cluster head as a cluster head to aggregate the edge models of the cluster members, so that the uploading times to roadside units (RSUs) are reduced;
and 4.2: computing a performance assessment value c by performing behavior and performance assessment on a marginal vehiclekThe vehicle with the high evaluation value is selected as a cluster head to take charge of the aggregation and uploading tasks of the edge model;
step 4.3: criteria for performance evaluation are based on the accuracy of the edge car self-training model
Figure FDA0003504066450000011
Time delay t of communication with upper-layer roadside unit RSUviSelf energy loss
Figure FDA0003504066450000012
The three aspects are formed;
in the step 4, in order to complete the selection of the cluster head, performance and behavior evaluation needs to be performed on the vehicles participating in the edge training, and a minimum sum of energy consumption from each edge vehicle to the roadside unit RSU is evaluated;
in step 4, the time consumption is calculated:
Figure FDA0003504066450000013
is expressed as
Figure FDA0003504066450000014
Wherein, tviConsidered as the time delay from sending the model to the edge vehicle, bviIs considered to be the network bandwidth, and the ratio of the two is considered to be the time consumption;
in the step 4, the accuracy ratio of the global model to the model trained by the global model is calculated:
Figure FDA0003504066450000021
is expressed as
Figure FDA0003504066450000022
Wherein the content of the first and second substances,
Figure FDA0003504066450000023
considered as the accuracy of the global model distributed by the roadside units RSU,
Figure FDA0003504066450000024
the accuracy of the model of the edge vehicle is considered, and the ratio of the accuracy of the model of the edge vehicle to the accuracy of the global model relative to the edge vehicle model is considered;
in the step 4, calculating the energy consumption of the vehicle:
Figure FDA0003504066450000025
is expressed as
Figure FDA0003504066450000026
Wherein, the first and the second end of the pipe are connected with each other,
Figure FDA0003504066450000027
is considered to be the remaining energy of the vehicle,
Figure FDA0003504066450000028
the ratio of the initial energy of the vehicle to the energy consumption of the vehicle is considered; and/or the presence of a gas in the gas,
in step 4, the total consumption of the edge car is calculated: c. CkIs based on
Figure FDA0003504066450000029
Figure FDA00035040664500000210
Wherein phi isiIs a weight for a certain consumption,
Figure FDA00035040664500000211
is the ratio of the accuracy of the global model to the accuracy of the self-training model,
Figure FDA00035040664500000212
in order to be time-consuming,
Figure FDA00035040664500000213
for the energy consumption of the vehicle, e is an exponential function, the sum of the three quantities being 1, i.e. + -1231 is ═ 1; according to the importance of different measurement indexes, different weights are distributed to the measurement indexes, wherein the parameter mu controls the variation degree of performance evaluation;
and 5: adding a mask to the model parameters and uploading the model parameters to a roadside unit (RSU), wherein the method comprises the following substeps:
step 5.1: each cluster head continuously trains on the own data set according to the aggregated edge model by using a gradient descent algorithm until a loss function is converged;
step 5.2: the participant weights w its new modeliPlus the received sub-secret siAs a mask to the roadside units RSU;
in the step 5: after the cluster heads are selected, the cluster heads represent to prevent privacy leakage of model parameters, and the model parameters are added with masks and then uploaded to a roadside unit RSU, namely, model parameter information is added with sub-secrets received from the roadside unit RSU and then uploaded to the roadside unit RSU;
step 6: the method comprises the steps that model parameters uploaded by a roadside unit RSU cluster head are subjected to trust evaluation through the quality of a model aggregated by the roadside unit RSU, so that a distributed aggregation node is stimulated to compete and aggregate a model with higher accuracy, a training model is finally stored based on a block chain principle, and model sharing is completed; in the step 6: after each upper distributed aggregation server, namely a roadside unit RSU receives a plurality of edge models added with sub-secret masks, mask denoising is carried out in a sub-secret recombination mode to obtain mean value information of the models:
Figure FDA00035040664500000214
wherein, wiAs model parameter information, siFor the sub-secret, s is a secret value generated by the initial construction of the RSU and is a target value reconstructed by a plurality of sub-secrets; at a new time point, each roadside unit RSU can aggregate and train a global model thereof, so that the roadside units RSU compete with other roadside units RSUs with higher accuracy to complete consensus of the block chain, and the accuracy of the roadside unit RSU aggregate model is used as a measurement standard to evaluate a trust value of the roadside unit RSU aggregate model; the roadside unit RSU with higher accuracy obtains the accounting right of the block chain so as to store the new model into the block chain, and the anti-tampering and transparent storage of the block chain are completed so as to realize the model sharing more safely.
2. The distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation according to claim 1, wherein in step 3, the edge vehicles perform edge model training based on their intrusion detection data, and for the edge vehicles that receive the global shared model, they can perform model training based on their edge data.
3. A distributed vehicle-mounted intrusion detection system based on federal learning and trust evaluation, which is characterized in that the distributed vehicle-mounted intrusion detection method based on federal learning and trust evaluation as claimed in claim 1 or 2 is adopted, and the system comprises a two-stage framework:
in a first phase, a vehicle driving to the roadside unit RSU area may obtain a pre-trained intrusion detection network model from the roadside unit RSU and use the new network data for further training and updating based on the existing model;
in the second stage, each vehicle uploads the preliminarily trained edge model to a roadside unit RSU, and the roadside unit RSU can aggregate network models of a plurality of vehicles to perform aggregate training and obtain a final global network model; a plurality of roadside units (RSUs) simultaneously execute the operation, an IDS model block chain is jointly maintained, and a new aggregation machine learning model is stored in the block chain in each round.
CN202110046755.5A 2021-01-14 2021-01-14 Distributed intrusion detection method and system based on federal learning and trust evaluation Active CN112770291B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110046755.5A CN112770291B (en) 2021-01-14 2021-01-14 Distributed intrusion detection method and system based on federal learning and trust evaluation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110046755.5A CN112770291B (en) 2021-01-14 2021-01-14 Distributed intrusion detection method and system based on federal learning and trust evaluation

Publications (2)

Publication Number Publication Date
CN112770291A CN112770291A (en) 2021-05-07
CN112770291B true CN112770291B (en) 2022-05-31

Family

ID=75700371

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110046755.5A Active CN112770291B (en) 2021-01-14 2021-01-14 Distributed intrusion detection method and system based on federal learning and trust evaluation

Country Status (1)

Country Link
CN (1) CN112770291B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113255210B (en) * 2021-05-13 2022-12-02 燕山大学 Method and system for diagnosing federal fault of wind turbine generator
CN112948101B (en) * 2021-05-17 2021-10-26 南京邮电大学 5G edge equipment scheduling method for rapid federal learning
CN113313264B (en) * 2021-06-02 2022-08-12 河南大学 Efficient federal learning method in Internet of vehicles scene
CN113283177B (en) * 2021-06-16 2022-05-24 江南大学 Mobile perception caching method based on asynchronous federated learning
CN113794675B (en) * 2021-07-14 2023-04-07 中国人民解放军战略支援部队信息工程大学 Distributed Internet of things intrusion detection method and system based on block chain and federal learning
CN113612598B (en) * 2021-08-02 2024-02-23 北京邮电大学 Internet of vehicles data sharing system and method based on secret sharing and federal learning
CN114124522A (en) * 2021-11-22 2022-03-01 北京天融信网络安全技术有限公司 Model training method, device, equipment and storage medium for multi-stage system
CN114254398B (en) * 2021-12-16 2023-03-28 重庆大学 Block chain-based federated learning system and parameter aggregation method
WO2023197259A1 (en) * 2022-04-14 2023-10-19 Huawei Technologies Co., Ltd. Devices and methods for providing a federated learning model
CN114944914B (en) * 2022-06-01 2023-06-02 电子科技大学 Internet of vehicles data security sharing and privacy protection method based on secret sharing
CN116055150B (en) * 2022-12-22 2023-10-27 深圳信息职业技术学院 Internet of vehicles intrusion detection platform, method and related equipment
CN116032659B (en) * 2023-02-20 2023-07-14 中国铁道科学研究院集团有限公司通信信号研究所 Block chain-based railway signal intrusion detection system
CN117812564B (en) * 2024-02-29 2024-05-31 湘江实验室 Federal learning method, device, equipment and medium applied to Internet of vehicles
CN117834297B (en) * 2024-02-29 2024-05-28 浪潮电子信息产业股份有限公司 Attack detection method, device, system, electronic equipment and readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111600707A (en) * 2020-05-15 2020-08-28 华南师范大学 Decentralized federal machine learning method under privacy protection
CN111611610A (en) * 2020-04-12 2020-09-01 西安电子科技大学 Federal learning information processing method, system, storage medium, program, and terminal
CN111931242A (en) * 2020-09-30 2020-11-13 国网浙江省电力有限公司电力科学研究院 Data sharing method, computer equipment applying same and readable storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102046789B1 (en) * 2019-04-05 2019-11-20 호서대학교 산학협력단 Deep-learning-based intrusion detection method, system and computer program for web applications
CN111598143B (en) * 2020-04-27 2023-04-07 浙江工业大学 Credit evaluation-based defense method for federal learning poisoning attack
CN112217626B (en) * 2020-08-24 2022-11-18 中国人民解放军战略支援部队信息工程大学 Network threat cooperative defense system and method based on intelligence sharing
CN112181666B (en) * 2020-10-26 2023-09-01 华侨大学 Equipment assessment and federal learning importance aggregation method based on edge intelligence

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111611610A (en) * 2020-04-12 2020-09-01 西安电子科技大学 Federal learning information processing method, system, storage medium, program, and terminal
CN111600707A (en) * 2020-05-15 2020-08-28 华南师范大学 Decentralized federal machine learning method under privacy protection
CN111931242A (en) * 2020-09-30 2020-11-13 国网浙江省电力有限公司电力科学研究院 Data sharing method, computer equipment applying same and readable storage medium

Also Published As

Publication number Publication date
CN112770291A (en) 2021-05-07

Similar Documents

Publication Publication Date Title
CN112770291B (en) Distributed intrusion detection method and system based on federal learning and trust evaluation
Shu et al. Collaborative intrusion detection for VANETs: A deep learning-based distributed SDN approach
Liu et al. Blockchain and federated learning for collaborative intrusion detection in vehicular edge computing
Tian et al. Evaluating reputation management schemes of internet of vehicles based on evolutionary game theory
Li et al. An end-to-end load balancer based on deep learning for vehicular network traffic control
Fu et al. An incentive mechanism of incorporating supervision game for federated learning in autonomous driving
CN113313264B (en) Efficient federal learning method in Internet of vehicles scene
CN114418109A (en) Node selection and aggregation optimization system and method for federal learning under micro-service architecture
CN113392919A (en) Federal attention DBN cooperative detection system based on client selection
Li et al. FEEL: Federated end-to-end learning with non-IID data for vehicular ad hoc networks
CN115081002B (en) Aggregation server selection method for decentralised federal learning
CN108320504B (en) Dynamic OD matrix estimation method based on monitoring data
da Silva et al. Towards federated learning in edge computing for real-time traffic estimation in smart cities
CN114491616A (en) Block chain and homomorphic encryption-based federated learning method and application
Zhao et al. Enhancing traffic signal control with composite deep intelligence
CN117576655A (en) Traffic sign detection method and system based on federal learning
CN113850396B (en) Privacy enhanced federal decision method, device, system and storage medium
CN114745288A (en) Complex network survivability model quantification method based on block chain and dynamic weighting
CN116502733A (en) Model training method and device based on federal learning
CN102882727B (en) Monitoring area partition method for hierarchical monitoring network
Wu et al. DAG Blockchain-based Personalized Federated Mutual learning in Internet of Vehicles
CN116541831B (en) Dual defense method based on blockchain and federal learning
CN117313902B (en) Signal game-based vehicle formation asynchronous federal learning method
CN114124784B (en) Intelligent routing decision protection method and system based on vertical federation
CN116915781B (en) Edge collaborative caching system and method based on blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant