CN113434474A - Flow auditing method, equipment and storage medium based on federal learning - Google Patents
Flow auditing method, equipment and storage medium based on federal learning Download PDFInfo
- Publication number
- CN113434474A CN113434474A CN202110742038.6A CN202110742038A CN113434474A CN 113434474 A CN113434474 A CN 113434474A CN 202110742038 A CN202110742038 A CN 202110742038A CN 113434474 A CN113434474 A CN 113434474A
- Authority
- CN
- China
- Prior art keywords
- data packet
- training
- target
- node
- original data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000012549 training Methods 0.000 claims abstract description 222
- 238000012544 monitoring process Methods 0.000 claims abstract description 124
- 230000005540 biological transmission Effects 0.000 claims abstract description 42
- 230000006870 function Effects 0.000 claims abstract description 36
- 238000012550 audit Methods 0.000 claims abstract description 30
- 238000004891 communication Methods 0.000 claims abstract description 27
- 238000007689 inspection Methods 0.000 claims abstract description 9
- 238000004590 computer program Methods 0.000 claims description 5
- 238000012795 verification Methods 0.000 abstract description 11
- 238000005070 sampling Methods 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 2
- 238000012512 characterization method Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/1734—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
- G06F16/164—File meta data generation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
- G06N20/20—Ensemble learning
Abstract
The invention provides a flow auditing method, a device, equipment and a storage medium based on federal learning, wherein the method comprises the steps of generating a private key and a public key by a training node, and sending the public key, a randomly selected target original data packet, a reference random number generated by a VRF function and a certification file to a monitoring node according to public random parameters and the private key; the monitoring node captures a training data packet, obtains a check random number through a Ver ifyVRF function, determines a target training data packet according to the transmission sequence of the target original data packet when the check random number is matched with a reference random number corresponding to the target original data packet, and obtains a flow audit result of the training node through comparison of the data packets. According to the scheme provided by the embodiment of the invention, the verification of random sampling inspection can be realized by utilizing the VRF function and the Ver ifyVRF function, the training node is prevented from knowing the sampled data in advance, the reliability of flow audit is effectively improved, and only one-time overhead is needed to send the related data, so that the communication resource consumption is effectively reduced.
Description
Technical Field
The invention relates to the field of big data, in particular to a flow auditing method, flow auditing equipment and a storage medium based on federal learning.
Background
The federal learning generally comprises a plurality of training nodes, and the plurality of training nodes jointly perform machine learning modeling under the condition of meeting the requirements of privacy protection, data safety and regulations of users, so that the federal learning is widely applied. Due to the privacy design of the federal learning algorithm, the monitoring node is difficult to determine whether the training process meets the communication safety standard, the training node is likely to train in a secret key transmission mode, and the data safety is not guaranteed. In order to monitor and manage the federally learned training process, flow audit needs to be performed on each training node in the training process, the traditional method requires that the transmission of a training data packet is performed in a credible hardware environment, the training nodes and the monitoring nodes prescribe mutually trusted hardware environments in advance, and each training node performs hardware configuration according to the agreed hardware environment, but the requirement on hardware cost is high.
Therefore, a more common traffic auditing method is to perform data comparison, where a training node sends an original data packet to a monitoring node, and the monitoring node captures auditing data from the training data packet interacted between the training nodes in a packet capture manner, and determines whether the communication safety standard is met by comparing the auditing data with the original data packet. However, the monitoring node needs to frequently use the communication instruction to acquire data from the training node, federal learning has the characteristic of large data volume, communication overhead is high, and the target of spot check is to be actively sent by the training node, so that the training node is knowable, and can only carry out compliance operation on the spot checked data easily, and other data are avoided, so that the reliability cannot be guaranteed.
Disclosure of Invention
The following is a summary of the subject matter described in detail herein. This summary is not intended to limit the scope of the claims.
The embodiment of the invention provides a flow auditing method, equipment and a storage medium based on federal learning, which can improve the reliability of flow auditing and reduce the resource overhead of monitoring management in the training process of a federal learning model.
In a first aspect, an embodiment of the present invention provides a method for auditing a flow based on federal learning, including:
the training node generates a private key and a public key through an initialization algorithm of a VRF function, and sends the public key to the monitoring node;
the training node generates a reference random number and a certification file corresponding to an original data packet through the VRF function according to a public random parameter and the private key, wherein the public random parameter is preset in the training node and the monitoring node;
the training node randomly selects a target original data packet, and sends the target original data packet, the reference random number corresponding to the target original data packet and the certification file to the monitoring node;
the monitoring node captures a training data packet sent by the training node;
the monitoring node obtains a check random number through a VerifyVRF function according to the public random parameter, the public key and the certification file corresponding to the target original data packet;
when the monitoring node determines that the inspection random number is matched with the reference random number corresponding to the target original data packet, a target training data packet is determined from the training data packets according to the transmission sequence of the target original data packet, and data comparison is carried out on the target original data packet and the target training data packet, so that a flow audit result of the training node is obtained.
In some embodiments, the capturing, by the monitoring node, a training packet sent by the training node includes:
the training node reports the communication port information used for sending the training data packet to the monitoring node;
and the monitoring node determines a target monitoring port according to the communication port information and captures the training data packet from the target monitoring port.
In some embodiments, before the monitoring node grabs the training data packet sent by the training node, the method further includes:
the training node determines variable names of transmission variables of all the original data packets, and obtains a variable name directory according to the variable names, wherein the variable names in the variable name directory are arranged according to the transmission time sequence of the corresponding original data packets;
the training node sends the variable name directory to the monitoring node;
and the training nodes add the variable names to the label information of the corresponding training data packets, so that the training data packets captured by the monitoring nodes carry the variable names.
In some embodiments, the determining, by the monitoring node, a target training packet from the training packets according to the transmission order of the target raw packet includes:
the monitoring node determines a target transmission sequence of the target training data packet, and determines a corresponding target variable name from the variable name directory according to the target transmission sequence;
and the monitoring node determines a corresponding alternative original data packet according to the target transmission sequence, determines whether a variable name corresponding to the alternative original data packet is matched with the target variable name, determines that the alternative original data packet is the target original data packet if the variable name is matched with the target variable name, and determines that the flow audit result is not in accordance with the standard if the variable name is not matched with the target variable name.
In some embodiments, the randomly selecting, by the training node, a target original data packet, and sending the target original data packet, the reference random number corresponding to the target original data packet, and the certification file to the monitoring node includes:
the training node determines an original data packet to be sent according to the reference random number and the variable name directory, and the transmission sequence of the original data packet to be sent is matched with the reference random number;
and the training node sends an original data packet to be sent, the reference random number corresponding to the original data packet to be sent and the certification file to the monitoring node.
In some embodiments, the comparing the target original data packet with the target training data packet to obtain a traffic audit result of the training node includes:
the monitoring node decrypts the target training data packet according to a pre-established federal learning key;
and when the target training data obtained by decrypting by the monitoring node comprises the federal learning key, determining that the flow auditing result of the training node is not in accordance with the standard.
In some embodiments, after the target training packet is decrypted by the monitoring node according to a pre-established federal learning key, the method further includes:
and when the target training data obtained by the decryption of the monitoring node is inconsistent with the data in the target original data packet, determining that the flow audit result of the training node is not in accordance with the standard.
In a second aspect, an embodiment of the present invention further provides a federate learning-based flow auditing apparatus, where the federate learning-based flow auditing apparatus includes a training node unit and a monitoring node unit;
the training node unit is used for generating a private key and a public key through an initialization algorithm of a VRF function and sending the public key to the monitoring node unit;
the training node unit is further used for generating a reference random number and a certification file corresponding to an original data packet through the VRF function according to a public random parameter and the private key, wherein the public random parameter is preset in the training node unit and the monitoring node unit;
the training node unit is further used for randomly selecting a target original data packet and sending the target original data packet, the reference random number corresponding to the target original data packet and the certification file to the monitoring node unit;
the monitoring node unit is used for capturing a training data packet sent by the training node;
the monitoring node unit is further configured to obtain a check random number through a VerifyVRF function according to the public random parameter, the public key, and the certification file corresponding to the target original data packet;
and the monitoring node unit is further configured to, when it is determined that the check random number matches the reference random number corresponding to the target original data packet, determine a target training data packet from the training data packets according to the transmission sequence of the target original data packet, and perform data comparison between the target original data packet and the target training data packet to obtain a traffic audit result of the training node unit.
In a third aspect, an embodiment of the present invention further provides an electronic device, including: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the federal learning based traffic auditing method of the first aspect when executing the computer program.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium storing computer-executable instructions for executing the federate learning-based flow auditing method according to the first aspect.
The embodiment of the invention comprises the following steps: the training node generates a private key and a public key through an initialization algorithm of a VRF function, and sends the public key to the monitoring node; the training node generates a reference random number and a certification file corresponding to an original data packet through the VRF function according to a public random parameter and the private key, wherein the public random parameter is preset in the training node and the monitoring node; the training node randomly selects a target original data packet, and sends the target original data packet, the reference random number corresponding to the target original data packet and the certification file to the monitoring node; the monitoring node captures a training data packet sent by the training node; the monitoring node obtains a check random number through a VerifyVRF function according to the public random parameter, the public key and the certification file corresponding to the target original data packet; when the monitoring node determines that the inspection random number is matched with the reference random number corresponding to the target original data packet, a target training data packet is determined from the training data packets according to the transmission sequence of the target original data packet, and data comparison is carried out on the target original data packet and the target training data packet, so that a flow audit result of the training node is obtained. According to the scheme provided by the embodiment of the invention, the training nodes can be verified by the VRF function and the VerifyVRF function to generate random numbers by adopting a correct rule, then the monitoring nodes randomly select the certification file to obtain the verification random numbers, and corresponding original data packets and training data packets are selected according to the verification random numbers.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the example serve to explain the principles of the invention and not to limit the invention.
FIG. 1 is a flow chart of a method for federated learning based traffic auditing provided by an embodiment of the present invention;
FIG. 2 is a flow chart of determining a snoop port according to another embodiment of the present invention;
FIG. 3 is a flow diagram for creating a variable name directory as provided by another embodiment of the present invention;
FIG. 4 is a flow chart of compliance verification by a variable name directory as provided by another embodiment of the present invention;
FIG. 5 is a flow chart of randomly selecting original data from a directory of variable names according to another embodiment of the present invention;
FIG. 6 is a flow chart of determining an un-privately carried key, as provided by another embodiment of the invention;
FIG. 7 is a flow chart of alignment data provided in accordance with another embodiment of the present invention;
FIG. 8 is a block diagram of a federated learning-based flow audit device according to another embodiment of the present invention;
fig. 9 is a block diagram of an electronic device according to another embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It should be noted that although functional blocks are partitioned in a schematic diagram of an apparatus and a logical order is shown in a flowchart, in some cases, the steps shown or described may be performed in a different order than the partitioning of blocks in the apparatus or the order in the flowchart. The terms "first," "second," and the like in the description, in the claims, or in the drawings described above, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
The invention provides a flow auditing method, a device, equipment and a storage medium based on federal learning, wherein the method comprises the steps that a training node generates a private key and a public key through an initialization algorithm of a VRF function, and the public key is sent to a monitoring node; the training node generates a reference random number and a certification file corresponding to an original data packet through the VRF function according to a public random parameter and the private key, wherein the public random parameter is preset in the training node and the monitoring node; the training node randomly selects a target original data packet, and sends the target original data packet, the reference random number corresponding to the target original data packet and the certification file to the monitoring node; the monitoring node captures a training data packet sent by the training node; the monitoring node obtains a check random number through a VerifyVRF function according to the public random parameter, the public key and the certification file corresponding to the target original data packet; when the monitoring node determines that the inspection random number is matched with the reference random number corresponding to the target original data packet, a target training data packet is determined from the training data packets according to the transmission sequence of the target original data packet, and data comparison is carried out on the target original data packet and the target training data packet, so that a flow audit result of the training node is obtained. According to the scheme provided by the embodiment of the invention, the training nodes can be verified by the VRF function and the VerifyVRF function to generate random numbers by adopting a correct rule, then the monitoring nodes randomly select the certification file to obtain the verification random numbers, and corresponding original data packets and training data packets are selected according to the verification random numbers.
The embodiments of the present invention will be further explained with reference to the drawings.
As shown in fig. 1, fig. 1 is a flowchart of a method for federally-learned-based traffic auditing according to an embodiment of the present invention, where the method includes, but is not limited to, the following steps:
step S110, the training node generates a private key and a public key through an initialization algorithm of a VRF function, and sends the public key to the monitoring node;
step S120, the training node generates a reference random number and a certification file corresponding to the original data packet through a VRF function according to a public random parameter and a private key, wherein the public random parameter is preset in the training node and the monitoring node;
step S130, the training node randomly selects a target original data packet, and sends the target original data packet, a reference random number corresponding to the target original data packet and a certification file to the monitoring node;
step S140, the monitoring node captures training data packets sent by the training node, selects a target training data packet from the training data packets, and determines a corresponding target original data packet, wherein the transmission sequence of the target training data packet is the same as that of the target original data packet;
s150, the monitoring node obtains a check random number through a VerifyVRF function according to the public random parameter, the public key and a certificate file corresponding to the target original data packet;
and step S160, when the monitoring node determines that the inspection random number is matched with the reference random number corresponding to the target original data packet, determining a target training data packet from the training data packets according to the transmission sequence of the target original data packet, and performing data comparison on the target original data packet and the target training data packet to obtain a flow audit result of the training node.
It should be noted that, because the target original data packet is randomly selected by the training node, the monitoring node may receive a plurality of records, and in order to improve the randomness, the monitoring node may further randomly extract a plurality of target original data packets for inspection, and because the original data packets and the training data packets are in the same sequence, after the target original data packets are extracted, the corresponding target training data packets may be determined by using the transmission sequence, and then the subsequent decryption comparison operation is performed, so that the sampling inspection process of the monitoring node by the training node is unknown, and the reliability is effectively improved.
It should be noted that, the training node may generate the private key and the public key through the initialization algorithm of the VRF function, i.e. Setup (1) in the VRF moduleλ) → (sk, pk), where λ is the input security parameter, sk is the private key, and pk is the public key, it is within the ability of those skilled in the art to select the specific value of λ according to the actual requirement, and will not be described herein. The private key is used for generating random numbers, the public key is used for verifying the generated random numbers, namely the private key is applied to a VRF function, and the public key is applied to a VerifyVRF function.
It should be noted that, by sending the public key to the monitoring node, the monitoring node can perform preliminary verification on whether the training node meets the communication security specification through a random number, for example, an expression that the training node applies a VRF function is VRF (s, sk) → (r, pi), where s is a public random parameter, r is a reference random number, pi is a certification file, a verification process of the monitoring node can be described as VerifyVRF (s, pi, pk) → b, and b is a verification random number, if the monitoring node and the training node apply the same random rule, the private key sk and the public key pk belong to the same key pair, and at this time, b ═ r can be obtained, and at this time, subsequent data comparison can be performed to determine a flow audit result; otherwise, when the values of b and r calculated through the expression are different, the training node can be determined to modify the random rule, and the training node can be determined not to meet the communication safety specification.
It should be noted that the common random parameter s may select different parameters from the federal learning model, for example, select seed, role, t, or loss, where seed is a well-agreed seed, role is a choice of the training node itself, loss is a loss value iteratively calculated by the current federal learning model, and t is a number of iterations of the current federal learning model, and those skilled in the art have an incentive to select appropriate parameters according to actual needs, which is not limited herein.
It should be noted that, the monitoring node may obtain the training data through the packet capturing software, for example, after determining the communication port corresponding to the training node, capture the data sent through the communication port, replace the mode in the prior art in which the training node actively sends the training data packet to the monitoring node, and effectively improve the reliability of the flow audit.
It should be noted that, in the above steps, the data transmission in step S110 and step S130 may be performed simultaneously, so as to reduce communication overhead and save resources, and with the technical scheme of this embodiment, only one communication needs to be performed between the training node and the monitoring node, and no additional communication resource overhead is needed to transmit data, and only by ensuring that the monitoring node and the training node use the same random rule, the corresponding target original data packet may be determined from the captured data, thereby effectively improving the reliability of flow audit.
It should be noted that, for the capturing of the training data packet, the start of federal learning may be used as a trigger signal, the end of federal learning may be used as a stop signal, and it may also be determined whether federal learning is going on after each flow audit is completed, and if so, the next flow audit is going on.
In addition, referring to fig. 2, in an embodiment, the step S140 in the embodiment shown in fig. 1 further includes, but is not limited to, the following steps:
step S210, the training node reports the communication port information for sending the training data packet to the monitoring node;
step S220, the monitoring node determines a target monitoring port according to the communication port information and captures a training data packet from the target monitoring port.
It is noted that federal learning generally involves multiple training nodes, so that the communication ports between every two training nodes are not the same, and the monitoring node determines the target listening port to ensure that the training packet of the current training node can be obtained from the correct port.
It is noted that, in order to avoid the secret key from being privately transferred through the communication ports by different training nodes, the monitoring node shields other communication ports after determining the target listening port, so as to ensure the accuracy and reliability of the data.
It should be noted that after the target listening port is determined, all the communicated data packets may be captured by the capture software to ensure that the training data packets can be successfully obtained by the random number.
In addition, referring to fig. 3, in an embodiment, before performing step S140 in the embodiment shown in fig. 1, the following steps are further included, but not limited to:
step S310, the training node determines the variable names of the transmission variables of all the original data packets, and obtains a variable name directory according to the variable names, wherein the variable names in the variable name directory are arranged according to the transmission time sequence of the corresponding original data packets;
step S320, the training node sends the variable name directory to the monitoring node;
step S330, the training node adds the variable name to the label information of the corresponding training data packet, so that the training data packet captured by the monitoring node carries the variable name.
It should be noted that, because the amount of data learned by the federation is large, both the training data packet and the raw data packet contain a large amount of data and variables, and in order to identify the data packets more easily, the variable name list can be obtained by the variable names of the transmission variables in the data packets, and the variable names are added to the tags of the data packets. Different transmission variables usually have different variable names, so the probability of the repetition of the variable names is low, and therefore, after the monitoring node captures the training data packet, the variable names in the label information can be compared by combining with the variable name directory, so that the inspection efficiency is improved.
It should be noted that the training node needs to locally store original data of all transmission variables sent by communication, for example, unencrypted and data without any random mask, and also stores information such as a random mask used in this communication and a homomorphic encryption/decryption key, where the above data may be stored in a variable name directory, which is not limited in this embodiment.
In addition, referring to fig. 4, in an embodiment, the step S140 in the embodiment shown in fig. 1 further includes, but is not limited to, the following steps:
step S410, the monitoring node determines a target transmission sequence of a target training data packet, and determines a corresponding target variable name from a variable name directory according to the target transmission sequence;
step S420, the monitoring node determines the corresponding alternative original data packet according to the target transmission sequence, determines whether the variable name corresponding to the alternative original data packet matches the target variable name, determines that the alternative original data packet is the target original data packet if the variable name matches the target variable name, and determines that the flow audit result is not compliant with the specification if the variable name does not match the target variable name.
It should be noted that, because the data base of the training data is the original data, the variables of the training data packet and the original data packet in the same transmission sequence are the same, and as described with reference to the above embodiment, the variable name directory is arranged according to the transmission time sequence, so as to improve the matching efficiency of the target original data packet, after determining the target transmission sequence of the target training data packet, the target variable names in the corresponding sequence may be queried from the variable name directory, and by matching with the variable names of the alternative original data packets, if they are different, it may be determined that the training node does not transmit data according to the transmission sequence, or the transmitted data is different from the original data and does not conform to the communication security specification; if the data are the same, the training node can be determined to correctly send the data, and subsequent data comparison can be performed to determine a flow audit result.
In addition, referring to fig. 5, in an embodiment, the step S130 in the embodiment shown in fig. 1 further includes, but is not limited to, the following steps:
step S510, the training node determines an original data packet to be sent according to a reference random number and a variable name directory, and the transmission sequence of the original data packet to be sent is matched with the reference random number;
step S520, the training node sends the original data packet to be sent, the reference random number corresponding to the original data packet to be sent, and the certification file to the monitoring node.
It should be noted that, in order to further improve the randomness of the flow audit random check, the training node may randomly select a part of records as the original data packet to be sent according to the reference random number and the variable name directory, for example, obtain a reference random number riAccording to riFrom
Randomly selecting original data to be transmitted, wherein liIs a variable name directory, and t is the number of iteration rounds of the current federal learning model.
In addition, referring to fig. 6, in an embodiment, the step S160 in the embodiment shown in fig. 1 further includes, but is not limited to, the following steps:
step S610, the monitoring node decrypts the target training data packet according to the pre-established federal learning key;
and step S620, when the target training data obtained by the decryption of the monitoring node comprises a federal learning key, determining that the flow audit result of the training node is not in accordance with the standard.
It is noted that after each training node sends the public key to the monitoring node, for federal learning, each training node and the monitoring node are required to generate a federal learning key, such as a common homomorphic encryption key, specifically, a homomorphic encryption key containing a pair of public and private keys (pk)h,skh) Can be used [. cndot. ]]Pk for characterizationhPerforming homomorphic encryption after encryption, e.g. m is plaintext, [ m ]]Then the ciphertext is encrypted homomorphically, and here we use homomorphic encryption of multiplicative homomorphism, i.e., [ m ]1+m2]=[m1]+[m2]And [ cm ]]=c[m]Wherein c is a positive integer.
It should be noted that, according to the federal learning key, the monitoring node can decrypt the target training packet, and a specific decryption process is not an improvement made in this embodiment and is not described herein. Through decryption, target training data in the target training data packet can be obtained, and when the target training data comprises a federal learning key, a corresponding training node private transmission key can be determined, so that a flow audit result can be determined that the training node does not meet the communication safety standard.
It should be noted that, in the decryption process, if the random mask is added in the encryption process, the random mask needs to be subtracted to ensure that the data is restored.
In addition, referring to fig. 7, in an embodiment, after the step S610 in the embodiment shown in fig. 6 is performed, the following steps are further included, but not limited to:
step S710, when the target training data obtained by the monitoring node through decryption is inconsistent with the data in the target original data packet, determining that the flow audit result of the training node is not in accordance with the standard.
It should be noted that, by using the method of randomly extracting data in the present invention, the obtained target training data and the data in the target original data packet should be the same data, so that the flow audit result can be directly determined by data comparison, and the specific comparison method is not described herein.
In addition, referring to fig. 8, in an embodiment, there is further provided a federate learning-based flow auditing apparatus, where the federate learning-based flow auditing apparatus 800 includes a training node unit 810 and a monitoring node unit 820;
the training node unit 810 is configured to generate a private key and a public key through an initialization algorithm of a VRF function, and send the public key to the monitoring node unit 820;
a training node unit 810, further configured to generate a reference random number and a certification document corresponding to the original data packet through a VRF function according to a public random parameter and a private key, where the public random parameter is preset in the training node and monitoring node unit 820;
the training node unit 810 is further configured to randomly select a target original data packet, and send the target original data packet, a reference random number corresponding to the target original data packet, and a certification file to the monitoring node unit 820;
a monitoring node unit 820, configured to capture a training data packet sent by a training node;
the monitoring node unit 820 is further configured to obtain a verification random number through a VerifyVRF function according to the public random parameter, the public key and the certification file corresponding to the target original data packet;
and the monitoring node unit 820 is further configured to, when it is determined that the verification random number matches the reference random number corresponding to the target original data packet, determine a target training data packet from the training data packets according to the transmission sequence of the target original data packet, and perform data comparison between the target original data packet and the target training data packet to obtain a traffic audit result of the training node unit 810.
In addition, referring to fig. 9, an embodiment of the present invention also provides an electronic apparatus, where the electronic apparatus 900 includes: memory 910, processor 920, and computer programs stored on memory 910 and operable on processor 920.
The processor 920 and the memory 910 may be connected by a bus or other means.
Non-transitory software programs and instructions required to implement the federal learning based flow auditing method of the above-described embodiment are stored in the memory 910, and when executed by the processor 920, perform the federal learning based flow auditing method of the above-described embodiment, for example, performing the above-described method steps S110 to S160 in fig. 1, method steps S210 to S220 in fig. 2, method steps S310 to S330 in fig. 3, method steps S410 to S420 in fig. 4, method steps S510 to S520 in fig. 5, method steps S610 to S620 in fig. 6, and method step S710 in fig. 7.
The above-described embodiments of the apparatus are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, i.e. may be located in one place, or may also be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
Furthermore, an embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium stores computer-executable instructions, which are executed by a processor or a controller, for example, by a processor in the above-mentioned embodiment of the electronic device, and enable the processor to execute the federate learning based traffic auditing method in the above-mentioned embodiment, for example, execute the above-mentioned method steps S110 to S160 in fig. 1, method steps S210 to S220 in fig. 2, method steps S310 to S330 in fig. 3, method steps S410 to S420 in fig. 4, method steps S510 to S520 in fig. 5, method steps S610 to S620 in fig. 6, and method step S710 in fig. 7. One of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
While the preferred embodiments of the present invention have been described in detail, it will be understood by those skilled in the art that the foregoing and various other changes, omissions and deviations in the form and detail thereof may be made without departing from the scope of this invention.
Claims (10)
1. A flow auditing method based on federal learning is characterized by comprising the following steps:
the training node generates a private key and a public key through an initialization algorithm of a VRF function, and sends the public key to the monitoring node;
the training node generates a reference random number and a certification file corresponding to an original data packet through the VRF function according to a public random parameter and the private key, wherein the public random parameter is preset in the training node and the monitoring node;
the training node randomly selects a target original data packet, and sends the target original data packet, the reference random number corresponding to the target original data packet and the certification file to the monitoring node;
the monitoring node captures a training data packet sent by the training node;
the monitoring node obtains a check random number through a VerifyVRF function according to the public random parameter, the public key and the certification file corresponding to the target original data packet;
when the monitoring node determines that the inspection random number is matched with the reference random number corresponding to the target original data packet, a target training data packet is determined from the training data packets according to the transmission sequence of the target original data packet, and data comparison is carried out on the target original data packet and the target training data packet, so that a flow audit result of the training node is obtained.
2. The federate learning-based traffic auditing method of claim 1 where the monitoring node grabs training data packets sent by the training node, including:
the training node reports the communication port information used for sending the training data packet to the monitoring node;
and the monitoring node determines a target monitoring port according to the communication port information and captures the training data packet from the target monitoring port.
3. The federate learning based traffic auditing method of claim 1 where before the monitoring node grabs training data packets sent by the training nodes, the method further comprises:
the training node determines variable names of transmission variables of all the original data packets, and obtains a variable name directory according to the variable names, wherein the variable names in the variable name directory are arranged according to the transmission time sequence of the corresponding original data packets;
the training node sends the variable name directory to the monitoring node;
and the training nodes add the variable names to the label information of the corresponding training data packets, so that the training data packets captured by the monitoring nodes carry the variable names.
4. The federate learning-based traffic auditing method of claim 3 where the monitoring node determines a target training data packet from the training data packets according to the transmission order of the target raw data packet, comprising:
the monitoring node determines a target transmission sequence of the target training data packet, and determines a corresponding target variable name from the variable name directory according to the target transmission sequence;
and the monitoring node determines a corresponding alternative original data packet according to the target transmission sequence, determines whether a variable name corresponding to the alternative original data packet is matched with the target variable name, determines that the alternative original data packet is the target original data packet if the variable name is matched with the target variable name, and determines that the flow audit result is not in accordance with the standard if the variable name is not matched with the target variable name.
5. The federally-learned-based traffic auditing method of claim 3, wherein the training node randomly selects a target raw data packet, and sends the target raw data packet, the reference random number corresponding to the target raw data packet and the certification file to the monitoring node, including:
the training node determines an original data packet to be sent according to the reference random number and the variable name directory, and the transmission sequence of the original data packet to be sent is matched with the reference random number;
and the training node sends an original data packet to be sent, the reference random number corresponding to the original data packet to be sent and the certification file to the monitoring node.
6. The federally-learned-based traffic auditing method according to claim 1, wherein the comparing the target raw data packet with the target training data packet to obtain the traffic auditing result of the training node comprises:
the monitoring node decrypts the target training data packet according to a pre-established federal learning key;
and when the target training data obtained by decrypting by the monitoring node comprises the federal learning key, determining that the flow auditing result of the training node is not in accordance with the standard.
7. The federate learning based flow auditing method of claim 6 where after the target training data packet is decrypted by the monitoring node according to a pre-established federate learning key, the method further comprises:
and when the target training data obtained by the decryption of the monitoring node is inconsistent with the data in the target original data packet, determining that the flow audit result of the training node is not in accordance with the standard.
8. The flow auditing device based on the federal study is characterized by comprising a training node unit and a monitoring node unit;
the training node unit is used for generating a private key and a public key through an initialization algorithm of a VRF function and sending the public key to the monitoring node unit;
the training node unit is further used for generating a reference random number and a certification file corresponding to an original data packet through the VRF function according to a public random parameter and the private key, wherein the public random parameter is preset in the training node unit and the monitoring node unit;
the training node unit is further used for randomly selecting a target original data packet and sending the target original data packet, the reference random number corresponding to the target original data packet and the certification file to the monitoring node unit;
the monitoring node unit is used for capturing a training data packet sent by the training node;
the monitoring node unit is further configured to obtain a check random number through a VerifyVRF function according to the public random parameter, the public key, and the certification file corresponding to the target original data packet;
and the monitoring node unit is further configured to, when it is determined that the check random number matches the reference random number corresponding to the target original data packet, determine a target training data packet from the training data packets according to the transmission sequence of the target original data packet, and perform data comparison between the target original data packet and the target training data packet to obtain a traffic audit result of the training node unit.
9. An electronic device, comprising: memory, processor and computer program stored on the memory and executable on the processor, wherein the processor when executing the computer program implements the federal learning based traffic auditing method of any one of claims 1 to 7.
10. A computer-readable storage medium storing computer-executable instructions for performing the federate learning based flow audit method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110742038.6A CN113434474A (en) | 2021-06-30 | 2021-06-30 | Flow auditing method, equipment and storage medium based on federal learning |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110742038.6A CN113434474A (en) | 2021-06-30 | 2021-06-30 | Flow auditing method, equipment and storage medium based on federal learning |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113434474A true CN113434474A (en) | 2021-09-24 |
Family
ID=77758393
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110742038.6A Pending CN113434474A (en) | 2021-06-30 | 2021-06-30 | Flow auditing method, equipment and storage medium based on federal learning |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113434474A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113946869A (en) * | 2021-11-02 | 2022-01-18 | 深圳致星科技有限公司 | Internal security attack detection method and device for federal learning and privacy calculation |
| CN114091057A (en) * | 2021-11-08 | 2022-02-25 | 深圳致星科技有限公司 | Federal learning safety audit method and device based on model simulation |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6937728B1 (en) * | 1999-05-19 | 2005-08-30 | Nippon Telegraph And Telephone Corporation | Verifiable anonymous channel |
| CN105812322A (en) * | 2014-12-30 | 2016-07-27 | 华为数字技术(苏州)有限公司 | Method and device for establishing Internet safety protocol safety alliance |
| CN110445616A (en) * | 2019-07-15 | 2019-11-12 | 杭州复杂美科技有限公司 | A kind of block is packaged the determining method of packing sequence, equipment and the storage medium of node |
| US20200153627A1 (en) * | 2018-11-09 | 2020-05-14 | Ares Technologies, Inc. | Systems and methods for distributed key storage |
| US20200389396A1 (en) * | 2019-06-04 | 2020-12-10 | The Boeing Company | System and method for network traffic processing based on federated services and user groups |
-
2021
- 2021-06-30 CN CN202110742038.6A patent/CN113434474A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6937728B1 (en) * | 1999-05-19 | 2005-08-30 | Nippon Telegraph And Telephone Corporation | Verifiable anonymous channel |
| CN105812322A (en) * | 2014-12-30 | 2016-07-27 | 华为数字技术(苏州)有限公司 | Method and device for establishing Internet safety protocol safety alliance |
| US20200153627A1 (en) * | 2018-11-09 | 2020-05-14 | Ares Technologies, Inc. | Systems and methods for distributed key storage |
| US20200389396A1 (en) * | 2019-06-04 | 2020-12-10 | The Boeing Company | System and method for network traffic processing based on federated services and user groups |
| CN110445616A (en) * | 2019-07-15 | 2019-11-12 | 杭州复杂美科技有限公司 | A kind of block is packaged the determining method of packing sequence, equipment and the storage medium of node |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113946869A (en) * | 2021-11-02 | 2022-01-18 | 深圳致星科技有限公司 | Internal security attack detection method and device for federal learning and privacy calculation |
| CN114091057A (en) * | 2021-11-08 | 2022-02-25 | 深圳致星科技有限公司 | Federal learning safety audit method and device based on model simulation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107404461B (en) | Data secure transmission method, client and server method, device and system | |
| CN109922077B (en) | Identity authentication method and system based on block chain | |
| CN107370546B (en) | Eavesdropping detection method, data sending method, device and system | |
| US10015159B2 (en) | Terminal authentication system, server device, and terminal authentication method | |
| US10027654B2 (en) | Method for authenticating a client device to a server using a secret element | |
| US9219722B2 (en) | Unclonable ID based chip-to-chip communication | |
| CN104219228B (en) | A kind of user's registration, user identification method and system | |
| US10447669B2 (en) | System and method for key exchange based on authentication information | |
| US9781109B2 (en) | Method, terminal device, and network device for improving information security | |
| CN105721153B (en) | Key exchange system and method based on authentication information | |
| US20140122888A1 (en) | Method for password based authentication and apparatus executing the method | |
| CN105162772A (en) | IoT equipment authentication and key agreement method and device | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| CN108111497A (en) | Video camera and server inter-authentication method and device | |
| CN104836784A (en) | Information processing method, client, and server | |
| CN111435913A (en) | Identity authentication method and device for terminal of Internet of things and storage medium | |
| CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
| CN113434474A (en) | Flow auditing method, equipment and storage medium based on federal learning | |
| CN108809633A (en) | A kind of identity authentication method, apparatus and system | |
| CN109272314A (en) | A kind of safety communicating method and system cooperateing with signature calculation based on two sides | |
| CN108549824A (en) | A kind of data desensitization method and device | |
| CN110690969A (en) | Method and system for completing bidirectional SSL/TLS authentication in cooperation of multiple parties | |
| Huang et al. | A secure communication over wireless environments by using a data connection core | |
| US8954728B1 (en) | Generation of exfiltration-resilient cryptographic keys | |
| CN115150821A (en) | Offline package transmission and storage method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |