CN113434474B - Flow auditing method, equipment and storage medium based on federal learning - Google Patents

Flow auditing method, equipment and storage medium based on federal learning Download PDF

Info

Publication number
CN113434474B
CN113434474B CN202110742038.6A CN202110742038A CN113434474B CN 113434474 B CN113434474 B CN 113434474B CN 202110742038 A CN202110742038 A CN 202110742038A CN 113434474 B CN113434474 B CN 113434474B
Authority
CN
China
Prior art keywords
data packet
training
target
node
original data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110742038.6A
Other languages
Chinese (zh)
Other versions
CN113434474A (en
Inventor
黄晨宇
王健宗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN202110742038.6A priority Critical patent/CN113434474B/en
Publication of CN113434474A publication Critical patent/CN113434474A/en
Application granted granted Critical
Publication of CN113434474B publication Critical patent/CN113434474B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/1734Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • G06F16/164File meta data generation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/951Indexing; Web crawling techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • G06N20/20Ensemble learning

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Computation (AREA)
  • Medical Informatics (AREA)
  • Human Computer Interaction (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a flow auditing method, a device, equipment and a storage medium based on federal learning, wherein the method comprises the steps that a training node generates a private key and a public key, and according to public random parameters and the private key, the public key, a randomly selected target original data packet, a reference random number and a proof file generated by a VRF function are sent to a monitoring node; the monitoring node grabs the training data packet, obtains a check random number through VER IFYVRF functions, determines a target training data packet according to the transmission sequence of the target original data packet when the check random number is matched with a reference random number corresponding to the target original data packet, and obtains a flow audit result of the training node through comparison of the data packets. According to the scheme provided by the embodiment of the invention, the VRF function and VER IFYVRF function can be utilized to realize the verification of random spot check, the training node is prevented from knowing the spot check data in advance, the reliability of flow audit is effectively improved, the related data is only required to be sent once, and the consumption of communication resources is effectively reduced.

Description

Flow auditing method, equipment and storage medium based on federal learning
Technical Field
The invention relates to the field of big data, in particular to a federal learning-based flow auditing method, federal learning-based flow auditing equipment and a federal learning-based storage medium.
Background
Federal learning generally includes a plurality of training nodes that combine to perform machine learning modeling under conditions that meet user privacy protection, data security, and regulatory requirements, and has found wide application. Due to the privacy design of the federal learning algorithm, it is difficult for the monitoring node to determine whether the training process meets the specification of communication security, the training node is likely to train in a secret key transmission mode, and data security cannot be guaranteed. In order to monitor and manage the training process of federal learning, traffic audit needs to be performed on each training node in the training process, the traditional mode requires that transmission of training data packets is performed in a trusted hardware environment, the training nodes and the monitoring nodes pre-define mutually trusted hardware environments, and each training node performs hardware configuration according to the agreed hardware environments, but the requirement on hardware cost is higher.
Therefore, the more commonly used flow auditing method is to perform data comparison, the training nodes send original data packets to the monitoring nodes, the monitoring nodes grasp auditing data from the training data packets interacted between the training nodes in a packet grasping mode, and whether the data accords with the communication safety standard is determined through comparison of the auditing data and the original data packets. However, the monitoring node is required to frequently use a communication instruction to acquire data from the training node, federal learning has the characteristic of large data volume, communication expenditure is large, and the selective examination is actively transmitted by the training node, so that the monitoring node is known, the compliance operation is easy to be carried out only on the data to be selectively examined, other data are avoided, and the reliability is not guaranteed.
Disclosure of Invention
The following is a summary of the subject matter described in detail herein. This summary is not intended to limit the scope of the claims.
The embodiment of the invention provides a flow auditing method, equipment and a storage medium based on federal learning, which can improve the reliability of flow audit and reduce the resource expense of monitoring management in the training process of a federal learning model.
In a first aspect, an embodiment of the present invention provides a federal learning-based traffic auditing method, including:
Generating a private key and a public key by the training node through an initialization algorithm of a VRF function, and transmitting the public key to a monitoring node;
The training node generates a reference random number and a proof file corresponding to an original data packet through the VRF function according to a public random parameter and the private key, wherein the public random parameter is preset in the training node and the monitoring node;
The training node randomly selects a target original data packet, and sends the target original data packet, the reference random number corresponding to the target original data packet and the proof file to the monitoring node;
The monitoring node grabs a training data packet sent by the training node;
the monitoring node obtains a check random number through VERIFYVRF functions according to the public random parameter, the public key and the certification file corresponding to the target original data packet;
and when the monitoring node determines that the check random number is matched with the reference random number corresponding to the target original data packet, determining a target training data packet from the training data packets according to the transmission sequence of the target original data packet, and comparing the data of the target original data packet with the data of the target training data packet to obtain a flow auditing result of the training node.
In some embodiments, the monitoring node captures a training data packet sent by the training node, including:
The training node reports the communication port information for sending the training data packet to the monitoring node;
And the monitoring node determines a target monitoring port according to the communication port information and grabs the training data packet from the target monitoring port.
In some embodiments, before the monitoring node grabs the training data packet sent by the training node, the method further includes:
The training node determines variable names of all transmission variables of the original data packet, and obtains a variable name list according to the variable names, wherein the variable names in the variable name list are arranged according to the corresponding transmission time sequence of the original data packet;
The training node sends the variable name catalog to the monitoring node;
And the training node adds the variable name to the label information of the corresponding training data packet, so that the training data packet grabbed by the monitoring node carries the variable name.
In some embodiments, the monitoring node determines a target training data packet from the training data packets according to the transmission sequence of the target original data packet, including:
the monitoring node determines a target transmission sequence of the target training data packet, and determines a corresponding target variable name from the variable name catalog according to the target transmission sequence;
and the monitoring node determines a corresponding alternative original data packet according to the target transmission sequence, determines whether a variable name corresponding to the alternative original data packet is matched with the target variable name, if so, determines that the alternative original data packet is the target original data packet, and if not, determines that the flow audit result is out of specification.
In some embodiments, the training node randomly selects a target original data packet, and sends the target original data packet, the reference random number corresponding to the target original data packet, and the certificate to the monitoring node, including:
The training node determines an original data packet to be sent according to the reference random number and the variable name catalog, and the transmission sequence of the original data packet to be sent is matched with the reference random number;
And the training node transmits an original data packet to be transmitted, the reference random number corresponding to the original data packet to be transmitted and the proof file to the monitoring node.
In some embodiments, the comparing the data of the target original data packet with the data of the target training data packet to obtain a traffic audit result of the training node includes:
The monitoring node decrypts the target training data packet according to a pre-established federal learning key;
and when target training data obtained by decryption of the monitoring node comprises the federal learning key, determining that the flow audit result of the training node is out of specification.
In some embodiments, after the monitoring node decrypts the target training data packet in accordance with a pre-established federal learning key, the method further comprises:
And when the target training data obtained by decryption of the monitoring node is inconsistent with the data in the target original data packet, determining that the flow audit result of the training node is inconsistent with the specification.
In a second aspect, the embodiment of the invention further provides a flow auditing device based on federal learning, which comprises a training node unit and a monitoring node unit;
the training node unit is used for generating a private key and a public key through an initialization algorithm of the VRF function and sending the public key to the monitoring node unit;
The training node unit is further configured to generate a reference random number and a proof file corresponding to an original data packet through the VRF function according to a public random parameter and the private key, where the public random parameter is preset in the training node and the monitoring node unit;
The training node unit is further configured to randomly select a target original data packet, and send the target original data packet, the reference random number corresponding to the target original data packet, and the proof file to the monitoring node unit;
The monitoring node unit is used for capturing training data packets sent by the training nodes;
The monitoring node unit is further configured to obtain a check random number through VERIFYVRF functions according to the public random parameter, the public key and the certificate corresponding to the target original data packet;
And the monitoring node unit is further used for determining a target training data packet from the training data packets according to the transmission sequence of the target original data packet when the check random number is determined to be matched with the reference random number corresponding to the target original data packet, and comparing the data of the target original data packet with the data of the target training data packet to obtain a flow auditing result of the training node unit.
In a third aspect, an embodiment of the present invention further provides an electronic device, including: a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the federal learning-based flow audit method according to the first aspect when the computer program is executed.
In a fourth aspect, embodiments of the present invention also provide a computer-readable storage medium storing computer-executable instructions for performing the federal learning-based flow audit method according to the first aspect.
The embodiment of the invention comprises the following steps: generating a private key and a public key by the training node through an initialization algorithm of a VRF function, and transmitting the public key to a monitoring node; the training node generates a reference random number and a proof file corresponding to an original data packet through the VRF function according to a public random parameter and the private key, wherein the public random parameter is preset in the training node and the monitoring node; the training node randomly selects a target original data packet, and sends the target original data packet, the reference random number corresponding to the target original data packet and the proof file to the monitoring node; the monitoring node grabs a training data packet sent by the training node; the monitoring node obtains a check random number through VERIFYVRF functions according to the public random parameter, the public key and the certification file corresponding to the target original data packet; and when the monitoring node determines that the check random number is matched with the reference random number corresponding to the target original data packet, determining a target training data packet from the training data packets according to the transmission sequence of the target original data packet, and comparing the data of the target original data packet with the data of the target training data packet to obtain a flow auditing result of the training node. According to the scheme provided by the embodiment of the invention, the training node can be verified to generate the random number by adopting the correct rule through the VRF function and VERIFYVRF function, then the monitoring node randomly selects the proof file to obtain the check random number, and the corresponding original data packet and training data packet are selected according to the check random number.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate and do not limit the invention.
FIG. 1 is a flow chart of a federal learning-based flow audit method provided by one embodiment of the present invention;
FIG. 2 is a flow chart of determining a listening port provided by another embodiment of the present invention;
FIG. 3 is a flow chart for creating a variable name directory provided by another embodiment of the present invention;
FIG. 4 is a flow chart for verifying compliance through a variable name directory provided by another embodiment of the present invention;
FIG. 5 is a flow chart for randomly selecting raw data from a variable name directory according to another embodiment of the present invention;
FIG. 6 is a flow chart of determining that a key is not carried privately provided in another embodiment of the invention;
FIG. 7 is a flow chart of alignment data provided by another embodiment of the present invention;
FIG. 8 is a block diagram of a federal learning-based flow audit device according to another embodiment of the present invention;
fig. 9 is a block diagram of an electronic device according to another embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
It should be noted that although functional block division is performed in a device diagram and a logic sequence is shown in a flowchart, in some cases, the steps shown or described may be performed in a different order than the block division in the device, or in the flowchart. The terms first, second and the like in the description, in the claims and in the above-described figures, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.
The invention provides a flow auditing method, a device, equipment and a storage medium based on federal learning, wherein the method comprises the steps that a training node generates a private key and a public key through an initialization algorithm of a VRF function, and the public key is sent to a monitoring node; the training node generates a reference random number and a proof file corresponding to an original data packet through the VRF function according to a public random parameter and the private key, wherein the public random parameter is preset in the training node and the monitoring node; the training node randomly selects a target original data packet, and sends the target original data packet, the reference random number corresponding to the target original data packet and the proof file to the monitoring node; the monitoring node grabs a training data packet sent by the training node; the monitoring node obtains a check random number through VERIFYVRF functions according to the public random parameter, the public key and the certification file corresponding to the target original data packet; and when the monitoring node determines that the check random number is matched with the reference random number corresponding to the target original data packet, determining a target training data packet from the training data packets according to the transmission sequence of the target original data packet, and comparing the data of the target original data packet with the data of the target training data packet to obtain a flow auditing result of the training node. According to the scheme provided by the embodiment of the invention, the training node can be verified to generate the random number by adopting the correct rule through the VRF function and VERIFYVRF function, then the monitoring node randomly selects the proof file to obtain the check random number, and the corresponding original data packet and training data packet are selected according to the check random number.
Embodiments of the present invention will be further described below with reference to the accompanying drawings.
As shown in fig. 1, fig. 1 is a flow chart of a federal learning-based flow audit method according to an embodiment of the present invention, including, but not limited to, the steps of:
step S110, the training node generates a private key and a public key through an initialization algorithm of the VRF function, and sends the public key to the monitoring node;
step S120, the training node generates a reference random number and a proof file corresponding to the original data packet through a VRF function according to the public random parameter and the private key, wherein the public random parameter is preset in the training node and the monitoring node;
step S130, the training node randomly selects a target original data packet, and sends the target original data packet, a reference random number corresponding to the target original data packet and a certification file to the monitoring node;
Step S140, the monitoring node grabs a training data packet sent by the training node, selects a target training data packet from the training data packets, and determines a corresponding target original data packet, wherein the transmission sequence of the target training data packet and the transmission sequence of the target original data packet are the same;
step S150, the monitoring node obtains a checking random number through VERIFYVRF functions according to the public random parameter, the public key and the proof file corresponding to the target original data packet;
Step S160, when the monitoring node determines that the check random number is matched with the reference random number corresponding to the target original data packet, determining a target training data packet from the training data packets according to the transmission sequence of the target original data packet, and comparing the target original data packet with the target training data packet to obtain a flow audit result of the training node.
It should be noted that, because the target original data packet is randomly selected by the training node, the monitoring node may receive a plurality of records, in order to improve randomness, the monitoring node may further randomly extract a plurality of target original data packets for inspection, and because the sequence of the original data packets and the sequence of the training data packets are the same, after the target original data packets are extracted, the corresponding target training data packets can be determined by using the transmission sequence, and then subsequent decryption comparison operation is performed, so that the sampling inspection process of the monitoring node by the training node is unknown, and reliability is effectively improved.
It should be noted that, the training node may generate the private key and the public key through the initialization algorithm of the VRF function, that is, setup (1 λ) → (sk, pk) in the VRF module, where λ is an input security parameter, sk is the private key, pk is the public key, and it is possible for those skilled in the art to select a specific value of λ according to the actual requirement, which will not be described herein. The private key is used to generate the random number and the public key is used to verify the generated random number, i.e. the private key is applied to the VRF function and the public key is applied to the VERIFYVRF function.
It is noted that by sending the public key to the monitoring node, the monitoring node can perform preliminary verification on whether the training node accords with the communication security standard through the random number, for example, the expression of the training node applying the VRF function is VRF (s, sk) → (r, pi), where s is a public random parameter, r is a reference random number, pi is a proof file, the verification process of the monitoring node can be described as VERIFYVRF (s, pi, pk) →b, b is a check random number, if the monitoring node and the training node apply the same random rule, the private key sk and the public key pk are attributed to the same key pair, at this time b=r can be obtained, at this time, subsequent data comparison can be performed to determine the flow audit result; otherwise, when the b and r values calculated by the above expression are different, it can be determined that the training node modifies the random rule, and at this time, it can be determined that the training node does not conform to the specification of communication security.
It should be noted that, the common random parameter s may be selected from the federal learning model, for example, select seed, role, t, or loss, where seed is a contracted seed, role is a choice of the training node itself, loss is a loss value calculated by iteration of the current federal learning model, t is the number of rounds of iteration of the current federal learning model, and a person skilled in the art has an incentive to select an appropriate parameter according to actual needs, which is not limited herein.
It should be noted that, the monitoring node may acquire the training data through the packet capturing software, for example, after determining the communication port corresponding to the training node, capture the data sent through the communication port, instead of the mode that the training node actively sends the training data packet to the monitoring node in the prior art, so as to effectively improve the reliability of the flow audit.
It should be noted that, the data transmission in step S110 and step S130 in the above steps may be performed simultaneously, so as to reduce the communication overhead and save resources.
It should be noted that, for capturing the training data packet, federal learning may be started as a trigger signal, federal learning is ended as a stop signal, or whether federal learning is continued after each flow audit is completed may be determined, if so, the next flow audit is continued.
In addition, referring to fig. 2, in an embodiment, step S140 in the embodiment shown in fig. 1 further includes, but is not limited to, the following steps:
step S210, the training node reports the communication port information for transmitting the training data packet to the monitoring node;
in step S220, the monitoring node determines a target monitoring port according to the communication port information, and grabs the training data packet from the target monitoring port.
Notably, federal learning typically involves multiple training nodes, so that the communication ports between every two training nodes are not identical, and the monitoring node determines the target listening port to ensure that the training data packet for the current training node can be obtained from the correct port.
Notably, in order to avoid that different training nodes pass keys privately through the communication ports, the monitoring node shields other communication ports after determining the target monitoring port, so as to ensure the accuracy and reliability of data.
It should be noted that, after the target listening port is determined, the capturing software may capture all the data packets of the communication, so as to ensure that the training data packet can be successfully obtained through the random number.
In addition, referring to fig. 3, in an embodiment, before performing step S140 in the embodiment shown in fig. 1, the following steps are further included, but not limited to:
step S310, the training node determines variable names of transmission variables of all original data packets, and obtains a variable name list according to the variable names, wherein the variable names in the variable name list are arranged according to the transmission time sequence of the corresponding original data packets;
Step S320, the training node sends the variable name list to the monitoring node;
In step S330, the training node adds the variable name to the label information of the corresponding training data packet, so that the training data packet captured by the monitoring node carries the variable name.
It is noted that, because the data volume of federal learning is large, the training data packet and the original data packet both contain a large amount of data and variables, in order to identify the data packet more easily, the variable name directory can be obtained by transmitting the variable name of the variable in the data packet, and meanwhile, the variable name is added in the label of the data packet. Different transmission variables usually have different variable names, so that the repeated probability of the variable names is small, and therefore, after capturing the training data packet, the monitoring node can compare through the variable names in the label information and the variable name directory, so that the inspection efficiency is improved.
It should be noted that, the training node also needs to locally store the original data of the transmission variables sent by all communications, for example, the data without encryption and any random mask, and also store the information such as the random mask, the homomorphic encryption and decryption key used by this communication, where the data may be stored in the variable name directory, and this embodiment is not limited in this way.
In addition, referring to fig. 4, in an embodiment, step S140 in the embodiment shown in fig. 1 further includes, but is not limited to, the following steps:
Step S410, the monitoring node determines the target transmission sequence of the target training data packet, and determines the corresponding target variable name from the variable name directory according to the target transmission sequence;
Step S420, the monitoring node determines the corresponding alternative original data packet according to the target transmission sequence, determines whether the variable name corresponding to the alternative original data packet is matched with the target variable name, if so, determines that the alternative original data packet is the target original data packet, and if not, determines that the flow audit result is out of specification.
It should be noted that, because the data base of the training data is the original data, the variables of the training data packet and the original data packet in the same transmission sequence are the same, and as described in reference to the above embodiment, the variable name directory is arranged according to the transmission time sequence, so, in order to improve the matching efficiency of the target original data packet, after determining the target transmission sequence of the target training data packet, the target variable name of the corresponding sequence can be queried from the variable name directory, and by matching with the variable name of the candidate original data packet, if not, it can be determined that the training node does not transmit data according to the transmission sequence, or that the transmitted data is different from the original data, and does not conform to the specification of communication security; if the data are the same, the training node can be determined to correctly send the data, and subsequent data comparison can be performed to determine a flow audit result.
In addition, referring to fig. 5, in an embodiment, step S130 in the embodiment shown in fig. 1 further includes, but is not limited to, the following steps:
step S510, the training node determines an original data packet to be sent according to the reference random number and the variable name directory, and the transmission sequence of the original data packet to be sent is matched with the reference random number;
in step S520, the training node sends the original data packet to be sent, the reference random number corresponding to the original data packet to be sent, and the certificate file to the monitoring node.
It should be noted that, in order to further improve randomness of the flow audit sampling, the training node may randomly select a part of the record as the original data packet to be sent according to the reference random number and the variable name directory, for example, obtain a reference random number r i, and obtain a random number r i from the data packet according to r i And randomly selecting original data to be transmitted, wherein l i is a variable name list, and t is the iteration round number of the current federal learning model.
In addition, referring to fig. 6, in an embodiment, step S160 in the embodiment shown in fig. 1 further includes, but is not limited to, the following steps:
step S610, the monitoring node decrypts the target training data packet according to the pre-established federal learning key;
and step S620, when target training data obtained by decryption of the monitoring node comprises a federal learning key, determining that the flow audit result of the training node is out of specification.
It is noted that after each training node sends the public key to the monitoring node, for federal learning, each training node and the monitoring node are required to generate a federal learning key, such as a common homomorphic encryption key, specifically, homomorphic encryption includes a pair of public and private keys (pk h,skh), and the homomorphic encryption encrypted by pk h can be characterized by [ · ], for example, m is plaintext, and [ m ] is homomorphic encrypted ciphertext, where we use homomorphic encryption of multiplication homomorphic, i.e., [ m 1+m2]=[m1]+[m2 ] and [ cm ] =c [ m ], where c is a positive integer.
It should be noted that, according to the federal learning key, the monitoring node can decrypt the target training data packet, and the specific decryption process is not an improvement of the present embodiment, which is not described herein. Through decryption, target training data in the target training data packet can be obtained, when the target training data comprises the federal learning key, the private transmission key of the corresponding training node can be determined, and therefore, the traffic audit result can be determined that the training node does not accord with the specification of communication safety.
It should be noted that, in the decryption process, if a random mask is added in the encryption process, the random mask needs to be subtracted to ensure that the data is restored.
In addition, referring to fig. 7, in an embodiment, after step S610 in the embodiment shown in fig. 6 is performed, the following steps are included, but not limited to:
step S710, when the target training data obtained by decryption by the monitoring node is inconsistent with the data in the target original data packet, determining that the flow audit result of the training node is inconsistent with the specification.
It should be noted that, by adopting the method of randomly extracting data in the present invention, the obtained target training data and the data in the target original data packet should be the same data, so that the flow audit result can be directly determined by data comparison, and the specific comparison method is not described in detail herein.
In addition, referring to fig. 8, in an embodiment, there is further provided a federal learning-based flow auditing apparatus, the federal learning-based flow auditing apparatus 800 including a training node unit 810 and a monitoring node unit 820;
A training node unit 810, configured to generate a private key and a public key through an initialization algorithm of the VRF function, and send the public key to the monitoring node unit 820;
The training node unit 810 is further configured to generate a reference random number and a proof file corresponding to the original data packet through a VRF function according to a public random parameter and a private key, where the public random parameter is preset in the training node and monitoring node unit 820;
The training node unit 810 is further configured to randomly select a target original data packet, and send the target original data packet, a reference random number corresponding to the target original data packet, and a certificate file to the monitoring node unit 820;
a monitoring node unit 820 for capturing a training data packet sent by the training node;
The monitoring node unit 820 is further configured to obtain a check random number according to the public random parameter, the public key, and the proof file corresponding to the target original data packet through VERIFYVRF functions;
the monitoring node unit 820 is further configured to determine, when it is determined that the check random number matches the reference random number corresponding to the target original data packet, the target training data packet from the training data packets according to the transmission sequence of the target original data packet, and perform data comparison on the target original data packet and the target training data packet, so as to obtain a flow audit result of the training node unit 810.
In addition, referring to fig. 9, an embodiment of the present invention further provides an electronic device, the electronic device 900 including: memory 910, processor 920, and computer programs stored on memory 910 and executable on processor 920.
The processor 920 and the memory 910 may be connected by a bus or other means.
The non-transitory software programs and instructions required to implement the federally-learned traffic audit method of the above-described embodiments are stored in the memory 910, which when executed by the processor 920, perform the federally-learned traffic audit method of the above-described embodiments, e.g., perform method steps S110 through S160 in fig. 1, method steps S210 through S220 in fig. 2, method steps S310 through S330 in fig. 3, method steps S410 through S420 in fig. 4, method steps S510 through S520 in fig. 5, method steps S610 through S620 in fig. 6, and method step S710 in fig. 7, described above.
The above described apparatus embodiments are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, i.e. may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
Furthermore, an embodiment of the present invention provides a computer-readable storage medium storing computer-executable instructions that are executed by a processor or controller, for example, by one of the processors in the above-described electronic device embodiments, and that may cause the processor to perform the federally learning-based traffic auditing method in the above-described embodiment, for example, performing the method steps S110 to S160 in fig. 1, the method steps S210 to S220 in fig. 2, the method steps S310 to S330 in fig. 3, the method steps S410 to S420 in fig. 4, the method steps S510 to S520 in fig. 5, the method steps S610 to S620 in fig. 6, and the method step S710 in fig. 7 described above. Those of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media.
While the preferred embodiment of the present invention has been described in detail, the present invention is not limited to the above embodiment, and various equivalent modifications and substitutions can be made by those skilled in the art without departing from the spirit of the present invention, and these equivalent modifications and substitutions are intended to be included in the scope of the present invention as defined in the appended claims.

Claims (10)

1. A federal learning-based flow auditing method, comprising:
Generating a private key and a public key by the training node through an initialization algorithm of a VRF function, and transmitting the public key to a monitoring node;
The training node generates a reference random number and a proof file corresponding to an original data packet through the VRF function according to a public random parameter and the private key, wherein the public random parameter is preset in the training node and the monitoring node;
the training node randomly selects a target original data packet, and sends the target original data packet, the reference random number corresponding to the target original data packet and the proof file to the monitoring node;
The monitoring node grabs a training data packet sent by the training node;
The monitoring node obtains a check random number through VERIFYVRF functions according to the public random parameter, the public key and the certification file corresponding to the target original data packet, wherein the input of the VERIFYVRF functions is the public random parameter, the certification file and the public key, the output of the VERIFYVRF functions is the check random number, and the check random number is used for verifying whether the reference random number belongs to the same pair of the public key and the private key;
and when the monitoring node determines that the check random number is matched with the reference random number corresponding to the target original data packet, determining a target training data packet from the training data packets according to the transmission sequence of the target original data packet, and comparing the data of the target original data packet with the data of the target training data packet to obtain a flow auditing result of the training node.
2. The federal learning-based traffic audit method according to claim 1, wherein the monitoring node grabbing training data packets sent by the training node includes:
The training node reports the communication port information for sending the training data packet to the monitoring node;
And the monitoring node determines a target monitoring port according to the communication port information and grabs the training data packet from the target monitoring port.
3. The federal learning-based traffic auditing method according to claim 1, wherein before the monitoring node grabs the training data packet sent by the training node, the method further comprises:
The training node determines variable names of transmission variables of all original data packets, and obtains a variable name list according to the variable names, wherein the variable names in the variable name list are arranged according to the transmission time sequence of the corresponding original data packets;
The training node sends the variable name catalog to the monitoring node;
And the training node adds the variable name to the label information of the corresponding training data packet, so that the training data packet grabbed by the monitoring node carries the variable name.
4. A federally learned based traffic audit method according to claim 3 wherein the monitoring node determining a target training data packet from the training data packets according to a transmission order of the target raw data packets includes:
the monitoring node determines a target transmission sequence of the target training data packet, and determines a corresponding target variable name from the variable name catalog according to the target transmission sequence;
and the monitoring node determines a corresponding alternative original data packet according to the target transmission sequence, determines whether a variable name corresponding to the alternative original data packet is matched with the target variable name, if so, determines that the alternative original data packet is the target original data packet, and if not, determines that the flow audit result is out of specification.
5. The federal learning-based traffic audit method according to claim 3, wherein the training node randomly selects a target original data packet, and transmits the target original data packet, the reference random number corresponding to the target original data packet, and the certificate to the monitoring node, including:
The training node determines an original data packet to be sent according to the reference random number and the variable name catalog, and the transmission sequence of the original data packet to be sent is matched with the reference random number;
And the training node transmits an original data packet to be transmitted, the reference random number corresponding to the original data packet to be transmitted and the proof file to the monitoring node.
6. The federal learning-based traffic audit method according to claim 1, wherein the performing data comparison on the target raw data packet and the target training data packet to obtain a traffic audit result of the training node includes:
The monitoring node decrypts the target training data packet according to a pre-established federal learning key;
and when target training data obtained by decryption of the monitoring node comprises the federal learning key, determining that the flow audit result of the training node is out of specification.
7. The federal learning-based traffic audit method according to claim 6, wherein after the monitoring node decrypts the target training data packet according to a pre-established federal learning key, the method further comprises:
And when the target training data obtained by decryption of the monitoring node is inconsistent with the data in the target original data packet, determining that the flow audit result of the training node is inconsistent with the specification.
8. The flow auditing device based on federal learning is characterized by comprising a training node unit and a monitoring node unit;
the training node unit is used for generating a private key and a public key through an initialization algorithm of the VRF function and sending the public key to the monitoring node unit;
The training node unit is further configured to generate a reference random number and a proof file corresponding to an original data packet through the VRF function according to a public random parameter and the private key, where the public random parameter is preset in the training node and the monitoring node unit;
The training node unit is further configured to randomly select a target original data packet, and send the target original data packet, the reference random number corresponding to the target original data packet, and the proof file to the monitoring node unit;
The monitoring node unit is used for capturing training data packets sent by the training nodes;
the monitoring node unit is further configured to obtain a check random number according to the public random parameter, the public key and the proof file corresponding to the target original data packet through a VERIFYVRF function, where an input of the VERIFYVRF function is the public random parameter, the proof file and the public key, an output of the VERIFYVRF function is the check random number, and the check random number is used to verify whether the reference random number belongs to the same pair of the public key and the private key;
And the monitoring node unit is further used for determining a target training data packet from the training data packets according to the transmission sequence of the target original data packet when the check random number is determined to be matched with the reference random number corresponding to the target original data packet, and comparing the data of the target original data packet with the data of the target training data packet to obtain a flow auditing result of the training node unit.
9. An electronic device, comprising: memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the federal learning-based flow audit method according to any of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium storing computer executable instructions for performing the federal learning-based flow audit method according to any one of claims 1 to 7.
CN202110742038.6A 2021-06-30 2021-06-30 Flow auditing method, equipment and storage medium based on federal learning Active CN113434474B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110742038.6A CN113434474B (en) 2021-06-30 2021-06-30 Flow auditing method, equipment and storage medium based on federal learning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110742038.6A CN113434474B (en) 2021-06-30 2021-06-30 Flow auditing method, equipment and storage medium based on federal learning

Publications (2)

Publication Number Publication Date
CN113434474A CN113434474A (en) 2021-09-24
CN113434474B true CN113434474B (en) 2024-05-10

Family

ID=77758393

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110742038.6A Active CN113434474B (en) 2021-06-30 2021-06-30 Flow auditing method, equipment and storage medium based on federal learning

Country Status (1)

Country Link
CN (1) CN113434474B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113946869B (en) * 2021-11-02 2022-10-28 深圳致星科技有限公司 Internal security attack detection method and device for federal learning and privacy calculation
CN114091057B (en) * 2021-11-08 2022-04-26 深圳致星科技有限公司 Federal learning safety audit method and device based on model simulation

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6937728B1 (en) * 1999-05-19 2005-08-30 Nippon Telegraph And Telephone Corporation Verifiable anonymous channel
CN105812322A (en) * 2014-12-30 2016-07-27 华为数字技术(苏州)有限公司 Method and device for establishing Internet safety protocol safety alliance
CN110445616A (en) * 2019-07-15 2019-11-12 杭州复杂美科技有限公司 A kind of block is packaged the determining method of packing sequence, equipment and the storage medium of node

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11240025B2 (en) * 2018-11-09 2022-02-01 Ares Technologies, Inc. Systems and methods for distributed key storage
US10965591B2 (en) * 2019-06-04 2021-03-30 The Boeing Company System and method for network traffic processing based on federated services and user groups

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6937728B1 (en) * 1999-05-19 2005-08-30 Nippon Telegraph And Telephone Corporation Verifiable anonymous channel
CN105812322A (en) * 2014-12-30 2016-07-27 华为数字技术(苏州)有限公司 Method and device for establishing Internet safety protocol safety alliance
CN110445616A (en) * 2019-07-15 2019-11-12 杭州复杂美科技有限公司 A kind of block is packaged the determining method of packing sequence, equipment and the storage medium of node

Also Published As

Publication number Publication date
CN113434474A (en) 2021-09-24

Similar Documents

Publication Publication Date Title
US9781109B2 (en) Method, terminal device, and network device for improving information security
CN107404461B (en) Data secure transmission method, client and server method, device and system
US10447669B2 (en) System and method for key exchange based on authentication information
US10009343B2 (en) Method, apparatus, and system for authenticating fully homomorphic message
CN111435913B (en) Identity authentication method and device for terminal of Internet of things and storage medium
CN105721153B (en) Key exchange system and method based on authentication information
CN111209334A (en) Block chain-based power terminal data security management method
CN113434474B (en) Flow auditing method, equipment and storage medium based on federal learning
US11831763B2 (en) Methods, systems, and computer readable media for utilizing predetermined encryption keys in a test simulation environment
RU2530691C1 (en) Method for protected remote access to information resources
CN109450854A (en) A kind of distribution terminal communication security protection method and system
CN105447715A (en) Method and apparatus for anti-theft electronic coupon sweeping by cooperating with third party
CN104836784A (en) Information processing method, client, and server
DE102016103491A1 (en) TECHNOLOGIES FOR THE GEOGRAPHICAL TERRITORY STATIONING OF APPENDIXES IN A NETWORK
CN110912689A (en) Method and system for generating and verifying unique value
CN108632042A (en) A kind of class AKA identity authorization systems and method based on pool of symmetric keys
CN114500064B (en) Communication security verification method and device, storage medium and electronic equipment
US8954728B1 (en) Generation of exfiltration-resilient cryptographic keys
CN102761560B (en) Method and system for verifying information integrity
CN116402169B (en) Federal modeling verification method, federal modeling verification device, federal modeling verification equipment and storage medium
CN111404659B (en) Privacy protection communication method, server and communication system based on chaotic system
CN111611574A (en) Information acquisition method, device, equipment and system
WO2017219886A1 (en) Simple network protocol authentication method and device
CN113489589A (en) Data encryption and decryption method and device and electronic equipment
CN107277054A (en) A kind of method and system of data integrity validation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant