CN118157999B

CN118157999B - Model training method, device, terminal and storage medium

Info

Publication number: CN118157999B
Application number: CN202410579372.8A
Authority: CN
Inventors: 满洪园; 苏敏; 王子祥
Original assignee: China Mobile Communications Group Co Ltd; China Mobile Suzhou Software Technology Co Ltd
Current assignee: China Mobile Communications Group Co Ltd; China Mobile Suzhou Software Technology Co Ltd
Priority date: 2024-05-11
Filing date: 2024-05-11
Publication date: 2024-08-16
Anticipated expiration: 2044-05-11
Also published as: CN118157999A

Abstract

The application provides a model training method, a device, a terminal and a storage medium, which belong to the technical field of artificial intelligence, wherein the model training method comprises the following steps: acquiring first model parameters, wherein the first model parameters are model parameters corresponding to the first network intrusion model after training based on a target sample; sending the first model parameters and the detection precision values of the first network intrusion model to a server; receiving a second model parameter sent by a server, wherein the second model parameter is a model parameter obtained by calculating a global network intrusion model of the server based on the first model parameter and the detection precision value; and updating the model parameters of the first network intrusion model based on the second model parameters to obtain a second network intrusion model. Thus, the problem of privacy disclosure caused by uploading network data of the terminal side to the server is avoided, and the privacy of private data of a user is improved.

Description

Model training method, device, terminal and storage medium

Technical Field

The embodiment of the application relates to the technical field of artificial intelligence, in particular to a model training method, a device, a terminal and a storage medium.

Background

In the training scheme of the network intrusion model in the related art, traffic data is generally collected from a large number of clients, and then the collected traffic data is uploaded to a server, so that the server trains the network intrusion model based on the collected traffic data as training samples. However, in the process of uploading the traffic data of the client to the server, the privacy data of the user is also easily uploaded to the server, so that the risk of privacy disclosure easily occurs in the process of uploading the traffic data.

Disclosure of Invention

The embodiment of the application provides a model training method, a device, a terminal and a storage medium, which are used for solving the problem of privacy leakage existing in a training scheme of a network intrusion model in the related technology.

To solve the above problems, the present application is achieved as follows:

in a first aspect, an embodiment of the present application provides a model training method, which is used for a terminal, and includes:

Acquiring first model parameters, wherein the first model parameters are model parameters corresponding to a first network intrusion model after training based on a target sample, the target sample comprises image network data or text network data, the first network intrusion model is a model obtained by updating a preset initial model in the ith iteration, the preset initial model is a model for performing network intrusion detection on the network data, and i is a positive integer;

Sending the first model parameters and the detection precision values of the first network intrusion model to a server;

receiving a second model parameter sent by the server, wherein the second model parameter is a model parameter calculated by a global network intrusion model of the server based on the first model parameter and the detection precision value;

updating the model parameters of the first network intrusion model based on the second model parameters to obtain a second network intrusion model;

The second network intrusion model is a model obtained by updating the preset initial model in the (i+1) th iteration.

In a second aspect, an embodiment of the present application provides a model training apparatus, configured to be used in a terminal, including:

The acquisition module is used for acquiring first model parameters, wherein the first model parameters are model parameters corresponding to a first network intrusion model after training based on a target sample, the target sample comprises image network data or text network data, the first network intrusion model is a model obtained by updating a preset initial model in the ith iteration, the preset initial model is a model used for carrying out network intrusion detection on the network data, and i is a positive integer;

The sending module is used for sending the first model parameters and the detection precision values of the first network intrusion model to a server;

The receiving module is used for receiving a second model parameter sent by the server, wherein the second model parameter is a model parameter obtained by calculating a global network intrusion model of the server based on the first model parameter and the detection precision value;

the updating module is used for updating the model parameters of the first network intrusion model based on the second model parameters to obtain a second network intrusion model;

In a third aspect, an embodiment of the present application further provides a terminal, including: a transceiver, a memory, a processor, and a program stored on the memory and executable on the processor; the processor is configured to read a program in the memory to implement the steps in the method according to the foregoing first aspect.

In a fourth aspect, embodiments of the present application also provide a readable storage medium storing a program which, when executed by a processor, implements the steps of the method as described in the foregoing first aspect.

In a fifth aspect, there is provided a computer program product comprising computer instructions which, when executed by a processor, implement the steps in the method as described in the first aspect above.

In the embodiment of the application, a first model parameter is obtained, the first model parameter is a model parameter corresponding to a first network intrusion model after training based on a target sample, the target sample comprises image network data or text network data, the first network intrusion model is a model obtained by updating a preset initial model in the ith iteration, the preset initial model is a model for performing network intrusion detection on the network data, and i is a positive integer; sending the first model parameters and the detection precision values of the first network intrusion model to a server; receiving a second model parameter sent by the server, wherein the second model parameter is a model parameter calculated by a global network intrusion model of the server based on the first model parameter and the detection precision value; updating the model parameters of the first network intrusion model based on the second model parameters to obtain a second network intrusion model; the second network intrusion model is a model obtained by updating the preset initial model in the (i+1) th iteration. In the training process of the model, only model parameter interaction is carried out between the terminal and the server, specific flow data interaction is not involved, and compared with the conventional scheme, the method has the advantages that flow data are required to be collected from each terminal, the global network intrusion model is trained based on the collected flow data, the problem of secret leakage of user privacy data can be avoided, and the calculation cost of the server in the model training process can be reduced.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments of the present application will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.

FIG. 1 is a schematic flow chart of a model training method according to an embodiment of the present application;

FIG. 2 is a schematic diagram of a federal quantum learning framework provided by an embodiment of the present application;

FIG. 3 is a schematic structural diagram of a model training device according to an embodiment of the present application;

fig. 4 is a schematic structural diagram of a terminal according to an embodiment of the present application.

Detailed Description

The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

The terms "first," "second," and the like in embodiments of the present application are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Furthermore, the use of "and/or" in the present application means at least one of the connected objects, such as a and/or B and/or C, means 7 cases including a alone a, B alone, C alone, and both a and B, both B and C, both a and C, and both A, B and C.

In embodiments of the application, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "e.g." in an embodiment should not be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.

The model training method provided by the embodiment of the application is described below.

Referring to fig. 1, fig. 1 is a flow chart of a model training method according to an embodiment of the present application. The model training method shown in fig. 1 may be performed by a terminal.

As shown in fig. 1, the model training method may include the steps of:

step 101, obtaining first model parameters, wherein the first model parameters are corresponding model parameters of a first network intrusion model after training based on a target sample.

The target sample comprises image network data or text network data, the first network intrusion model is a model obtained by updating a preset initial model in the ith iteration, the preset initial model is a model for network intrusion detection on the network data, and i is a positive integer.

Because the preset initial model is a model for performing network intrusion detection on network data, the first network intrusion model iteratively generated based on the preset initial model can also perform network intrusion detection on the network data.

It can be understood that the target sample used for training the first network intrusion model may be network intrusion data, and by training the first network intrusion model by using the network intrusion data, the convergence speed and the network intrusion detection accuracy of the network intrusion model may be improved.

The target sample can be local network data of the terminal, and can be directly used for training the network intrusion model on the terminal side based on the local network data, so that the privacy disclosure problem caused by uploading the local network data to the server is avoided, and the privacy of the private data of the user is improved.

Step 102, sending the first model parameters and the detection precision values of the first network intrusion model to a server.

In this embodiment, the network intrusion detection result may be obtained by inputting the test data into the first network intrusion model, and the detection accuracy value of the first network intrusion model may be determined based on the obtained network intrusion detection result.

For example, the test data a is input to the first network intrusion model, and the probability that the test data a is the network intrusion data is 0.7, so that the detection accuracy value of the first network intrusion model can be determined to be 0.7.

In practical application, multiple sets of test data can be input into the first network intrusion model, multiple network intrusion detection results are obtained, the average value of detection accuracy corresponding to the multiple network intrusion detection results is obtained, and finally the average value is determined to be the detection accuracy value of the first network intrusion model.

For example, for the test data a, the test data B, and the test data C, the detection accuracy values of the first network intrusion model are respectively 0.65, 0.7, and 0.75, and then the detection accuracy value of the first network intrusion model may be determined to be (0.65+0.7+0.75)/3, that is, the detection accuracy value of the first network intrusion model may be obtained as 0.70.

Step 103, receiving a second model parameter sent by the server, wherein the second model parameter is a model parameter calculated by a global network intrusion model of the server based on the first model parameter and the detection precision value.

The global network intrusion model may be understood as a network intrusion model at a server side, which may receive first model parameters and detection accuracy values sent from different terminals, synthesize the received first model parameters and detection accuracy values, update model parameters of the global network intrusion model, and determine the model parameters obtained by updating as second model parameters.

In this embodiment, since the server may receive the first model parameters and the detection accuracy values sent from different terminals, the server may collect traffic data from each terminal, and train the global network intrusion model based on the collected traffic data, so that not only the problem of disclosure of the privacy data of the user may be avoided, but also the calculation cost of the server in the model training process may be reduced.

In addition, the second model parameters are determined by the server based on the first model parameters and the detection precision values sent by different terminals, so that the network intrusion model obtained by updating the first network intrusion model of the terminal side based on the second model parameters can have the network intrusion detection performance of the global network intrusion model, and the network intrusion detection performance of the network intrusion model of the terminal side is greatly improved.

Further, because the information interaction between the terminal and the server is mainly the interaction of model parameters, compared with the conventional scheme in which a large amount of flow data is required to be uploaded, the communication pressure between the terminal and the server can be effectively reduced.

And 104, updating the model parameters of the first network intrusion model based on the second model parameters to obtain a second network intrusion model.

The second network intrusion model may be understood as a model obtained by updating the preset initial model in the (i+1) th iteration.

In one embodiment, the acquiring the first model parameter includes:

Obtaining a target sample;

Acquiring a fairness coefficient of the first network intrusion model;

Determining model parameters of the first network intrusion model based on the fairness coefficient;

Training the first network intrusion model by using the target sample to update model parameters of the first network intrusion model, and determining the updated model parameters of the first network intrusion model as first model parameters.

In this embodiment, the fairness coefficient of the first network intrusion model may be obtained, and the model parameters thereof may be updated based on the fairness parameter thereof, so as to reduce the influence of the abnormal sample on the model training.

The target sample may be understood as network intrusion data detected by the terminal side, including but not limited to network intrusion content such as pictures and characters.

In one embodiment, the obtaining the fairness coefficient of the first network intrusion model includes:

Obtaining distance coefficients of the first network intrusion model and a third network intrusion model, wherein the third network intrusion model is a model obtained by updating the preset initial model in the i-1 th iteration, and the distance coefficients are used for representing the change degree of the model;

and calculating a fairness coefficient of the first network intrusion model based on the distance coefficient and a preset constant term.

The first network intrusion model may be understood as a network intrusion model at a current time, and the third network intrusion model may be understood as a network intrusion model at a previous time.

In this embodiment, the change degree of the model may be determined by obtaining the distance coefficients of the first network intrusion model and the third network intrusion model, so as to calculate the fairness coefficient of the first network intrusion model by memorizing the change degree of the model, thereby reducing the influence of the abnormal sample on the model training.

For example, the formula may be based on:

Calculating a distance coefficient d _k, wherein d _k represents a distance coefficient of the first network intrusion model and a distance coefficient of the third network intrusion model, and a smaller d _k indicates a larger degree of change of the model, w _r-1 represents model parameters of the third network intrusion model, w _r represents model parameters of the first network intrusion model, k can be understood as a network model at a terminal side, r can be understood as a communication of a terminal and a server, and r=1, 2,3 ….

After determining the distance coefficient d _k, the formula may be based on:

A fairness coefficient q _k for the first network intrusion model is calculated, where, A constant term is represented, which may be a preset value.

After determining the fairness coefficient q _k, the formula may be based on:

And calculating the average value of the fairness coefficient region to obtain q _ave and a Loss function Loss of the first network intrusion model (W _r).

After determining the Loss function Loss (W _r) of the first network intrusion model, the first model parameter W _r+1 may be calculated based on the model parameters W _r and the Loss function Loss (W _r) of the first network intrusion model. Specifically, the formula may be based on:

Where n represents the learning rate.

The method can update the model parameters of the first network intrusion model by the fairness coefficient through the process, so as to obtain the first model parameters.

In one embodiment, the acquiring the target sample includes:

acquiring target network data of the terminal, wherein the target network data is local network intrusion data of the terminal;

Generating false data corresponding to the target network data based on quantum generation countermeasure network;

and carrying out-of-order merging processing on the target network data and the dummy data to obtain a target sample.

In this embodiment, dummy data corresponding to the target network data may be generated based on the quantum generation countermeasure network, and then the target network data and the dummy data may be mixed out of order to obtain target samples, so as to expand the number of the target samples.

In one embodiment, for the obtained target network data, the target network data may be preprocessed, where the preprocessing includes, but is not limited to, data cleaning, digitizing, normalizing, and out-of-order splitting.

In addition, under the condition that the acquired target network data is less, namely the sample number is insufficient, quantum GENERATIVE ADVERSARIAL Networks (QGAN) can be used for expanding the sample data, so that the problems of small data samples and unbalanced distribution are solved, the updating efficiency of a network intrusion model at a terminal side and the robustness of an intrusion detection model are improved, and the unbalance of the sample data is improved.

Wherein, the application QGAN performs sample data expansion, including the following steps:

Step a, initializing QGAN, and quantum generation countermeasure network including generator G, discriminator D and a condition label 。

Step b, training QGAN, for iteration numberComprising:

For attack types The method comprises the following steps:

Normalization of characteristic values: each network data has K characteristics, and each characteristic value is For better generation of data input quanta against the network, there are

Wherein the sum of all beta values is 1, q is as followsMinimum in case of。

Wherein the network data as quantum generation countermeasure network input can be expressed as:

The generator may generate dummy data GD _(i,a) based on formula GD _(i,a)=G_i(n,l_a), after generating dummy data GD _(i,a), dummy data GD _(i,a) may be combined with the preprocessed data D ', and the flag of dummy data GD _(i,a) may be set to 0, the flag of real data D ' may be set to 1, and dummy data GD _(i,a) and real data D ' may be combined out-of-order into data _(i,a) to obtain the augmented sample data.

After obtaining the expanded sample data _(i,a), the data can be authenticated by the discriminator D and returned to a value of 1 if true data is given, or to a value of 0 otherwise.

Specifically, the formula may be based on:

Calculating QGAN the objective function value V (D, G) in the ith iteration; wherein E _G is the objective function of the generator, E _D is the objective function of the discriminator, D (G (Z)) represents the predicted output of the discriminator to generate samples, and D (x) represents the predicted output of the discriminator to real samples; then, judging whether V (D, G) tends to be stable or not, and if so, generating false data; if not, let i=i+1, and based on the formula:

The objective function value is calculated to update the model parameters w _(QGAN,i+1) at the learning rate n QGAN.

And c, the generator synthesizes the false data. In the process of generating false data, beta _i can be regarded as the occurrence probability of corresponding characteristic values, the quantum generator can generate new data according to the probability distribution, and the data is synthesized through iterative training of quantum generation countermeasure networkContinuously to real dataNear, where the data is synthesized by the generatorThe following are provided:

In one embodiment, the sending the first model parameter and the detection accuracy value of the first network intrusion model to a server includes:

Acquiring a detection precision value of the first network intrusion model;

transmitting the first model parameter and the detection precision value to a server under the condition that the detection precision value is larger than or equal to a preset precision value;

wherein the preset precision value is determined based on the highest precision value and the lowest precision value.

In this embodiment, by setting the transmission condition, that is, determining whether the detection precision value is greater than or equal to the preset precision value, to determine whether to transmit the first model parameter and the detection precision value to the server, the influence of the invalid data on the global network intrusion model of the server side is avoided, and meanwhile, the processing of the invalid data by the global network intrusion model of the server side is also avoided, so that the operation cost of the server is reduced.

In one embodiment, model parameters may be updated based on a federal quantum learning (FEDERATED QUANTUM LEARNING, FQL) framework.

The federal quantum learning framework shown in fig. 2 includes a global network intrusion model on the server side and N local models on the terminal side, where the local models on the terminal side can be understood as the first network intrusion model described above. The global network intrusion model may send model parameters GW ₀, learning rate ρ, batch size B, loss function f, total number of communication rounds R to each local model involved in training, divide data into N parts of independent co-distribution, and distribute to each local model involved in training.The initial value is 1 for the local mode communication state.

For the number of communicationsThe method comprises the following steps:

And calculating a fairness coefficient and updating local model parameters.

The global network intrusion model may upload portions of the local model parameters to the global model according to a filtering weighting policy. Specifically, the detection precision Acc of the local network intrusion model at the terminal side can be calculated, if the detection precision Acc < k, the communication state is set as error, and the value is assignedThe local model parameters are not uploaded to the global network intrusion model, and the local model parameters are uploaded to the global network intrusion model only under the condition that the detection precision Acc is not less than kappa, so that the influence of invalid data on the global network intrusion model of a server side is reduced.

In addition, through the arrangement, the influence of the local model with poor performance on the global network intrusion model can be reduced, the communication overhead is reduced, and the performance of the intrusion detection global model is improved.

Wherein, the threshold kappa _i is defaulted to kappa ₀ under normal conditions. When the local model is severely abnormal, the accuracy rate of the local model can be greatly different from that of a normal client, and if the difference between the highest accuracy rate and the lowest accuracy rate in the local model is higher than 0.4, the expression of kappa is as follows:

it can be understood that the difference between the highest accuracy and the lowest accuracy in the local model may also be set higher than 0.45 or 0.35, and the value may be specifically set based on the actual requirement.

The server may receive a parameter set sent by the terminal in the correct state, where the parameter set includes information such as a model parameter and a detection precision value of the local model on the terminal side.

Wherein, can be based on the formula:

Calculating contribution rate Where η is the number of clients in the correct reception state, and 0< η.ltoreq.N,Is the communication book of the r-th round the number of samples of the ground terminal c; the following can be based on the formula:

calculating contribution rate of local terminal in communication of this round ，The detection precision value of the local terminal in the round of communication is obtained; finally, the formula can be based on:

And calculating the model parameters of the global network intrusion model, for example, obtaining the second model parameters, and then generating the calculated model parameters to each local terminal so that each local terminal can update the local model based on the received model parameters.

It can be understood that R < R can be determined, if yes, r=r+1 is set, and the model parameters of the global network intrusion model are calculated, and the communication state is set to be correct, and assignedTo enter the next round of model training until r=r. And in the case of r=r, the training is ended.

In the embodiment, the user side terminal can cooperatively train the global network intrusion model by periodically interacting and summarizing model parameters or gradient information through the server, sensitive data of the user cannot be involved in the process, and the problem of disclosure of privacy data of the user is effectively avoided.

According to the model training method provided by the embodiment of the application, the first model parameters are obtained, the first model parameters are model parameters corresponding to the first network intrusion model after training based on the target sample, the target sample comprises image network data or text network data, the first network intrusion model is a model obtained by updating a preset initial model in the ith iteration, the preset initial model is a model for carrying out network intrusion detection on the network data, and i is a positive integer; sending the first model parameters and the detection precision values of the first network intrusion model to a server; receiving a second model parameter sent by the server, wherein the second model parameter is a model parameter calculated by a global network intrusion model of the server based on the first model parameter and the detection precision value; updating the model parameters of the first network intrusion model based on the second model parameters to obtain a second network intrusion model; the second network intrusion model is a model obtained by updating the preset initial model in the (i+1) th iteration. Thus, the problem of privacy disclosure caused by uploading network data of the terminal side to the server is avoided, and the privacy of private data of a user is improved.

The various optional embodiments described in the embodiments of the present application may be implemented in combination with each other without collision, or may be implemented separately, which is not limited to the embodiments of the present application.

Referring to fig. 3, fig. 3 is a block diagram of a model training apparatus according to an embodiment of the present application. As shown in fig. 3, the model training apparatus 300 includes:

The acquiring module 301 is configured to acquire first model parameters, where the first model parameters are model parameters corresponding to a first network intrusion model after training based on a target sample, the target sample includes image network data or text network data, the first network intrusion model is a model obtained by updating a preset initial model in an ith iteration, the preset initial model is a model for performing network intrusion detection on the network data, and i is a positive integer;

A sending module 302, configured to send the first model parameter and a detection precision value of the first network intrusion model to a server;

The receiving module 303 is configured to receive a second model parameter sent by the server, where the second model parameter is a model parameter calculated by a global network intrusion model of the server based on the first model parameter and the detection precision value;

An updating module 304, configured to update the model parameters of the first network intrusion model based on the second model parameters, to obtain a second network intrusion model;

Optionally, the acquiring module 301 is specifically configured to:

Obtaining a target sample;

Acquiring a fairness coefficient of the first network intrusion model;

Optionally, the acquiring module 301 is specifically configured to:

Optionally, the sending module 302 is specifically configured to:

Acquiring a detection precision value of the first network intrusion model;

The model training apparatus 300 can implement the processes of the method embodiment of fig. 1 in the embodiment of the present application, and achieve the same beneficial effects, and in order to avoid repetition, the description is omitted here.

Referring to fig. 4, a schematic structural diagram of a terminal according to an embodiment of the present application is provided. As shown in fig. 4, the embodiment of the present application further provides a terminal, which includes a bus 401, a transceiver 402, an antenna 403, a bus interface 404, a processor 405, and a memory 406.

The processor 405 is configured to:

Optionally, the processor 405 is configured to:

Obtaining a target sample;

Acquiring a fairness coefficient of the first network intrusion model;

Optionally, the processor 405 is configured to:

Acquiring a detection precision value of the first network intrusion model;

In fig. 4, a bus architecture (represented by bus 401), the bus 401 may include any number of interconnected buses and bridges, with the bus 401 linking together various circuits, including one or more processors, represented by processor 405, and memory, represented by memory 406. The bus 401 may also link together various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., which are well known in the art and, therefore, will not be described further herein. Bus interface 404 provides an interface between bus 401 and transceiver 402. The transceiver 402 may be one element or may be multiple elements, such as multiple receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. The data processed by the processor 405 is transmitted over a wireless medium via the antenna 403, and further, the antenna 403 receives the data and transmits the data to the processor 405.

The processor 405 is responsible for managing the bus 401 and general processing and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. And memory 406 may be used to store data used by processor 405 in performing operations.

Alternatively, the processor 405 may be CPU, ASIC, FPGA or a CPLD.

The embodiment of the application also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the processes of the model training method embodiment described above, and can achieve the same technical effects, and in order to avoid repetition, the description is omitted here. Wherein the computer readable storage medium is selected from Read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), magnetic disk or optical disk.

The embodiment of the application also provides a computer program product, which comprises computer instructions, wherein the computer instructions realize the processes of the model training method embodiment when being executed by a processor, and can achieve the same technical effects, and in order to avoid repetition, the description is omitted here.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present application.

The embodiments of the present application have been described above with reference to the accompanying drawings, but the present application is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present application and the scope of the claims, which are to be protected by the present application.

Claims

1. A model training method, for a terminal, comprising:

The second network intrusion model is a model obtained by updating the preset initial model in the (i+1) th iteration;

the obtaining the first model parameter includes:

Obtaining a target sample;

Acquiring a fairness coefficient of the first network intrusion model;

determining a loss function of the first network intrusion model based on the fairness coefficient;

training the first network intrusion model by using the target sample, updating model parameters of the first network intrusion model based on the loss function, and determining the updated model parameters of the first network intrusion model as first model parameters;

the obtaining the fairness coefficient of the first network intrusion model includes:

2. The method of claim 1, wherein the obtaining the target sample comprises:

3. The method according to claim 1 or 2, wherein said sending the detection accuracy values of the first model parameters and the first network intrusion model to a server comprises:

Acquiring a detection precision value of the first network intrusion model;

4. A model training device for a terminal, comprising:

The acquisition module is specifically configured to:

Obtaining a target sample;

Acquiring a fairness coefficient of the first network intrusion model;

training the first network intrusion model by using the target sample to update model parameters of the first network intrusion model, and determining the updated model parameters of the first network intrusion model as first model parameters;

The acquisition module is specifically configured to:

5. The apparatus of claim 4, wherein the obtaining module is specifically configured to:

6. The apparatus according to claim 4 or 5, wherein the sending module is specifically configured to:

Acquiring a detection precision value of the first network intrusion model;

7. A terminal, comprising: a transceiver, a memory, a processor, and a program stored on the memory and executable on the processor; -c h a r a c t e r i z e d in that the processor is arranged to read a program in a memory for implementing the steps in the model training method according to any of claims 1 to 3.

8. A readable storage medium storing a program, wherein the program when executed by a processor implements the steps in the model training method according to any one of claims 1 to 3.

9. A computer program product comprising computer instructions which, when executed by a processor, implement the steps of the model training method of any of claims 1 to 3.