西安电子科技大学学报 ›› 2024, Vol. 51 ›› Issue (1): 157-164.doi: 10.19665/j.issn1001-2400.20230303

• 网络空间安全 • 上一篇    下一篇

联邦加密流量分类中的细粒度防御方法

曾勇1(), 郭晓亚1(), 马佰和2(), 刘志宏1(), 马建峰1()   

  1. 1.西安电子科技大学 网络与信息安全学院,陕西 西安 710071
    2.澳大利亚悉尼科技大学 全球大数据技术中心,悉尼 2007

Fine-grained defense methods in federated encrypted traffic classification

ZENG Yong1(), GUO Xiaoya1(), MA Baihe2(), LIU Zhihong1(), MA Jianfeng1()   

  1. 1. School of Cyber Engineering,Xidian University,Xi’an 710071,China
    2. Global Big Data Technologies Centre,Sydney University of Technology,Sydney 2007,Australia
  • Received:2022-10-21 Online:2024-01-20 Published:2023-08-30

摘要:

为了避免异常流量对联邦加密流量分类模型造成危害,研究者们提出了多种鲁棒算法和防御方案。已有方法通过移除异常模型的所有流量来提高鲁棒性。但这种清除节点所有流量的方法是一种粗粒度的防御方法。粗粒度的防御会造成正常流量损失和防御过当的问题。为避免上述问题,结合协作式联邦加密流量分类框架,提出清除异常流量的一种细粒度防御方法。该方法首先通过高效划分异常节点的本地数据集来缩小异常流量的搜索范围,实现细粒度定位异常节点的流量;然后在模型聚合时通过清除异常流量来降低正常流量损失,实现细粒度防御,解决防御过当问题。实验结果表明,与已有防御方案相比,提出的细粒度防御方法可以在不影响准确率的前提下,显著提高模型检测效率。所提出的细粒度防御方法检测准确率可以达到约91.4%,且检测效率与已有方法相比提高了约32.3%。

关键词: 加密流量分类, 联邦学习, 异常检测, 细粒度防御

Abstract:

In recent years,various robust algorithms and defense schemes have been presented to prevent the harm caused by abnormal traffic to the federal encrypted traffic classification model.The existing defense methods,which improve the robustness of the global model by removing the traffic of abnormal models,are coarse-grained.Nevertheless,the coarse-grained methods can lead to issues of excessive defense and normal traffic loss.To solve the above problems,we propose a fine-grained defense method to avoid abnormal traffic according to the collaborative federated encrypted traffic classification framework.The proposed method narrows the range of the abnormal traffic by dividing the local data set of abnormal nodes,achieving fine-grained localization of abnormal nodes.According to the localization results of abnormal traffic,the method realizes the fine-grained defense by eliminating abnormal traffic during model aggregation,which avoids the excessive defense and normal traffic loss.Experimental results show that the proposed method can significantly improve the efficiency of model detection without affecting accuracy.Compared with the existing coarse-grained methods,the accuracy of the fine-grained defense method can reach 91.4%,and the detection efficiency is improved by 32.3%.

Key words: encrypted traffic classification, federated learning, abnormal detection, fine-grained defense

中图分类号: 

  • TP393