物联网感知环境中抗投毒可验证安全联邦学习方案OA北大核心CSTPCD
A Poisoning-resistant Verifiable Secure Federated Learning Scheme in IoT Perception Environments
针对物联网智能感知阶段中预测模型训练的模型投毒问题,提出了一种具备验证功能的抗投毒攻击方案.该方案采用余弦相似度聚类机制和过滤策略作为可信第三方检测算法,并融合同态加密技术实现认证,同时通过轻量级数据加密以保护本地模型数据的隐私.此外,采用Shamir秘密共享算法保障了针对用户退出问题的模型训练的鲁棒性.通过引入可信第三方,该方案能够有效检测并防止不诚实用户或攻击者对联邦学习模型精度的影响.仿真实验结果表明,该方案能够在保障用户本地模型数据安全的前提下,对参与训练的模型数据进行高精度的检测,并能够处理物联网智能感知环境下的大量异构数据.
To address the issue of model poisoning during predictive model training in the IoT intelligent sensing phase,this study proposes an anti-poisoning attack scheme with verification capabilities.The scheme employs a cosine similarity clustering mechanism and a filtering strategy as a trusted third-party detection algorithm,integrating homomorphic encryption for authentication.Additionally,lightweight data encryption is used to protect the privacy of local model data.The Shamir Secret Sharing algorithm ensures robustness in model training against users dropout.By introducing a trusted third party,the scheme effectively detects and prevents dishonest users or attackers from compromising the accuracy of federated learning models.Simulation results demonstrate that the scheme can accurately detect model data involved in training while ensuring the security of users'local model data and handling large volumes of heterogeneous data in IoT intelligent sensing environments.
韩刚;马炜燃;张应辉;刘伟;盛丽玲
西安邮电大学网络空间安全学院 西安 710121||空天地一体化综合业务网全国重点实验室(西安电子科技大学)西安 710126西安邮电大学网络空间安全学院 西安 710121
计算机与自动化
联邦学习投毒攻击物联网智能感知隐私保护同态加密
federated learningpoisoning attackIoT intelligent perceptionprivacy protectionhomomorphic encryption
《信息安全研究》 2024 (009)
804-810 / 7
国家自然科学基金项目(62102312);陕西省重点研发计划项目(2024GX-YBXM-079);ISN全国重点实验室开放课题(ISN24-13);陕西省高校青年创新团队项目(23JP160)
评论