Collaborative DDoS defense for SDN-based AIoT with autoencoder-enhanced federated learning

IF 14.7 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Information Fusion Pub Date : 2024-12-04 DOI:10.1016/j.inffus.2024.102820

Jie Ma, Wei Su

{"title":"Collaborative DDoS defense for SDN-based AIoT with autoencoder-enhanced federated learning","authors":"Jie Ma, Wei Su","doi":"10.1016/j.inffus.2024.102820","DOIUrl":null,"url":null,"abstract":"<div><div>The massive number of edge-connected IoT devices currently in SD-AIoT can be weaponized to launch Distributed Denial of Service attacks. Nevertheless, centralized DDoS defense schemes that excessively rely on up-to-date labeled training data are significantly inefficient due to the scarcity of such datasets. The privacy of these datasets and the widespread emergence of adversarial attacks make it difficult for autonomous system collaborators to share such sensitive data. To this end, we propose a novel decentralized defense scheme based on a trusted Federated Learning framework for AIoT scenarios. In particular, it consists of: (1) an outlier-aware Semi-supervised attack detection model for anomaly detection based on a Federated Learning framework that supports the robust identification of attack classes with a limited number of labeled outliers to reduce the false alarm rate; (2) a novel Secure Multiparty Computation method for trusted aggregation of local model updates to enhance the transmission privacy of collaborators’ parameters; (3) a mitigation mechanism based on horizontal cooperation to reduce the impact of packet loss on normal traffic by deploying differentiated speed-limiting policies with attack path pushback. Our evaluation of various attack scenarios and traces from real datasets CICIDS2017 and InSDN shows that the proposed scheme shows significant improvement in terms of accuracy, effectiveness, etc., compared to state-of-the-art SDN-based defense schemes.</div></div>","PeriodicalId":50367,"journal":{"name":"Information Fusion","volume":"117 ","pages":"Article 102820"},"PeriodicalIF":14.7000,"publicationDate":"2024-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Fusion","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1566253524005980","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

The massive number of edge-connected IoT devices currently in SD-AIoT can be weaponized to launch Distributed Denial of Service attacks. Nevertheless, centralized DDoS defense schemes that excessively rely on up-to-date labeled training data are significantly inefficient due to the scarcity of such datasets. The privacy of these datasets and the widespread emergence of adversarial attacks make it difficult for autonomous system collaborators to share such sensitive data. To this end, we propose a novel decentralized defense scheme based on a trusted Federated Learning framework for AIoT scenarios. In particular, it consists of: (1) an outlier-aware Semi-supervised attack detection model for anomaly detection based on a Federated Learning framework that supports the robust identification of attack classes with a limited number of labeled outliers to reduce the false alarm rate; (2) a novel Secure Multiparty Computation method for trusted aggregation of local model updates to enhance the transmission privacy of collaborators’ parameters; (3) a mitigation mechanism based on horizontal cooperation to reduce the impact of packet loss on normal traffic by deploying differentiated speed-limiting policies with attack path pushback. Our evaluation of various attack scenarios and traces from real datasets CICIDS2017 and InSDN shows that the proposed scheme shows significant improvement in terms of accuracy, effectiveness, etc., compared to state-of-the-art SDN-based defense schemes.

查看原文本刊更多论文

基于sdn的AIoT协同DDoS防御与自动编码器增强的联邦学习

目前在SD-AIoT中的大量边缘连接物联网设备可以被武器化，以发起分布式拒绝服务攻击。然而，由于数据集的稀缺性，过度依赖于最新标记训练数据的集中式DDoS防御方案效率低下。这些数据集的隐私性和对抗性攻击的广泛出现使得自治系统协作者难以共享这些敏感数据。为此，我们提出了一种基于可信联邦学习框架的AIoT场景分散防御方案。具体而言，它包括：(1)基于联邦学习框架的异常检测异常点感知半监督攻击检测模型，该模型支持使用有限数量的标记异常点对攻击类别进行鲁棒识别，以降低误报率；(2)提出了一种局部模型更新可信聚合的安全多方计算方法，增强了协作者参数的传输隐私性；(3)基于横向合作的缓解机制，通过部署具有攻击路径推送的差异化限速策略，降低丢包对正常流量的影响。我们对真实数据集CICIDS2017和InSDN的各种攻击场景和痕迹进行了评估，结果表明，与最先进的基于sdn的防御方案相比，所提出的方案在准确性、有效性等方面有显著提高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information Fusion 工程技术-计算机：理论方法

CiteScore

33.20

自引率

4.30%

发文量

161

审稿时长

7.9 months

期刊介绍： Information Fusion serves as a central platform for showcasing advancements in multi-sensor, multi-source, multi-process information fusion, fostering collaboration among diverse disciplines driving its progress. It is the leading outlet for sharing research and development in this field, focusing on architectures, algorithms, and applications. Papers dealing with fundamental theoretical analyses as well as those demonstrating their application to real-world problems will be welcome.