Decentralized traffic detection utilizing blockchain-federated learning with quality-driven aggregation

Abstract

Federated Learning (FL) has been widely applied in network traffic detection to address issues such as insufficient data, data imbalance, and limited data sources. However, FL still has some drawbacks, including excessive load on the central server, vulnerability to attacks, and the potential presence of malicious or low-quality local models during aggregation. In this paper, we propose a novel approach for encrypted traffic classification to promote reliable data sharing and improve classification accuracy. First, we design a four-layer framework for secure traffic classification, based on FL and blockchain to replace the central server. In this framework, each client dynamically switches between the trainer and the validator, either training or validating the local model, with the validator ultimately uploading the global model to the blockchain. Furthermore, to address the issues of potential malicious and low-quality model in aggregation, we propose a new Quality-Driven Validator-Trainer Aggregation (QDVTA) algorithm. The algorithm selectively filters out malicious and low-quality models in each round of aggregation, improving the robustness of the framework while minimizing the loss in model accuracy. Experiments were conducted on the ISCXVPN2016, ISCXTor2016, and CICIoT2022 datasets. Compared to existing methods, the proposed approach achieves accuracy rates of 89.19%, 89.50%, and 94.42% in the presence of malicious nodes, demonstrating its effectiveness over state-of-the-art methods.