secPEFL: Strengthening federated learning security for Portable Executable malware detection in distributed networks

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-08-19 DOI:10.1016/j.comnet.2025.111638

Trinh Gia Huy, Luong Nguyen Thanh Nhan, Nguyen Tan Cam

{"title":"secPEFL: Strengthening federated learning security for Portable Executable malware detection in distributed networks","authors":"Trinh Gia Huy, Luong Nguyen Thanh Nhan, Nguyen Tan Cam","doi":"10.1016/j.comnet.2025.111638","DOIUrl":null,"url":null,"abstract":"<div><div>Traditional centralized malware detection approaches are increasingly vulnerable to privacy risks and data breaches, particularly given stringent regulatory requirements. To address these challenges, we propose a Federated learning-based system for malware classification on PE executable files, emphasizing enhanced data privacy and security. Our approach leverages a Convolutional Neural Network architecture with two modules: a detection module for detecting malicious files and a classification module for identifying malware types and supporting defense strategies. The system operates on grayscale images and incorporates advanced security measures, including Secure Sockets Layer for secure communication, InterPlanetary File System for distributed storage, and Local Differential Privacy to counter inference attacks. The proposed system mitigates Sybil attacks through a participant selection mechanism based on reputation history stored on the blockchain network. The blockchain is also used as a reward platform for contributors, utilizing a Shapley value-based reward mechanism from game theory. Experimental results show that the proposed system delivers superior malware classification performance while maintaining security aspects. The highest accuracy achieved is 96.32% on IID (Independent and Identically Distributed) data and 88.06% on non-IID data for malware classification tasks. The experiments also reveal that as the level of noise added using Differential Privacy increases, security improves, but the model’s accuracy decreases correspondingly.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"271 ","pages":"Article 111638"},"PeriodicalIF":4.6000,"publicationDate":"2025-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S138912862500605X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Traditional centralized malware detection approaches are increasingly vulnerable to privacy risks and data breaches, particularly given stringent regulatory requirements. To address these challenges, we propose a Federated learning-based system for malware classification on PE executable files, emphasizing enhanced data privacy and security. Our approach leverages a Convolutional Neural Network architecture with two modules: a detection module for detecting malicious files and a classification module for identifying malware types and supporting defense strategies. The system operates on grayscale images and incorporates advanced security measures, including Secure Sockets Layer for secure communication, InterPlanetary File System for distributed storage, and Local Differential Privacy to counter inference attacks. The proposed system mitigates Sybil attacks through a participant selection mechanism based on reputation history stored on the blockchain network. The blockchain is also used as a reward platform for contributors, utilizing a Shapley value-based reward mechanism from game theory. Experimental results show that the proposed system delivers superior malware classification performance while maintaining security aspects. The highest accuracy achieved is 96.32% on IID (Independent and Identically Distributed) data and 88.06% on non-IID data for malware classification tasks. The experiments also reveal that as the level of noise added using Differential Privacy increases, security improves, but the model’s accuracy decreases correspondingly.

查看原文本刊更多论文

加强分布式网络中可移植可执行恶意软件检测的联邦学习安全性

传统的集中式恶意软件检测方法越来越容易受到隐私风险和数据泄露的影响，特别是在严格的监管要求下。为了解决这些挑战，我们提出了一个基于联邦学习的系统，用于PE可执行文件的恶意软件分类，强调增强的数据隐私和安全性。我们的方法利用卷积神经网络架构和两个模块：用于检测恶意文件的检测模块和用于识别恶意软件类型和支持防御策略的分类模块。该系统在灰度图像上运行，并结合了先进的安全措施，包括用于安全通信的安全套接字层、用于分布式存储的星际文件系统和用于对抗推理攻击的本地差分隐私。该系统通过基于存储在区块链网络上的声誉历史的参与者选择机制来减轻Sybil攻击。区块链也被用作贡献者的奖励平台，利用博弈论中基于Shapley价值的奖励机制。实验结果表明，该系统在保证安全的前提下，具有较好的恶意软件分类性能。对于恶意软件分类任务，在IID（独立和相同分布）数据上实现的最高准确率为96.32%，在非IID数据上实现的最高准确率为88.06%。实验还表明，随着使用差分隐私添加的噪声水平的增加，安全性得到提高，但模型的准确性相应降低。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.