Adversarial attack and defence of federated learning-based network traffic classification in edge computing environment

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-09-25 DOI:10.1016/j.comnet.2025.111739

Azizi Ariffin , Faiz Zaki , Hazim Hanif , Nor Badrul Anuar

{"title":"Adversarial attack and defence of federated learning-based network traffic classification in edge computing environment","authors":"Azizi Ariffin , Faiz Zaki , Hazim Hanif , Nor Badrul Anuar","doi":"10.1016/j.comnet.2025.111739","DOIUrl":null,"url":null,"abstract":"<div><div>Network Traffic Classification (NTC) is vital for network management and security. However, as internet traffic volume increases, centralised model training causes scalability and privacy issues for NTC. To address these issues, distributing NTC model training to multiple edge clients via Federated Learning (FL) provides a solution by reducing latency, improving system scalability, and preserving data privacy. Nonetheless, the distributed nature of FL makes it vulnerable to various adversarial attacks from multiple clients, consequently degrading the model's performance. Most studies focus on a limited range of attacks, often overlooking more advanced and subtle threats, such as backdoor attacks and those based on Generative Adversarial Networks (GANs). Despite the growing attack complexity, existing defensive measures in the NTC domain struggle to mitigate multiple adversarial attack types simultaneously. To validate this claim, this study investigates the vulnerabilities of FL-based NTC training against four types of adversarial attacks: label flipping (LF) and model poisoning, and introduces customized backdoor and GAN-based attack scenarios tailored specifically to FL-based NTC training. When evaluated using the ISCX-VPN 2016 dataset, the results demonstrate that FL-based NTC is vulnerable to all four types of adversarial attacks. For instance, the LF attack reduced accuracy by 98.66 % in a collusive scenario, while the backdoor attack achieved a 40 % success rate. In comparison, the GAN attack lowered the F1 score of the target class by 18 %. Therefore, to strengthen the defense against adversarial attacks, this study proposes a robust conceptual defense framework capable of defending against multiple adversarial attack types simultaneously. The framework incorporates remote attestation scoring, hierarchical training, and an adaptive aggregation mechanism and conducts logic analysis to evaluate its effectiveness. The analysis demonstrates that it successfully maintains the model with 76 % accuracy under multiple adversarial attacks during training compared to an 80 % reduction without defensive measures.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111739"},"PeriodicalIF":4.6000,"publicationDate":"2025-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625007054","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Network Traffic Classification (NTC) is vital for network management and security. However, as internet traffic volume increases, centralised model training causes scalability and privacy issues for NTC. To address these issues, distributing NTC model training to multiple edge clients via Federated Learning (FL) provides a solution by reducing latency, improving system scalability, and preserving data privacy. Nonetheless, the distributed nature of FL makes it vulnerable to various adversarial attacks from multiple clients, consequently degrading the model's performance. Most studies focus on a limited range of attacks, often overlooking more advanced and subtle threats, such as backdoor attacks and those based on Generative Adversarial Networks (GANs). Despite the growing attack complexity, existing defensive measures in the NTC domain struggle to mitigate multiple adversarial attack types simultaneously. To validate this claim, this study investigates the vulnerabilities of FL-based NTC training against four types of adversarial attacks: label flipping (LF) and model poisoning, and introduces customized backdoor and GAN-based attack scenarios tailored specifically to FL-based NTC training. When evaluated using the ISCX-VPN 2016 dataset, the results demonstrate that FL-based NTC is vulnerable to all four types of adversarial attacks. For instance, the LF attack reduced accuracy by 98.66 % in a collusive scenario, while the backdoor attack achieved a 40 % success rate. In comparison, the GAN attack lowered the F1 score of the target class by 18 %. Therefore, to strengthen the defense against adversarial attacks, this study proposes a robust conceptual defense framework capable of defending against multiple adversarial attack types simultaneously. The framework incorporates remote attestation scoring, hierarchical training, and an adaptive aggregation mechanism and conducts logic analysis to evaluate its effectiveness. The analysis demonstrates that it successfully maintains the model with 76 % accuracy under multiple adversarial attacks during training compared to an 80 % reduction without defensive measures.

查看原文本刊更多论文

边缘计算环境下基于联邦学习的网络流量分类对抗性攻击与防御

网络流分类（NTC）是网络管理和安全的重要组成部分。然而，随着互联网流量的增加，集中式模型训练会给NTC带来可扩展性和隐私问题。为了解决这些问题，通过联邦学习（FL）将NTC模型训练分发到多个边缘客户端提供了一种解决方案，可以减少延迟、提高系统可扩展性和保护数据隐私。尽管如此，FL的分布式特性使其容易受到来自多个客户端的各种对抗性攻击，从而降低了模型的性能。大多数研究集中在有限范围的攻击上，往往忽略了更高级和微妙的威胁，例如后门攻击和基于生成对抗网络（gan）的攻击。尽管攻击的复杂性不断增加，但NTC领域现有的防御措施难以同时减轻多种对抗性攻击类型。为了验证这一说法，本研究调查了基于fl的NTC训练在四种类型的对抗性攻击（标签翻转（LF）和模型中毒）下的漏洞，并介绍了专门针对基于fl的NTC训练量身定制的后门和基于gan的攻击场景。当使用ISCX-VPN 2016数据集进行评估时，结果表明基于fl的NTC容易受到所有四种类型的对抗性攻击。例如，LF攻击在合谋的情况下降低了98.66%的准确率，而后门攻击的成功率达到了40%。相比之下，GAN攻击使目标职业的F1分数降低了18%。因此，为了加强对抗性攻击的防御，本研究提出了一个健壮的概念防御框架，能够同时防御多种对抗性攻击类型。该框架结合了远程认证评分、分层训练和自适应聚合机制，并进行了逻辑分析来评估其有效性。分析表明，在训练过程中，在多次对抗性攻击下，它成功地保持了76%的准确率，而在没有防御措施的情况下，模型的准确率降低了80%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.