Junpeng He;Xiong Li;Xiaosong Zhang;Weina Niu;Fagen Li
{"title":"一种综合数据辅助卫星地面综合网络入侵检测框架","authors":"Junpeng He;Xiong Li;Xiaosong Zhang;Weina Niu;Fagen Li","doi":"10.1109/TIFS.2025.3530676","DOIUrl":null,"url":null,"abstract":"The Satellite-Terrestrial Integrated Network (STIN) is an emerging paradigm offering seamless network services across geographical boundaries, yet it faces significant security challenges, including limited intrusion prevention capabilities. Federated learning (FL) provides a viable solution by aggregating traffic data from STIN clients (e.g., ground stations and edge routers) to train models for network intrusion detection systems (NIDS). However, satellite and terrestrial domain data’s non-independent and identically distributed (non-IID) nature hinders training efficiency and performance. This paper proposes STINIDF, a novel STIN intrusion detection framework leveraging FL-based data augmentation. STINIDF utilizes FL to collaboratively train a conditional diffusion model across STIN nodes while preserving privacy via differential privacy mechanisms, generating global traffic data representative of the STIN distribution. Each node then integrates global and local traffic data to train a local model for NIDS, addressing non-IID challenges by balancing data distribution through data augmentation. Using a simulation environment developed with OMNeT++ and INET, a Satellite-Terrestrial Integrated (STI) traffic dataset was created, including intrusion scenarios such as signal disruption, UDP flooding, and jamming attacks. Experimental results indicate that STINIDF outperforms existing data augmentation-based approaches under non-IID conditions, achieving <inline-formula> <tex-math>$\\mathbf {96.63\\%(2.41\\%\\uparrow)}$ </tex-math></inline-formula> accuracy, <inline-formula> <tex-math>$\\mathbf {96.71\\% (3.14\\%\\uparrow)}$ </tex-math></inline-formula> precision, <inline-formula> <tex-math>$\\mathbf {96.54\\%(1.65\\%\\uparrow)}$ </tex-math></inline-formula> recall and <inline-formula> <tex-math>$\\mathbf {96.66\\%(2.7\\%\\uparrow)}$ </tex-math></inline-formula> F1 score. Furthermore, when compared to methods integrating data augmentation with differential privacy, STINIDF demonstrates an effective balance between privacy preservation and intrusion detection performance, attaining an accuracy of <inline-formula> <tex-math>$\\mathbf {96.14\\%(2.57\\%\\uparrow)}$ </tex-math></inline-formula> and a FID of <inline-formula> <tex-math>$\\mathbf {17.88(7.41\\downarrow)}$ </tex-math></inline-formula>.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1739-1754"},"PeriodicalIF":6.3000,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Synthetic Data-Assisted Satellite Terrestrial Integrated Network Intrusion Detection Framework\",\"authors\":\"Junpeng He;Xiong Li;Xiaosong Zhang;Weina Niu;Fagen Li\",\"doi\":\"10.1109/TIFS.2025.3530676\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Satellite-Terrestrial Integrated Network (STIN) is an emerging paradigm offering seamless network services across geographical boundaries, yet it faces significant security challenges, including limited intrusion prevention capabilities. Federated learning (FL) provides a viable solution by aggregating traffic data from STIN clients (e.g., ground stations and edge routers) to train models for network intrusion detection systems (NIDS). However, satellite and terrestrial domain data’s non-independent and identically distributed (non-IID) nature hinders training efficiency and performance. This paper proposes STINIDF, a novel STIN intrusion detection framework leveraging FL-based data augmentation. STINIDF utilizes FL to collaboratively train a conditional diffusion model across STIN nodes while preserving privacy via differential privacy mechanisms, generating global traffic data representative of the STIN distribution. Each node then integrates global and local traffic data to train a local model for NIDS, addressing non-IID challenges by balancing data distribution through data augmentation. Using a simulation environment developed with OMNeT++ and INET, a Satellite-Terrestrial Integrated (STI) traffic dataset was created, including intrusion scenarios such as signal disruption, UDP flooding, and jamming attacks. Experimental results indicate that STINIDF outperforms existing data augmentation-based approaches under non-IID conditions, achieving <inline-formula> <tex-math>$\\\\mathbf {96.63\\\\%(2.41\\\\%\\\\uparrow)}$ </tex-math></inline-formula> accuracy, <inline-formula> <tex-math>$\\\\mathbf {96.71\\\\% (3.14\\\\%\\\\uparrow)}$ </tex-math></inline-formula> precision, <inline-formula> <tex-math>$\\\\mathbf {96.54\\\\%(1.65\\\\%\\\\uparrow)}$ </tex-math></inline-formula> recall and <inline-formula> <tex-math>$\\\\mathbf {96.66\\\\%(2.7\\\\%\\\\uparrow)}$ </tex-math></inline-formula> F1 score. Furthermore, when compared to methods integrating data augmentation with differential privacy, STINIDF demonstrates an effective balance between privacy preservation and intrusion detection performance, attaining an accuracy of <inline-formula> <tex-math>$\\\\mathbf {96.14\\\\%(2.57\\\\%\\\\uparrow)}$ </tex-math></inline-formula> and a FID of <inline-formula> <tex-math>$\\\\mathbf {17.88(7.41\\\\downarrow)}$ </tex-math></inline-formula>.\",\"PeriodicalId\":13492,\"journal\":{\"name\":\"IEEE Transactions on Information Forensics and Security\",\"volume\":\"20 \",\"pages\":\"1739-1754\"},\"PeriodicalIF\":6.3000,\"publicationDate\":\"2025-01-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Information Forensics and Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10843866/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10843866/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
A Synthetic Data-Assisted Satellite Terrestrial Integrated Network Intrusion Detection Framework
The Satellite-Terrestrial Integrated Network (STIN) is an emerging paradigm offering seamless network services across geographical boundaries, yet it faces significant security challenges, including limited intrusion prevention capabilities. Federated learning (FL) provides a viable solution by aggregating traffic data from STIN clients (e.g., ground stations and edge routers) to train models for network intrusion detection systems (NIDS). However, satellite and terrestrial domain data’s non-independent and identically distributed (non-IID) nature hinders training efficiency and performance. This paper proposes STINIDF, a novel STIN intrusion detection framework leveraging FL-based data augmentation. STINIDF utilizes FL to collaboratively train a conditional diffusion model across STIN nodes while preserving privacy via differential privacy mechanisms, generating global traffic data representative of the STIN distribution. Each node then integrates global and local traffic data to train a local model for NIDS, addressing non-IID challenges by balancing data distribution through data augmentation. Using a simulation environment developed with OMNeT++ and INET, a Satellite-Terrestrial Integrated (STI) traffic dataset was created, including intrusion scenarios such as signal disruption, UDP flooding, and jamming attacks. Experimental results indicate that STINIDF outperforms existing data augmentation-based approaches under non-IID conditions, achieving $\mathbf {96.63\%(2.41\%\uparrow)}$ accuracy, $\mathbf {96.71\% (3.14\%\uparrow)}$ precision, $\mathbf {96.54\%(1.65\%\uparrow)}$ recall and $\mathbf {96.66\%(2.7\%\uparrow)}$ F1 score. Furthermore, when compared to methods integrating data augmentation with differential privacy, STINIDF demonstrates an effective balance between privacy preservation and intrusion detection performance, attaining an accuracy of $\mathbf {96.14\%(2.57\%\uparrow)}$ and a FID of $\mathbf {17.88(7.41\downarrow)}$ .
期刊介绍:
The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
