| III. RECENT ADVANCES ON FEDERATED LEARNING FOR CYBERSECURITY AND CYBERSECURITY FOR FEDERATED LEARNING |
三、联邦学习在网络安全和网络安全中的最新进展 |
| The focus of this work is to survey several existing works since 2015 toward cybersecurity particularly for IoT environments. The addressed issues by those works and the environments where they are implemented or tested are given in Table II. In recent times, a significant number of research works for addressing security in the IoT networks have been shifted toward applying FL. The framework of FL inherently supports privacy, to some extent security, and latency as only updates are required to transmit but these are costlier to achieve in centralized learning. Distributed learning addresses these issues but lacks global knowledge of collaborative learning. There are some downsides of FL in IoT networks too like heterogeneity of devices, resource constraint, non-IID data, accuracy, and others. Mainly, most of the FL surveyed works address security and privacy issues but there are several works that also address issues like latency [26], [42]–[47], resource constraint [20], [27], [48]–[51], accuracy [28], [47], [52] and non-IID [28], [29], [45]. All these issues are somehow dependent on each other and improving one issue should not affect the others. Some works have considered all these issues while others addressed the only subset of these. We will discuss some of the contributions made to alleviate such issues present in FL. Although FL in the IoT environment is our primary focus of study, some recent works we studied are proposed and tested in the distributed learning setting. We have also mentioned those works considering their usefulness to secure IoT environment and are easily extensible to FL setting. |
本工作的重点是调查自2015年以来的几项现有研究,特别是针对IoT环境的网络安全。这些研究涉及的问题及其实施或测试的环境在表II中给出。近年来,大量针对解决IoT网络安全问题的研究已经转向应用FL。FL的框架本质上支持隐私、在一定程度上支持安全性和延迟,因为只需要传输更新,但在集中式学习中实现这些目标成本较高。分布式学习解决了这些问题,但缺乏协作学习的全局知识。在IoT网络中,FL也存在一些缺点,如设备的异构性、资源限制、非独立同分布的数据、准确性等。主要上,大多数已调查的FL工作解决了安全和隐私问题,但也有一些工作解决了延迟[26],[42]–[47]、资源限制[20],[27],[48]–[51]、准确性[28],[47],[52]和非独立同分布[28],[29],[45]等问题。所有这些问题在某种程度上相互依赖,改善其中一个问题不应影响其他问题。有些工作考虑了所有这些问题,而其他工作只解决了其中的一部分。我们将讨论一些已做出的贡献,以缓解FL中存在的这些问题。虽然我们的主要研究重点是IoT环境中的FL,但我们研究的一些最新工作是在分布式学习环境中提出和测试的。我们还提到了这些工作,考虑到它们对保护IoT环境的有用性以及易于扩展到FL环境中。 |
| We have summarized surveyed works into two groups. In one group, we discuss existing works related to FL as a tool for cybersecurity and in the next, we present works based on cybersecurity need for FL. FL as a solution to different types of attacks and FL as a target to different potential cyberattacks are highlighted in Fig. 5. A collaborative approach of identifying and learning different types of attacks can be highly effective to mitigate daunting threats like intrusion, Dos/DDos, anomaly, and others. On the other hand, before utilizing FL for real applications, the emerging attacks typical to FL are required to be addressed. |
我们将调查的工作总结为两组。在一组中,我们讨论与FL相关的现有工作,作为网络安全的工具,在下一组中,我们介绍基于FL的网络安全需求的工作。图5中突出显示了FL作为解决不同类型攻击的方法和作为不同潜在网络攻击目标的方法。识别和学习不同类型的攻击的协作方法可以极大地有效地减轻入侵、Dos/DDos、异常等令人畏惧的威胁。另一方面,在将FL用于实际应用之前,需要解决FL典型的新兴攻击问题。 |
| A. Federated Learning for Cybersecurity |
A. 针对网络安全的联邦学习 |
| Security, privacy, and trust have been extensively studied in the literature in the context of cyberspace. However, this survey is particularly focused on cybersecurity for IoT environments in the FL setting. IoT environment is more vulnerable to different types of cyberattacks so, a collaborative learning framework of FL only by sharing the model update can be an effective solution to enhance security and privacy. A timely learned and shared global knowledge of different types of cyberattacks like spoofing, intrusion, anomaly and DoS/DDoS facilitates building and enhancing cyberdefense models and mechanisms accordingly. So, FL has a huge potential to secure cyberspace effectively both in the device as well as network level. Application of FL as a solution to mitigate possible threats is depicted in Fig. 6. In recent times, cyberspace has been more vulnerable due to the presence of unprecedented growth of heterogeneous sensor devices. IDS and anomaly detector backed by ML has become mandatory to detect and combat intrusions and anomalies in today’s gigantic cyberspace. In literature, different approaches (e.g. [32], [64], [65]) using varieties of ML algorithms (e.g. CNN, NAR, Q-learning) have been examined to design IDSsIPSs and those are tested against several benchmarked datasets for its performance. Majority of the efforts dedicated to designing FL based security solutions primarily focused on the accuracy of the security model only without considering other important performance metrics. We cover FL works addressing performance issues in the next section. Rahman et al. [31] proposed a FL based self-learning IDS to secure IoT environment. A benchmarked dataset (NSL-KDD) consisting of normal traffic and several attack types was first distributed over the IoT devices and then ML based IDS model was trained and tested locally. The model updates were sent and aggregated following the conventional FL operations. The proposed system achieved accuracy close to the centralized learning approach. FL approach was successful to create a self-learning IDS by which end devices were successful to detect attacks that were not presented in their local dataset. The advantage of such FL based IDS is that in a real application scenario, IDS can be capable to detect intrusions not generated previously by its own traffic. The downside of the proposed approach is that it was experimented within a significantly small IoT network environment and except accuracy, other performance metrics were not considered. |
安全性、隐私和信任在文献中已得到广泛研究,但本调查特别关注IoT环境中的网络安全,采用联邦学习设置。IoT环境更容易受到不同类型的网络攻击,因此,仅通过共享模型更新的联邦学习协作学习框架可以有效增强安全性和隐私性。对欺骗、入侵、异常和DoS/DDoS等不同类型网络攻击的及时学习和共享的全局知识有助于相应地构建和增强网络防御模型和机制。因此,联邦学习在设备和网络级别都有巨大的潜力来有效保护网络空间。图6展示了应用联邦学习来减轻可能威胁的情况。最近,由于异构传感器设备的迅猛增长,网络空间变得更加脆弱。基于ML的IDS和异常检测器已成为在当今庞大的网络空间中检测和应对入侵和异常的必备手段。在文献中,使用各种ML算法(如CNN、NAR、Q-learning)的不同方法(例如[32],[64],[65])已经被用来设计IDSsIPSs,并针对几个基准数据集进行了测试以评估其性能。大多数致力于设计基于联邦学习的安全解决方案的工作主要关注安全模型的准确性,而忽视了其他重要的性能指标。我们将在下一节讨论解决性能问题的联邦学习工作。Rahman等人[31]提出了一种基于联邦学习的自学习IDS来保护IoT环境。首先,将一个包含正常流量和几种攻击类型的基准数据集(NSL-KDD)分布到IoT设备上,然后在本地训练和测试基于ML的IDS模型。根据常规的联邦学习操作,将模型更新发送和聚合。所提出的系统实现了接近集中式学习方法的准确性。联邦学习方法成功创建了一个自学习的IDS,使得终端设备能够检测其本地数据集中未出现的攻击。这种基于联邦学习的IDS的优点是,在实际应用场景中,IDS可以检测先前由其自己的流量生成的入侵。所提出方法的缺点是它在一个显著小型的IoT网络环境中进行了实验,并且除了准确性之外,未考虑其他性能指标。 |
| In [84], a collaborative IDS is developed as smart ”filters’ by deploying at IoT gateways in each sub-network. DNN of each filter is trained with a local database housed in sub-network and such learned models from the filters are collected and aggregated in a central server. Each filter supplemented by global knowledge is capable of detecting and preventing real-time cyberattacks. The performance of the proposed model was tested with multiple benchmarked datasets and it outperformed several baseline ML models in FL and centralized learning settings in terms of detection accuracy, network traffic, privacy, and learning speed. Despite the improved performances in several aspects, this approach is useful against known attacks only. |
在[84]中,开发了一种协作式IDS,作为智能“过滤器”,部署在每个子网络的IoT网关上。每个过滤器的DNN使用子网络中的本地数据库进行训练,然后从过滤器收集和聚合这些学习模型到中央服务器。每个过滤器都通过全局知识来实时检测和防止网络攻击。所提出的模型在多个基准数据集上进行了测试,并在检测准确性、网络流量、隐私和学习速度方面优于FL和集中式学习设置中的几种基准ML模型。尽管在几个方面取得了改进,但这种方法仅对已知攻击有效。 |
| A robust FL based IDS using a generative model was envisioned in [85]. FED-IIoT, a FL based architecture for detecting malwares used generative adversarial network (GAN) and Federated Generative Adversarial Network (FedGAN) algorithms in the participant side to generate adversarial data and injects them into the dataset of each IIoT application. On the server side, a robust collaboration of trained models was ensured by incorporating a defense mechanism to detect and avoid anomalies while aggregation. The proposed model demonstrated higher accuracy compared to existing solutions and allows secure participation and efficient communication among participants in the IIoT environment. |
在[85]中,构想了一种基于强化学习的健壮FL的IDS。FED-IIoT是一种基于FL的架构,用于检测恶意软件,使用生成对抗网络(GAN)和联邦生成对抗网络(FedGAN)算法在参与者端生成对抗性数据,并将其注入到每个IIoT应用程序的数据集中。在服务器端,通过整合检测和避免异常的防御机制,确保了训练模型的强大协作。所提出的模型与现有解决方案相比表现出更高的准确性,并允许参与者在IIoT环境中进行安全参与和高效通信。 |
| With similar objective, work [32] designed an ML based IDS model to detect threats in industrial CPSs environment. The designed IDS model was further extended as a FL framework to allow multiple industrial CPSs collaborate to build a comprehensive IDS. Authors compared the effectiveness of the proposed model with state-of-the-art schemes through extensive experiments on real industrial CPS dataset. For ensuring security and privacy of the federated model parameters, authors incorporated paillier cryptosystem based secure communication protocol for the federated IDS. The advantage of this work is that it makes FL secure against the man-in-the-middle type attacks. |
在[32]中,为了在工业CPS环境中检测威胁,设计了一个基于ML的IDS模型。所设计的IDS模型进一步扩展为FL框架,允许多个工业CPS进行合作构建综合性IDS。作者通过对真实工业CPS数据集进行大量实验,将所提出的模型与最先进的方案进行了比较。为确保联邦模型参数的安全性和隐私性,作者采用paillier密码体制为联邦IDS提供了安全通信协议。这项工作的优势在于它使FL在防范中间人攻击方面更加安全。 |
| Aiming to identify the most critical cyberattacks in a smart home environment, [53] first highlights attack surfaces and prepares three test cases (to test confidentiality, authentication, and access control) to launch different types of cybersecurity-based attacks. An IPS is then designed and tested against the same attacks to verify the resiliency of the affected system. In an effort to detect cyberattacks in a larger IoT network, a ML based network intrusion detection system (NIDS) capable of monitoring all the IoT traffic of a smart city in a distributed fog layer was proposed in [33]. The proposed model performed well to detect attacked IoT devices at distributed fog nodes and alert the administrator accordingly. The NIDS model was evaluated against UNSW-NB15 dataset [86] and the model demonstrated the classification accuracy of 99.34%. Authors claimed their approach as unique stating that the NIDS model learns with normal traffic and can detect malicious behavior in the future. |
在[53]中,为了在智能家居环境中识别最关键的网络攻击,首先强调了攻击表面,并准备了三个测试用例(用于测试机密性、认证和访问控制),以发起不同类型的网络安全攻击。然后设计了一个IPS并针对相同的攻击进行测试,以验证受影响系统的韧性。为了在更大规模的IoT网络中检测网络攻击,在[33]中提出了一种基于ML的网络入侵检测系统(NIDS),能够在分布式雾层中监控智能城市的所有IoT流量。所提出的模型能够很好地检测分布式雾节点上受攻击的IoT设备,并相应地向管理员发出警报。NIDS模型通过对UNSW-NB15数据集[86]进行评估,并展示了99.34%的分类准确率。作者声称他们的方法是独特的,因为NIDS模型可以通过正常流量进行学习,并可以检测未来的恶意行为。 |
| Extending the traditional FL model, Sun et al. [3] proposed a segmented FL framework to detect intrusion for large-scale networked LANs. This approach is different from a traditional FL model that works on collaborative learning based on a single global model. The proposed approach instead keeps multiple global models where each segment of participants performs collaborative learning separately and also rearranges the segmentation of participants dynamically. Moreover, these models interact with each other to update parameters as per the various participants’ LANs. The authors employed three types of knowledge-based methods for labeling network events and train a convolutional neural network (CNN) using a dataset. The model was trained and tested using a dataset consisting of using two months’ traffic dataset of 20 participants’ LANs and obtained a high validation accuracies. The advantage of the segmented FL framework is that it performed better to detect intrusion in LANs compared to the traditional FL approach of using a single global model. |
在[3]中,扩展了传统的FL模型,Sun等人提出了一种分段FL框架,用于检测大规模网络化LAN的入侵。这种方法不同于传统的FL模型,后者基于单个全局模型进行协作学习。所提出的方法保持多个全局模型,每个参与者分段单独进行协作学习,并动态重新安排参与者的分段。此外,这些模型相互交互,根据不同参与者的LAN更新参数。作者采用三种基于知识的方法对网络事件进行标记,并使用数据集训练卷积神经网络(CNN)。该模型使用包含20个参与者LAN的两个月流量数据集进行训练和测试,并获得了很高的验证准确性。分段FL框架的优势在于它在检测LAN中的入侵方面表现比传统的FL方法(使用单个全局模型)更好。 |
| A collaborative IDS (CIDS) to detect abnormal network behavior in the whole VANET was proposed in [62]. The CIDS used deep learning and SDN controller approach to train a global IDS that can work in both IID and non-IID situations. Instead of directly exchanging sub-network flows, multiple SDN controllers were employed to train global IDS jointly for the entire network. The model was built and tested using KDD99, NSL-KDD datasets to validate the efficiency and effectiveness of the CIDS for VANETS. The main highlighting feature of the proposed approach is that the CIDS is effective to detect intrusion in the entire VANET and not just limited to the local sub-networks like other approaches. |
在[62]中,提出了一种协作式IDS(CIDS)来检测整个VANET中的异常网络行为。CIDS采用深度学习和SDN控制器方法来训练全局IDS,可以在IID和非IID情况下工作。多个SDN控制器被用于联合训练整个网络的全局IDS,而不是直接交换子网络流量。该模型使用KDD99、NSL-KDD数据集构建和测试,以验证CIDS对VANETS的效率和有效性。所提出的方法的主要亮点是,CIDS能够有效地检测整个VANET中的入侵,而不仅仅限于其他方法中的本地子网络。 |
| To alleviate Wi-Fi network privacy concerns, a federated deep learning model [77] was built and tested using AWID. The proposed model used a specialized deep learning neural network called Stacked Autoencoders (SAE) to capture a compressed representation of anomalous observations. To identify the new threats, the federated model learns from the new observations and updates the local and global models. The result obtained was compared with the classical deep learning model and claimed that the FL model was more effective in terms of classification accuracy, computation cost, and communication cost. This work is different than others to use a specialized DNN which facilitates compression of model parameters which mainly benefits to reduce communication latency. |
为了减轻Wi-Fi网络的隐私问题,构建并测试了一个基于联邦深度学习的模型[77],并使用AWID进行了测试。所提出的模型使用一种称为堆叠自编码器(SAE)的专用深度学习神经网络来捕获异常观测的压缩表示。为了识别新的威胁,联邦模型从新的观测数据中学习并更新本地和全局模型。所得结果与传统的深度学习模型进行了比较,并声称FL模型在分类准确性、计算成本和通信成本方面更为有效。这项工作不同于其他工作,使用了专门的DNN来实现模型参数的压缩,这主要有利于减少通信延迟。 |
| To deal with the emerging sophisticated polymorphic threats, a security solution needs to be proactive to identify unforeseen and unpredictable cyberattacks. In an attempt to design such a solution, Rege et al. [64] extend IDS to offer temporal prediction of adversarial movement. The proposed approach used four predictive models namely nonlinear autoregressive (NAR) neural network, NAR neural network with exogenous input (NARX), NAR neural network for multi-steps-ahead prediction, and autoregressive integrated moving average (ARIMA) and compared the results over two datasets collected at different locations. The research was able to identify five advanced persistent threats’ trends - there will be more attacks, more obfuscation, continued false attribution, greater shifts from opportunity-based attacks to more targeted attacks, and more damage ranging from data manipulation to data encryption or deletion. |
为了应对新兴的复杂多态威胁,安全解决方案需要具有主动性,能够识别未预见和不可预测的网络攻击。为了设计这样的解决方案,Rege等人[64]扩展了IDS以提供对敌对行动的时间预测。所提出的方法使用了四种预测模型,包括非线性自回归(NAR)神经网络、带有外部输入的NAR神经网络(NARX)、用于多步预测的NAR神经网络和自回归积分移动平均(ARIMA),并对两个在不同位置收集的数据集进行了比较。该研究能够确定五种高级持续性威胁的趋势——攻击将更多,混淆更多,持续的错误归因,更多的机会攻击向更有针对性的攻击的转变,以及从数据操纵到数据加密或删除的更多破坏。 |
| Motivated by the similar need, article [63] presented several experimental approaches to identify the best algorithm to design dynamic IDS that could effectively detect and predict intrusions at both host level and network level. Authors first experimented with various DNNs against publicly available benchmark malware dataset (KDDCup 99) by choosing optimal network parameters and network topology for DNNs. The well-performed DNNs are then tested with other malware datasets NSL-KDD, UNSW-NB15, Kyoto, WSN-DS, and CICIDS 2017 to set the benchmark. A similar approach was followed to identify well-performed classical ML classifiers and to compare their performance with DNNs. The performance evaluation demonstrated that DNNs outperformed classical machine learning classifiers and finally,authors utilized the better-performed DNNs to design a highly scalable and hybrid DNNs framework called scale-hybrid-IDS-AlertNet. The proposed IDS could not only monitor real-time network traffic and host-level events effectively but also proactively alert possible cyberattacks. |
受到类似需求的启发,文章[63]提出了几种实验方法来确定设计动态IDS的最佳算法,以有效地检测和预测主机级和网络级的入侵。作者首先对多种DNNs进行了实验,使用公开可用的基准恶意软件数据集(KDDCup 99)选择了DNN的最优网络参数和网络拓扑。然后,对性能良好的DNNs进行了其他恶意软件数据集(NSL-KDD、UNSW-NB15、Kyoto、WSN-DS和CICIDS 2017)的测试,以设定基准。类似的方法用于确定性能良好的经典ML分类器,并将其性能与DNN进行比较。性能评估表明,DNN优于经典的机器学习分类器,最后,作者利用性能更好的DNN设计了一个高度可扩展和混合的DNN框架,称为scale-hybrid-IDS-AlertNet。所提出的IDS不仅能够有效地监控实时网络流量和主机级事件,还能主动警报可能的网络攻击。 |
| A federated self-learning anomaly detection and prevention system that is capable of detecting and preventing emerging and unknown attacks in IoT network (DÏoT) was proposed in the article [65]. Without human intervention, DÏoT builds device-type-specific communication profiles which are eventually used to detect anomalies in devices’ communication behavior. Security gateways were employed in such a way that each gateway is assigned to monitor the traffic of one particular device type. The collected traffic data was then used to train the local model of each gateway, and the model parameters of the training were sent to an IoT security service for aggregation. The IoT security service had been used as a repository of device-type-specific anomaly detection models which, in the later stage, also used to aggregate all the updates received from security gateways. |
文章[65]中提出了一个联邦式自学习异常检测和预防系统,能够在IoT网络(DÏoT)中检测和预防新兴和未知的攻击。DÏoT在没有人工干预的情况下建立了设备类型特定的通信配置文件,最终用于检测设备通信行为中的异常。安全网关被用于以这样的方式,即每个网关被分配为监控特定设备类型的流量。然后使用收集到的流量数据来训练每个网关的本地模型,并将训练的模型参数发送到IoT安全服务以进行聚合。IoT安全服务被用作设备类型特定异常检测模型的存储库,并在后期用于聚合从安全网关接收到的所有更新。 |
| In [56], Pang et al. proposed a learning agent-based Federated Network Traffic Analysis Engine (FNTAE) for detecting real-time network intrusion. To detect abnormal traffics as a result of new attacks, the proposed model made use of an analysis engine powered with an incremental learning agent to capture attack signatures in real-time. FNTAE demonstrated well compared to the centralized analysis system; however, it is useful only to combat against the known attacks. |
在[56]中,Pang等人提出了一种基于学习代理的联邦网络流量分析引擎(FNTAE),用于检测实时网络入侵。为了检测由于新攻击导致的异常流量,所提出的模型利用一个增量学习代理驱动的分析引擎来实时捕获攻击签名。与集中式分析系统相比,FNTAE表现良好;然而,它仅对抗已知的攻击有效。 |
| To secure an IoT environment, some works have followed other approaches too. Work presented in [57] proposed Man-In-the-Middle-IoT-Computing tool (MIMIC) which utilizes the man-in-the-middle attack concept to deploy MIMIC as a fog computing agent for IoT networks. MIMIC is deployed at the edge node of the IoT network to be able to sniff, capture,and replay all the incoming packets from IoT devices. MIMIC then creates a virtual layer for holding the virtualization of all the sensing devices, and the remote users are allowed to query only on the virtual space disabling the direct access to physical devices. In [58], Zarca et al. proposed a novel approach to utilizing SDN and NFV to deploy IoT honeynets to distract cyber attackers and make IoT systems secure. Administrators of IoT systems can deploy IoT honeynets as a service through high-level security policies defined over SDN controller and NFV Management and Network Orchestration by replicating the physical IoT architecture on a virtual environment as VNFs. The model experimented in a testbed of H2020 EU project premises and it was successful for filtering, dropping, and diverting the network traffic dynamically and adapting the network behavior according to the newly deployed vIoTHoneyNets (virtual IoT honeynet) needs. |
为了保护IoT环境,一些工作也采用了其他方法。在[57]中提出了Man-In-the-Middle-IoT-Computing工具(MIMIC),它利用中间人攻击概念将MIMIC部署为IoT网络的雾计算代理。MIMIC部署在IoT网络的边缘节点,以便能够嗅探、捕获和重放所有来自IoT设备的传入数据包。然后,MIMIC创建一个虚拟层,用于保存所有传感设备的虚拟化,远程用户只能在虚拟空间上进行查询,禁止对物理设备进行直接访问。在[58]中,Zarca等人提出了一种新的方法,利用SDN和NFV来部署IoT蜜罐以分散网络攻击,并使IoT系统更加安全。IoT系统的管理员可以通过高级安全策略将IoT蜜罐部署为服务,这些安全策略定义在SDN控制器和NFV管理和网络编排上,通过在虚拟环境中复制物理IoT架构来实现。该模型在H2020欧盟项目测试平台上进行了实验,并成功地对网络流量进行了过滤、丢弃和转发,根据新部署的vIoTHoneyNets(虚拟IoT蜜罐)的需求调整了网络行为。 |
| A malware classification prototype accompanied by decentralized data collection and sharing using the FL model approach was developed in [55]. Dataset of 10,907 malwares obtained from virustotal API was used for training and testing the model. Authors used SVM and LSTM machine learning algorithms in a federated setting to achieve better results on the classification of malwares. |
在[55]中开发了一个伴随着分散式数据收集和共享的恶意软件分类原型,采用FL模型方法。使用来自virustotal API的10,907个恶意软件数据集进行模型的训练和测试。作者在联邦设置中使用了SVM和LSTM机器学习算法,以在恶意软件分类方面取得更好的结果。 |
| A framework called DRAFT is developed in [54] by integrating other frameworks and tools to improve the resiliency of end-to-end IoT platform against cyberattacks. The proposed model was integrated into the IoT platform and tested against five known simulated cyberattacks using Fed4FIRE+ federated testbeds and demonstrated the increase in cyberattack resiliency for the tested IoT platform. |
在[54]中开发了一个名为DRAFT的框架,通过整合其他框架和工具,提高了端到端IoT平台对抗网络攻击的韧性。所提出的模型被集成到IoT平台,并在使用Fed4FIRE+联邦测试平台进行了五种已知模拟网络攻击的测试,展示了测试IoT平台网络攻击韧性的增加。 |
| An adaptive federated reinforcement learning was proposed in [75] to combat jamming attack in unmanned aerial vehicles (UAVs). The proposed model used model-free Q-learning and CRAWDAD dataset and learned jamming defense strategy in a newly explored environment. |
在[75]中提出了一种自适应联邦强化学习方法,用于对抗无人机中的干扰攻击。所提出的模型使用无模型Q学习和CRAWDAD数据集,在新探索的环境中学习干扰防御策略。 |
| Paper [66] studies cybersecurity in the context of Big Data IoT and CPS. Cybersecurity issues and vulnerabilities associated with CPS were investigated and analyzed to pinpoint possible cyberattacks. The authors also presented technical approaches to mitigate those attacks. |
文章[66]研究了大数据IoT和CPS背景下的网络安全。对与CPS相关的网络安全问题和漏洞进行了调查和分析,以确定可能的网络攻击。作者还提出了缓解这些攻击的技术方法。 |
| In [67], Abie et al. proposed a four-layer architecture of cognitive cybersecurity to combat against dynamic and adaptive attacks in smart CPS-IoT enabled healthcare environments. The presented conceptual architecture aimed to mimic the cognition behavior of humans to anticipate and respond to new and emerging cyber threats in the smart healthcare domain. |
在[67]中,Abie等人提出了一种认知网络安全的四层架构,用于对抗智能CPS-IoT启用的医疗环境中的动态和自适应攻击。所提出的概念架构旨在模仿人类的认知行为,以预测和应对智能医疗领域中的新兴网络威胁。 |
| In another work of providing cybersecurity for IoT devices [48], authors presented an approach of incorporating a trusted Network edge device (NED) developed in [87] as a proxy service for IoT communication. To protect IoT devices, users can set up security solutions and policies easily and efficiently for multiple IoT gateways and end devices at once via NED. The proposed approach is experimented in the corporate scenario in VTT Oulu premises. |
在[48]中,作者提出了一种为IoT设备提供网络安全的方法,将在[87]中开发的可信网络边缘设备(NED)作为IoT通信的代理服务进行了整合。为了保护IoT设备,用户可以通过NED一次性为多个IoT网关和终端设备轻松高效地设置安全解决方案和策略。该提议在VTT Oulu场地的企业场景中进行了实验。 |
| A work presented in [73] highlights several hardware-assisted techniques employed in the literature that can be applied to add another layer of protection to combat cyberattacks in the IoT domain. The paper also explored the hardware solutions with respect to cost, performance,security, and presented challenges to adopt in real scenarios. |
[73]中的一项工作强调了文献中使用的几种辅助硬件技术,这些技术可以应用于增加另一层保护,以对抗IoT领域中的网络攻击。本文还探讨了与硬件解决方案相关的成本、性能、安全性,并提出了在实际场景中采用的挑战。 |
| To improve security and reliability in an IoT environment, a reliable and efficient adaptation of cluster techniques (REACT) was presented in [70]. In REACT, an effective cluster head selection algorithm and energy-balanced routing algorithm were proposed and simulated with estimated parameters against existing protocols HEED and LEACH comparing throughput, network lifetime, energy remaining, and reliability. The paper also presented a strategy of a cyber-hacking technique of selecting an attack point to improve the cybersecurity design. |
为了提高IoT环境中的安全性和可靠性,[70]中提出了一种可靠高效的集群技术自适应(REACT)。在REACT中,提出了有效的集群头选择算法和能量平衡路由算法,并使用估计的参数对现有协议HEED和LEACH进行了模拟,比较了吞吐量、网络寿命、剩余能量和可靠性。本文还介绍了一种网络黑客技术策略,即选择攻击点来改善网络安全设计。 |
| With the aim of facilitating the design of an effective IDS and evaluating it properly, some works have dedicated efforts to fill the gap of the availability of benchmarked intrusion dataset to test IDSs-enabled IoT systems. The work presented in [59] proposed a new data-driven IoT/IIoT (TON IoT) dataset containing Telemetry data of IoT/IIoT services, Operating Systems logs, and Network traffic of IoT network, collected from a realistic representation of a medium-scale network at the Cyber Range and IoT Labs at the UNSW Canberra (Australia). TON IoT also contains label and type features indicating multiple classes and sub-classes suited for IoT/IIoT applications for multi-classification problems. The features of the dataset were compared with other existing datasets to show its superiority. In another example, [60] produced one of the most popular intrusion datasets named CICIDS2017 which contains an important set of features and meets real-world criteria. The produced dataset is fully labeled containing more than 80 network traffic features and meets all the required criteria with common updated attacks such as DoS, DDoS, Brute Force, XSS, SQL Injection, Infiltration, Port scan, and Botnet. |
为了促进有效IDS的设计和适当评估,一些工作致力于填补用于测试启用了IDS的IoT系统的基准入侵数据集的可用性差距。在[59]中提出了一个新的数据驱动型IoT/IIoT(TON IoT)数据集,其中包含了IoT/IIoT服务的遥测数据、操作系统日志和IoT网络的网络流量,这些数据是从澳大利亚UNSW坎培拉(Cyber Range and IoT Labs at the UNSW Canberra)的中型网络的真实表示中收集而来的。TON IoT还包含标签和类型特征,指示适用于IoT/IIoT应用程序的多个类别和子类别,用于多分类问题。数据集的特征与其他现有数据集进行了比较,显示了其优越性。在另一个示例中,[60]生成了一个名为CICIDS2017的最流行的入侵数据集,其中包含了重要的特征集,满足了现实世界的标准。该数据集完全标记,包含80多个网络流量特征,并满足了所有所需的标准,包括常见的更新攻击,如DoS、DDoS、Brute Force、XSS、SQL注入、入侵、端口扫描和Botnet。 |
| In this section, we discussed several existing approaches to design cybersecurity models particularly for IoT environments and in FL setting. Many ML algorithms, blockchain, network virtualization, SDN, clustering approaches, and others have been explored aiming to design an efficient cyber defense mechanism to detect and prevent intrusion, anomaly, Dos/DDoS, and other attacks in different types and sizes of IoT networks. |
在本节中,我们讨论了设计网络安全模型的若干现有方法,特别是针对IoT环境和FL设置。许多机器学习算法、区块链、网络虚拟化、SDN、聚类等方法已经得到了探索,旨在设计高效的网络防御机制,以便在不同类型和规模的IoT网络中检测和防止入侵、异常、Dos/DDoS等攻击。 |
| B. Cybersecurity for Federated Learning |
B. 联邦学习的网络安全 |
| We presented several works discussing FL as an effective solution for different kinds of security and privacy issues. |
我们介绍了一些关于联邦学习作为解决不同类型安全和隐私问题的有效解决方案的研究。 |
| However, this new learning architecture has invited some novel kinds of attacks. |
然而,这种新的学习架构也带来了一些新颖的攻击方式。 |
| In the FL setting, although the data resides locally in end devices and only ML parameters are exchanged between client and servers, it is still vulnerable to different kinds of attacks. |
在联邦学习设置中,虽然数据存储在终端设备上,而且只有机器学习参数在客户端和服务器之间交换,但仍然容易受到不同类型的攻击。 |
| We first discuss different types of attacks to FL and then present the mitigating strategies proposed in research. |
我们首先讨论联邦学习中不同类型的攻击,然后介绍研究中提出的缓解策略。 |
| Parameter poisoning (or model poisoning) and reverse engineering ML attacks are some serious threats in FL and are an active area of research [e.g. [30], [88], [89] [90], [80]]. |
参数污染(或模型污染)和反向工程机器学习攻击是联邦学习中的一些严重威胁,并且是一个活跃的研究领域 [例如 [30],[88],[89] [90],[80]]。 |
| The typical attacks in FL can be data based or model based (as shown in Fig. 5) which can be performed by forging local data of end device(s) or the model parameters on client or server side. |
联邦学习中的典型攻击可以基于数据或基于模型(如图5所示),可以通过伪造终端设备的本地数据或客户端或服务器端的模型参数来执行。 |
| How an attacker may perform different attacks in FL is shown in Fig. 7. As depicted, an attacker may control IoT device/network to compromise local data and/or local ML tasks to generate poisoned model. In other scenarios, an attacker may perform man-in-the-middle attack to forge the model update in transit or just to overhear communication to reveal the privacy of a user. |
如图7所示,攻击者可以通过控制物联网设备/网络来危害本地数据和/或本地机器学习任务以生成被污染的模型。在其他情况下,攻击者可能进行中间人攻击来伪造在传输中的模型更新,或者只是监听通信以揭示用户的隐私。 |
| Attacks in FL can not only degrade the quality of the learning model but also expose the privacy of users. An adversary can reveal the privacy of a user by spoofing on model updates sent by the user’s device. Moreover, if the adversary gains control of the aggregating server, he/she can get comprehensive knowledge of the history of update parameters of devices and the structure of the global model. With these information, adversaries can reveal the privacy of devices through reverse engineering. |
联邦学习中的攻击不仅可能降低学习模型的质量,还可能暴露用户的隐私。攻击者可以通过伪造用户设备发送的模型更新来揭示用户的隐私。此外,如果攻击者控制了聚合服务器,他/她可以全面了解设备更新参数的历史记录和全局模型的结构。利用这些信息,攻击者可以通过反向工程揭示设备的隐私。 |
| With access to the model updates, some works demonstrated generating pictures that look similar to the training images using generative adversarial network (e.g. [91], [92]). |
在获得模型更新的权限后,一些研究展示了使用生成对抗网络(例如[91],[92])生成与训练图像相似的图片。 |
| Extending the leakage of private information to the next level, Zhu et al. [93] demonstrated that an attacker can completely steal the private training data from the shared model updates in a few iterations. |
扩展私人信息泄漏到更高级别,Zhu等人 [93] 表明攻击者可以在几次迭代中完全窃取共享模型更新中的私人训练数据。 |
| To achieve this, authors first generated a pair of dummy inputs and labels and which were used to generate dummy gradient following the common training process. Rather than optimizing weights, they optimized dummy inputs and labels so as to minimize the distance between dummy gradients and real gradients and were successful to reveal the training data completely. |
为了实现这一点,作者首先生成了一对虚拟输入和标签,并在遵循常规训练过程后用于生成虚拟梯度。他们并没有优化权重,而是优化虚拟输入和标签,以使虚拟梯度与真实梯度之间的距离最小化,并成功完全揭示了训练数据。 |
| Further, with the full control of central server, adversaries might forge the global model which in turns might affect the local model of the end devices. |
此外,如果攻击者完全控制中央服务器,可能会伪造全局模型,进而影响终端设备的本地模型。 |
| In effect, aggregating local updates of such models might degrade the quality of the global model significantly. Even if adversaries do not have control over end device or server, the model parameters might still be forged while in transit between client and server. |
实际上,聚合此类模型的本地更新可能会严重降低全局模型的质量。即使攻击者没有控制终端设备或服务器,模型参数在客户端和服务器之间传输时仍可能被伪造。 |
| On the other side, FL is also vulnerable to data poisoning and model poisoning attacks performed through end device(s). |
另一方面,联邦学习也容易受到通过终端设备执行的数据污染和模型污染攻击的影响。 |
| If an adversary gains control over an end device, he/she may forge the local data and/or forge the model update during local model training process with intention of creating a biased model. |
如果攻击者控制了终端设备,他/她可能会伪造本地数据和/或在本地模型训练过程中伪造模型更新,以创建一个有偏见的模型。 |
| The parameters of the biased model in turn might affect the quality of global model. This problem gets even worse in case of byzantine problem [94] and sybil attack [95]. |
有偏见模型的参数可能会影响全局模型的质量。在拜占庭问题 [94] 和僞造攻击 [95] 的情况下,这个问题会变得更加严重。 |
| A survey presented in [14] categorizes and discusses threats to FL and presents future research directions to create robust FL framework. |
在 [14] 中呈现的调查将威胁分为类别并讨论了联邦学习的威胁,并提出了未来研究方向,以创建稳健的联邦学习框架。 |
| Label flipping attack is one of the most common data poisoning attack where the labels of training examples of one class are changed to another class (keeping features of the examples unchanged) to force the model predict incorrect label. |
标签翻转攻击是最常见的数据污染攻击之一,其中将一个类别的训练样本的标签改为另一个类别(保持样本特征不变),以强制模型预测错误的标签。 |
| Fung et al. [30] demonstrated label flipping attack by flipping the label 1s in the training dataset to label 7s and making the model incorrectly classify 1s as 7s. In other form of data poisoning attack, an attacker may change individual features of the original training dataset to plant backdoors into the model [14]. |
Fung等人[30]通过将训练数据集中标记为1的标签翻转为标记为7,并使模型将1错误地分类为7来演示了标签翻转攻击。在另一种数据污染攻击中,攻击者可能会更改原始训练数据集的个别特征,以在模型中植入后门 [14]。 |
| The general approach behind the backdoor attack is to replace the global model with the attacker’s model and force it to mis-predict on a specific sub-task, e.g., compelling an image classifier to misclassify green cars as frogs [96]. |
后门攻击的一般方法是用攻击者的模型替换全局模型,并强制它在特定的子任务上出现误预测,例如,迫使图像分类器将绿色汽车错误分类为青蛙 [96]。 |
| Once the estimate of global model’s state is perceived, an attacker can replace the model with simple weight re-scaling operation [97]. |
一旦获得全局模型状态的估计,攻击者可以用简单的权重重新缩放操作替换模型 [97]。 |
| Data poisoning ultimately poisons the model update however, an attacker may directly manipulate training process without poisoning training data and it is to be noted that this form of model poisoning is regarded as more effective than data poisoning. |
数据污染最终会污染模型更新,然而,攻击者可以直接操纵训练过程,而无需污染训练数据,值得注意的是,这种模型污染形式被认为比数据污染更有效。 |
| In [88], Bhagoji et al. demonstrated using model poisoning attacks considering a single, non-colluding malicious agent with the adversarial objective of causing the FL model to misclassify a set of chosen inputs with high confidence. |
在 [88] 中,Bhagoji等人展示了使用模型污染攻击,考虑了一个单一的、不相互勾结的恶意代理,其对抗目标是使联邦学习模型在高置信度下对一组选定的输入进行错误分类。 |
| In another example, Blanchard et al. [98] exhibited model poisoning considering omniscient attack (adversaries with aware of good estimate of gradient) where adversaries send opposite update vector by multiplying with negative constant to reverse the direction of gradient descent and degrade the model performance. |
在另一个例子中,Blanchard等人 [98] 考虑了全知攻击的模型污染(具有良好梯度估计意识的对手),其中对手通过与负常数相乘发送相反的更新向量,以扭转梯度下降的方向并降低模型性能。 |
| Furthermore, Baruch et al. [99] demonstrated that model poisoning through Byzantine-attack is still possible in non-omniscient attack scenario by introducing even a small but well-crafted changes on gradient. |
此外,Baruch等人 [99] 表明,通过拜占庭攻击进行的模型污染在非全知攻击场景中仍然是可能的,只需对梯度进行微小但精心设计的更改。 |
| Byzantine-tolerant learning in the distributed setting has been addressed in some works (e.g. [100], [101], [102], [92], [103]) where most of them assume participant’s data is i.i.d, unmodified and equally distributed. |
分布式设置中的拜占庭容忍学习已在一些研究中得到了解决(例如 [100],[101],[102],[92],[103]),其中大部分假设参与者的数据是独立同分布的、未修改的和平均分布的。 |
| Bagdasaryan et al. [96] exploited the solutions presented in [101], [92] and [103] and was able to partially mitigate the attack but that is also at the cost of global model’s accuracy. |
Bagdasaryan等人 [96] 利用了[101],[92]和[103]中提出的解决方案,能够在一定程度上缓解攻击,但这也是以全局模型准确性为代价的。 |
| To address model poisoning, Fung et al. [30] first demonstrates the FL’s vulnerability against sybil based poisoning attack through experiment and presented a FL model FoolsGold that identifies such attack based on the diversity of client updates in the distributed learning process. |
为了解决模型污染问题,Fung等人 [30] 首先通过实验证明了联邦学习对Sybil基于污染攻击的脆弱性,并提出了一种名为FoolsGold的联邦学习模型,该模型通过在分布式学习过程中的客户端更新多样性来识别此类攻击。 |
| This model even works effectively in case sybils compromised honest users. The advantages of this system compared to prior approaches are it is not bounded by the expected number of attackers, it does not require extra information outside of the learning process and it works with fewer assumptions about clients and their data. However, combating against a single client adversary, improving the model against informed attack are some limitations of this model. |
即使Sybil攻击者妥协了诚实用户,这个模型也能有效地工作。与之前的方法相比,这个系统的优点是它不受预期攻击者数量的限制,它不需要学习过程之外的额外信息,并且它对客户端及其数据的假设较少。然而,这个模型也有一些局限性,如对抗单个客户端攻击者,改进模型以抵御有信息攻击等。 |
| Blanchard et al. [98] first confirmed that federated averaging does not resist Byzantine attacks and then proposed Byzantine-tolerant aggregation rule called krum to address the model poisoning attack. |
Blanchard等人 [98] 首先确认联邦平均不抵抗拜占庭攻击,然后提出了拜占庭容忍的聚合规则,称为krum,以应对模型污染攻击。 |
| Considering f Byzantine attackers out of n participants in a communication round, krum first calculates the pairwise Euclidean distance of n-f-2 updates that are closest to a model update δi and then computes the sum of squared distances between δi and its closest n-f-2 updates. Finally, the algorithm updates the global parameter by the model update with the lowest sum. |
考虑在通信轮次中n个参与者中有f个拜占庭攻击者,krum首先计算与模型更新δi最接近的n-f-2个更新之间的成对欧氏距离,然后计算δi与其最接近的n-f-2个更新之间的平方距离之和。最后,该算法通过具有最低总和的模型更新来更新全局参数。 |
| The idea behind this is to choose a vector that is somehow the closest to n f workers and guarantee convergence regardless of f Byzantine attackers. |
其背后的想法是选择一个在某种程度上最接近nf个工作者的向量,并确保不受f个拜占庭攻击者的影响而收敛。 |
| A work presented in [104] proposed an aggregation rule considering no bound on the number of Byzantine workers but still demonstrated better convergence. |
在 [104] 中提出的一种聚合规则考虑了拜占庭工作者数量的无限制,但仍然表现出更好的收敛性。 |
| The proposed approach computes a score for each worker using a stochastic first-order oracle to determine its trustworthiness. The server ranks each candidate gradient estimator as per the estimated descent of the loss function, and the magnitudes. It then calculates the averaged gradient over the several candidates with the highest score. |
所提出的方法使用随机一阶预测器为每个工作者计算得分,以确定其可信度。服务器根据损失函数的估计下降和大小对每个候选梯度估计器进行排名。然后,它计算得分最高的几个候选者的平均梯度。 |
| The server compares the true value of the gradient with the average gradient to identify whether the update is harmful or not. |
服务器将梯度的真实值与平均梯度进行比较,以确定更新是否有害。 |
| Sun et al. 2020 [105] study the vulnerability of FL for data poisoning and devise a bi-level optimization framework adaptive to the arbitrary choice of target nodes and source attacking nodes to compute optimal poisoning attacks. |
Sun等人2020年 [105] 研究了联邦学习对数据污染的脆弱性,并设计了一个双层优化框架,适应于目标节点和源攻击节点的任意选择,以计算最优的污染攻击。 |
| Exploiting data collection process, an attacker can directly inject poisoned data to all the target nodes. The authors also considered an indirect way of poisoning data to target nodes by exploiting communication protocol in case direct attack is not possible. |
利用数据收集过程,攻击者可以直接向所有目标节点注入污染数据。作者还考虑了一种间接的方式,通过利用通信协议向目标节点注入污染数据,以防直接攻击不可能。 |
| This work highlights challenges associated with FL where attackers can exploit the communication protocol to open a backdoor to launch data poisoning attacks. |
这项工作突显了联邦学习面临的挑战,攻击者可以利用通信协议打开后门来发动数据污染攻击。 |
| To adopt FL as a probable cybersecurity solution, a cybersecurity mechanism to combat possible threats in FL should be in place. So, we also discuss some research works that present the cybersecurity solutions to the potential threats existed in FL. |
为了将联邦学习作为可能的网络安全解决方案,应该建立一种网络安全机制来应对联邦学习中可能的威胁。因此,我们还讨论了一些研究工作,提出了联邦学习中存在的潜在威胁的网络安全解决方案。 |
| To address backdoor attacks in [106], authors presented defense approaches using norm clipping and differential privacy. |
为了应对[106]中的后门攻击,作者提出了使用范数剪裁和差分隐私的防御方法。 |
| Norm clipping was considered to combat boosted attacks which are likely to generate updates with large norms. This approach was used to put a bound on the sensitivity of the gradient update by ignoring updates if its norm is above some threshold norm. |
范数剪裁被认为是对抗增强攻击的方法,这些攻击很可能会生成具有较大范数的更新。该方法用于通过忽略范数超过某个阈值的更新来限制梯度更新的敏感性。 |
| Furthermore, authors also used differential privacy to supplement norm clipping by adding Gaussian noise to the updates to mitigate the effects of adversaries beyond norm clipping. |
此外,作者还使用差分隐私来补充范数剪裁,通过在更新中添加高斯噪声来减轻超过范数剪裁的敌对影响。 |
| In FL, if an attacker does not have control over the clients, it is still quite possible to launch man-in-the-middle attacks. He/she can overhear model updates to reveal the privacy of clients and even can forge model updates in transit. |
在联邦学习中,如果攻击者无法控制客户端,仍然有可能发动中间人攻击。他/她可以窃听模型更新来揭示客户端的隐私,甚至可以在传输过程中伪造模型更新。 |
| To address this attack scenario, techniques like differential privacy [83], homomorphic encryption ([107], [108]), secure function evaluation or multiparty computation [109], and other cryptographic approaches have also been applied on top of FL. |
为了应对这种攻击情况,除了差分隐私[83]之外,还在联邦学习之上应用了诸如同态加密([107],[108]),安全函数评估或多方计算[109]和其他密码学方法。 |
| Differential privacy is effective to preserve the privacy of clients due to added noise on shared model updates and thus mitigates reverse engineering attack while other approaches even mitigate any chance of manipulation of model updates while in transit. |
差分隐私通过在共享模型更新上添加噪声来有效保护客户端的隐私,从而缓解了反向工程攻击,而其他方法甚至可以在传输过程中减少任何对模型更新的操纵机会。 |
| Geyer et al. [110] proposed an algorithm for client-sided differential privacy preserving federated optimization. It demonstrated that client’s participation can be hidden at the cost of minor loss in model performance when sufficient client participates. |
Geyer等人[110]提出了一种用于客户端的差分隐私保持联邦优化的算法。它证明了在足够的客户端参与时,可以隐藏客户端的参与,代价是模型性能的轻微损失。 |
| Article [111] also used differential privacy approach to protect patients’ privacy against possible reverse engineering attack. |
[111]中的文章还采用了差分隐私方法来保护患者的隐私免受可能的反向工程攻击。 |
| In [93], Zhu et al. first demonstrated reverse engineering attacks and then presented some defense strategies. Approaches like adding noise on gradients before sharing, gradient compression and sparsification, and others were experimented to observe its performance against information leakage. |
在[93]中,Zhu等人首先展示了反向工程攻击,然后提出了一些防御策略。在共享之前添加梯度噪声、梯度压缩和稀疏化等方法被用来观察其对信息泄漏的影响。 |
| To address reverse engineering attacks by preserving the privacy of end-users, [81] adopted the mimic learning approach [112] to work in the federated learning scenario. |
为了通过保护最终用户的隐私来应对反向工程攻击,[81]采用了模仿学习方法[112],在联邦学习场景中进行工作。 |
| Mimic learning used two kinds of learning models named as a student and a teacher. The student model is trained with a public dataset whereas the teacher model is trained with sensitive user data. Then the teacher model is used to label the public dataset, which is later used to create a student model and sent to the centralized server for generating a new global model. |
模仿学习使用两种类型的学习模型,称为学生和教师。学生模型是用公共数据集进行训练的,而教师模型是用敏感用户数据进行训练的。然后,教师模型用于标记公共数据集,随后用于创建学生模型并发送到集中式服务器以生成新的全局模型。 |
| The approach of transferring knowledge from the teacher model to the student model without revealing any sensitive information was used to protect the student model against reverse engineering attacks. |
将知识从教师模型传递到学生模型的方法,而不泄露任何敏感信息,用于保护学生模型免受反向工程攻击。 |
| To strengthen privacy by securing the parameters exchange between the client and aggregating server, homomorphic encryption1 is one of the techniques in which aggregation can be performed directly on the encrypted parameters. |
为了通过保护客户端和聚合服务器之间的参数交换来加强隐私安全,同态加密是一种可以直接在加密参数上执行聚合的技术之一。 |
| This approach allows aggregation without revealing model updates, which secures FL from any kind of spoofing or manipulation of model updates. |
这种方法允许在不泄露模型更新 |
| 的情况下进行聚合,从而使联邦学习免受任何类型的欺骗或操纵模型更新的影响。 |
|
| Taking the computation and communication overhead of this approach into account, Zhang et al. [107] proposed an efficient homomorphic solution called BatchCrypt. |
考虑到这种方法的计算和通信开销,Zhang等人[107]提出了一种高效的同态解决方案,称为BatchCrypt。 |
| To apply this solution, first a new quantization and encoding scheme, together with a gradient clipping technique, were developed. After this, instead of applying homomorphic encryption on individual gradients, BatchCrypt was used to encrypt an encoded batch of quantized gradients. |
为了应用这种解决方案,首先开发了一种新的量化和编码方案,以及一个梯度剪裁技术。然后,不再对个别梯度应用同态加密,而是使用BatchCrypt对编码后的一批量化梯度进行加密。 |
| BatchCrypt demonstrated significant speedup in training and reduction in communication overhead (compared to encrypting each gradient) with negligible loss in accuracy. |
BatchCrypt在训练中显示了显著的加速效果,并减少了通信开销(与对每个梯度进行加密相比),同时准确性损失微不足道。 |
| Moreover, in recent times, blockchain technology (BC2) has been extensively applied for many applications due to its decentralized, auditable, secure, and privacy-preserving features. |
此外,近年来,由于其分散化、可审计、安全和保护隐私的特性,区块链技术(BC2)已广泛应用于许多应用程序。 |
| So, some research works (e.g., [82], [83]) have incorporated blockchain in FL setting too. |
因此,一些研究工作(例如[82],[83])也在联邦学习设置中加入了区块链。 |
| To mitigate the effect of revealing sensitive information while sharing gradient and the chance of forging aggregated gradients by a malicious server, a verifiable federated learning (VFL) is proposed in [80]. |
为了减轻在共享梯度时泄露敏感信息的影响以及恶意服务器伪造聚合梯度的机会,[80]提出了一种可验证的联邦学习(VFL)方法。 |
| This approach used Lagrange interpolation and set interpolation points to verify the integrity of the aggregated gradient. The main advantage of VFL is it enables each participant to verify the aggregated parameters. Moreover, the verification overhead also remains constant regardless of the number of participants. |
这种方法使用拉格朗日插值和设置插值点来验证聚合梯度的完整性。 VFL的主要优点是它使每个参与者都能验证聚合参数。此外,验证开销也保持恒定,不受参与者数量的影响。 |
| Taking operation and security into account, Zhao et al. [74] designed a generic framework of the FL platform by adding a security domain and a cryptographic infrastructure to make trusted connections and interactions among the federated communicating parties. |
考虑到操作和安全性,赵等人[74]通过添加安全域和密码基础设施设计了联邦学习平台的通用框架,以建立受信任的联邦通信方之间的连接和交互。 |
| For similar objectives, [115] highlights the most common issues in FL like convergence, data poisoning, scaling, model aggregation with security and privacy perspective and presents potential solutions with simulation results. |
针对类似的目标,[115]强调了联邦学习中最常见的问题,如收敛性,数据污染,扩展性,以及模型聚合等问题,并提供了具有模拟结果的潜在解决方案。 |
| A cryptographic approach has been widely adopted as a method of exchanging information and certification to provide security and trust. |
密码学方法已广泛采用作为交换信息和证书的一种方式,以提供安全性和信任。 |
| With the objective of facilitating trusted sharing of cybersecurity certification information following the EU cybersecurity act, work in [61] proposed a generic blockchain platform enriched with smart contracts acting as a registry for authoritative device information. |
为了促进根据欧盟网络安全法提供的网络安全认证信息的可信共享,[61]提出了一个通用的区块链平台,其中智能合约充当了权威设备信息的注册表。 |
| The smart contract stores information like the manufacturer name, contact information, identity certificate, device type, device ID, last firmware version and hash/fingerprint, and a Manufacturer Usage Description (MUD) file describing the typical network interactions and which is published in an off-chain database and others. |
智能合约存储诸如制造商名称,联系信息,身份证书,设备类型,设备ID,最后固件版本和哈希/指纹,以及描述典型网络交互的制造商使用描述(MUD)文件等信息,并且这些信息被发布在链下数据库中。 |
| The proposed blockchain provides a trusted exchange of cybersecurity certification information for any electronic product, service, or process. |
提出的区块链为任何电子产品,服务或过程提供了可信的网络安全认证信息交换。 |
| The authors validated the proposed work by presenting a case study where they used SDN controller to retrieve a MUD file from the device registry smart contract. |
作者通过展示一个案例研究来验证所提出的工作,在这个案例中,他们使用SDN控制器从设备注册智能合约中检索MUD文件。 |
| To secure communication and data transmission between IoT devices and edge node, article [51] proposed Elliptic Curve Cryptography (ECC) based lightweight cryptographic solution embedded in IoT and edge devices. |
为了保护物联网设备和边缘节点之间的通信和数据传输,文章[51]提出了基于椭圆曲线密码学(ECC)的轻量级密码学解决方案,嵌入在物联网和边缘设备中。 |
| The presented approach consisted of three layers consisting of sensors and actuators (layer I), IoT edge (layer II), and cloud (layer II) where most of the computation, including key generation, takes place in layer II to reduce computation overhead to the IoT-edge. IoT-edge layer extracts the public key sent by the server and updates to IoT devices when required. The proposed approach was simulated by configuring IoT edge and Docker, and the observed results demonstrated reduced running time of encryption as well as reduced resource demands. |
所提出的方法由三个层组成,包括传感器和执行器(第I层),物联网边缘(第II层)和云(第II层),其中大部分计算,包括密钥生成,发生在第II层,以减少计算负载到物联网边缘。物联网边缘层提取服务器发送的公钥并在需要时更新到物联网设备。该方法通过配置物联网边缘和Docker进行了模拟,并观察到减少的加密运行时间以及降低的资源需求。 |
| VerifyNet [68] utilizes a key sharing strategy and encryption to protect the privacy of the user’s local gradients in the workflow. |
V erifyNet [68]使用密钥共享策略和加密来保护工作流程中用户本地梯度的隐私。 |
| Further, this model used CNN network with MNIST database to test the classification accuracy of the model. The model classifies the correctness of the results returned by the server. Additionally, it also allows users to be offline during the training process. |
此外,该模型使用CNN网络和MNIST数据库来测试模型的分类准确性。该模型对服务器返回的结果的正确性进行分类。此外,它还允许用户在训练过程中脱机。 |
| Cloud service-based architecture is the necessary as well as dominant computing services in today’s world. The operations and communications associated with the service provider must be secure and trustworthy. |
基于云服务的体系结构是当今世界所必需的主要计算服务。与服务提供商相关的操作和通信必须安全可信。 |
| To assess the security and reputation of cloud service-based architecture for IoT, Li et al. [72] proposed a novel trust assessment framework. The proposed framework integrated security and reputation-based trust assessment methods to evaluate the trust of cloud services. |
为了评估基于云服务的物联网体系结构的安全性和信誉,李等人[72]提出了一种新颖的信任评估框架。所提出的框架集成了基于安全和信誉的信任评估方法,以评估云服务的信任。 |
| Customers’ feedback rating for the cloud service’s trustworthiness or quality of service of cloud service was incorporated in the framework. For the performance evaluation, the assessment framework was built and tested in two parts, namely security-based test assessment (SeTA) and reputation-based test assessment (ReTA). SeTA was tested using a synthesized dataset encapsulating security metrics, whereas ReTA was tested against WSDream dataset2; a real-world web service dataset, and the results demonstrated that the proposed framework efficiently and effectively assesses the trustworthiness of a cloud service while outperforming other trust assessment methods. |
客户对云服务的信任或云服务的服务质量的反馈评级被纳入框架中。为了进行性能评估,评估框架分为两个部分,即基于安全的测试评估(SeTA)和基于声誉的测试评估(ReTA)。 SeTA使用包含安全指标的合成数据集进行测试,而ReTA则针对WSDream数据集进行测试;一个真实的网络服务数据集,结果表明所提出的框架在有效评估云服务的可信度方面表现优异,超越了其他信任评估方法。 |
| A secure data collaboration framework (FDC) consisting of a private data center, public data center, and blockchain technology for the IoT environment was presented in [82]. |
[82]提出了一个安全的数据协作框架(FDC),包括私有数据中心、公共数据中心和区块链技术,用于物联网环境。 |
| The role of the private data center is to handle data governance, data registration, and data management, where that of the public data center is to facilitate multiparty secure computation. Blockchain technology was used to provide auditable multiparty interactions. |
私有数据中心的作用是处理数据治理、数据注册和数据管理,而公共数据中心的作用是促进多方安全计算。区块链技术用于提供可审计的多方互动。 |
| The framework was implemented in FL setting to address issues like secure and confidential storage, secure sharing and efficient management, traceability and audit of data behaviors, efficient authorization, and others. |
该框架在联邦学习设置中实施,以解决安全和保密存储、安全共享和高效管理、数据行为的可追溯性和审计、高效授权等问题。 |
| In another example, PriModChain [83] combined differential privacy-enabled FL, blockchain, and smart contracts to ensure privacy, security, reliability, safety, and resiliency in the IIoT environment. |
另一个例子是PriModChain [83],它将差分隐私启用的联邦学习、区块链和智能合约相结合,以确保工业物联网环境中的隐私、安全、可靠性、安全性和弹性。 |
| To fully protect the privacy of end-users, secure multiparty computation (MPC)3 approach has also been utilized in FL. |
为了完全保护终端用户的隐私,联邦学习中还使用了安全多方计算(MPC)3方法。 |
| [117] used MPC to perform secure FL aggregation where the aggregating server(s) cannot access clients’ model updates as well as any intermediate global model. To exchange the model update securely, clients use a multi-party encryption scheme to encrypt their updates. Further, to access the global model, the clients decrypt global updates using its secret share of the key. After training, clients encrypt their local updates and send them to the server for aggregation. |
[117]使用MPC来执行安全的联邦学习聚合,其中聚合服务器不能访问客户端的模型更新以及任何中间的全局模型。为了安全地交换模型更新,客户端使用多方加密方案对其更新进行加密。此外,为了访问全局模型,客户端使用其密钥的秘密共享解密全局更新。训练后,客户端对其本地更新进行加密并将其发送到服务器进行聚合。 |
| Despite the several research efforts to make FL secure from attackers controlling end devices and/or acting in the middle, FL can still be vulnerable to centralized server’s malfunctioning. Attackers may compromise the aggregating server or the server itself may act maliciously. A biased server may manipulate the aggregation process and favor some clients. |
尽管有多项研究努力使联邦学习免受控制终端设备和/或在中间行为的攻击者的威胁,但联邦学习仍然可能受到集中式服务器故障的影响。攻击者可能会破坏聚合服务器,或者服务器本身可能表现出恶意行为。有偏见的服务器可能操纵聚合过程,偏袒某些客户端。 |
| Considering these possibilities, some research (e.g., [118], [119]) have suggested using blockchain technology and delegating all the FL operations to end devices so as to remove centralized servers. By this approach, end devices acting as the miners of the blockchain network collect the model updates, verify them, and finally perform aggregation. This approach addresses several security concerns but still fails to address the scenario when the client itself can be malicious. Furthermore, the blockchain approach associates high computation and communication requirements, and so it may not be applicable if the end devices are resource-constrained. |
考虑到这些可能性,一些研究(例如,[118],[119])建议使用区块链技术,并将所有联邦学习操作委托给终端设备,以消除集中式服务器。通过这种方法,充当区块链网络矿工的终端设备收集模型更新,对其进行验证,最后进行聚合。该方法解决了若干安全问题,但仍无法解决客户端本身可能是恶意的情况。此外,区块链方法涉及较高的计算和通信需求,因此如果终端设备受资源限制,可能无法应用。 |
| Securing FL fully is a huge challenge, and it is still an open research topic. Cryptographic approaches are quite useful to exchange model updates securely and preserve privacy. However, if the privacy of clients is fully preserved (even from the aggregating server), it is hard to detect malicious model updates and take appropriate measures against colluding attacks. One approach is not sufficient to address all the security concerns associated with FL. Exploring the combination of different approaches discussed above is likely to be a potential solution to address the security issues present in FL. |
完全保护联邦学习的安全性是一个巨大的挑战,它仍然是一个开放的研究课题。加密方法在安全地交换模型更新和保护隐私方面非常有用。然而,如果客户端的隐私得到完全保护(即使对于聚合服务器也是如此),很难检测到恶意的模型更新并采取适当的措施来应对合谋攻击。单一方法不足以解决与联邦学习相关的所有安全问题。探索上述不同方法的组合可能是解决联邦学习中存在的安全问题的潜在解决方案。 |
| IV. RESOURCE CONSTRAINT, COMMUNICATION LATENCYAND MODEL ACCURACY |
IV. 资源约束、通信延迟和模型准确性 |
| We have already witnessed the success of blockchain in recent times due to its decentralized model of secure computing. In a similar sense, FL research is growing enormously due to its privacy-preserving decentralized learning model. However, the true success of FL depends on its core challenges, and these need to be addressed for its applicability. FL framework not only needs to be secure but also should be efficient and accurate enough. The core challenges that hinder the performance of FL are expensive communication, systems heterogeneity, and statistical heterogeneity. In this section, we discuss several research that have addressed such challenges. |
我们已经在最近的时间里见证了区块链的成功,这归功于其分散式的安全计算模型。同样,联邦学习的研究由于其保护隐私的分散式学习模型而不断增长。然而,联邦学习的真正成功取决于其核心挑战,并且需要解决这些挑战才能实现其适用性。联邦学习框架不仅需要安全,还应该足够高效和准确。影响联邦学习性能的核心挑战是昂贵的通信、系统异构性和统计异构性。在本节中,我们讨论了一些研究,这些研究已经解决了这些挑战。 |
| In FL setting, updated model parameters are exchanged regularly between end-devices and a central server, and it causes a major bottleneck in the performance of federated networks. To alleviate such communication overhead and reduce latency, approaches like compression e.g. [45], clustering e.g. [46], optimizing global federating learning e.g. [26] time and others have been examined in the literature. The approach to reduce latency might affect the accuracy of the learning model. Several works have also addressed preserving or improving accuracy, and in most cases, the accuracy of the proposed solutions has been verified by comparing them with the centralized model. |
在联邦学习环境中,更新的模型参数定期在终端设备和中央服务器之间交换,这导致了联邦网络性能的主要瓶颈。为了减少这种通信开销并降低延迟,已经在文献中考察了诸如压缩(例如,[45])、聚类(例如,[46])、优化全局联合学习(例如,[26])时间等方法。减少延迟的方法可能会影响学习模型的准确性。一些工作还着重保持或提高准确性,在大多数情况下,通过将其与集中式模型进行比较,已经验证了所提出解决方案的准确性。 |
| To alleviate communication overhead in FL, [45] envisioned a compression approach and proposes a new sparse ternary compression (STC) framework. This framework is created by extending the existing compression technique of top-k gradient sparsification. The authors employed a mechanism to enable downstream compression as ternarization and optimal Golomb encoding. The authors conducted experiments on the proposed framework by applying four different learning tasks observed that STC performed well in common FL learning scenarios of high-frequency and low-bandwidth communication. Improving communication efficiency by compressing thus reducing the communicated message size, [78] designed and improved gradient compression algorithm and achieved 8.77% of the original communication time with just 0.03% reduction in the accuracy. This Privacy-Preserving Asynchronous FL Mechanism for Edge, employed collaborative learning of discrete nodes in edge networking with ensuring the privacy of local information. This work also investigated asynchronous FL to better work with diverse characteristics of edge nodes. Preserving accuracy while applying high ratio sparsification in FL, [76] proposes a General Gradient Sparsification (GGS) framework for adaptive optimizers. The framework consists of gradient correction and batch normalization up-to-date with local gradients (BN-LG) to keep convergence to a large extent and to minimize the impact of delayed gradients on the training respectively. Some researchers have addressed communication overhead by tuning the aggregation of the global model. Whereas in [26], Hsieh et al. used the approach of aggregating global model only when the global model’s weight differs by some empirically selected threshold. With a similar objective and approach as defined in [26], a control algorithm to find global aggregation frequency was proposed in [27]. The control algorithm devised from theoretical analysis learns the system and data characteristics dynamically in real-time to find the appropriate aggregation frequency that results in enhancing learning accuracy based on the resource available. |
为了减轻联邦学习中的通信开销,[45]构想了一种压缩方法,并提出了一种新的稀疏三元压缩(STC)框架。该框架通过扩展现有的top-k梯度稀疏化压缩技术而创建。作者采用了一种机制,将下游压缩转化为三元化和最优Golomb编码。作者对所提出的框架进行了实验,应用了四种不同的学习任务,并观察到STC在高频低带宽通信的常见联邦学习场景中表现良好。通过压缩提高通信效率,从而减少传递的消息大小,[78]设计并改进了梯度压缩算法,并在保持准确性的情况下,将原始通信时间的8.77%降低了仅0.03%。该隐私保护异步联邦学习机制用于边缘计算,在边缘网络中采用离散节点的协同学习,确保本地信息的隐私。该工作还研究了异步联邦学习,以更好地处理边缘节点的各种特性。在联邦学习中应用高比例稀疏化的同时保持准确性,[76]提出了一种自适应优化器的通用梯度稀疏化(GGS)框架。该框架包括梯度校正和批归一化与本地梯度(BN-LG)的更新,以在很大程度上保持收敛,并将延迟梯度对训练的影响最小化。一些研究人员通过调整全局模型的聚合来解决通信开销的问题。而在[26]中,Hsieh等人使用的方法是仅在全局模型的权重与一些经验选择的阈值不同时聚合全局模型。在[26]中定义的目标和方法类似的情况下,[27]提出了一个用于找到全局聚合频率的控制算法。基于理论分析设计的控制算法在实时动态学习系统和数据特性方面,找到了适当的聚合频率,从而增强了基于资源的学习准确性。 |
| Non-IID data distribution in the FL network is likely to affect the quality of the global model. To address such an issue, [28] used a feature fusion approach of aggregating local and global model. The proposed model outperformed baseline FL models and demonstrated better accuracy, initialization for new incoming clients, speeding up the convergence process. Wang et al. [50] propose a control algorithm to work with the best trade-off between local update and global parameter aggregation in FL to minimize the loss function under a given resource budget. Considering the effect of statistical heterogeneity, work [29] proposed a novel federated multitask learning (FMTL) framework that forms clusters of clients based on the geometric properties of the FL surface with jointly trainable data distribution. This clustering approach provided better results in the FL scenario where clients' local data is distributed and non-IID. The advantages of this approach compared to the existing methods are that it works with the existing FL communication protocol and is also applicable to general non-convex objectives. Furthermore, information about the number of clusters does not require to be known in advance. |
联邦学习网络中的非独立同分布数据分布可能会影响全局模型的质量。为了解决这个问题,[28]采用了聚合局部和全局模型的特征融合方法。所提出的模型优于基线联邦学习模型,并表现出更好的准确性,对新到来的客户端进行初始化,加快收敛过程。Wang等人[50]提出了一个控制算法,在联邦学习中实现局部更新和全局参数聚合之间的最佳平衡,以在给定资源预算下最小化损失函数。考虑 |
| 到统计异构性的影响,[29]提出了一种新颖的联邦多任务学习(FMTL)框架,该框架根据联邦学习表面的几何特性形成客户端集群,具有联合可训练的数据分布。这种聚类方法在客户端本地数据分布和非独立同分布的联邦学习场景中提供了更好的结果。与现有方法相比,这种方法的优点是它与现有的联邦学习通信协议配合使用,也适用于一般的非凸目标。此外,并不需要事先了解聚类的数量信息。 |
|
| Some researchers have addressed communication overhead by tuning the aggregation of the global model. Whereas in [26], Hsieh et al. used the approach of aggregating global model only when the global model’s weight differs by some empirically selected threshold. With a similar objective and approach as defined in [26], a control algorithm to find global aggregation frequency was proposed in [27]. The control algorithm devised from theoretical analysis learns the system and data characteristics dynamically in real-time to find the appropriate aggregation frequency that results in enhancing learning accuracy based on the resource available. |
一些研究人员通过调整全局模型的聚合来解决通信开销的问题。在[26]中,Hsieh等人使用的方法是仅在全局模型的权重与一些经验选择的阈值不同时聚合全局模型。在[26]中定义的目标和方法类似的情况下,[27]提出了一个用于找到全局聚合频率的控制算法。基于理论分析设计的控制算法在实时动态学习系统和数据特性方面,找到了适当的聚合频率,从而增强了基于资源的学习准确性。 |
| Non-IID data distribution in the FL network is likely to affect the quality of the global model. To address such an issue, [28] used a feature fusion approach of aggregating local and global model. The proposed model outperformed baseline FL models and demonstrated better accuracy, initialization for new incoming clients, speeding up the convergence process. |
联邦学习网络中的非独立同分布数据分布可能会影响全局模型的质量。为了解决这个问题,[28]采用了聚合局部和全局模型的特征融合方法。所提出的模型优于基线联邦学习模型,并表现出更好的准确性,对新到来的客户端进行初始化,加快收敛过程。 |
| Wang et al. [50] propose a control algorithm to work with the best trade-off between local update and global parameter aggregation in FL to minimize the loss function under a given resource budget. Considering the effect of statistical heterogeneity, work [29] proposed a novel federated multitask learning (FMTL) framework that forms clusters of clients based on the geometric properties of the FL surface with jointly trainable data distribution. This clustering approach provided better results in the FL scenario where clients' local data is distributed and non-IID. The advantages of this approach compared to the existing methods are that it works with the existing FL communication protocol and is also applicable to general non-convex objectives. Furthermore, information about the number of clusters does not require to be known in advance. |
Wang等人[50]提出了一个控制算法,在联邦学习中实现局部更新和全局参数聚合之间的最佳平衡,以在给定资源预算下最小化损失函数。考虑到统计异构性的影响,[29]提出了一种新颖的联邦多任务学习(FMTL)框架,该框架根据联邦学习表面的几何特性形成客户端集群,具有联合可训练的数据分布。这种聚类方法在客户端本地数据分布和非独立同分布的联邦学习场景中提供了更好的结果。与现有方法相比,这种方法的优点是它与现有的联邦学习通信协议配合使用,也适用于一般的非凸目标。此外,并不需要事先了解聚类的数量信息。 |
| In [42], a federated CLONE model is proposed to work on the edges for connected vehicles network. A parameter EdgeServer was used to coordinate distributed participating vehicles. Each vehicle locally trains its learning model with its own private training data. After one epoch, each vehicle pushes the current value of parameters to the parameter EdgeServer and the EdgeServer aggregates all such parameters from distributed vehicles by computing the weighted average value. For the next epoch, each vehicle pulls the updated parameters as the current parameter from the EdgeServer and repeats the process. In case a new vehicle joins the network, it pulls the current aggregated parameters from the parameter EdgeServer to use as its initial parameters for training. Following asynchronous communication without stopping and waiting for other vehicles to complete an epoch reduces the latency. |
在[42]中,提出了一个用于连接车辆网络边缘计算的联邦CLONE模型。使用EdgeServer参数来协调分布式参与的车辆。每辆车都使用自己的私有训练数据在本地训练其学习模型。经过一个epoch后,每辆车将当前参数值推送到EdgeServer参数服务器,EdgeServer通过计算加权平均值聚合来自分布式车辆的所有参数。在下一个epoch中,每辆车从EdgeServer参数服务器拉取更新后的参数作为当前参数,并重复此过程。如果有新车加入网络,它将从参数EdgeServer参数服务器拉取当前聚合的参数作为其初始训练参数。通过异步通信而无需停止等待其他车辆完成一个epoch可以减少延迟。 |
| System heterogeneity is one of the big issues in the federated network which cannot be ignored. Ren et al. [20] combined the idea of FL and data offloading to alleviate the constraints and challenges of IoT devices. For intensive computation tasks, IoT devices offload data to the edge nodes so that such devices can conserve energy and provide the required quality of service. Multiple deep reinforcement learning (DRL) agents were deployed on IoT devices to assist in offloading decisions as per the dynamic workload and radio environment of the IoT system. DRL agents were trained in a distributed setting using FL and an experiment was conducted to confirm the effectiveness of edge computing-supported IoT system using data offloading and FL. |
系统异构性是联邦网络中不可忽视的重要问题。Ren等人[20]将FL的理念与数据卸载相结合,以减轻物联网设备的约束和挑战。对于密集的计算任务,物联网设备将数据卸载到边缘节点,使得这些设备能够节省能量并提供所需的服务质量。在物联网设备上部署了多个深度强化学习(DRL)代理,以根据物联网系统的动态工作负载和无线电环境来辅助卸载决策。DRL代理在分布式环境中使用FL进行训练,并进行实验以确认利用数据卸载和FL支持的边缘计算物联网系统的有效性。 |
| Some works incorporated blockchain-based federated model architecture consisting of edge nodes. ”FLchain” [71] stores local parameters used for each global aggregation in a block on the channel-specific ledger to enhance security and audit trails. In FLchain, for each new global learning model, a new channel is created. However, the limitations in this model are the blockchain model does not use a reward mechanism for participating nodes, and end devices do not directly participate in BC, in fact, edge devices do all the transactions on behalf of these devices. Moreover, latency of communication, the computing and storage capability of end devices are not taken into account in the proposed model. In [79], authors proposed iFLBC:FL and Blockchain-based ML to bring edge-AI to end devices. To alleviate the scarcity of data, a trained federated shared model is stored in the blockchain that works using the mechanism called Proof of Common Interest (PoCI) to separate relevant and non-relevant data. |
一些研究结合了基于区块链的边缘节点构成的联邦模型架构。"FLchain"[71]将用于每个全局聚合的本地参数存储在通道特定账本上的一个区块中,以增强安全性和审计追踪。在FLchain中,对于每个新的全局学习模型,都会创建一个新的通道。然而,该模型的局限性在于区块链模型不使用参与节点的奖励机制,终端设备不直接参与区块链,实际上,边缘设备代表这些设备进行所有交易。此外,通信的延迟,终端设备的计算和存储能力在提出的模型中没有考虑。在[79]中,作者提出了iFLBC:基于FL和区块链的机器学习,将边缘人工智能带到终端设备。为了缓解数据的稀缺性,训练过的联邦共享模型存储在区块链中,利用称为“共同兴趣证明”(PoCI)的机制来分离相关和非相关数据。 |
| V. MACHINE LEARNING MODELS, ALGORITHMS, AND TECHNOLOGY |
V. 机器学习模型、算法和技术 |
| In this section, we highlight all the machine learning models, algorithms, and technologies used by surveyed research in Table III. Along with this information, we also present information about the tools and environment under which simulation has been carried out. Our survey is primarily focused on cybersecurity for the IoT environment and importantly using FL. Based on the nature and complexity of the proposed works, authors have adopted a variety of ML models. The only purpose of this section is to give readers information about the trends on kinds of ML models, algorithms, and technologies that have been used by the surveyed works along with the tools and environment under which the proposed works have been evaluated. |
在本节中,我们将在表III中突出展示所有受调查研究中使用的机器学习模型、算法和技术。除此信息外,我们还提供了有关进行模拟的工具和环境的信息。我们的调查主要关注物联网环境的网络安全,特别是使用FL。根据所提出的工作的性质和复杂性,作者采用了各种各样的机器学习模型。本节的唯一目的是向读者提供关于已调查工作中使用的机器学习模型、算法和技术类型的趋势信息,以及所提出工作在哪些工具和环境下进行评估的信息。 |
| For all the proposed works, authors have adopted varieties of machine learning models like a neural network, SVM, linear regression, Q-learning, and so on. FL inherently supports privacy and security (compared to centralized learning) but to strengthen these, some works have also used elliptic-curve cryptography, differential privacy, blockchain and others. The majority of the works have considered CNNs as their machine learning models. Different variations of CNNs like LeNet, AlexNet, GoogLeNet, VGGNet, and others have been used. LSTM (a recurrent neural network) and MLPs (a feed-forward neural network) also have been used by several works. Several works have adopted multiple of the ML models and compared the results to verify their proposed models. |
对于所有提出的工作,作者采用了各种机器学习模型,如神经网络、支持向量机、线性回归、Q-learning等。FL从本质上支持隐私和安全性(与集中式学习相比),但为了加强这些方面,一些工作还使用了椭圆曲线密码学、差分隐私、区块链等。大多数工作将CNN作为其机器学习模型。不同变体的CNN,如LeNet、AlexNet、GoogLeNet、VGGNet等,已被使用。LSTM(一种循环神经网络)和MLPs(一种前馈神经网络)也被一些工作使用。多个工作采用了多个ML模型并比较结果以验证他们的提议模型。 |
| VII. OPEN CHALLENGES AND FUTURE RESEARCH DIRECTIONS |
VII. 开放挑战与未来研究方向 |
| Data is a crucial asset for an individual and company that should be protected to ensure the CIA (confidentiality, integrity, and availability) triad. Legislations like Consumer Data Protection Act and the Data Care Act in the USA, General Data Protection Regulation (GDPR) in Europe have been already rolled out to strengthen data protection. However, due to the rapidly growing flood of data, ML has been inevitable to analyze and learn from the data. However, the traditional learning model (centralized) poses a lot of concerns due to the insecure digital highway, limited bandwidth, and sole control of the service provider. In this regard, FL offers an innovative framework to facilitate learning by keeping data locally and training locally. However, it is still in the early stage to be fully applicable particularly for the IoTs environment. |
数据是个人和公司的重要资产,应该受到保护,以确保CIA(机密性、完整性和可用性)三位一体。美国的《消费者数据保护法》和《数据护理法》以及欧洲的《通用数据保护条例》(GDPR)已经出台,以加强数据保护。然而,由于数据的快速增长,机器学习(ML)成为分析和学习数据的必然选择。然而,传统的学习模型(集中式)由于不安全的数字高速公路、有限的带宽和服务提供商的独占控制而引发了许多问题。在这方面,联邦学习(FL)通过保持数据本地和本地训练提供了一种创新的框架来促进学习。然而,它在完全适用于物联网环境方面仍处于早期阶段。 |
| In recent times, FL has gained significant attention in the research community. Many works have already proposed their models making use of different ML algorithms, frameworks, and technologies. However, in our survey, we found most of the proposed models use neural networks. NN is mostly preferred in FL setting however, it increases the complexity which might increase the overhead in real heterogeneous IoT environments. Moreover, most of the proposed models are simulated in an environment consisting of few devices and that are tested against only a few datasets. To develop an efficient and robust FL model, research works need to consider different permutations and combinations of ML algorithms, datasets, and working dynamics and measure the true efficacy of the developed system. |
最近,联邦学习(FL)在研究界引起了极大关注。许多研究已经提出了使用不同机器学习算法、框架和技术的模型。然而,在我们的调查中,我们发现大多数提出的模型使用神经网络。在FL设置中,神经网络通常是首选,然而,这会增加复杂性,可能增加在真实异构物联网环境中的负担。此外,大多数提出的模型是在仅包含少数设备并且只针对少数数据集的环境中进行模拟的。为了开发高效且稳健的FL模型,研究工作需要考虑不同的机器学习算法、数据集和工作动态的排列组合,并测量所开发系统的真实效力。 |
| Considering the limited resources and communication bandwidth in the IoT network, a significant number of research works have proposed a FL scenario where the edge server aggregates the updates from end devices and passes them on to the central server. Such an approach might not work in general as all IoT networks may not have such an ideal configuration. Additionally, the baseline algorithm, federated averaging (FedAvg) has been mostly applied to aggregate and weigh the updated model. Due to the system and statistical heterogeneous characteristics of IoTs environment, the convergence in real federated networks may not occur as expected. So, it will be valuable to seek other methods that address such issues and result in quick convergence. |
考虑到物联网网络中有限的资源和通信带宽,大量的研究工作提出了一种FL场景,其中边缘服务器聚合来自终端设备的更新并将其传递给中央服务器。这种方法可能不适用于所有物联网网络,因为它们可能没有这样理想的配置。此外,基线算法联邦平均(FedAvg)主要用于聚合和加权更新的模型。由于物联网环境的系统和统计异质性特征,实际联邦网络中的收敛可能不会如预期那样发生。因此,寻找其他方法来解决这些问题并实现快速收敛将具有重要价值。 |
| Differential privacy e.g [23], homomorphic encryption e.g. [25], secure function evaluation or multiparty computation e.g. [24] have been utilized in FL for privacy-preserving learning. FL using these approaches have been implemented and experimented in small-scale distributed network only. So, it may bring novel challenges in the large-scale network scenarios due to the additional communication and computation burdens. |
差分隐私(例如[23])、同态加密(例如[25])和安全功能评估或多方计算(例如[24])已经在FL中用于保护隐私的学习。使用这些方法的FL仅在小规模分布式网络中进行了实施和实验。因此,在大规模网络场景中,由于额外的通信和计算负担,这可能带来新的挑战。 |
| In literature, gradient compression schemes [e.g. [76], [45]] have been popularly applied to compress the communicated messages to thus reducing latency. Although this reduces the size of data to be transmitted, it may result in data loss and affect the accuracy of the learning model. |
在文献中,渐变压缩方案(例如[76]、[45])已经被广泛应用于压缩通信消息,从而降低延迟。虽然这减少了要传输的数据大小,但可能导致数据丢失并影响学习模型的准确性。 |
| In surveyed works, the ML learning parameters have been aggregated in a single centralized server. This approach induces the risk of a single point of failure due to a cyberattack or any other reason. Moreover, In this setting, communication efficiency is also likely to be affected by the geographical location of the centralized server. A new approach to design multi-tier distributed aggregating servers can make FL communication efficient and robust. |
在调查的工作中,机器学习(ML)学习参数已经聚合在一个单一的集中服务器中。这种方法会因为网络攻击或其他原因导致单点故障的风险。此外,在这种设置下,通信效率也可能受到集中服务器地理位置的影响。设计多层分布式聚合服务器的新方法可以使FL通信高效且稳健。 |
| Several methods have been proposed to address expensive communication in FL, however, those approaches have been tested only in the small scale federated networks. Such approaches may perform inefficiently in large-scale federated networks consists of millions of devices with system heterogeneity and statistical heterogeneity. In a large-scale network setting exacerbated by devices sampling and drop out due to network connectivity and limited resources, current approaches are limited to measure the level of system heterogeneity as well as statistical heterogeneity. This deficiency might directly hinder the accuracy of the learning model. Large-scale FL have been highlighted in many articles. These issues have been addressed mostly under the assumptions of i.i.d., non-modified and equal data distribution. Identifying and mitigating attacks on true FL stetting without degrading performance and accuracy is still an open area of research. |
已经提出了几种方法来解决FL中昂贵的通信问题,然而,这些方法只在小规模联邦网络中进行了测试。在由数百万设备组成的大规模联邦网络中,这种方法可能表现不佳,其中存在系统异质性和统计异质性。在由于设备采样和因网络连接性和有限资源而导致的退出的大规模网络设置中,当前的方法局限于测量系统异质性和统计异质性的水平。这种不足可能直接影响学习模型的准确性。大规模FL已在许多文章中得到突出。这些问题主要是在假设i.i.d.、非修改和平等数据分布的情况下得到解决的。在不降低性能和准确性的情况下识别和减轻真实FL设定上的攻击仍然是一个开放的研究领域。 |
| VIII. CONCLUSION |
总结 |
| In this survey, we first highlighted the risks and threats associated with IoT systems. Motivated by the role of ML to learn from the flood of data and keep the IoT network safe and secure, we talked about different models of learning and pinpointed the merits and demerits of each model. We then extended our study to the application of FL, a new and innovative learning model; for the security of IoT networks. Several recent works addressing the security aspect of IoT environments were discussed. We also discussed several research efforts carried out to mitigate attacks in the FL paradigm. Despite the inherent data protection framework of FL, it bears several challenges to be addressed for its successful adoption. So, we discussed several existing research addressing such performance issues. To assist readers for a research direction with overall information, we presented most of the surveyed works along with the issues addressed and all the ML algorithms, frameworks, technologies, datasets used by the proposed works. Finally, some open challenges in FL research were presented for future research directions. |
在本调查中,我们首先强调了物联网系统所面临的风险和威胁。受到机器学习从大量数据中学习和保持物联网网络安全的角色的激发,我们讨论了不同的学习模型,并指出了每个模型的优点和缺点。然后,我们将我们的研究扩展到FL的应用,FL是一种新颖的学习模型,用于保护物联网网络的安全。我们讨论了几篇最近的作品,涉及到物联网环境安全方面的问题。我们还讨论了几项研究工作,以缓解FL范 paradigm 中的攻击。尽管FL具有固有的数据保护框架,但它还存在一些需要解决的挑战,以便成功采用。因此,我们讨论了几项现有研究,解决了这些性能问题。为了帮助读者确定研究方向,我们介绍了大多数调查的作品,以及所提出的作品所涉及的问题和所有的机器学习算法、框架、技术和数据集。最后,我们提出了FL研究中的一些挑战,为未来的研究方向提供了参考。 |
