摘要
针对物联网智能感知阶段中预测模型训练的模型投毒问题,提出了一种具备验证功能的抗投毒攻击方案.该方案采用余弦相似度聚类机制和过滤策略作为可信第三方检测算法,并融合同态加密技术实现认证,同时通过轻量级数据加密以保护本地模型数据的隐私.此外,采用Shamir秘密共享算法保障了针对用户退出问题的模型训练的鲁棒性.通过引入可信第三方,该方案能够有效检测并防止不诚实用户或攻击者对联邦学习模型精度的影响.仿真实验结果表明,该方案能够在保障用户本地模型数据安全的前提下,对参与训练的模型数据进行高精度的检测,并能够处理物联网智能感知环境下的大量异构数据.
To address the issue of model poisoning during predictive model training in the IoT intelligent sensing phase,this study proposes an anti-poisoning attack scheme with verification capabilities.The scheme employs a cosine similarity clustering mechanism and a filtering strategy as a trusted third-party detection algorithm,integrating homomorphic encryption for authentication.Additionally,lightweight data encryption is used to protect the privacy of local model data.The Shamir Secret Sharing algorithm ensures robustness in model training against users dropout.By introducing a trusted third party,the scheme effectively detects and prevents dishonest users or attackers from compromising the accuracy of federated learning models.Simulation results demonstrate that the scheme can accurately detect model data involved in training while ensuring the security of users'local model data and handling large volumes of heterogeneous data in IoT intelligent sensing environments.
作者
韩刚
马炜燃
张应辉
刘伟
盛丽玲
Han Gang;Ma Weiran;Zhang Yinghui;Liu Wei;Sheng Liling(School of Cyberspace Security,Xi'an University of Posts and Telecommunications,Xi'an 710121;State Key Laboratory of Integrated Seroices Netzvorks(Xidian University),Xi'an 710126)
出处
《信息安全研究》
CSCD
北大核心
2024年第9期804-810,共7页
Journal of Information Security Research
基金
国家自然科学基金项目(62102312)
陕西省重点研发计划项目(2024GX-YBXM-079)
ISN全国重点实验室开放课题(ISN24-13)
陕西省高校青年创新团队项目(23JP160)。
关键词
联邦学习
投毒攻击
物联网智能感知
隐私保护
同态加密
federated learning
poisoning attack
IoT intelligent perception
privacy protection
homomorphic encryption
