摘要
网络流量分类在网络管理和安全中至关重要,尤其是精准识别分布式拒绝服务(Distributed Denial of Service,DDoS)攻击这一威胁。DDoS攻击会导致服务中断、资源耗尽和经济损失,严重影响服务质量(QoS)。尽管集中式模型在DDoS攻击检测中取得了一定成效,但在实际应用中存在挑战:数据分布不均、数据集中传输困难,以及异构设备和动态网络环境的限制,从而难以实现实时检测。为应对这些问题,本文提出了一种基于异步个性化联邦学习的DDoS攻击检测与缓解方法AdaPerFed(Adaptive Personalized Federated Learning)。首先,通过定制的ResNet架构高效处理一维流量数据,并集成Net模块增强特征提取能力。然后,通过软件定义网络(SDN,Software-Defined Networking)模拟复杂动态网络环境,并引入完善的缓解系统应对多样化攻击场景。个性化联邦学习框架有效处理了非独立同分布(Non-IID,Non-Independent and Identically Distributed)数据问题,并通过异步学习机制适应异构设备和网络条件的差异,提升了系统的鲁棒性和扩展性。实验结果表明,AdaPerFed在CICDDoS2019、CIC-IDS2017和InSDN等数据集上均优于其他联邦学习算法,在不同客户端数量下展现出更快的收敛速度和更强的鲁棒性,DDoS检测准确率提升了15%~20%。消融实验进一步验证了个性化聚合模块对系统性能的显著提升。
Network traffic classification serves as a fundamental component of both network management and cybersecurity,playing a pivotal role in ensuring the stability and security of modern communication infrastructures.Among various network security threats,the accurate identification of Distributed Denial of Service(DDoS)attacks remains particularly crucial,as such attacks have the potential to severely compromise system availability and overall network reliability.DDoS attacks can cause significant disruptions to network services by overwhelming targeted systems with an excessive volume of malicious traffic,leading to service outages,rapid depletion of computational and network resources,and substantial financial losses.These consequences critically impair the Quality of Service(QoS),affecting both end users and service providers by degrading network performance and reducing operational efficiency.While centralized machine learning models have demonstrated notable success in detecting DDoS attacks by leveraging vast amounts of labeled data for training,their deployment in real-world network environments is hindered by several intrinsic challenges.One of the most critical issues is the highly imbalanced distribution of network traffic data,where attack patterns and normal traffic exhibit significant variations across different clients.Furthermore,the centralized collection and transmission of large-scale network data not only introduce severe privacy and security concerns but also pose substantial bandwidth and storage constraints,making traditional data aggregation approaches impractical.Additionally,heterogeneous network devices—ranging from highperformance servers to resource-constrained edge devices—operate under diverse computational capabilities and network conditions,while the constantly evolving nature of network traffic dynamics further complicates the feasibility of real-time DDoS detection and mitigation strategies.To effectively address these challenges and enhance the adaptability and efficiency of DDoS attack detection in dynamic network environments,this paper introduces AdaPerFed(Adaptive Personalized Federated Learning),an asynchronous personalized federated learning-based approach designed to detect and mitigate DDoS attacks while overcoming the inherent limitations of centralized detection frameworks.First,we develop a customized ResNet-based deep learning architecture that is specifically optimized for efficiently processing one-dimensional network traffic data,enabling the extraction of rich temporal and spatial features crucial for DDoS detection.Additionally,we integrate a dedicated Net module within the architecture to further enhance feature extraction capabilities,allowing the model to capture complex attack patterns more effectively and distinguish malicious traffic from benign network activities with higher precision and robustness.Subsequently,we leverage Software-Defined Networking(SDN)to construct a highly flexible and programmable network environment,allowing us to simulate realistic,largescale,and dynamically changing network conditions where diverse attack scenarios can be systematically evaluated.To complement our detection framework,we incorporate a comprehensive mitigation system,which dynamically adjusts network security policies and defensive mechanisms in response to evolving attack patterns,ensuring proactive protection against a wide range of DDoS threats.The personalized federated learning framework employed in AdaPerFed effectively addresses the fundamental challenge of Non-Independent and Identically Distributed(Non-IID)data,a common issue in federated learning where clients possess highly diverse and unbalanced datasets.By incorporating an asynchronous learning mechanism,our approach ensures that each client autonomously updates and fine-tunes its model based on local data distributions,thereby enhancing personalization and improving overall model generalization.Furthermore,this asynchronous and adaptive learning strategy enables the system to accommodate heterogeneous devices with varying computational resources and network conditions,significantly improving the robustness,scalability,and practical deployment potential of the proposed framework.Extensive experimental evaluations conducted on three widely-used benchmark datasets—CICDDoS2019,CIC-IDS2017,and InSDN—demonstrate that AdaPerFed significantly outperforms state-of-the-art federated learning algorithms in terms of both detection accuracy and learning efficiency.Across various experimental settings,our method consistently exhibits faster convergence rates,enabling the model to achieve optimal performance with fewer training iterations,even as the number of participating clients increases.Furthermore,AdaPerFed achieves a remarkable 15%-20%improvement in DDoS detection accuracy compared to existing federated learning approaches,highlighting its superior ability to effectively identify and mitigate DDoS attacks across diverse and complex network environments.Additionally,ablation studies further validate the critical role of the personalized aggregation module in enhancing overall system performance.
作者
朱海婷
魏明岗
刘丰宁
何高峰
张璐
ZHU Hai-Ting;WEI Ming-Gang;LIU Feng-Ning;HE Gao-Feng;ZHANG Lu(School of Internet of Things,Nanjing University of Posts and Telecommunications,Nanjing 210003;Key Laboratory of Computer Network and Information Integration,Ministry of Education,Southeast University,Nanjing 210096;School of Computer Science,Nanjing Audit University,Nanjing 211815)
出处
《计算机学报》
北大核心
2025年第4期808-827,共20页
Chinese Journal of Computers
基金
国家自然科学基金面上项目(62272237)
国家自然科学基金青年科学(52105553,61802207)
江苏省高等学校自然科学研究重大项目(22KJA520005)
计算机网络和信息集成教育部重点实验室(东南大学)开放课题(K93-9-2023-04)
江苏高校‘青蓝工程’资助。
