Research On DDoS Attack Detection Method Based On Federated Learning

With the popularity of 5g and Internet of things,the number of network traffic and connected devices have increased significantly,and the threat of distributed denial of service attack in the network is becoming more and more serious.At present,in order to alleviate the bandwidth pressure of DDoS attacks on the central server,the industry shunts the main network traffic by deploying server clusters.Although this method is effective,the traditional detection methods only focus on the traffic characteristics of a single node and cannot describe the global traffic characteristic relationship under the cluster,resulting in insufficient generalization of the model;If the traffic of each edge node is imported to the central server for detection,it will greatly increase the communication overhead and computing pressure of the central server,and cannot ensure the privacy and security of traffic data.Federated learning technology provides a new idea for DDoS attack detection in this environment.As a distributed machine learning technology,federated learning only needs to interact with the parameters of each participant model to jointly establish the global model.This method not only ensures the security of data privacy,but also realizes the joint training of various data sources with less communication overhead.In this regard,this paper proposes a DDoS attack detection method based on federated learning.This method realizes the joint training of DDoS attack detection model through federated learning,and realizes the detection and classification of DDoS attacks on each node in a multi participant environment with less communication overhead.This method mainly includes the following contents:(1)Aiming at the massive communication overhead and privacy security issues faced by DDoS attack detection,a federated learning DDoS attack detection framework is proposed.The federated learning framework provides a method for constructing DDoS traffic datasets,extracts unified features from each node traffic data,preprocesses the data of each participant in a globally standardized way,and then designs a unified training environment according to the federated learning training environment.The model parameter update method is proposed,and an MLP-based DDoS detection algorithm is proposed in the federated learning environment.The experimental results show that the federated learning DDoS detection framework proposed in this paper can perform a round of federated learning training with only8.3MB of communication overhead in the environment of 6 participants,and can realize the joint training of the DDoS attack detection model of multiple participants.(2)Aiming at the bottleneck problem of model performance caused by different data distribution in the federated learning DDoS attack detection framework,a DDoS attack detection method based on federated tree coding is proposed.This method uses the GBDT classification model as the encoder of the feature data,and constructs a global GBDT feature encoder through a round of federated learning interaction;then encodes the original test sample data of each participant by means of GBDT encoding to generate new features.vector,and use the new encoded feature as the input of the MLP multi-classification model under federated learning to improve the generalization ability of the federated learning DDoS detection model.The experimental results show that the classification accuracy of this method for normal traffic and ten kinds of DDoS attack traffic under the federated learning DDoS detection framework is 92.47%,and the model can converge with only 102 rounds of Federated learning training,which can effectively alleviate the performance loss of the model caused by different data distribution.(3)According to the above methods,this paper designs and implements a prototype system of DDoS attack detection method based on federated learning.The system includes data preprocessing module,federated learning DDoS detection algorithm module,federated learning communication module and parameter update algorithm module.Finally,this paper shows the interface of the designed and implemented system,verifies the actual function and tests the system performance.