Design And Implementation Of Distributed Network Security Knowledge Updating Mechanism Based On Federated Learning

With the rapid application of 5G,the problems of network security are growing.The frequency and types of network attacks based on Distributed Denial of Service(DDoS)attacks continues to increase,resulting in numerous security knowledge,heterogeneous and difficult to unify.The construction of the knowledge base structures the network security knowledge into a system,so that knowledge can be stored,retrieved and deduced efficiently.Furthermore,the distributed deployment of knowledge base improves the single point of failure problem,as well as increases the scalability.However,distributed knowledge base still has problems such as difficulty in updating knowledge and possible privacy leakage due to data sharing.Relying on the national key research and development project "Identity-based Trusted Protocol and Malicious Communication Behavior Monitoring Method",this dissertation proposes a distributed knowledge updating mechanism based on federated learning,which can learn global knowledge to update local knowledge base while solving the problem of data sharing.Taking DDoS attacks as an example,this dissertation designs a distributed deployment scheme of the network security malicious behavior knowledge base in multiple attack domains,studies the multi-domain collaborative detection and security update mechanism of the distributed knowledge base,which can complete the learning from local to global under the trusted scenario,and update the distributed knowledge base using the updated global model safely.The specific works are as follows:Design the overall architecture of a distributed network security knowledge updating mechanism.This dissertation studies the principle of DDoS detection under multi-domain cooperatively,designs datasets suitable for multi-domain training,and designs a federated learning module that provides knowledge for updating.The security issues of distributed knowledge updating process are studied,including the poisoning attack of federated learning participants and the security of knowledge transmission process.Designs reputation evaluation and security transmission mechanism based on blockchain,and proposes a comprehensive reputation evaluation scheme for interactive,data and resource.A complete distributed knowledge base model is designed,including model base and behavior base,and proposes its update process.Constructing a distributed network security knowledge update mechanism system.A multi-domain detection framework based on FATE is built in different domains,construct Home CNN algorithm based on federated average algorithm and convolutional neural network to obtain a multi-domain joint detection model.The reputation evaluation mechanism of federated learning participants is built by using Ethereum,and a trusted federated learning framework is realized.At the same time,the secure transmission between distributed knowledge bases is realized by Ethereum.A distributed network security knowledge base is constructed using the Neo4 j graph database in different DDoS attack domains,and the graph knowledge in the knowledge base is updated based on the model base.Build a system to verify the functionality and performance of the proposed framework.In terms of system functionality,the concatenation function from training application to model update and the changes in knowledge graph before and after update are verified.In terms of system performance,tests the impact of non-independent and identically distributed datasets on multi-domain learning,compares the precision and recall of different federated learning algorithms in multi-domain detection,verifies the existence of data poisoning and the performance and mitigation ability of the reputation evaluation scheme proposed,and shows the changes of online detection of distributed knowledge base before and after updating.The experimental results show that the proposed scheme achieves offline precision of over 92.8% for different types of attacks after updating,and online detection accuracy is 98.04%.Finally,the follow-up research on the architecture of this dissertation is discussed.