<p>Federated Learning (FL) has come up as a promising paradigm for collaborative machine learning over decentralized data by maintaining user privacy at the same time enabling broader data access. Although FL is increasingly being used, its security during deployment, especially in containerized environments, remains under-explored. This study directly addresses the gap by examining security risks within a Docker-based FL deployment designed for Software Bug Prediction (SBP). We developed two federated models—a Convolutional Neural Network (FLCNN) as well as an Artificial Neural Network (FLANN)—and integrated hyperparameter tuning (HPT) using the Grey Wolf Optimizer (GWO). After training the model on multiple open-source SBP datasets, we containerized the best FLCNN model, deploying it as a Flask API within Docker. Vulnerability scans, executed using open-source tools (Anchore, Aqua Trivy, Snyk, JFrog Xray), disclosed several security flaws, including critical and high-severity risks such as denial-of-service, buffer overflow, as well as memory management issues. By subsequently applying updated dependencies and recommended container security protocols, we established a substantially more secure FL deployment profile. This analysis underscores the essential need for rigorous, continuous security assessment when deploying federated learning via containerization.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Assessing security vulnerabilities in a docker-enabled federated learning framework with hyperparameter tuning for software bug prediction

  • Ruchika Malhotra,
  • Anjali Bansal,
  • Marouane Kessentini

摘要

Federated Learning (FL) has come up as a promising paradigm for collaborative machine learning over decentralized data by maintaining user privacy at the same time enabling broader data access. Although FL is increasingly being used, its security during deployment, especially in containerized environments, remains under-explored. This study directly addresses the gap by examining security risks within a Docker-based FL deployment designed for Software Bug Prediction (SBP). We developed two federated models—a Convolutional Neural Network (FLCNN) as well as an Artificial Neural Network (FLANN)—and integrated hyperparameter tuning (HPT) using the Grey Wolf Optimizer (GWO). After training the model on multiple open-source SBP datasets, we containerized the best FLCNN model, deploying it as a Flask API within Docker. Vulnerability scans, executed using open-source tools (Anchore, Aqua Trivy, Snyk, JFrog Xray), disclosed several security flaws, including critical and high-severity risks such as denial-of-service, buffer overflow, as well as memory management issues. By subsequently applying updated dependencies and recommended container security protocols, we established a substantially more secure FL deployment profile. This analysis underscores the essential need for rigorous, continuous security assessment when deploying federated learning via containerization.