Federated Learning (FL)-based Intrusion Detection Systems (IDS) are emerging as a promising approach for securing IoT networks and preserving data confidentiality. Moreover, FL introduces novel vulnerabilities. These include inference attacks by malicious aggregators, who can extract sensitive information from model updates, as well as malicious clients capable of submitting falsified updates to the aggregator server. Additionally, with the rapid development of quantum computers, existing privacy protection schemes mainly based on Secure Multi-Party Computation (SMPC) will no longer be able to guarantee the data.This paper presents a Secure Aggregation (SA) method that combines Post-Quantum-secure channels for client key exchange and Verifiable Secret Sharing (VSS), achieving resilience against malicious clients. Experiments conducted in an FL-based IDS for real-world IoT networks demonstrate the viability of our proposal.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Privacy-Enhancing Federated Learning-Based IDS for IoT Networks Using Post-Quantum Secure Channels and Verifiable Secret Sharing

  • Lamine Syne,
  • Candelaria Hernández-Goya,
  • Pino Caballero-Gil

摘要

Federated Learning (FL)-based Intrusion Detection Systems (IDS) are emerging as a promising approach for securing IoT networks and preserving data confidentiality. Moreover, FL introduces novel vulnerabilities. These include inference attacks by malicious aggregators, who can extract sensitive information from model updates, as well as malicious clients capable of submitting falsified updates to the aggregator server. Additionally, with the rapid development of quantum computers, existing privacy protection schemes mainly based on Secure Multi-Party Computation (SMPC) will no longer be able to guarantee the data.This paper presents a Secure Aggregation (SA) method that combines Post-Quantum-secure channels for client key exchange and Verifiable Secret Sharing (VSS), achieving resilience against malicious clients. Experiments conducted in an FL-based IDS for real-world IoT networks demonstrate the viability of our proposal.