Centralized cyber-attack detection methods entail significant privacy risks due to the aggregation of sensitive data. While Federated Learning (FL) presents a promising privacy-preserving alternative, existing Privacy-Preserving FL (PFL) frameworks often face critical challenges, including vulnerability to malicious servers, intolerance to client dropouts, and a lack of verifiable model aggregation. To address these limitations, in this paper, we propose a bidirectionally secure and verifiable FL architecture for cyber-attack detection. The architecture integrates Threshold Homomorphic Encryption (HE), Distributed Key Generation, and Multi-Key Linear Homomorphic Signature techniques to achieve three core capabilities: (1) Dropout-tolerant secure aggregation via an enhanced multi-key CKKS scheme, supporting dynamic client participation without a trusted third party; (2) Efficient bidirectional verification, enabling the server to validate local models covertly and clients to verify aggregated results with low overhead (less than 0.18 s per evaluation); and (3) A lightweight detection model combining Gated Recurrent Units (GRUs) and residual blocks, achieving high accuracy across four real-world datasets—improving F1-score up to 99.96% while maintaining low computational cost. We implement and evaluate the framework under varying input sizes and client scales, demonstrating its practicality, security, and efficiency in privacy-preserving federated cyber-attack detection.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Cyber-Attack Detection in Federated Learning: A Bidirectionally Secure and Verifiable Architecture

  • Ruonan Luo,
  • Junjiang He,
  • Wenbo Fang,
  • Jiawei Wang,
  • Linlin Zhang,
  • Ming Gu,
  • Xiaolong Lan

摘要

Centralized cyber-attack detection methods entail significant privacy risks due to the aggregation of sensitive data. While Federated Learning (FL) presents a promising privacy-preserving alternative, existing Privacy-Preserving FL (PFL) frameworks often face critical challenges, including vulnerability to malicious servers, intolerance to client dropouts, and a lack of verifiable model aggregation. To address these limitations, in this paper, we propose a bidirectionally secure and verifiable FL architecture for cyber-attack detection. The architecture integrates Threshold Homomorphic Encryption (HE), Distributed Key Generation, and Multi-Key Linear Homomorphic Signature techniques to achieve three core capabilities: (1) Dropout-tolerant secure aggregation via an enhanced multi-key CKKS scheme, supporting dynamic client participation without a trusted third party; (2) Efficient bidirectional verification, enabling the server to validate local models covertly and clients to verify aggregated results with low overhead (less than 0.18 s per evaluation); and (3) A lightweight detection model combining Gated Recurrent Units (GRUs) and residual blocks, achieving high accuracy across four real-world datasets—improving F1-score up to 99.96% while maintaining low computational cost. We implement and evaluate the framework under varying input sizes and client scales, demonstrating its practicality, security, and efficiency in privacy-preserving federated cyber-attack detection.