- 个人中心
- 退出登录
浏览全部资源
扫码关注微信
- HOME
- ABOUT
- Acta Electronica Sinic About JournalPeer Review ProcessPublication EthicsContactSubscription
- Editorial Board Editorial Board
- Acta Electronica Sinic
- CONTENTS
- Issues Online FirstCurrent IssuePast Issues
- Articles Articles with DataMost Cited ArticlesMost Downloaded Articles
- Special Issues Special IssuesVirtual IssuesCall for Papers
- Issues
- RESOURCES
- Author Guide Manuscript SubmissionPeer Review ProcessProduction ProcessCopyright and LicensingAppeal & Withdraw
- For Guest Editors Proposing Special IssueManaging Special Issue
- Download Center
- Author Guide
Research on Network Attack Detection Method Based on Federated Large Model
- ACTA ELECTRONICA SINICA Vol. 53, Issue 6, Pages: 1792-1804(2025)
- 作者机构:
1.北京信息科技大学计算机学院,北京 100192
2.未来区块链与隐私计算高精尖创新中心,北京 100191
- 作者简介:
- 基金信息:Beijing Advanced Innovation Center for Future Blockchain and Privacy Computing Fund(GJJ-24)
DOI:10.12263/DZXB.20241098
CLC: TP309;Received:05 December 2024,
Revised:2025-04-17,
Published:25 June 2025
- 稿件说明:
移动端阅览
康海燕, 张义钒, 王楠敏. 基于联邦大模型的网络攻击检测方法研究[J]. 电子学报, 2025, 53(06): 1792-1804.
KANG Hai-yan, ZHANG Yi-fan, WANG Nan-min. Research on Network Attack Detection Method Based on Federated Large Model[J]. Acta Electronica Sinica, 2025, 53(06): 1792-1804.
康海燕, 张义钒, 王楠敏. 基于联邦大模型的网络攻击检测方法研究[J]. 电子学报, 2025, 53(06): 1792-1804. DOI:10.12263/DZXB.20241098
KANG Hai-yan, ZHANG Yi-fan, WANG Nan-min. Research on Network Attack Detection Method Based on Federated Large Model[J]. Acta Electronica Sinica, 2025, 53(06): 1792-1804. DOI:10.12263/DZXB.20241098
摘要
为了解决真实Web应用攻击数据数量小、差异性大和攻击载荷多样化导致大模型训练效果差的问题,提出一种基于联邦大模型的网络攻击检测方法(Intrusion Detection methods based on Federal Large Language Model,FL-LLMID).首先,提出一种面向大模型微调的联邦学习网络,服务器对客户端本地大模型通过增量数据训练产生的参数,进行增量聚合的方式,提高联邦学习中大模型的参数聚合效率以及避免网络流量数据暴露的问题;其次,基于大模型对代码的理解能力,提出面向应用层数据的攻击检测模型(CodeBERT-LSTM),通过对应用层数据报文进行分析,使用CodeBERT模型对有效字段进行向量编码后,结合长短期记忆网络(Long Short-Term Memory,LSTM)进行分类,实现对Web应用高效的攻击检测任务;最后,实验结果表明,FL-LLMID方法在面向应用层数据的攻击检测任务中准确率达到99.63%,与传统联邦学习相比,增量式学习的效率提升了12个百分点.
Abstract
To address the issues of a small quantity
large variability of real Web application attack data and diverse attack payloads that lead to poor training effects of large models
a network attack detection method based on federated large model (FL-LLMID) is proposed. Firstly
a federated learning network for fine-tuning large model is proposed. The server conducts incremental aggregation on the parameters generated by the client’s local large model through incremental data training
which improves the parameter aggregation efficiency of large model in federated learning and avoids the problem of network traffic data exposure. Secondly
based on the large model ability to understand code
an attack detection model for application layer data (CodeBERT-LSTM) is proposed. By analyzing the application layer data packets
the CodeBERT model is used to perform vector encoding on the valid fields
and then combined with the long short-term memory network (LSTM) for classification to achieve the attack detection task of Web applications. Finally
the experimental results show that the accuracy of the FL-LLMID method in the attack detection task for application layer data reaches 99.63%. Compared with traditional federated learning
the efficiency of incremental learning is improved by 12 percentage points.
关键词
Keywords
references
何海涛 , 许可 , 杨帅林 , 等 . 基于博弈的Web应用程序中访问控制漏洞检测方法 [J ] . 通信学报 , 2024 , 45 ( 6 ): 117 - 130 .
HE H T , XU K , YANG S L , et al . Game-based detection method of broken access control vulnerabilities in Web application [J ] . Journal on Communications , 2024 , 45 ( 6 ): 117 - 130 . (in Chinese)
周昆 , 朱余韬 , 陈志朋 , 等 . YuLan-Chat: 基于多阶段课程学习的大语言模型 [J ] . 计算机学报 , 2025 , 48 ( 1 ): 1 - 18 .
ZHOU K , ZHU Y T , CHEN Z P , et al . YuLan-chat: A large language model based on multi-stage curriculum learning [J ] . Chinese Journal of Computers , 2025 , 48 ( 1 ): 1 - 18 . (in Chinese)
仇晶 , 陈荣融 , 朱浩瑾 , 等 . 基于溯源图的网络攻击调查研究综述 [J ] . 电子学报 , 2024 , 52 ( 7 ): 2529 - 2556 .
QIU J , CHEN R R , ZHU H J , et al . A survey of network attack investigation based on provenance graph [J ] . Acta Electronica Sinica , 2024 , 52 ( 7 ): 2529 - 2556 . (in Chinese)
郭艳卿 , 王鑫磊 , 付海燕 , 等 . 面向隐私安全的联邦决策树算法 [J ] . 计算机学报 , 2021 , 44 ( 10 ): 2090 - 2103 .
GUO Y Q , WANG X L , FU H Y , et al . Federated decision tree algorithm for privacy security [J ] . Chinese Journal of Computers , 2021 , 44 ( 10 ): 2090 - 2103 . (in Chinese)
MADHAVI M , NETHRAVATHI D R . Gradient boosted decision tree(GBDT) and grey wolf optimization(GWO) based intrusion detec-tion model [J ] . Journal of Theoretical and Applied Information Technology , 2022 , 100 ( 16 ): 4937 - 4951 .
李梓童 , 孟小峰 , 王雷霞 , 等 . 机器遗忘综述 [J ] . 软件学报 , 2025 , 36 ( 4 ): 1637 - 1664 .
LI Z T , MENG X F , WANG L X , et al . Survey on Machine Unlearning [J ] . Software Journal , 2025 , 36 ( 4 ): 1637 - 1664 . (in Chinese)
STIAWAN D , HERYANTO A , BARDADI A , et al . An approach for optimizing ensemble intrusion detection systems [J ] . IEEE Access , 2020 , 9 : 6930 - 6947 .
王辉 , 陈泓予 , 刘淑芬 . 基于改进朴素贝叶斯算法的入侵检测系统 [J ] . 计算机科学 , 2014 , 41 ( 4 ): 111 - 115, 119 .
WANG H , CHEN H Y , LIU S F . Intrusion detection system based on improved naive Bayesian algorithm [J ] . Computer Science , 2014 , 41 ( 4 ): 111 - 115, 119 . (in Chinese)
FU Z Y . Computer network intrusion anomaly detection with recurrent neural network [J ] . Mobile Information Systems , 2022 , 2022 ( 1 ): 6576023 .
汪定 , 邹云开 , 陶义 , 等 . 基于循环神经网络和生成式对抗网络的口令猜测模型研究 [J ] . 计算机学报 , 2021 , 44 ( 8 ): 1519 - 1534 .
WANG D , ZOU Y K , TAO Y , et al . Password guessing based on recurrent neural networks and generative adversarial networks [J ] . Chinese Journal of Computers , 2021 , 44 ( 8 ): 1519 - 1534 . (in Chinese)
尹梓诺 , 马海龙 , 胡涛 . 基于联合注意力机制和一维卷积神经网络-双向长短期记忆网络模型的流量异常检测方法 [J ] . 电子与信息学报 , 2023 , 45 ( 10 ): 3719 - 3728 .
YIN Z N , MA H L , HU T . A traffic anomaly detection method based on the joint model of attention mechanism and one-dimensional convolutional neural network-bidirectional long short term memory [J ] . Journal of Electronics Information Technology , 2023 , 45 ( 10 ): 3719 - 3728 . (in Chinese)
袁文浩 , 胡少东 , 时云龙 , 等 . 一种用于语音增强的卷积门控循环网络 [J ] . 电子学报 , 2020 , 48 ( 7 ): 1276 - 1283 .
YUAN W H , HU S D , SHI Y L , et al . A convolutional gated recurrent network for speech enhancement [J ] . Acta Electronica Sinica , 2020 , 48 ( 7 ): 1276 - 1283 . (in Chinese)
YAO R Z , WANG N , LIU Z H , et al . Intrusion detection system in the advanced metering infrastructure: A cross-layer feature-fusion CNN-LSTM-based approach [J ] . Sensors , 2021 , 21 ( 2 ): 21020626 .
XU C Y , SHEN J Z , DU X , et al . An intrusion detection system using a deep neural network with gated recurrent units [J ] . IEEE Access , 2018 , 6 : 48697 - 48707 .
LU W J , SHI C , FU H , et al . A power transformer fault diagnosis method based on improved sand cat swarm optimization algorithm and bidirectional gated recurrent unit [J ] . Electronics , 2023 , 12 ( 3 ): 12030672 .
XU L T , HU C H , HU Y , et al . UPT-Flow: Multi-scale transformer-guided normalizing flow for low-light image enhancement [J ] . Pattern Recognition , 2025 , 158 : 111076 .
HE W , MA H Y , GUO R , et al . Enhancing the state-of-charge estimation of lithium-ion batteries using a CNN-BiGRU and AUKF fusion model [J ] . Computers and Electrical Engineering , 2024 , 120 : 109729 .
WANG X D , GARG S , LIN H , et al . Toward accurate anomaly detection in industrial internet of things using hierarchical federated learning [J ] . IEEE Internet of Things Journal , 2022 , 9 ( 10 ): 7110 - 7119 .
LIU C J , SHI R . A smart grid intrusion detection model for secure and efficient federated learning [J ] . Netinfo Security , 2023 , 23 ( 4 ): 90 - 101 .
梁俊威 , 杨耿 , 马懋德 , 等 . 基于安全联邦蒸馏GAN的工业CPS协作入侵检测系统 [J ] . 通信学报 , 2023 , 44 ( 12 ): 230 - 244 .
LIANG J W , YANG G , MA M D , et al . Secure federated distillation GAN for CIDS in industrial CPS [J ] . Journal on Communications , 2023 , 44 ( 12 ): 230 - 244 . (in Chinese)
刘静 , 慕泽林 , 赖英旭 . 面向异构环境的物联网入侵检测方法 [J ] . 通信学报 , 2024 , 45 ( 4 ): 114 - 127 .
LIU J , MU Z L , LAI Y X . Intrusion detection method for IoT in heterogeneous environment [J ] . Journal on Communications , 2024 , 45 ( 4 ): 114 - 127 . (in Chinese)
ZHAO R J , YIN Y , SHI Y , et al . Intelligent intrusion detection based on federated learning aided long short-term memory [J ] . Physical Communication , 2020 , 42 : 101157 .
刘涛涛 , 付钰 , 王坤 , 等 . 基于VAE-CWGAN和特征统计重要性融合的网络入侵检测方法 [J ] . 通信学报 , 2024 , 45 ( 2 ): 54 - 67 .
LIU T T , FU Y , WANG K , et al . Network intrusion detection method based on VAE-CWGAN and fusion of statistical importance of feature [J ] . Journal on Communications , 2024 , 45 ( 2 ): 54 - 67 . (in Chinese)
TANG Z Y , HU H Y , XU C H . A federated learning method for network intrusion detection [J ] . Concurrency and Computation: Practice and Experience , 2022 , 34 ( 10 ): e6812 .
高迢康 , 靳晓宁 , 赖英旭 . 模型异构的联邦学习入侵检测 [J ] . 北京工业大学学报 , 2024 , 50 ( 5 ): 543 - 557 .
GAO T K , JIN X N , LAI Y X . Model heterogeneous federated learning for intrusion detection [J ] . Journal of Beijing University of Technology , 2024 , 50 ( 5 ): 543 - 557 . (in Chinese)
SHAO J M , ZENG G Q , LU K D , et al . Automated federated learning for intrusion detection of industrial control systems based on evolutionary neural architecture search [J ] . Computers Security , 2024 , 143 : 103910 .
ROZIÈRE B , GEHRING J , GLOECKLE F , et al . Code llama: Open foundation models for code [EB/OL ] . ( 2024-11-31 )[ 2024-12-05 ] . https://arxiv.org/abs/2308.12950v3 https://arxiv.org/abs/2308.12950v3 .
SHE D M , JIA M P . A BiGRU method for remaining useful life prediction of machinery [J ] . Measurement , 2021 , 167 : 108277 .
康海燕 , 王骁识 . 基于数据特征相关性和自适应差分隐私的深度学习方法研究 [J ] . 电子学报 , 2024 , 52 ( 6 ): 1963 - 1976 .
KANG H Y , WANG X S . Research on the deep learning method based on data feature relevance and adaptive differential privacy [J ] . Acta Electronica Sinica , 2024 , 52 ( 6 ): 1963 - 1976 . (in Chinese)
徐思雅 , 郭佳惠 . 基于双层联邦学习的高动态车联网业务边缘协作计算机制 [J ] . 电子学报 , 2024 , 52 ( 7 ): 2228 - 2241 .
XU S Y , GUO J H . Dual-layer federated learning based edge collaborative computing mechanism for high dynamic Internet of vehicle businesses [J ] . Acta Electronica Sinica , 2024 , 52 ( 7 ): 2228 - 2241 . (in Chinese)
龙墨澜 , 康海燕 . 基于代码可视化的工业互联网恶意代码检测方法 [J ] . 计算机集成制造系统 , 2025 , 31 ( 2 ): 567 - 578 .
LONG M L , KANG H Y . Detection method of industrial Internet malicious code based on code visualization [J ] . Computer Integrated Manufacturing Systems , 2025 , 31 ( 2 ): 567 - 578 . (in Chinese)
0
Views
26
下载量
0
CSCD
- L-PDFDownload
- Meta-XMLDownload
- BibTeXDownload
- EndnoteDownload
- RefMan Download
- NoteExpressDownload
- NoteFirstDownload
Publicity Resources
Related Articles
Related Author
Related Institution
- Technical support is provided by Beijing Founder electronics co., LTD 京ICP备09064830号-19
京公网安备11010802024621 - It is recommended to read the content of this site in Chrome&IE9+. Please switch to extreme mode in browser 360.
- Cookies We use cookies to help provide and enhance our service and tailor content. By continuing, you agree to the use of cookies.