<p>The design of a privacy-preserved intrusion detection system for supply chain networks is challenging because of strict data privacy requirements, heterogeneous data distributions, and unreliable participating nodes. This study proposes BlockFedZTA, a framework that integrates federated learning, XGBoost, trust-aware aggregation, and a lightweight commitment-based integrity verification mechanism. In the proposed approach, each participant trains a local model and shares only a salted SHA-256 commitment without exposing model parameters. The aggregation mechanism assigns weights according to validation performance, reducing the influence of low-quality or potentially malicious updates. Experiments were conducted using a unified dataset containing 100,000 instances and 130 features representing five classes (Normal, DoS, Probe, R2L, and U2R), distributed among three organizations under non-IID conditions. The framework was evaluated under no-drift, moderate-drift, and severe-drift scenarios. Five-fold cross-validation produced average accuracies of 0.966, 0.964, and 0.963, respectively. Statistical analysis confirmed that the trust-aware aggregation strategy significantly outperformed FedAvg under drift conditions (<i>p</i> &lt; 0.01). Additional comparison with FedAvg, Krum, Multi-Krum, Median Aggregation, Trimmed Mean, FLTrust, and FoolsGold revealed higher performance with an accuracy of 0.96470 in both mild and severe situations of the data drift problem. Moreover, our model was highly resistant to label poisonings, ensuring an accuracy of more than 0.962 even with a high level of 60%. Scaling analysis with up to 50 clients again confirmed high performance and superiority over FedAvg with moderate communication overhead. For example, communication costs went up from 1640.74 KB to 20451.89 KB per round; meanwhile, the number of audit log bytes needed rose only from 3.40 KB to 174.02 KB. Repeated runs of the algorithm ensured a stable average accuracy of 0.9647 with a standard deviation of 0.0002. Thus, BlockFedZTA ensures a robust federated IDS approach in a supply chain environment.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

BlockFedZTA: a trust-aware federated learning framework for secure multi-organizational intrusion detection

  • Reem Alshenaifi,
  • Shailendra Mishra,
  • Shams Tahzib,
  • Megha Rathi

摘要

The design of a privacy-preserved intrusion detection system for supply chain networks is challenging because of strict data privacy requirements, heterogeneous data distributions, and unreliable participating nodes. This study proposes BlockFedZTA, a framework that integrates federated learning, XGBoost, trust-aware aggregation, and a lightweight commitment-based integrity verification mechanism. In the proposed approach, each participant trains a local model and shares only a salted SHA-256 commitment without exposing model parameters. The aggregation mechanism assigns weights according to validation performance, reducing the influence of low-quality or potentially malicious updates. Experiments were conducted using a unified dataset containing 100,000 instances and 130 features representing five classes (Normal, DoS, Probe, R2L, and U2R), distributed among three organizations under non-IID conditions. The framework was evaluated under no-drift, moderate-drift, and severe-drift scenarios. Five-fold cross-validation produced average accuracies of 0.966, 0.964, and 0.963, respectively. Statistical analysis confirmed that the trust-aware aggregation strategy significantly outperformed FedAvg under drift conditions (p < 0.01). Additional comparison with FedAvg, Krum, Multi-Krum, Median Aggregation, Trimmed Mean, FLTrust, and FoolsGold revealed higher performance with an accuracy of 0.96470 in both mild and severe situations of the data drift problem. Moreover, our model was highly resistant to label poisonings, ensuring an accuracy of more than 0.962 even with a high level of 60%. Scaling analysis with up to 50 clients again confirmed high performance and superiority over FedAvg with moderate communication overhead. For example, communication costs went up from 1640.74 KB to 20451.89 KB per round; meanwhile, the number of audit log bytes needed rose only from 3.40 KB to 174.02 KB. Repeated runs of the algorithm ensured a stable average accuracy of 0.9647 with a standard deviation of 0.0002. Thus, BlockFedZTA ensures a robust federated IDS approach in a supply chain environment.