The massive number of edge-connected IoT devices currently in SD-AIoT can be weaponized to launch Distributed Denial of Service attacks. Nevertheless, centralized DDoS defense schemes that excessively rely on up-to-date labeled training data are significantly inefficient due to the scarcity of such datasets. The privacy of these datasets and the widespread emergence of adversarial attacks make it difficult for autonomous system collaborators to share such sensitive data. To this end, we propose a novel decentralized defense scheme based on a trusted Federated Learning framework for AIoT scenarios. In particular, it consists of: (1) an outlier-aware Semi-supervised attack detection model for anomaly detection based on a Federated Learning framework that supports the robust identification of attack classes with a limited number of labeled outliers to reduce the false alarm rate; (2) a novel Secure Multiparty Computation method for trusted aggregation of local model updates to enhance the transmission privacy of collaborators’ parameters; (3) a mitigation mechanism based on horizontal cooperation to reduce the impact of packet loss on normal traffic by deploying differentiated speed-limiting policies with attack path pushback. Our evaluation of various attack scenarios and traces from real datasets CICIDS2017 and InSDN shows that the proposed scheme shows significant improvement in terms of accuracy, effectiveness, etc., compared to state-of-the-art SDN-based defense schemes.

中文翻译：

---

基于基于 SDN 的 AIoT 与自动编码器增强联合学习的协作 DDoS 防御


目前 SD-AIoT 中的大量边缘连接物联网设备可以被武器化，以发起分布式拒绝服务攻击。然而，由于此类数据集的稀缺性，过度依赖最新标记训练数据的集中式 DDoS 防御方案效率明显低下。这些数据集的隐私性和对抗性攻击的广泛出现使得自治系统协作者难以共享此类敏感数据。为此，我们提出了一种基于可信联邦学习框架的新型去中心化防御方案，用于 AIoT 场景。具体而言，它包括：（1） 基于联邦学习框架的异常值感知半监督攻击检测模型，用于异常检测，该模型支持对具有有限数量的标记异常值的攻击类别进行稳健识别，以降低误报率;（2） 一种新的安全多方计算方法，用于本地模型更新的可信聚合，以增强协作者参数的传输隐私;（3） 基于横向协作的缓解机制，通过部署具有攻击路径回推的差异化限速策略来减少丢包对正常流量的影响。我们对来自真实数据集 CICIDS2017 和 InSDN 的各种攻击场景和痕迹的评估表明，与最先进的基于 SDN 的防御方案相比，所提出的方案在准确性、有效性等方面显示出显着提高。