| 摘要: |
| 在无人机集群环境中,联邦学习可支持无人机间协作学习,实现灵活处理应急管理、智能交通监管等强实时性任务,同时,联邦学习也为无人机集群提供数据隐私保护,并可提升数据智能处理效率。但由于工作环境的动态性,无人机通信稳定性较差,联邦学习的性能会受到这种间歇性连接的影响而降低;而且联邦学习系统极易受到由恶意的内部参与者发起的投毒攻击,攻击者通过共享错误的模型参数实现对全局模型预测的操纵,而现有的防御方法在数据异构场景中适用性较低。针对上述挑战,本文首先提出了一种基于D2D (Device-to-Device)的协作式层次联邦学习算法(Collaborative Hierarchical Federated Learning,Col-HFL),无人机集群通过D2D通信实现集群内的分布式边缘共识,全局聚合时每个集群只需采样一个无人机上传模型,从而实现掉线鲁棒性。其次,对于Col-HFL中存在的投毒攻击威胁,进一步设计了一种双阶段鲁棒聚合算法(Two-Stage Robust Aggregation,TSRA),无人机和云服务器分别使用基于历史参数的鲁棒边缘共识算法和基于声誉系统的鲁棒全局聚合算法来保护全局模型;其中,历史参数和原谅机制的使用使得算法能够更好地区分异质数据带来的正常差异以及中毒参数带来的差异,从而实现高准确度的异常检测。在不同数据集和场景下的实验结果表明,Col-HFL在模型准确性和能耗方面显著优于已有层次联邦学习算法。当终端设备数据集统计异质时,TSRA能够抵御高达40%的恶意节点在不同阶段发起的多种投毒攻击,并且防御效果优于其他鲁棒聚合方法,有效提升Col-HFL的安全性。 |
| 关键词: 联邦学习 边缘计算 D2D通信 投毒攻击 鲁棒聚合 模型安全 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2025.11.02 |
| 投稿时间:2024-01-23修订日期:2024-05-07 |
| 基金项目:本课题得到中国国家铁路集团有限公司科技研究开发计划项目(No.N2024W007),中央高校基本科研业务费专项资金(No.2025JBZY025),国家重点研发计划项目(No.2023YFB2703700)资助。 |
|
| Robust Collaborative Hierarchical Federated Learning for UAV Clusters |
| LIANG Mengqing,WANG Jian,JIANG Wenbin,WANG Xuewei,LIU Jiqiang |
| Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University, Beijing 100044, China;School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China |
| Abstract: |
| In UAV cluster environment, federated learning can support collaborative learning among UAVs, enabling flexible processing of tasks with high real-time requirement, such as emergency management and intelligent traffic supervision. At the same time, federated learning also provides data privacy protection for UAV clusters, and can improve the efficiency of intelligent data processing. However, due to the dynamic nature of the working environment, UAV communication is less stable, and the performance of federated learning will be reduced by this intermittent connection. At the same time, federated learning systems are highly susceptible to poisoning attacks launched by malicious internal participants, where attackers can manipulate global model prediction results by sharing wrong model parameters, and existing defense methods have low applicability in data heterogeneous scenarios. In response to the above challenges, this paper first proposes a collaborative hierarchical federated learning algorithm (Col-HFL) based on Device-to-Device communication. UAV clusters achieve distributed edge consensus through D2D communication, and during global aggregation stages, only one UAV from each cluster needs to upload model parameters to the cloud server, thereby achieving dropout robustness. Furthermore, in response to the model poisoning attack threat faced by Col-HFL, a two-stage robust aggregation algorithm (TSRA) was designed. UAVs and the cloud servers use a robust edge consensus algorithm based on historical parameters and a robust global aggregation algorithm based on reputation system to protect the global model, respectively. The use of historical parameters and forgiveness mechanism enables the algorithm to better distinguish between normal differences caused by heterogeneous data and differences caused by poisoning parameters, thereby achieving highly accurate anomaly detection. Experimental results across various datasets and scenarios indicate that Col-HFL substantially surpasses current hierarchical federated learning algorithms in terms of model accuracy and energy consumption. When terminal device datasets are statistically heterogeneous, TSRA can withstand various poisoning attacks launched by up to 40% of malicious UAVs at different stages, and its defense effect is better than other robust aggregation methods, effectively improving the security of Col-HFL. |
| Key words: federated learning edge computing device-to-device communication poisoning attack robust aggregation model security |
