Ranwa Al Mallah , Godwin Badu-Marfo , Bilal Farooq
Abstract
Federated learning (FL) is a machine learning technique that aims at training an algorithm across decentralized entities holding their local data private. Wireless mobile networks allow users to communicate with other fixed or mobile users. The road traffic network represents an infrastructure-based configuration of a wireless mobile network where the Connected and Automated Vehicles (CAV) represent the communicating entities. Applying FL in a wireless mobile network setting gives rise to a new threat in the mobile environment that is very different from the traditional fixed networks. The threat is due to the intrinsic characteristics of the wireless medium and is caused by the characteristics of the vehicular networks such as high node-mobility and rapidly changing topology.
Most cyber defense techniques depend on highly reliable and connected networks. This paper explores falsified information attacks, which target the FL process that is ongoing at the RSU. We identified a number of attack strategies conducted by the malicious CAVs to disrupt the training of the global model in vehicular networks.
The road traffic network represents an infrastructure-based configuration of a mobile and wireless network on which CAVs travel, use regulated frequencies and have access to the bandwidth to communicate. Unlike mobile phones that communicate through a high-speed network, CAVs exchange V2X messages with unknown moving vehicles, Road Side Units (RSU), pedestrians, and cyclists with no prior association. V2V messages enable vehicles to exchange information about their velocity, heading angle, or position with other surrounding vehicles in order to prevent incidents or traffic conditions. Vehicle-to-Infrastructure (V2I) complements Vehicle-to-Vehicle (V2V) communications and enable RSUs to exchange information with the vehicle about traffic, work zones, bridges, and road incidents. Vehicle-to-Pedestrian (V2P) enables the exchange of alerts from pedestrians to approaching vehicles. These technologies exchange packets called Basic Safety Messages (BSM) designed to contain no personally identifiable information since the Anonymity of the sender must always be maintained. Vehicles and their drivers should remain untraceable in order to ensure privacy in ITS.
Recent reports identified highly practical wireless attacks on CAVs. Some attacks target in-vehicle security and others target security of inter-vehicle communications. For instance, cyber-attacks on CAVs include impersonation, eavesdropping, stealing user private data, spoofing sensors, coordinated attacks on road side infrastructure or malware injection. Security mechanisms to protect CAVs from unauthorized access, control and tampering are important to strengthen the ITS. However, currently, there is no security mechanism in place to validate and authenticate basic safety messages and ensure trusted communication among the random moving entities. The United States Department of Transportation proposed a system where authorized participating vehicles use digital certificates issued by a certain authority to validate and authenticate basic safety messages by attaching these certificates with each message to ensure integrity, confidentiality and privacy of the communication. However, although the system ensures who signed the certificate, among its many challenges is the fact that it is difficult to prove how correct or true the information sent from the vehicle is. A corrupted device in the vehicle can result in false BSM exchanged even though the sender is trusted. Consequently, awareness of the potential threats and developing mitigation methods to proactively mitigate attacks are required in the vehicular networks Unfortunately, a direct application of existing FL protocols without any consideration of the underlying communication infrastructure of the CAVs will expose the FL process to cyberattacks. For instance, malicious entities may exploit vulnerabilities in the vehicular network in order to poison the training of the model with false inputs. The existing defense algorithms are more suitable to cloud assisted applications or data centers.
Federated Learning plays a critical role in supporting the privacy-sensitive applications, where the training data are distributed at the edge. Nikman et al. discussed several applications of FL in the wireless networks, especially in the context of 5G networks. Content caching and data computing at the edge of the wireless network is an approach to reduce back-haul traffic load. FL uses locally trained models rather than directly accessing the user data for content popularity prediction in proactive caching in wireless networks. Another application in wireless mobile networks is the task of learning the activities of mobile phone users. The application can then expose a search mechanism for information retrieval or in-app navigation. Bonawitz et al. proposed a production-level FL implementation, focusing primarily on the averaging algorithm running on mobile phones. Their system is conceived for mobile devices that have much lower bandwidth and reliability compared to data center nodes. Nishio et al. focused on applying the FL in different environmental conditions, such as cases where the server can reach any subset of devices to initiate a round, but receives updates sequentially due to cellular bandwidth limit.
- FL in wireless mobile networks
In the context of vehicular networks, a potential application of FL includes adapting in real-time to the traffic conditions with connected and automated vehicles. For instance, a fleet of CAVs may require an up-to-date prediction model of traffic, construction zone delays, or pedestrian behavior to safely operate. FL can help to train models that efficiently adapt to changes in these situations, while maintaining user privacy
- Cybersecurity of FL in wireless mobile networks
Wi-Fi, WiMAX, Long-Term Evolution (LTE), Near-Field Communication (NFC), and Dedicated Short-Range Communications (DSRC) are among the communication technologies available for vehicular data communications. In reviewing the literature, several attacks on the communication network involving ITS were found. In terms of privacy, there are various types of inference attacks, for instance, parameter inference, input inference, and attribute inference attacks, which can jeopardize the privacy of the vehicles. While privacy is an important aspect for many machine learning applications, FL is also vulnerable to cyberattacks that target the security of the system.
FL Protocol for a vehicular network:
- The RSU identifies an application and its learning problem and broadcasts the FL task to the vehicles in its coverage area. An FL task is a specific computation such as training to be performed with given hyperparameters e.g. learning rate, batch size and number of epochs to run.
- Since some vehicles may be unwilling to participate in the training, vehicles that want to participate reply to the chief that they are ready to run the FL task.
- Vehicles must stay connected to the chief for the duration of the round. The chief can either consider all the vehicles announcing their availability as workers or he can select a subset and invite them to work on the FL task.
- The chief sends out instructions for how to execute the training task and the timing plan.
- Once a round is established, the chief then broadcasts the current global model parameters.
- Each selected worker then performs a local computation based on the global model and its local dataset, and sends a local model update back to the chief. A notable advantage of FL in this setting is that it does not rely on synchronization among the workers. Hence, even during a loss of connectivity between the vehicles and the RSU, vehicles can still build their local models and navigate; this is crucial in a very dynamic environment as long as the worker adhere to the time window in the timing plan.
- The chief waits for the participating workers to report their updates. As local model updates are received, the chief aggregate them using federated averaging. If enough workers report in time, the round will be successfully completed and the chief will update its global model, otherwise, the round is abandoned. The chief incorporates the updates into its global model, and the process repeats.
Attack1. Standard falsified information attack
Attack2. Sybil attack
Simulation outline
Comments