边缘检测：基于同态聚合的重要性感知梯度压缩技术在联邦入侵检测中的应用

摘要

联邦学习（FL）能够实现无需原始数据交换的协同入侵检测，但传统FL因传输全精度梯度而产生高通信开销，且易受梯度推断攻击。本文提出EdgeDetect——一种面向带宽受限6G-IoT环境的高效通信且隐私感知的联邦入侵检测系统。该方法创新引入梯度智能化技术，通过基于中位数的统计二值化将本地更新压缩为{+1,-1}表示，在保持收敛性的同时实现上行负载降低32倍。我们进一步在二值化梯度上集成Paillier同态加密，在不暴露个体更新的前提下防御诚实但好奇的服务器。基于CIC-IDS2017数据集（280万流量数据，7类攻击）的实验表明，系统达到98.0%多类准确率和97.9%宏观F1值，与集中式基线持平，同时将每轮通信量从450MB降至14MB（降幅96.9%）。树莓派4部署验证边缘可行性：内存占用4.2MB，延迟0.8ms，单次推理能耗12mJ，精度损失小于0.5%。在5%投毒攻击和严重数据不平衡场景下，EdgeDetect仍保持87%准确率和0.95少数类F1值（p<0.001），为下一代边缘入侵检测建立了实用化的精度、通信与隐私权衡方案。

English

Federated learning (FL) enables collaborative intrusion detection without raw data exchange, but conventional FL incurs high communication overhead from full-precision gradient transmission and remains vulnerable to gradient inference attacks. This paper presents EdgeDetect, a communication-efficient and privacy-aware federated IDS for bandwidth-constrained 6G-IoT environments. EdgeDetect introduces gradient smartification, a median-based statistical binarization that compresses local updates to {+1,-1} representations, reducing uplink payload by 32times while preserving convergence. We further integrate Paillier homomorphic encryption over binarized gradients, protecting against honest-but-curious servers without exposing individual updates. Experiments on CIC-IDS2017 (2.8M flows, 7 attack classes) demonstrate 98.0% multi-class accuracy and 97.9% macro F1-score, matching centralized baselines, while reducing per-round communication from 450~MB to 14~MB (96.9% reduction). Raspberry Pi-4 deployment confirms edge feasibility: 4.2~MB memory, 0.8~ms latency, and 12~mJ per inference with <0.5% accuracy loss. Under 5% poisoning attacks and severe imbalance, EdgeDetect maintains 87% accuracy and 0.95 minority class F1 (p<0.001), establishing a practical accuracy, communication, and privacy tradeoff for next-generation edge intrusion detection.