A Survey on Blockchain-Based Federated Learning:Categorization,Application and Analysis

Federated Learning(FL),as an emergent paradigm in privacy-preserving machine learning,has garnered significant interest from scholars and engineers across both academic and industrial spheres.Despite its innovative approach to model training across distributed networks,FL has its vulnerabilities;the centralized server-client architecture introduces risks of single-point failures.Moreover,the integrity of the global model—a cornerstone of FL—is susceptible to compromise through poisoning attacks by malicious actors.Such attacks and the potential for privacy leakage via inference starkly undermine FL’s foundational privacy and security goals.For these reasons,some participants unwilling use their private data to train a model,which is a bottleneck in the development and industrialization of federated learning.Blockchain technology,characterized by its decentralized ledger system,offers a compelling solution to these issues.It inherently prevents single-point failures and,through its incentive mechanisms,motivates participants to contribute computing power.Thus,blockchain-based FL(BCFL)emerges as a natural progression to address FL’s challenges.This study begins with concise introductions to federated learning and blockchain technologies,followed by a formal analysis of the specific problems that FL encounters.It discusses the challenges of combining the two technologies and presents an overview of the latest cryptographic solutions that prevent privacy leakage during communication and incentives in BCFL.In addition,this research examines the use of BCFL in various fields,such as the Internet of Things and the Internet of Vehicles.Finally,it assesses the effectiveness of these solutions.

An Adversarial Smart Contract Honeypot in Ethereum

A smart contract honeypot is a special type of smart contract.This type of contract seems to have obvious vulnerabilities in contract design.If a user transfers a certain amount of funds to the contract,then the user can withdraw the funds in the contract.However,once users try to take advantage of this seemingly obvious vulnerability,they will fall into a real trap.Consequently,the user’s investment in the contract cannot be retrieved.The honeypot induces other accounts to launch funds,which seriously threatens the security of property on the blockchain.Detection methods for honeypots are available.However,studying the manner by which to defend existing honeypots is insufficient to fight against honeypots.The new honeypots that may appear in the future from the perspective of an attacker must also be predicted.Therefore,we propose a type of adversarial honeypot.The code and behavioral features of honeypots are obtained through a comparative analysis of the 158,568 nonhoneypots and 352 honeypots.To build an adversarial honeypot,we try to separately hide these features and make the honeypot bypass the existing detection technology.We construct 18 instances on the basis of the proposed adversarial honeypot and use an open-source honeypot detection tool to detect these instances.The experimental result shows that the proposed honeypot can bypass the detection tool with a 100%ratio.Therefore,this type of honeypot should be given attention,and defensive measures should be proposed as soon as possible.

A Trusted NUMFabric Algorithm for Congestion Price Calculation at the Internet-of-Things Datacenter

The important issues of network TCP congestion control are how to compute the link price according to the link status and regulate the data sending rate based on link congestion pricing feedback information.However,it is difficult to predict the congestion state of the link-end accurately at the source.In this paper,we presented an improved NUMFabric algorithm for calculating the overall congestion price.In the proposed scheme,the whole network structure had been obtained by the central control server in the Software Defined Network,and a kind of dual-hierarchy algorithm for calculating overall network congestion price had been demonstrated.In this scheme,the first hierarchy algorithm was set up in a central control server like Opendaylight and the guiding parameter B is obtained based on the intelligent data of global link state information.Based on the historical data,the congestion state of the network and the guiding parameter B is accurately predicted by the machine learning algorithm.The second hierarchy algorithm was installed in the Openflow link and the link price was calculated based on guiding parameter B given by the first algorithm.We evaluate this evolved NUMFabric algorithm in NS3,which demonstrated that the proposed NUMFabric algorithm could efficiently increase the link bandwidth utilization of cloud computing IoT datacenters.

Container Introspection: Using External Management Containers to Monitor Containers in Cloud Computing

Cloud computing plays an important role in today’s Internet environment,which meets the requirements of scalability,security and reliability by using virtualization technologies.Container technology is one of the two mainstream virtualization solutions.Its lightweight,high deployment efficiency make container technology widely used in large-scale cloud computing.While container technology has created huge benefits for cloud service providers and tenants,it cannot meet the requirements of security monitoring and management from a tenant perspective.Currently,tenants can only run their security monitors in the target container,but it is not secure because the attacker is able to detect and compromise the security monitor.In this paper,a secure external monitoring approach is proposed to monitor target containers in another management container.The management container is transparent for target containers,but it can obtain the executing information of target containers,providing a secure monitoring environment.Security monitors running inside management containers are secure for the cloud host,since the management containers are not privileged.We implement the transparent external management containers by performing the one-way isolation of processes and files.For process one-way isolation,we leverage Linux namespace technology to let management container become the parent of target containers.By mounting the file system of target container to that of the management container,file system one-way isolation is achieved.Compared with the existing host-based monitoring approach,our approach is more secure and suitable in the cloud environment.

Blockzone: A Decentralized and Trustworthy Data Plane for DNS

The domain name system(DNS)provides a mapping service between memorable names and numerical internet protocol addresses,and it is a critical infrastructure of the Internet.The authenticity of DNS resolution results is crucial for ensuring the accessibility of Internet services.Hundreds of supplementary specifications of protocols have been proposed to compensate for the security flaws of DNS.However,DNS security incidents still occur frequently.Although DNS is a distributed system,for a specified domain name,only authorized authoritative servers can resolve it.Other servers must obtain the resolution result through a recursive or iterative resolving procedure,which renders DNS vulnerable to various attacks,such as DNS cache poisoning and distributed denial of service(DDoS)attacks.This paper proposes a novel decentralized architecture for a DNS data plane,which is called Blockzone.First,Blockzone utilizes novel mechanisms,which include on-chain authorization and off-chain storage,to implement a decentralized and trustworthy DNS data plane.Second,in contrast to the hierarchical authentication and recursive query of traditional DNS,Blockzone implements a decentralized operation model.This model significantly increases the efficiency of domain name resolution and verification and enhances the security of DNS against DDoS and cache poisoning attacks.In addition,Blockzone is fully compatible with the traditional DNS implementation and can be incrementally deployed as a plug-in service of DNS without changing the DNS protocol or system architecture.The Blockzone scheme can also be generalized to address security issues in other areas,such as the Internet of things and edge computing.