Resiliência de NIDS Federados em SDN via Atestação Comportamental com Active Semantic Probing
Resumo
Em redes SDN, NIDS baseados em Aprendizado Federado (FL) são vulneráveis à heterogeneidade Não-IID e a clientes maliciosos que evadem a inspeção paramétrica. Para solucionar isso, propomos o Sentinel-Flow, um framework de atestação comportamental que substitui a validação de parâmetros por um protocolo ativo de desafio-resposta. A solução integra três componentes: (i) Active Semantic Probing com injeção out-of-band de canary flows; (ii) atestação em Ambientes de Execução Confiáveis (TEE) para garantir a integridade das medições; e (iii) um modelo de governança baseado em Trust Score para filtrar clientes antes da agregação federada. Resultados experimentais mostram que, enquanto ataques de escalonamento de pesos colapsam o modelo (ASR de 100% e acurácia de 53,27%), o Sentinel-Flow reduz o ASR para 6,69% e restaura a acurácia global para 94,29%.Referências
Antonesi, G., Cioara, T., Anghel, I., Michalakopoulos, V., Sarmas, E., and Toderean, L. (2025). A systematic review of transformers and large language models in the energy sector: towards agentic digital twins. Applied Energy, 401:126670.
Arimanda, N., Radhakrishnan, R. V., and Padmavathi, U. (2025). Fl-ids++: A dynamic federated learning framework for intrusion detection with personalized non-iid data, adversarial resilience and energy-efficient lightweight models. Future Generation Computer Systems, 177:108234.
Barbetta, P. A., Bornia, A. C., and Reis, M. M. (2010). Estatística para Cursos de Engenharia e Informática. Atlas, São Paulo, 3ª edição.
Cinà, A. E., Grosse, K., Demontis, A., Vascon, S., Zellinger, W., Moser, B. A., Oprea, A., Biggio, B., Pelillo, M., and Roli, F. (2023). Wild patterns reloaded: A survey of machine learning security against training data poisoning. ACM Computing Surveys, 55:294–333.
de Oliveira, J. A., Gonçalves, V. P., Meneguette, R. I., de Sousa Jr, R. T., Guidoni, D. L., Oliveira, J. C., and Rocha Filho, G. P. (2023). F-nids—a network intrusion detection system based on federated learning. Computer Networks, 236:110010.
Enneifer, S., Baccini, F., Siciliano, F., Amerini, I., and Silvestri, F. (2025). The perils of stealthy data poisoning attacks in misogynistic content moderation. Online Social Networks and Media, 50:100334.
Ferrag, M. A., Alwahedi, F., Battah, A., Cherif, B., Mechri, A., Tihanyi, N., Bisztray, T., and Debbah, M. (2025). Generative ai in cybersecurity: A comprehensive review of llm applications and vulnerabilities. Internet of Things and Cyber-Physical Systems, 5:1–46.
Kabir, E., Song, Z., Rashid, R. U., and Mehnaz, S. (2024). Flshield: A validation based federated learning framework to defend against poisoning attacks. 2024 IEEE Symposium on Security and Privacy, 1:2572–2590.
Kasyap, H. and Tripathy, S. (2024). Beyond data poisoning in federated learning. Expert Systems With Applications, 235:121192.
Kumar, K. N., Mohan, C. K., Cenkeramaddi, L. R., and Awasthi, N. (2025). Minimal data poisoning attack in federated learning for medical image classification: An attacker perspective. Artificial Intelligence In Medicine, 159:103024.
Lazzaro, D., Mura, R., Cinà, A. E., Laurita, G., Vercelli, G., Oneto, L., Biggio, B., and Roli, F. (2025). Poison once, fool many: Practical poisoning attacks against text-to-image retrieval systems. Knowledge-Based Systems, 334:115090.
Luo, T., Peng, H., Fu, A., Yang, W., Pang, L., Al-Sarawi, S. F., Abbott, D., and Gao, Y. (2025). Just a little human intelligence feedback! unsupervised learning assisted supervised learning data poisoning based backdoor removal. Computer Communications, 233:108052.
Singh, P. (2025). A secure federated learning framework based on autoencoder and long short-term memory with generalized robust loss function for detection and prevention of data poisoning attacks. Biomedical Signal Processing and Control, 102:107320.
Stallings, W. and Brown, L. (2012). Computer security : principles and practice. Pearson, Boston.
Wang, S., Li, Q., Cui, Z., Hou, J., and Huang, C. (2023). Bandit-based data poisoning attack against federated learning for autonomous driving models. Expert Systems With Applications, 227:120295.
Yinusa, A. and Faezipour, M. (2025). Enhancing the robustness of cnn-based lung cancer detection models against label-flipping poison attacks using defensive distillation. Array, 29:100637.
Zhang, H.-R., Wang, K.-X., Liang, X.-Y., and Yu, Y.-F. (2025). Dups: Data poisoning attacks with uncertain sample selection for federated learning. Computer Networks, 256:110909.
Arimanda, N., Radhakrishnan, R. V., and Padmavathi, U. (2025). Fl-ids++: A dynamic federated learning framework for intrusion detection with personalized non-iid data, adversarial resilience and energy-efficient lightweight models. Future Generation Computer Systems, 177:108234.
Barbetta, P. A., Bornia, A. C., and Reis, M. M. (2010). Estatística para Cursos de Engenharia e Informática. Atlas, São Paulo, 3ª edição.
Cinà, A. E., Grosse, K., Demontis, A., Vascon, S., Zellinger, W., Moser, B. A., Oprea, A., Biggio, B., Pelillo, M., and Roli, F. (2023). Wild patterns reloaded: A survey of machine learning security against training data poisoning. ACM Computing Surveys, 55:294–333.
de Oliveira, J. A., Gonçalves, V. P., Meneguette, R. I., de Sousa Jr, R. T., Guidoni, D. L., Oliveira, J. C., and Rocha Filho, G. P. (2023). F-nids—a network intrusion detection system based on federated learning. Computer Networks, 236:110010.
Enneifer, S., Baccini, F., Siciliano, F., Amerini, I., and Silvestri, F. (2025). The perils of stealthy data poisoning attacks in misogynistic content moderation. Online Social Networks and Media, 50:100334.
Ferrag, M. A., Alwahedi, F., Battah, A., Cherif, B., Mechri, A., Tihanyi, N., Bisztray, T., and Debbah, M. (2025). Generative ai in cybersecurity: A comprehensive review of llm applications and vulnerabilities. Internet of Things and Cyber-Physical Systems, 5:1–46.
Kabir, E., Song, Z., Rashid, R. U., and Mehnaz, S. (2024). Flshield: A validation based federated learning framework to defend against poisoning attacks. 2024 IEEE Symposium on Security and Privacy, 1:2572–2590.
Kasyap, H. and Tripathy, S. (2024). Beyond data poisoning in federated learning. Expert Systems With Applications, 235:121192.
Kumar, K. N., Mohan, C. K., Cenkeramaddi, L. R., and Awasthi, N. (2025). Minimal data poisoning attack in federated learning for medical image classification: An attacker perspective. Artificial Intelligence In Medicine, 159:103024.
Lazzaro, D., Mura, R., Cinà, A. E., Laurita, G., Vercelli, G., Oneto, L., Biggio, B., and Roli, F. (2025). Poison once, fool many: Practical poisoning attacks against text-to-image retrieval systems. Knowledge-Based Systems, 334:115090.
Luo, T., Peng, H., Fu, A., Yang, W., Pang, L., Al-Sarawi, S. F., Abbott, D., and Gao, Y. (2025). Just a little human intelligence feedback! unsupervised learning assisted supervised learning data poisoning based backdoor removal. Computer Communications, 233:108052.
Singh, P. (2025). A secure federated learning framework based on autoencoder and long short-term memory with generalized robust loss function for detection and prevention of data poisoning attacks. Biomedical Signal Processing and Control, 102:107320.
Stallings, W. and Brown, L. (2012). Computer security : principles and practice. Pearson, Boston.
Wang, S., Li, Q., Cui, Z., Hou, J., and Huang, C. (2023). Bandit-based data poisoning attack against federated learning for autonomous driving models. Expert Systems With Applications, 227:120295.
Yinusa, A. and Faezipour, M. (2025). Enhancing the robustness of cnn-based lung cancer detection models against label-flipping poison attacks using defensive distillation. Array, 29:100637.
Zhang, H.-R., Wang, K.-X., Liang, X.-Y., and Yu, Y.-F. (2025). Dups: Data poisoning attacks with uncertain sample selection for federated learning. Computer Networks, 256:110909.
Publicado
25/05/2026
Como Citar
ZAGO, Cassiano Darif; MENDONÇA, Fábio Lúcio L. de; IMMICH, Roger; MENEGUETTE, Rodolfo I.; VILLAS, Leandro A.; ROCHA FILHO, Geraldo Pereira.
Resiliência de NIDS Federados em SDN via Atestação Comportamental com Active Semantic Probing. In: WORKSHOP DE INTELIGÊNCIA ARTIFICIAL PARA REDES DE COMPUTADORES (WIARC), 1. , 2026, Praia do Forte/BA.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2026
.
p. 183-196.
DOI: https://doi.org/10.5753/wiarc.2026.23903.
