The rise of Decentralized Federated Learning (DFL) has enabled the training of machine learning models across federated participants, fostering decentralized model aggregation and reducing dependence on a server. However, this approach introduces unique communication security challenges that have yet to be thoroughly addressed in the literature. These challenges primarily originate from the decentralized nature of the aggregation process, the varied roles and responsibilities of the participants, and the absence of a central authority to oversee and mitigate threats. Addressing these challenges, this paper first delineates a comprehensive threat model, highlighting the potential risks of DFL communications. In response to these identified risks, this work introduces a security module designed for DFL platforms to counter communication-based attacks. The module combines security techniques such as symmetric and asymmetric encryption with Moving Target Defense (MTD) techniques, including random neighbor selection and IP/port switching. The security module is implemented in a DFL platform called Fedstellar, allowing the deployment and monitoring of the federation. A DFL scenario has been deployed, involving eight physical devices implementing three security configurations: (i) a baseline with no security, (ii) an encrypted configuration, and (iii) a configuration integrating both encryption and MTD techniques. The effectiveness of the security module is validated through experiments with the MNIST dataset and eclipse attacks. The results indicated an average F1 score of 95%, with moderate increases in CPU usage (up to 63.2% +-3.5%) and network traffic (230 MB +-15 MB) under the most secure configuration, mitigating the risks posed by eavesdropping or eclipse attacks.

翻译：去中心化联邦学习（DFL）的兴起使得跨联邦参与者训练机器学习模型成为可能，从而促进了去中心化模型聚合并减少了对服务器的依赖。然而，这种方法引入了独特的通信安全挑战，这些挑战在现有文献中尚未得到全面解决。这些挑战主要源于聚合过程的去中心化特性、参与者的不同角色和职责，以及缺乏中央权威来监督和缓解威胁。针对这些挑战，本文首先描述了一个全面的威胁模型，突出了DFL通信中的潜在风险。针对这些已识别的风险，本文引入了一种专为DFL平台设计的安全模块，以应对基于通信的攻击。该模块结合了对称和非对称加密等安全技术，以及随机邻居选择和IP/端口切换等移动目标防御（MTD）技术。该安全模块在名为Fedstellar的DFL平台上实现，支持联邦的部署和监控。我们部署了一个包含八台物理设备的DFL场景，采用三种安全配置：（i）无安全措施的基线配置，（ii）加密配置，以及（iii）集成加密与MTD技术的配置。通过使用MNIST数据集和日蚀攻击的实验验证了安全模块的有效性。结果表明，在最安全的配置下，平均F1分数达到95%，CPU使用率适度增加（高达63.2% ± 3.5%），网络流量增加（230 MB ± 15 MB），从而缓解了窃听或日蚀攻击带来的风险。