The rise of Decentralized Federated Learning (DFL) has enabled the training of machine learning models across federated participants, fostering decentralized model aggregation and reducing dependence on a server. However, this approach introduces unique communication security challenges that have yet to be thoroughly addressed in the literature. These challenges primarily originate from the decentralized nature of the aggregation process, the varied roles and responsibilities of the participants, and the absence of a central authority to oversee and mitigate threats. Addressing these challenges, this paper first delineates a comprehensive threat model focused on DFL communications. In response to these identified risks, this work introduces a security module to counter communication-based attacks for DFL platforms. The module combines security techniques such as symmetric and asymmetric encryption with Moving Target Defense (MTD) techniques, including random neighbor selection and IP/port switching. The security module is implemented in a DFL platform, Fedstellar, allowing the deployment and monitoring of the federation. A DFL scenario with physical and virtual deployments have been executed, encompassing three security configurations: (i) a baseline without security, (ii) an encrypted configuration, and (iii) a configuration integrating both encryption and MTD techniques. The effectiveness of the security module is validated through experiments with the MNIST dataset and eclipse attacks. The results showed an average F1 score of 95%, with the most secure configuration resulting in CPU usage peaking at 68% (+-9%) in virtual deployments and network traffic reaching 480.8 MB (+-18 MB), effectively mitigating risks associated with eavesdropping or eclipse attacks.

翻译：去中心化联邦学习（DFL）的兴起使得跨联邦参与者的机器学习模型训练成为可能，促进了去中心化模型聚合并降低了对服务器的依赖。然而，这种方法引入了文献中尚未充分解决的独特通信安全挑战。这些挑战主要源于聚合过程的去中心化特性、参与者角色与职责的多样性，以及缺乏能够监督和缓解威胁的中心权威。针对这些挑战，本文首先构建了一个聚焦于DFL通信的全面威胁模型。为应对识别出的风险，本研究引入了一个用于DFL平台的反通信攻击安全模块。该模块将对称加密、非对称加密等安全技术与移动目标防御（MTD）技术（包括随机邻居选择和IP/端口切换）相结合。该安全模块已在DFL平台Fedstellar中实现，支持联邦的部署与监控。我们执行了包含物理与虚拟部署的DFL场景，涵盖三种安全配置：（i）无安全基线的配置，（ii）加密配置，以及（iii）集成加密与MTD技术的配置。通过使用MNIST数据集和日蚀攻击实验验证了该安全模块的有效性。结果显示，平均F1分数为95%，在最安全配置下，虚拟部署中的CPU使用率峰值达到68%（±9%），网络流量达到480.8 MB（±18 MB），有效缓解了窃听或日蚀攻击相关的风险。